admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-16T23:55:18.300115+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-16 23:58:12 +00:00
parent 782d4b3d4d
commit c78f1e2d71
107 changed files with 4472 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CVE-2019/CVE-2019-251xx/CVE-2019-25154.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2019-25154",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:10.407",
"lastModified": "2024-07-16T23:15:10.407",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40094752",
"source": "chrome-cve-admin@google.com"
}
]
}

56
CVE-2020/CVE-2020-258xx/CVE-2020-25836.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2020-25836",
"sourceIdentifier": "security@opentext.com",
"published": "2024-07-16T22:15:02.773",
"lastModified": "2024-07-16T22:15:02.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information\nto an Unauthorized Access vulnerability in OpenText NetIQ Directory and\nResource Administrator. This issue affects NetIQ Directory and Resource\nAdministrator versions prior to 10.0.2 and prior to 9.2.1 Patch 10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@opentext.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@opentext.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.netiq.com/documentation/directory-and-resource-administrator-10/releasenotes_10.0.2/data/releasenotes_10.0.2.html#b149h4pv",
"source": "security@opentext.com"
}
]
}

25
CVE-2020/CVE-2020-367xx/CVE-2020-36765.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2020-36765",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:10.497",
"lastModified": "2024-07-16T23:15:10.497",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40091076",
"source": "chrome-cve-admin@google.com"
}
]
}

60
CVE-2022/CVE-2022-356xx/CVE-2022-35640.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2022-35640",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-16T23:15:10.737",
"lastModified": "2024-07-16T23:15:10.737",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230933",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7160300",
"source": "psirt@us.ibm.com"
}
]
}

25
CVE-2023/CVE-2023-48xx/CVE-2023-4860.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2023-4860",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:11.070",
"lastModified": "2024-07-16T23:15:11.070",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40064341",
"source": "chrome-cve-admin@google.com"
}
]
}

2
CVE-2023/CVE-2023-51xx/CVE-2023-5147.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5147",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-25T01:15:19.327",
"lastModified": "2024-05-17T02:32:51.510",
"lastModified": "2024-07-16T22:15:03.397",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-51xx/CVE-2023-5154.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5154",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-25T03:15:09.743",
"lastModified": "2024-05-17T02:32:52.320",
"lastModified": "2024-07-16T22:15:03.563",
"vulnStatus": "Modified",
"cveTags": [
{

6
CVE-2023/CVE-2023-65xx/CVE-2023-6546.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6546",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T20:15:08.260",
"lastModified": "2024-07-08T18:15:05.020",
"lastModified": "2024-07-16T22:15:03.770",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -257,6 +257,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:2697",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4577",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6546",
"source": "secalert@redhat.com",

25
CVE-2023/CVE-2023-70xx/CVE-2023-7010.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2023-7010",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:11.140",
"lastModified": "2024-07-16T23:15:11.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebRTC in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40070891",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2023/CVE-2023-70xx/CVE-2023-7011.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2023-7011",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:11.210",
"lastModified": "2024-07-16T23:15:11.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40066780",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2023/CVE-2023-70xx/CVE-2023-7012.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2023-7012",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:11.270",
"lastModified": "2024-07-16T23:15:11.270",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40061509",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2023/CVE-2023-70xx/CVE-2023-7013.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2023-7013",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:11.340",
"lastModified": "2024-07-16T23:15:11.340",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40071326",
"source": "chrome-cve-admin@google.com"
}
]
}

6
CVE-2024/CVE-2024-13xx/CVE-2024-1394.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1394",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-03-21T13:00:08.037",
"lastModified": "2024-07-15T20:15:02.923",
"lastModified": "2024-07-16T22:15:04.100",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -164,6 +164,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:4502",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4581",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1394",
"source": "secalert@redhat.com"

