admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-20T20:00:18.477576+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-20 20:03:18 +00:00
parent 65eb4ca7e6
commit c5b7772ce9
110 changed files with 7155 additions and 648 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2022/CVE-2022-214xx/CVE-2022-21445.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21445",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-04-19T21:15:15.907",
"lastModified": "2024-09-20T01:00:01.427",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-20T19:15:12.973",
"vulnStatus": "Modified",
"cveTags": [],
"cisaExploitAdd": "2024-09-18",
"cisaActionDue": "2024-10-09",
@ -12,7 +12,7 @@
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
"value": "Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). Note: Oracle Application Development Framework (ADF) is downloaded via Oracle JDeveloper Product. Please refer to Fusion Middleware Patch Advisor for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
},
{
"lang": "es",

12
CVE-2023/CVE-2023-359xx/CVE-2023-35906.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35906",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-09-05T01:15:07.920",
"lastModified": "2023-09-08T17:50:02.527",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-20T18:15:03.740",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -61,22 +61,22 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
"value": "CWE-291"
}
]
},
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-348"
"value": "CWE-345"
}
]
}

4
CVE-2023/CVE-2023-373xx/CVE-2023-37396.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-37396",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-19T16:15:09.430",
"lastModified": "2024-04-19T16:19:49.043",
"lastModified": "2024-09-20T18:15:03.940",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-312"
"value": "CWE-327"
}
]
}

12
CVE-2023/CVE-2023-403xx/CVE-2023-40371.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40371",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-24T14:15:10.803",
"lastModified": "2023-08-30T14:54:50.237",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-20T19:15:13.820",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -57,22 +57,22 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-327"
}
]
},
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "NVD-CWE-noinfo"
}
]
}

6
CVE-2023/CVE-2023-406xx/CVE-2023-40683.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40683",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-19T01:15:08.910",
"lastModified": "2024-01-24T21:25:27.833",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-20T19:15:13.993",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -66,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "CWE-264"
"value": "CWE-285"
}
]
}

62
CVE-2023/CVE-2023-418xx/CVE-2023-41805.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41805",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-19T13:15:55.360",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:07:21.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,14 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brainstormforce:starter_templates:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.6",
"matchCriteriaId": "C7332C0B-D294-4B40-80FC-4F71F484DBCD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-5-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-5-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-441xx/CVE-2023-44148.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44148",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-19T12:15:10.200",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:05:08.200",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brainstormforce:astra:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.8",
"matchCriteriaId": "2F35C242-2632-4217-9C94-2ADFDFDF099B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/astra-bulk-edit/wordpress-astra-bulk-edit-plugin-1-2-7-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-441xx/CVE-2023-44151.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44151",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-19T12:15:10.437",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:17:43.157",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brainstormforce:pre-publish_checklist:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.2",
"matchCriteriaId": "DF0E75FD-0984-42DE-86C7-BD06D8115DD9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pre-publish-checklist/wordpress-pre-publish-checklist-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-442xx/CVE-2023-44217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44217",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-10-03T08:15:36.000",
"lastModified": "2023-10-04T17:49:37.297",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-20T19:35:02.927",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},

6
CVE-2023/CVE-2023-471xx/CVE-2023-47142.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47142",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-02T14:15:54.013",
"lastModified": "2024-02-08T19:32:57.063",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-20T19:15:14.380",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -66,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "CWE-264"
"value": "CWE-863"
}
]
}

39
CVE-2023/CVE-2023-474xx/CVE-2023-47480.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47480",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-20T17:15:14.673",
"lastModified": "2024-09-20T17:15:14.673",
"lastModified": "2024-09-20T19:35:03.700",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-252"
}
]
}
],
"references": [
{
"url": "https://github.com/pure-data/pure-data/commit/0b5e467b8728b3ed56e1a8ee5b367ce78e7e6e5d",

4
CVE-2023/CVE-2023-477xx/CVE-2023-47712.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47712",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-05-14T13:56:45.143",
"lastModified": "2024-05-14T16:13:02.773",
"lastModified": "2024-09-20T19:15:14.610",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-282"
"value": "CWE-732"
}
]
}

4
CVE-2023/CVE-2023-477xx/CVE-2023-47716.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47716",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-01T03:15:06.280",
"lastModified": "2024-03-01T14:04:26.010",
"lastModified": "2024-09-20T19:15:14.810",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-264"
"value": "CWE-863"
}
]
}

4
CVE-2023/CVE-2023-477xx/CVE-2023-47742.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47742",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-03T13:15:07.090",
"lastModified": "2024-03-04T13:58:23.447",
"lastModified": "2024-09-20T19:15:15.010",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-300"
"value": "CWE-295"
}
]
}

14
CVE-2023/CVE-2023-49xx/CVE-2023-4979.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4979",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.460",
"lastModified": "2023-09-20T13:12:39.107",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-20T18:35:01.957",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -71,6 +71,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

6
CVE-2023/CVE-2023-509xx/CVE-2023-50957.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50957",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-10T16:15:07.857",
"lastModified": "2024-02-15T04:37:53.297",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-20T19:15:15.190",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -66,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "CWE-269"
"value": "CWE-312"
}
]
}

116
CVE-2024/CVE-2024-214xx/CVE-2024-21416.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21416",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:15.677",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:55:14.573",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,86 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "3A9450F3-BE07-4F9B-9C2B-29208AB91A9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4894",
"matchCriteriaId": "30C7FEB1-00AE-42A6-BBAA-A30081BD4A83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4894",
"matchCriteriaId": "ACE18049-0E6D-4F64-9702-37D9B4A26A54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3197",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.4169",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.4169",
"matchCriteriaId": "3F9E54F7-0561-49F6-AAD1-B78FF99BBA44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.1742",
"matchCriteriaId": "889E645C-92D6-422B-A89B-05D6774B7543"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2700",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1128",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21416",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-239xx/CVE-2024-23915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23915",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:12.580",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:07:32.673",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-23915",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-239xx/CVE-2024-23916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23916",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:12.790",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:07:23.750",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-23916",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31164.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31164",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:12.967",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:07:18.047",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31164",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31165.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31165",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:13.147",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:07:09.943",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31165",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31166.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31166",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:13.327",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:06:13.597",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31166",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31167.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31167",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:13.507",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:05:57.637",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31167",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31168.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31168",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:13.683",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:05:47.117",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31168",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31169.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31169",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:13.860",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:05:19.817",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31169",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31170.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31170",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:14.037",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:01:49.263",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31170",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31171.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31171",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:14.210",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:02:03.187",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31171",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31172.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31172",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:14.387",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:02:15.750",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31172",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31173.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31173",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:14.557",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:02:24.133",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31173",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31174",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:14.730",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:02:32.503",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31174",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31175.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31175",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:14.927",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:02:39.177",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31175",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31176.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31176",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:15.100",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:02:48.160",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31176",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31177.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31177",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:15.283",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:02:56.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31177",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31178.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31178",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:15.460",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:03:04.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31178",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31179.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31179",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:15.633",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:03:12.957",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31179",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31180.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31180",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:15.820",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:41:14.657",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31180",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31181.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31181",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:16.000",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:41:43.753",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31181",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31182",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:16.193",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:42:15.857",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31182",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31183.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31183",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:16.377",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:42:42.723",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31183",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31184.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31184",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:16.550",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:43:02.397",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31184",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31185.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31185",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:16.727",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:43:17.233",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31185",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31186.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31186",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:16.953",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:43:37.503",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31186",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31187.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31187",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:17.173",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:43:54.320",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31187",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31188",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:17.403",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:44:13.943",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31188",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31189.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31189",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:17.593",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:44:33.780",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31189",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31190.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31190",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:18.017",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:44:53.940",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31190",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31191.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31191",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:18.290",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:45:07.533",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31191",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31192.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31192",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:18.470",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:45:28.780",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31192",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31193",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:18.647",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:45:45.943",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31193",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31194.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31194",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:18.827",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:46:09.817",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31194",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31195",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:19.000",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:46:35.267",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31195",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31196",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:19.190",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:46:48.183",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31196",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31197.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31197",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:19.367",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:47:09.157",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31197",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-311xx/CVE-2024-31198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31198",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:19.550",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:47:30.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31198",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

81
CVE-2024/CVE-2024-314xx/CVE-2024-31489.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31489",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-09-10T15:15:15.787",
"lastModified": "2024-09-10T15:50:47.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:41:19.447",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -51,10 +71,65 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.12",
"matchCriteriaId": "33ADA078-EB03-4E65-B6EF-0922CBC56AB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.12",
"matchCriteriaId": "8D4523FC-18B6-45A0-9A8D-385B3F33F226"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.12",
"matchCriteriaId": "292245BC-0B63-42B0-B1B0-E73B0556CF3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.3",
"matchCriteriaId": "95771ED1-D54C-4E3B-B72E-51D75851BFAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.5",
"matchCriteriaId": "2244A437-D579-4065-8FB0-37476ED7AC3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "88271718-0DD4-4717-B403-1B44E2E56C91"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-314xx/CVE-2024-31490.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31490",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-09-10T15:15:15.983",
"lastModified": "2024-09-10T15:50:47.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:48:42.507",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.2",
"versionEndExcluding": "4.2.7",
"matchCriteriaId": "7EED8247-7F5B-4279-B3CA-08A35DE8C907"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.0",
"versionEndExcluding": "4.4.5",
"matchCriteriaId": "2C77A903-42B3-41D3-BDC6-E138679B5400"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B00B3E-608B-46C9-9527-1DFB66624EEF"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-24-051",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-335xx/CVE-2024-33508.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33508",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-09-10T15:15:16.187",
"lastModified": "2024-09-10T15:50:47.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:48:06.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -51,10 +71,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.13",
"matchCriteriaId": "806EBE90-88D2-44AC-B7F5-1C0598E08A67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.5",
"matchCriteriaId": "1978E3A0-128F-4982-87C0-9AD4FB67F9B9"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-123",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-352xx/CVE-2024-35282.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35282",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-09-10T15:15:16.397",
"lastModified": "2024-09-10T15:50:47.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:44:17.557",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:iphone_os:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "7.2.5",
"matchCriteriaId": "E4C7743A-14D7-4DB0-A1CF-520D8A3E582B"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-139",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-365xx/CVE-2024-36511.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36511",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-09-10T15:15:16.610",
"lastModified": "2024-09-10T15:50:47.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:43:25.023",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "7.4.5",
"matchCriteriaId": "A8E03AC9-E6B8-4DA9-B742-E1946A00A64C"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-256",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-417xx/CVE-2024-41721.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41721",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-09-20T08:15:11.323",
"lastModified": "2024-09-20T12:30:17.483",
"lastModified": "2024-09-20T18:35:04.067",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Una validaci\u00f3n de los l\u00edmites insuficiente en el c\u00f3digo USB podr\u00eda provocar una lectura fuera de los l\u00edmites en el mont\u00f3n, lo que potencialmente podr\u00eda generar una escritura arbitraria y la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secteam@freebsd.org",

56
CVE-2024/CVE-2024-423xx/CVE-2024-42346.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-42346",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-20T19:15:15.547",
"lastModified": "2024-09-20T19:15:15.547",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-x6w7-3gwf-qr9r",
"source": "security-advisories@github.com"
}
]
}

68
CVE-2024/CVE-2024-423xx/CVE-2024-42351.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-42351",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-20T19:15:15.857",
"lastModified": "2024-09-20T19:15:15.857",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the contents of public datasets resulting in data loss or tampering. All supported branches of Galaxy (and more back to release_21.05) were amended with the below patch. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://depot.galaxyproject.org/patch/GX-2024-0001/022da344a02bafd604402ac8e253e0014f6e2e08.patch",
"source": "security-advisories@github.com"
},
{
"url": "https://depot.galaxyproject.org/patch/GX-2024-0001/15060a6cb222f2fcfc687d0f0260f1eb1b9c757b.patch",
"source": "security-advisories@github.com"
},
{
"url": "https://depot.galaxyproject.org/patch/GX-2024-0001/235f1d8b400708556732b9dda788c919ebf3bb80.patch",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-5639-cmph-9j4v",
"source": "security-advisories@github.com"
}
]
}

85
CVE-2024/CVE-2024-424xx/CVE-2024-42423.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42423",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-09-10T15:15:17.013",
"lastModified": "2024-09-10T15:50:47.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:42:20.417",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -51,10 +71,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:workspace:23.9.0.24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55FBE111-682B-44FD-ADE0-D200F8C75EBA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:dell:thinos:2402:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA47B8D-21C0-4AF5-B975-DE6DA9D73FC1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:workspace:23.9.0.24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55FBE111-682B-44FD-ADE0-D200F8C75EBA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:dell:thinos:2311:*:*:*:*:*:*:*",
"matchCriteriaId": "978B5780-26F5-46C8-BA60-66214E06AFFA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000225289/dsa-2024-229-security-update-for-dell-thinos-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-426xx/CVE-2024-42697.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-42697",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-20T18:15:04.390",
"lastModified": "2024-09-20T18:35:04.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/JustDinooo/CVEs/blob/main/CVE-2024-42697/poc.txt",
"source": "cve@mitre.org"
}
]
}

56
CVE-2024/CVE-2024-452xx/CVE-2024-45229.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45229",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-09-20T19:15:16.080",
"lastModified": "2024-09-20T19:35:05.807",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information. \r\n\r\nCurrently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API. /vnms/devicereg/device/* (on ports 9182 & 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9",
"source": "support@hackerone.com"
}
]
}

45
CVE-2024/CVE-2024-454xx/CVE-2024-45489.json
View File

@ -2,17 +2,56 @@
"id": "CVE-2024-45489",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-20T17:15:15.060",
"lastModified": "2024-09-20T17:15:15.060",
"lastModified": "2024-09-20T19:15:16.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and runs arbitrary Javascript on that browser in a privileged context."
"value": "Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and runs arbitrary Javascript on that browser in a privileged context. NOTE: this is a no-action cloud vulnerability with zero affected users."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://arc.net/blog/CVE-2024-45489-incident-response",
"source": "cve@mitre.org"
},
{
"url": "https://kibty.town/blog/arc/",
"source": "cve@mitre.org"