44
CVE-2024/CVE-2024-209xx/CVE-2024-20996.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-20996",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:11.403",
"lastModified": "2024-07-16T23:15:11.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21122.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21122",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:11.613",
"lastModified": "2024-07-16T23:15:11.613",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Text Catalog). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Shared Components, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21123.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21123",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:11.810",
"lastModified": "2024-07-16T23:15:11.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with logon to the infrastructure where Oracle Database Core executes to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21125.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21125",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:11.990",
"lastModified": "2024-07-16T23:15:11.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21126.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21126",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:12.177",
"lastModified": "2024-07-16T23:15:12.177",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.23 and 21.3-21.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via DNS to compromise Oracle Database Portable Clusterware. While the vulnerability is in Oracle Database Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Portable Clusterware. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21127.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21127",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:12.370",
"lastModified": "2024-07-16T23:15:12.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21128.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21128",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:12.553",
"lastModified": "2024-07-16T23:15:12.553",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: APIs). Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21129.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21129",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:12.783",
"lastModified": "2024-07-16T23:15:12.783",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21130.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21130",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:13.020",
"lastModified": "2024-07-16T23:15:13.020",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21131.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21131",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:13.210",
"lastModified": "2024-07-16T23:15:13.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21132.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21132",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:13.403",
"lastModified": "2024-07-16T23:15:13.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite (component: Approvals). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Purchasing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Purchasing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Purchasing accessible data as well as unauthorized read access to a subset of Oracle Purchasing accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21133.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21133",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:13.683",
"lastModified": "2024-07-16T23:15:13.683",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Servlet). Supported versions that are affected are 12.2.1.4.0 and 12.2.1.19.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21134.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21134",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:13.870",
"lastModified": "2024-07-16T23:15:13.870",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21135.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21135",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:14.057",
"lastModified": "2024-07-16T23:15:14.057",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21136.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21136",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:14.243",
"lastModified": "2024-07-16T23:15:14.243",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. While the vulnerability is in Oracle Retail Xstore Office, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21137.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21137",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:14.437",
"lastModified": "2024-07-16T23:15:14.437",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21138.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21138",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:14.620",
"lastModified": "2024-07-16T23:15:14.620",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21139.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21139",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:14.847",
"lastModified": "2024-07-16T23:15:14.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21140.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21140",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:15.043",
"lastModified": "2024-07-16T23:15:15.043",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21141.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21141",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:15.230",
"lastModified": "2024-07-16T23:15:15.230",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21142.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21142",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:15.407",
"lastModified": "2024-07-16T23:15:15.407",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21143.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21143",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:15.587",
"lastModified": "2024-07-16T23:15:15.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21144.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21144",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:15.810",
"lastModified": "2024-07-16T23:15:15.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21145.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21145",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:15.993",
"lastModified": "2024-07-16T23:15:15.993",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21146.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21146",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:16.190",
"lastModified": "2024-07-16T23:15:16.190",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21147.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21147",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:16.377",
"lastModified": "2024-07-16T23:15:16.377",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21148.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21148",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:16.590",
"lastModified": "2024-07-16T23:15:16.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21149.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21149",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:16.840",
"lastModified": "2024-07-16T23:15:16.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Work Definition Issues). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Asset Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21150.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21150",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:17.023",
"lastModified": "2024-07-16T23:15:17.023",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21151.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21151",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:17.210",
"lastModified": "2024-07-16T23:15:17.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21152.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21152",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:17.397",
"lastModified": "2024-07-16T23:15:17.397",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Process Manufacturing Financials product of Oracle E-Business Suite (component: Allocation Rules). Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Financials. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Process Manufacturing Financials accessible data as well as unauthorized access to critical data or complete access to all Oracle Process Manufacturing Financials accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21153.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21153",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:17.587",