85
CVE-2024/CVE-2024-455xx/CVE-2024-45591.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45591",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-10T16:15:21.340",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:55:54.657",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -55,22 +85,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.8",
"versionEndExcluding": "15.10.9",
"matchCriteriaId": "83FA206B-6FB4-403A-867D-9CA434ACE9D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0.0",
"versionEndExcluding": "16.3.0",
"matchCriteriaId": "E76E1D62-00AC-4BE0-9225-D520A520BA7B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/26482ee5d29fc21f31134d1ee13db48716e89e0f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/9cbca9808300797c67779bb9a665d85cf9e3d4b8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pvmm-55r5-g3mm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-22052",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-455xx/CVE-2024-45592.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45592",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-10T16:15:21.550",
"lastModified": "2024-09-18T20:15:03.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:57:05.323",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,18 +71,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:damienharper:auditor-bundle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.2.6",
"matchCriteriaId": "EB369F3E-71BC-4291-9F37-2B316612F401"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DamienHarper/auditor-bundle/commit/42ba2940d8b99467de0c806ea5655cc1c6882cd1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/DamienHarper/auditor-bundle/commit/e7deb377fa89677d44973b486d26d6a7374233ae",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/DamienHarper/auditor-bundle/security/advisories/GHSA-78vg-7v27-hj67",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-455xx/CVE-2024-45593.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45593",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-10T16:15:21.760",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:57:55.573",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nixos:nix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.24.0",
"versionEndExcluding": "2.24.6",
"matchCriteriaId": "423F7CD7-8C2C-4133-947F-8F42F5F7CECD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-455xx/CVE-2024-45595.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45595",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-10T16:15:21.970",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T19:59:02.963",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,18 +81,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:man:d-tale:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.14.1",
"matchCriteriaId": "8D13C5E8-29D1-4532-88C1-826651CDA34E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/man-group/dtale#custom-filter",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/man-group/dtale/commit/b6e30969390520d1400b55acbb13e5487b8472e8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/man-group/dtale/security/advisories/GHSA-pw44-4h99-wqff",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

21
CVE-2024/CVE-2024-466xx/CVE-2024-46654.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-46654",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-20T19:15:16.473",
"lastModified": "2024-09-20T19:15:16.473",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/magicblack/maccms10/issues/1183",
"source": "cve@mitre.org"
}
]
}

129
CVE-2024/CVE-2024-467xx/CVE-2024-46719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46719",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T07:15:03.357",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:21:49.963",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,144 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: ucsi: Se corrige la desreferencia del puntero nulo en el seguimiento ucsi_register_altmode comprueba IS_ERR para el puntero alt y trata NULL como v\u00e1lido. Cuando CONFIG_TYPEC_DP_ALTMODE no est\u00e1 habilitado, ucsi_register_displayport devuelve NULL, lo que provoca una desreferencia del puntero NULL en el seguimiento. En lugar de devolver NULL, llame a typec_port_register_altmode para registrar el modo alternativo de DisplayPort como un modo no controlable cuando CONFIG_TYPEC_DP_ALTMODE no est\u00e1 habilitado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"matchCriteriaId": "B1C17E9C-479F-4AE4-8344-B7A213DE3E83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.109",
"matchCriteriaId": "790F505A-7933-48F1-B038-380A8BC5C153"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.50",
"matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.9",
"matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

93
CVE-2024/CVE-2024-467xx/CVE-2024-46720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46720",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T07:15:03.420",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:22:04.693",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,102 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: corrige la desreferenciaci\u00f3n despu\u00e9s de la comprobaci\u00f3n nula; comprueba la secci\u00f3n del puntero antes de usarla."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"matchCriteriaId": "EFD3BACD-EA1D-4437-A135-A3E7A761F54F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.50",
"matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.9",
"matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

141
CVE-2024/CVE-2024-467xx/CVE-2024-46721.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46721",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T07:15:03.480",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:22:46.637",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,158 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: apparmor: se corrige la posible desreferencia del puntero NULL. profile->parent->dents[AAFS_PROF_DIR] podr\u00eda ser NULL solo si su padre se crea a partir de __create_missing_ancestors(..) y 'ent->old' es NULL en aa_replace_profiles(..). En ese caso, debe devolver un c\u00f3digo de error y el c\u00f3digo, -ENOENT representa su estado de que la ruta de su padre a\u00fan no existe. ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser No contaminado 6.8.0-24-generic #24 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 C\u00f3digo: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Seguimiento de llamadas: ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 actualizaci\u00f3n_pol\u00edtica+0xe3/0x180 carga_perfil+0xbc/0x150 ? __x64_sys_openat+0x55/0xa0 ? syscall_salir_al_modo_usuario+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 C\u00f3digo: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 M\u00f3dulos vinculados en: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev leds de entrada serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg tablas_ip tablas_x autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ fin de seguimiento 000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 C\u00f3digo: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 000000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000 ---truncado---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"matchCriteriaId": "29162FB8-5FA4-4DC4-86CE-5EB0CAEEF2F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.284",
"matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.109",
"matchCriteriaId": "790F505A-7933-48F1-B038-380A8BC5C153"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.50",
"matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.9",
"matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

141
CVE-2024/CVE-2024-467xx/CVE-2024-46722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46722",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T07:15:03.547",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:23:11.930",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,158 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: se corrige la advertencia de lectura fuera de los l\u00edmites de mc_data. Advertencia clara de que la lectura mc_data[i-1] puede estar fuera de los l\u00edmites."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"matchCriteriaId": "29162FB8-5FA4-4DC4-86CE-5EB0CAEEF2F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.284",
"matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.109",
"matchCriteriaId": "790F505A-7933-48F1-B038-380A8BC5C153"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.50",
"matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.9",
"matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

141
CVE-2024/CVE-2024-467xx/CVE-2024-46723.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46723",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T07:15:03.610",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:30:30.117",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,158 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: se corrige la advertencia de lectura fuera de los l\u00edmites de ucode. Advertencia clara de que la lectura ucode[] puede estar fuera de los l\u00edmites."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"matchCriteriaId": "29162FB8-5FA4-4DC4-86CE-5EB0CAEEF2F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.284",
"matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.109",
"matchCriteriaId": "790F505A-7933-48F1-B038-380A8BC5C153"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.50",
"matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.9",
"matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0bef65e069d84d1cd77ce757aea0e437b8e2bd33",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/23fefef859c6057e6770584242bdd938254f8ddd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5f09fa5e0ad45fbca71933a0e024ca52da47d59b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8944acd0f9db33e17f387fdc75d33bb473d7936f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8981927ebc6c12fa76b30c4178acb462bab15f54",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e789e05388854a5436b2b5d8695fdb864c9bcc27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f2b7a9f3839e92f43559b2795b34640ca8cf839f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

117
CVE-2024/CVE-2024-467xx/CVE-2024-46724.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46724",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T07:15:03.673",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:30:58.980",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,130 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Se corrige la lectura fuera de los l\u00edmites de df_v1_7_channel_number. Verifique el rango fb_channel_number para evitar el error de lectura fuera de los l\u00edmites de la matriz."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "2C67534D-8BBC-4069-8DEA-62295B16358C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.109",
"matchCriteriaId": "790F505A-7933-48F1-B038-380A8BC5C153"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.50",
"matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.9",
"matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

117
CVE-2024/CVE-2024-467xx/CVE-2024-46725.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46725",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T07:15:03.733",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:40:42.753",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,130 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Se corrige la advertencia de escritura fuera de los l\u00edmites Verifique el valor del tipo de anillo para corregir la advertencia de escritura fuera de los l\u00edmites"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "2C67534D-8BBC-4069-8DEA-62295B16358C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.109",
"matchCriteriaId": "790F505A-7933-48F1-B038-380A8BC5C153"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.50",
"matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.9",
"matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/130bee397b9cd52006145c87a456fd8719390cb5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/919f9bf9997b8dcdc132485ea96121e7d15555f9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a60d1f7ff62e453dde2d3b4907e178954d199844",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/be1684930f5262a622d40ce7a6f1423530d87f89",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cf2db220b38301b6486a0f11da24a0f317de558c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

93
CVE-2024/CVE-2024-467xx/CVE-2024-46726.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46726",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T07:15:03.787",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:36:27.070",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,102 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: garantizar que el c\u00e1lculo del \u00edndice no se desborde [POR QU\u00c9 Y C\u00d3MO] Aseg\u00farese de que el c\u00e1lculo de vmid0p72_idx, vnom0p8_idx y vmax0p9_idx nunca se desborde ni supere el tama\u00f1o de la matriz. Esto soluciona 3 problemas OVERRUN y 1 INTEGER_OVERFLOW informados por Coverity."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"matchCriteriaId": "EFD3BACD-EA1D-4437-A135-A3E7A761F54F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.50",
"matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.9",
"matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

124
CVE-2024/CVE-2024-467xx/CVE-2024-46735.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46735",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:03.057",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:35:53.967",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,133 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ublk_drv: se corrige la desreferencia de puntero NULL en ublk_ctrl_start_recovery() Cuando se env\u00edan dos comandos UBLK_CMD_START_USER_RECOVERY, el primero establece 'ubq->ubq_daemon' en NULL, y el segundo activa WARN en ublk_queue_reinit() y posteriormente un problema de desreferencia de puntero NULL. Arr\u00e9glelo agregando la comprobaci\u00f3n en ublk_ctrl_start_recovery() y regrese inmediatamente en caso de cero 'ub->nr_queues_ready'. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000028 RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180 Call Trace: ? __die+0x20/0x70 ? page_fault_oops+0x75/0x170 ? exc_page_fault+0x64/0x140 ? asm_exc_page_fault+0x22/0x30 ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180 ublk_ctrl_uring_cmd+0x4f7/0x6c0 ? pick_next_task_idle+0x26/0x40 io_uring_cmd+0x9a/0x1b0 io_issue_sqe+0x193/0x3f0 io_wq_submit_work+0x9b/0x390 io_worker_handle_work+0x165/0x360 io_wq_worker+0xcb/0x2f0 ? finish_task_switch.isra.0+0x203/0x290 ? finish_task_switch.isra.0+0x203/0x290 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork_asm+0x1a/0x30 "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.1.110",
"matchCriteriaId": "FD34EEF6-E0F8-42D6-BF92-8EB851A6ADEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

160
CVE-2024/CVE-2024-467xx/CVE-2024-46737.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46737",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:03.167",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:35:34.700",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,175 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet-tcp: corrige el fallo del kernel si falla la asignaci\u00f3n de comandos Si la asignaci\u00f3n de comandos falla en nvmet_tcp_alloc_cmds(), el kernel se bloquea en nvmet_tcp_release_queue_work() debido a una desreferencia de puntero NULL. nvmet: no se pudo instalar la cola 0 cntlid 1 ret 6 No se puede manejar la desreferencia de puntero NULL del kernel en la direcci\u00f3n virtual 000000000000008 Corrija el error estableciendo queue->nr_cmds en cero en caso de que nvmet_tcp_alloc_cmd() falle."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.4.284",
"matchCriteriaId": "92F559E9-40A5-457C-B86A-9503685E3433"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.110",
"matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

172
CVE-2024/CVE-2024-467xx/CVE-2024-46738.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46738",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:03.233",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:35:04.373",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,189 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: VMCI: Arreglar el use after free al eliminar un recurso en vmci_resource_remove() Al eliminar un recurso de vmci_resource_table en vmci_resource_remove(), la b\u00fasqueda se realiza utilizando el identificador del recurso comparando los campos de contexto y recurso. Sin embargo, es posible crear dos recursos con diferentes tipos pero el mismo identificador (mismo contexto y campos de recurso). Al intentar eliminar uno de los recursos, es posible que vmci_resource_remove() no elimine el deseado, pero el objeto a\u00fan se liberar\u00e1 como en el caso del tipo de datagrama en vmci_datagram_destroy_handle(). vmci_resource_table a\u00fan mantendr\u00e1 un puntero a este recurso liberado, lo que conduce a una vulnerabilidad de use after free. ERROR: KASAN: use after free en vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [en l\u00ednea] ERROR: KASAN: use after free en vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff88801c16d800 por la tarea syz-executor197/1592 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106 print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239 __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425 kasan_report+0x38/0x51 mm/kasan/report.c:442 vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [en l\u00ednea] vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182 ctx_free_ctx+0x473/0xbe1 controladores/misc/vmw_vmci/vmci_context.c:444 kref_put include/linux/kref.h:65 [en l\u00ednea] vmci_ctx_put controladores/misc/vmw_vmci/vmci_context.c:497 [en l\u00ednea] vmci_ctx_destroy+0x170/0x1d6 controladores/misc/vmw_vmci/vmci_context.c:195 vmci_host_close+0x125/0x1ac controladores/misc/vmw_vmci/vmci_host.c:143 __fput+0x261/0xa34 fs/file_table.c:282 task_work_run+0xf0/0x194 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [en l\u00ednea] exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187 exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220 __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [en l\u00ednea] syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313 do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x6e/0x0 Este cambio garantiza que el tipo tambi\u00e9n se verifique al eliminar el recurso de vmci_resource_table en Eliminaci\u00f3n de recursos vmci()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9",
"versionEndExcluding": "4.19.322",
"matchCriteriaId": "1B6A6B56-FE16-446C-B46F-327CF8A46124"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.284",
"matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.110",
"matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

172
CVE-2024/CVE-2024-467xx/CVE-2024-46739.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46739",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:03.293",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:34:29.957",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,189 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: uio_hv_generic: Corrija la desreferencia del puntero NULL del kernel en hv_uio_rescind. Para los canales de bus de VM principales, el puntero primary_channel siempre es NULL. Este puntero solo es v\u00e1lido para los canales secundarios. Adem\u00e1s, la devoluci\u00f3n de llamada rescind est\u00e1 destinada solo para los canales principales. Corrija la desreferencia del puntero NULL recuperando el device_obj del padre para el canal principal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndExcluding": "4.19.322",
"matchCriteriaId": "23702FC4-962D-4C8E-BA6D-35481A6737BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.284",
"matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.110",
"matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

160
CVE-2024/CVE-2024-467xx/CVE-2024-46740.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46740",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:03.377",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:34:08.163",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,175 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: binder: fix UAF caused by offsets overwrite Los objetos Binder se procesan y copian individualmente en el b\u00fafer de destino durante las transacciones. Tambi\u00e9n se copian todos los datos sin procesar entre estos objetos. Sin embargo, esta copia de datos sin procesar carece de una comprobaci\u00f3n de fuera de los l\u00edmites. Si los datos sin procesar superan el tama\u00f1o de la secci\u00f3n de datos, la copia sobrescribe la secci\u00f3n de compensaciones. Esto finalmente desencadena un error que intenta desenrollar los objetos procesados. Sin embargo, en este punto, las compensaciones utilizadas para indexar estos objetos ahora est\u00e1n da\u00f1adas. El desenrollado con compensaciones da\u00f1adas puede resultar en disminuciones de nodos arbitrarios y conducir a su liberaci\u00f3n prematura. Otros usuarios de dichos nodos se quedan con un puntero colgante que activa un use after free. Este problema se hace evidente en el siguiente informe de KASAN (recortado): ===================================================================== ERROR: KASAN: slab-use-after-free en _raw_spin_lock+0xe4/0x19c Escritura de tama\u00f1o 4 en la direcci\u00f3n ffff47fc91598f04 por la tarea binder-util/743 CPU: 9 UID: 0 PID: 743 Comm: binder-util No contaminado 6.11.0-rc4 #1 Nombre del hardware: linux,dummy-virt (DT) Rastreo de llamadas: _raw_spin_lock+0xe4/0x19c binder_free_buf+0x128/0x434 binder_thread_write+0x8a4/0x3260 binder_ioctl+0x18f0/0x258c [...] Asignado por la tarea 743: __kmalloc_cache_noprof+0x110/0x270 binder_new_node+0x50/0x700 binder_transaction+0x413c/0x6da8 binder_thread_write+0x978/0x3260 binder_ioctl+0x18f0/0x258c [...] Liberado por la tarea 745: kfree+0xbc/0x208 binder_thread_read+0x1c5c/0x37d4 binder_ioctl+0x16d8/0x258c [...] ======================================================================= Para evitar este problema, verifiquemos que la copia de datos sin procesar est\u00e9 dentro de los l\u00edmites de la secci\u00f3n de datos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.226",
"versionEndExcluding": "5.4.284",
"matchCriteriaId": "F0B6E199-279F-4F92-B463-C5F87E230BCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.157",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "D93C7D07-3360-4012-AFCB-4F16A83F0753"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.17",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "DC1E2D56-0897-4435-BC25-739B04462E13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "6.1.110",
"matchCriteriaId": "BBF34251-254C-4A5B-A072-3C3A93781706"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

112
CVE-2024/CVE-2024-467xx/CVE-2024-46741.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46741",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:03.430",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:33:27.960",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,119 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: Fix double free of 'buf' in error path smatch Warning: drivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf' En la ruta de error fastrpc_req_mmap(), el b\u00fafer fastrpc se libera en fastrpc_req_munmap_impl() si la anulaci\u00f3n del mapa se realiza correctamente. Pero al final, hay una llamada incondicional a fastrpc_buf_free(). Por lo tanto, el caso anterior activa la doble liberaci\u00f3n del b\u00fafer fastrpc."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

101
CVE-2024/CVE-2024-467xx/CVE-2024-46742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46742",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:03.480",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:32:34.303",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,108 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb/server: se corrige la posible eliminaci\u00f3n de referencia nula de lease_ctx_info en smb2_open(). La eliminaci\u00f3n de referencia nula de lease_ctx_info ocurrir\u00e1 cuando (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) y parse_lease_state() devuelvan NULL. Corrija esto verificando si 'lease_ctx_info' es NULL. Adem\u00e1s, elimine los par\u00e9ntesis redundantes en parse_durable_handle_context()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "D4954ED0-8229-4D57-B4B3-CB5154734977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

156
CVE-2024/CVE-2024-467xx/CVE-2024-46743.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46743",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:03.540",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:32:11.827",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,173 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: of/irq: Evitar lecturas fuera de los l\u00edmites de direcciones de dispositivos en el recorrido del mapa de interrupciones Cuando se invoca of_irq_parse_raw() con una direcci\u00f3n de dispositivo menor que el nodo padre de la interrupci\u00f3n (de la propiedad #address-cells), KASAN detecta la siguiente lectura fuera de los l\u00edmites al completar la tabla de coincidencia inicial (dyndbg=\"func of_irq_parse_* +p\"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ====================================================================== ERROR: KASAN: slab-out-of-bounds en of_irq_parse_raw+0x2b8/0x8d0 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffffff81beca5608 por la tarea bash/764 CPU: 1 PID: 764 Comm: bash Tainted: GO 6.1.67-484c613561-nokia_sm_arm64 #1 Nombre del hardware: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Rastreo de llamadas: dump_backtrace+0xdc/0x130 mostrar_pila+0x1c/0x30 dump_stack_lvl+0x6c/0x84 imprimir_informe+0x150/0x448 kasan_informe+0x98/0x140 __asan_load4+0x78/0xa0 de_irq_parse_raw+0x2b8/0x8d0 de_irq_parse_one+0x24c/0x270 analizar_interrupciones+0xc0/0x120 de_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 dispositivo_add+0xb38/0xc30 de_dispositivo_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... La direcci\u00f3n con errores pertenece al objeto en ffffff81beca5600 que pertenece al cach\u00e9 kmalloc-128 de tama\u00f1o 128 La direcci\u00f3n con errores se encuentra 8 bytes dentro de la regi\u00f3n de 128 bytes [ffffff81beca5600, ffffff81beca5680) La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: p\u00e1gina:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 \u00edndice:0x0 pfn:0x1beca4 cabeza:00000000230d3d03 orden:1 composite_mapcount:0 composite_pincount:0 indicadores: 0x8000000000010200(slab|head|zone=2) sin procesar: 800000000010200 0000000000000000 muerto000000000122 ffffff810000c300 sin procesar: 000000000000000 0000000000200020 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado Estado de la memoria alrededor de la direcci\u00f3n con errores: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ==================================================================== OF: -> \u00a1entendido! Evite la lectura fuera de los l\u00edmites copiando la direcci\u00f3n del dispositivo en un b\u00fafer de tama\u00f1o suficiente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"matchCriteriaId": "29162FB8-5FA4-4DC4-86CE-5EB0CAEEF2F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.284",
"matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.110",
"matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

161
CVE-2024/CVE-2024-467xx/CVE-2024-46747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46747",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:03.790",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:31:19.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,178 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: cougar: fix slab-out-of-bounds La lectura en cougar_report_fixup report_fixup para el teclado para juegos Cougar 500k no verificaba que el tama\u00f1o del descriptor del informe fuera correcto antes de acceder a \u00e9l."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"matchCriteriaId": "29162FB8-5FA4-4DC4-86CE-5EB0CAEEF2F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.284",
"matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.110",
"matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/30e9ce7cd5591be639b53595c95812f1a2afdfdc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/34185de73d74fdc90e8651cfc472bfea6073a13f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/48b2108efa205f4579052c27fba2b22cc6ad8aa0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/890dde6001b651be79819ef7a3f8c71fc8f9cabf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a6e9c391d45b5865b61e569146304cff72821a5d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e4a602a45aecd6a98b4b37482f5c9f8f67a32ddd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fac3cb3c6428afe2207593a183b5bc4742529dfd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

81
CVE-2024/CVE-2024-467xx/CVE-2024-46749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46749",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:03.893",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:45:43.483",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,88 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btnxpuart: corrige la desreferencia de puntero nulo en btnxpuart_flush() Esto agrega una verificaci\u00f3n antes de liberar rx->skb en las funciones flush y close para manejar el bloqueo del kernel observado al eliminar el controlador despu\u00e9s de que falla la descarga de FW o antes de que se complete la descarga de FW. dmesg log: [ 54.634586] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000080 [ 54.643398] Informaci\u00f3n de aborto de memoria: [ 54.646204] ESR = 0x0000000096000004 [ 54.649964] EC = 0x25: DABT (EL actual), IL = 32 bits [ 54.655286] SET = 0, FnV = 0 [ 54.658348] EA = 0, S1PTW = 0 [ 54.661498] FSC = 0x04: error de traducci\u00f3n de nivel 0 [ 54.666391] Informaci\u00f3n de aborto de datos: [ 54.669273] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 54.674768] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 54.674771] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 54.674775] pgtable del usuario: p\u00e1ginas de 4k, VA de 48 bits, pgdp=0000000048860000 [ 54.674780] [0000000000000080] pgd=000000000000000, p4d=0000000000000000 [ 54.703880] Error interno: Ups: 0000000096000004 [#1] PREEMPT SMP [ 54.710152] M\u00f3dulos vinculados en: btnxpuart(-) superposici\u00f3n fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 error de seguridad de caam snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core Fusible sch_fq_codel [ 54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 No contaminado 6.6.3-otbr-g128004619037 #2 [ 54.744364] Nombre del hardware: Placa EVK FSL i.MX8MM (DT) [ 54.744368] Cola de trabajo: hci0 hci_power_on [ 54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 54.757249] pc : kfree_skb_reason+0x18/0xb0 [ 54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart] [54.782921] sp: ffff8000805ebca0 [54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000 [54.782931] x26: 852400 x25: ffff377b848523c0 x24: ffff377b845e7230 [ 54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92 [ 54.782945] ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff [ 54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857 [ 54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642 [ 54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9: ffffa5c6cf19d688 [ 54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000 [ 54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac [ 54.857599] Rastreo de llamadas: [ 54.857601] kfree_skb_reason+0x18/0xb0 [ 54.863878] btnxpuart_flush+0x40/0x58 [ 54.863888] hci_dev_open_sync+0x3a8/0xa04 [ 54.872773] hci_power_on+0x54/0x2e4 [ 54.881832] proceso_uno_trabajo+0x138/0x260 [ 54.881842] subproceso_trabajador+0x32c/0x438 [ 54.881847] kthread+0x118/0x11c [ 54.881853] ret_from_fork+0x10/0x20 [ 54.896406] C\u00f3digo: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400) [ 54.896410] ---[ fin de seguimiento 0000000000000000 ]---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "D4954ED0-8229-4D57-B4B3-CB5154734977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

148
CVE-2024/CVE-2024-467xx/CVE-2024-46791.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46791",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:06.067",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:21:19.457",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,161 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: mcp251x: soluciona el bloqueo si se produce una interrupci\u00f3n durante mcp251x_open La funci\u00f3n mcp251x_hw_wake() se llama con el mutex mpc_lock retenido y desactiva el controlador de interrupciones para que no se puedan procesar interrupciones mientras se activa el dispositivo. Si ya se produjo una interrupci\u00f3n, esperar a que se complete el controlador de interrupciones provocar\u00e1 un bloqueo porque intentar\u00e1 adquirir el mismo mutex. CPU0 CPU1 ---- ---- mcp251x_open() mutex_lock(&priv->mcp_lock) request_threaded_irq() mcp251x_can_ist() mutex_lock(&priv->mcp_lock) mcp251x_hw_wake() deshabilitar_irq() <-- bloqueo Utilice deshabilitar_irq_nosync() en su lugar porque el controlador de interrupciones hace todo mientras mantiene el mutex, por lo que no importa si todav\u00eda se est\u00e1 ejecutando."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.110",
"matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

136
CVE-2024/CVE-2024-467xx/CVE-2024-46795.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46795",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:06.280",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:21:04.067",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,147 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: anular la marca de enlace de una conexi\u00f3n reutilizada Steve French inform\u00f3 de un error de desreferencia de puntero nulo de la librer\u00eda sha256. cifs.ko puede enviar solicitudes de configuraci\u00f3n de sesi\u00f3n en una conexi\u00f3n reutilizada. Si se utiliza una conexi\u00f3n reutilizada para vincular la sesi\u00f3n, conn->binding puede seguir siendo verdadero y generate_preauth_hash() no establecer\u00e1 sess->Preauth_HashValue y ser\u00e1 NULL. Se utiliza como material para crear una clave de cifrado en ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue provoca un error de desreferencia de puntero nulo de crypto_shash_update(). ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000000 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Nombre del hardware: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Cola de trabajo: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? error_p\u00e1gina_oops+0x99/0x1b0 ? error_direcci\u00f3n_usuario+0x2ee/0x6b0 ? error_p\u00e1gina_exc+0x83/0x1b0 ? error_p\u00e1gina_exc+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generar_clave+0x234/0x380 [ksmbd] generar_clave_de_cifrado_smb3+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_clave_de_cifrado+0x72/0xa0 [ksmbd] __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_de_fork_asm+0x1b/0x30 "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "EA943118-D4CB-4C23-A051-06993A503CC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.110",
"matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

112
CVE-2024/CVE-2024-467xx/CVE-2024-46796.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46796",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:06.340",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:20:35.837",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,119 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: se corrige la doble colocaci\u00f3n de @cfile en smb2_set_path_size() Si se llama a smb2_compound_op() con un @cfile v\u00e1lido y se devuelve -EINVAL, debemos llamar a cifs_get_writable_path() antes de volver a intentarlo ya que la referencia de @cfile ya fue descartada por la llamada anterior. Esto corrige el siguiente error de KASAN al ejecutar fstests generic/013 contra Windows Server 2022: CIFS: Intentando montar //w22-fs0/scratch ejecutar fstests generic/013 a las 2024-09-02 19:48:59 ====================================================================== ERROR: KASAN: slab-use-after-free en detach_if_pending+0xab/0x200 Escritura de tama\u00f1o 8 en la direcci\u00f3n ffff88811f1a3730 por la tarea kworker/3:2/176 CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 No contaminado 6.11.0-rc6 #2 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 01/04/2014 Cola de trabajo: cifsoplockd cifs_oplock_break [cifs] Seguimiento de llamadas: dump_stack_lvl+0x5d/0x80 ? detach_if_pending+0xab/0x200 print_report+0x156/0x4d9 ? detach_if_pending+0xab/0x200 ? __virt_addr_valid+0x145/0x300 ? __phys_addr+0x46/0x90 ? detach_if_pending+0xab/0x200 kasan_report+0xda/0x110 ? detach_if_pending+0xab/0x200 detach_if_pending+0xab/0x200 timer_delete+0x96/0xe0 ? __pfx_timer_delete+0x10/0x10 ? rcu_is_watching+0x20/0x50 try_to_grab_pending+0x46/0x3b0 __cancel_work+0x89/0x1b0 ? __pfx___cancel_work+0x10/0x10 ? kasan_save_track+0x14/0x30 cifs_close_deferred_file+0x110/0x2c0 [cifs] ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs] ? __pfx_down_read+0x10/0x10 cifs_oplock_break+0x4c1/0xa50 [cifs] ? __pfx_cifs_oplock_break+0x10/0x10 [cifs] ? tipo_bloqueo_retenido+0x85/0xf0 ? marcar_bloqueos_retenidos+0x1a/0x90 proceso_una_obra+0x4c6/0x9f0 ? encontrar_bloqueo_retenido+0x8a/0xa0 ? __pfx_proceso_una_obra+0x10/0x10 ? bloqueo_adquirido+0x220/0x550 ? __lista_agregar_v\u00e1lido_o_informe+0x37/0x100 subproceso_trabajador+0x2e4/0x570 ? __pfx_kthread+0x10/0x10 ret_de_la_bifurcaci\u00f3n+0x31/0x60 ? Asignado por la tarea 1118: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 cifs_new_fileinfo+0xc8/0x9d0 [cifs] cifs_atomic_open+0x467/0x770 [cifs] lookup_open.isra.0+0x665/0x8b0 path_openat+0x4c3/0x1380 do_filp_open+0x167/0x270 do_sys_openat2+0x129/0x160 __x64_sys_creat+0xad/0xe0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Liberado por la tarea 83: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x70 poison_slab_object+0xe9/0x160 __kasan_slab_free+0x32/0x50 kfree+0xf2/0x300 process_one_work+0x4c6/0x9f0 worker_thread+0x2e4/0x570 kthread+0x17f/0x1c0 ret_from_fork+0x31/0x60 ret_from_fork_asm+0x1a/0x30 \u00daltima creaci\u00f3n de trabajo potencialmente relacionado: kasan_save_stack+0x30/0x50 __kasan_record_aux_stack+0xad/0xc0 insert_work+0x29/0xe0 __queue_work+0x5ea/0x760 queue_work_on+0x6d/0x90 _cifsFileInfo_put+0x3f6/0x770 [cifs] smb2_compound_op+0x911/0x3940 [cifs] smb2_set_path_size+0x228/0x270 [cifs] cifs_set_file_size+0x197/0x460 [cifs] cifs_setattr+0xd9c/0x14b0 [cifs] notificar_cambio+0x4e3/0x740 hacer_truncar+0xfa/0x180 vfs_truncar+0x195/0x200 __x64_sys_truncar+0x109/0x150 hacer_syscall_64+0xbb/0x1d0 entrada_SYSCALL_64_despu\u00e9s_hwframe+0x77/0x7f"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.32",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "C4FD2594-8BAC-4DC6-B031-962920000AEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "2CB7114B-59C6-4708-AE2C-B7C2D0BA0FA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/5a72d1edb0843e4c927a4096f81e631031c25c28",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/762099898309218b4a7954f3d49e985dc4dfd638",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f9c169b51b6ce20394594ef674d6b10efba31220",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

112
CVE-2024/CVE-2024-467xx/CVE-2024-46797.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46797",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:06.403",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:18:18.093",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,119 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/qspinlock: Se corrige el bloqueo en la cola MCS Si se produce una interrupci\u00f3n en queued_spin_lock_slowpath() despu\u00e9s de que incrementamos qnodesp->count y antes de que se inicialice node->lock, otra CPU podr\u00eda ver valores de bloqueo obsoletos en get_tail_qnode(). Si el valor de bloqueo obsoleto coincide con el bloqueo en esa CPU, entonces escribimos en el puntero \"siguiente\" del qnode incorrecto. Esto provoca un bloqueo ya que la CPU anterior, una vez que se convierte en la cabeza de la cola MCS, girar\u00e1 indefinidamente hasta que su puntero \"siguiente\" sea establecido por su sucesor en la cola. Al ejecutar stress-ng en una LPAR compartida de 16 n\u00facleos (16EC/16VP), se producen bloqueos ocasionales similares a los siguientes: $ stress-ng --all 128 --vm-bytes 80% --aggressive \\ --maximize --oomable --verify --syslog \\ --metrics --times --timeout 5m watchdog: CPU 15 Hard LOCKUP ...... NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490 LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90 Seguimiento de llamadas: 0xc000002cfffa3bf0 (no confiable) _raw_spin_lock+0x6c/0x90 bloqueo_de_rq_de_spin_sin_formato_anidado.parte.135+0x4c/0xd0 pendiente_programa_de_programaci\u00f3n_pendiente+0x60/0x1f0 __vaciado_cola_de_funciones_de_llamada_smp+0x1dc/0x670 smp_ipi_demux_relajado+0xa4/0x100 acci\u00f3n_ipi_muxed_xive+0x20/0x40 __controlador_evento_irq_percpu+0x80/0x240 control_evento_irq_percpu+0x2c/0x80 control_percpu_irq+0x84/0xd0 control_irq_gen\u00e9rico+0x54/0x80 __do_irq+0xac/0x210 __do_IRQ+0x74/0xd0 0x0 do_IRQ+0x8c/0x170 interrupci\u00f3n_de_hardware_virt_com\u00fan+0x29c/0x2a0 --- interrupci\u00f3n: 500 en ruta_lenta_bloqueo_de_giro_en_cola+0x4b8/0x1490 ...... NIP [c0000000000b6c28] ruta_lenta_bloqueo_de_giro_en_cola+0x4b8/0x1490 LR [c000000001037c5c] _bloqueo_de_giro_en_cola+0x6c/0x90 --- interrupci\u00f3n: 500 0xc0000029c1a41d00 (no confiable) _bloqueo_de_giro_en_cola+0x6c/0x90 futex_wake+0x100/0x260 do_futex+0x21c/0x2a0 sys_futex+0x98/0x270 system_call_exception+0x14c/0x2f0 system_call_vectored_common+0x15c/0x2ec El siguiente flujo de c\u00f3digo ilustra c\u00f3mo se produce el interbloqueo. Para abreviar, supongamos que ambos bloqueos (A y B) est\u00e1n en conflicto y llamamos a la funci\u00f3n queued_spin_lock_slowpath(). CPU0 CPU1 ---- ---- spin_lock_irqsave(A) | spin_unlock_irqrestore(A) | spin_lock(B) | | | ? | id = qnodesp->count++; | (Tenga en cuenta que nodes[0].lock == A) | | | ? | Interrupci\u00f3n | (sucede antes de \"nodes[0].lock = B\") | | | ? | spin_lock_irqsave(A) | | | ? | id = qnodesp->count++ | nodes[1].lock = A | | | ? | Cola de la cola MCS | | spin_lock_irqsave(A) ? | Cabecera de la cola MCS ? | CPU0 es la cola anterior ? | Girar indefinidamente ? (hasta que \"nodes[1].next != NULL\") prev = get_tail_qnode(A, CPU0) | ? prev == &qnodes[CPU0].nodes[0] (como qnodes ---truncados---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

160
CVE-2024/CVE-2024-467xx/CVE-2024-46798.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46798",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-18T08:15:06.463",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:17:50.763",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,175 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: dapm: Corregir UAF para el objeto snd_soc_pcm_runtime Cuando se usa el kernel con la siguiente configuraci\u00f3n adicional, - CONFIG_KASAN=y - CONFIG_KASAN_GENERIC=y - CONFIG_KASAN_INLINE=y - CONFIG_KASAN_VMALLOC=y - CONFIG_FRAME_WARN=4096 el kernel detecta que snd_pcm_suspend_all() accede a un objeto 'snd_soc_pcm_runtime' liberado cuando el sistema est\u00e1 suspendido, lo que conduce a un error de use after free: [ 52.047746] ERROR: KASAN: use after free en snd_pcm_suspend_all+0x1a8/0x270 [ 52.047765] Lectura de tama\u00f1o 1 en la direcci\u00f3n ffff0000b9434d50 por la tarea systemd-sleep/2330 [ 52.047785] Seguimiento de llamadas: [ 52.047787] dump_backtrace+0x0/0x3c0 [ 52.047794] show_stack+0x34/0x50 [ 52.047797] dump_stack_lvl+0x68/0x8c [ 52.047802] print_address_description.constprop.0+0x74/0x2c0 [ 52.047809] kasan_report+0x210/0x230 [ 52.047815] __asan_report_load1_noabort+0x3c/0x50 [ 52.047820] snd_pcm_suspend_all+0x1a8/0x270 [ 52.047824] snd_soc_suspend+0x19c/0x4e0 La funci\u00f3n snd_pcm_sync_stop() tiene una comprobaci\u00f3n NULL en 'substream->runtime' antes de realizar cualquier acceso. Por lo tanto, siempre debemos establecer 'substream->runtime' en NULL cada vez que lo ejecutamos con kfree()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "5.4.284",
"matchCriteriaId": "6ACBB349-F6C0-4395-8228-F0758C99886A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.226",
"matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.167",
"matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.110",
"matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.51",
"matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.10",
"matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*",
"matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

64
CVE-2024/CVE-2024-469xx/CVE-2024-46918.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46918",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-15T20:15:02.390",
"lastModified": "2024-09-17T16:35:26.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:14:23.897",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -39,14 +59,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.198",
"matchCriteriaId": "3D77A5E8-3E54-4F32-9888-521C71F53A1F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

72
CVE-2024/CVE-2024-469xx/CVE-2024-46938.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46938",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-15T22:15:09.830",
"lastModified": "2024-09-17T15:35:10.980",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:15:10.590",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndIncluding": "10.4",
"matchCriteriaId": "ECEBBC2F-E760-4813-ACD5-32D6BB579B19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndIncluding": "10.4",
"matchCriteriaId": "FA9161FD-6A0A-4CF5-908D-2EA3C4D05B22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndIncluding": "10.4",
"matchCriteriaId": "8441881C-0793-49C8-8D8D-1BFF0D62E03F"
}
]
}
]
}
],
"references": [
{
"url": "https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003408",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-470xx/CVE-2024-47061.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-47061",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-20T19:15:16.550",
"lastModified": "2024-09-20T19:15:16.550",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the `attributes` property. These attributes are passed to the node component using the `nodeProps` prop. It has come to our attention that this feature can be used for malicious purposes, including cross-site scripting (XSS) and information exposure (specifically, users' IP addresses and whether or not they have opened a malicious document). Note that the risk of information exposure via attributes is only relevant to applications in which web requests to arbitrary URLs are not ordinarily allowed. Plate editors that allow users to embed images from arbitrary URLs, for example, already carry the risk of leaking users' IP addresses to third parties. All Plate editors using an affected version of @udecode/plate-core are vulnerable to these information exposure attacks via the style attribute and other attributes that can cause web requests to be sent. In addition, whether or not a Plate editor is vulnerable to cross-site scripting attacks using attributes depends on a number of factors. The most likely DOM attributes to be vulnerable are href and src on links and iframes respectively. Any component that spreads {...nodeProps} onto an <a> or <iframe> element and does not later override href or src will be vulnerable to XSS. In patched versions of Plate, we have disabled element.attributes and leaf.attributes for most attribute names by default, with some exceptions including target, alt, width, height, colspan and rowspan on the link, image, video, table cell and table header cell plugins. If this is a breaking change for you, you can selectively re-enable attributes for certain plugins as follows. Please carefully research and assess the security implications of any attribute you allow, as even seemingly innocuous attributes such as style can be used maliciously. If you are unable to upgrade to any of the patched versions, you should use a tool like patch-package or yarn patch to remove the logic from @udecode/plate-core that adds attributes to nodeProps."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/udecode/plate/security/advisories/GHSA-73rg-f94j-xvhx",
"source": "security-advisories@github.com"
},
{
"url": "https://www.npmjs.com/package/patch-package",
"source": "security-advisories@github.com"
},
{
"url": "https://yarnpkg.com/cli/patch",
"source": "security-advisories@github.com"
}
]
}

78
CVE-2024/CVE-2024-470xx/CVE-2024-47062.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-47062",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-20T19:15:16.760",
"lastModified": "2024-09-20T19:15:16.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6",
"source": "security-advisories@github.com"
}
]
}

47
CVE-2024/CVE-2024-50xx/CVE-2024-5057.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5057",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T14:15:09.080",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-20T19:31:39.437",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.12",
"matchCriteriaId": "DC1EEAEC-38DE-4914-B76B-6D54BBE039EE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-12-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-57xx/CVE-2024-5710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5710",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-27T19:15:15.667",
"lastModified": "2024-07-01T10:15:30.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T18:04:48.680",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@huntr.dev",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:litellm:litellm:1.34.34:*:*:*:*:*:*:*",
"matchCriteriaId": "2760E361-9DA5-4012-89C9-35EEF4247F3E"
}
]
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More