"lastModified": "2024-07-16T23:15:17.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs). The supported version that is affected is 12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Process Manufacturing Product Development accessible data as well as unauthorized access to critical data or complete access to all Oracle Process Manufacturing Product Development accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21154.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21154",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:17.767",
"lastModified": "2024-07-16T23:15:17.767",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Human Resources). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21155.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21155",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:17.970",
"lastModified": "2024-07-16T23:15:17.970",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: User Interface). The supported version that is affected is 8.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle ZFS Storage Appliance Kit, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21157.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21157",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:18.153",
"lastModified": "2024-07-16T23:15:18.153",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21158.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21158",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:18.333",
"lastModified": "2024-07-16T23:15:18.333",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21159.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21159",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:18.517",
"lastModified": "2024-07-16T23:15:18.517",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21160.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21160",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:18.740",
"lastModified": "2024-07-16T23:15:18.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21161.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21161",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:18.930",
"lastModified": "2024-07-16T23:15:18.930",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21162.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21162",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:19.113",
"lastModified": "2024-07-16T23:15:19.113",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21163.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21163",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:19.300",
"lastModified": "2024-07-16T23:15:19.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21164.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21164",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:19.490",
"lastModified": "2024-07-16T23:15:19.490",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21165.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21165",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:19.700",
"lastModified": "2024-07-16T23:15:19.700",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21166.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21166",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:19.880",
"lastModified": "2024-07-16T23:15:19.880",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21167.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21167",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:20.073",
"lastModified": "2024-07-16T23:15:20.073",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Trading Community product of Oracle E-Business Suite (component: Party Search UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Trading Community. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trading Community accessible data as well as unauthorized access to critical data or complete access to all Oracle Trading Community accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21168.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21168",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:20.253",
"lastModified": "2024-07-16T23:15:20.253",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.8.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21169.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21169",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:20.430",
"lastModified": "2024-07-16T23:15:20.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Partners). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21170.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21170",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:20.610",
"lastModified": "2024-07-16T23:15:20.610",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21171.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21171",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:20.790",
"lastModified": "2024-07-16T23:15:20.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21173.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21173",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:20.973",
"lastModified": "2024-07-16T23:15:20.973",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21174.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21174",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:21.157",
"lastModified": "2024-07-16T23:15:21.157",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.23, 21.3-21.14 and 23.4. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21175.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21175",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:21.337",
"lastModified": "2024-07-16T23:15:21.337",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21176.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21176",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:21.520",
"lastModified": "2024-07-16T23:15:21.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.4.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21177.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21177",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:21.700",
"lastModified": "2024-07-16T23:15:21.700",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21178.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21178",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:21.893",
"lastModified": "2024-07-16T23:15:21.893",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21179.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21179",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:22.090",
"lastModified": "2024-07-16T23:15:22.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21180.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21180",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:22.273",
"lastModified": "2024-07-16T23:15:22.273",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21181.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21181",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:22.460",
"lastModified": "2024-07-16T23:15:22.460",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21182.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21182",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:22.660",
"lastModified": "2024-07-16T23:15:22.660",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21183.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21183",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:22.847",
"lastModified": "2024-07-16T23:15:22.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21184.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21184",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:23.077",
"lastModified": "2024-07-16T23:15:23.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having Execute on SYS.XS_DIAG privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks of this vulnerability can result in takeover of Oracle Database RDBMS Security. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21185.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21185",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:23.260",
"lastModified": "2024-07-16T23:15:23.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38, 8.4.1 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2024/CVE-2024-211xx/CVE-2024-21188.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21188",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:23.443",
"lastModified": "2024-07-16T23:15:23.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 6.0.0.0.0 and 6.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",
"source": "secalert_us@oracle.com"
}
]
}

25
CVE-2024/CVE-2024-28xx/CVE-2024-2884.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-2884",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:23.637",
"lastModified": "2024-07-16T23:15:23.637",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/41491373",
"source": "chrome-cve-admin@google.com"
}
]
}

2
CVE-2024/CVE-2024-31xx/CVE-2024-3128.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3128",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-01T15:16:07.383",
"lastModified": "2024-05-17T02:39:43.933",
"lastModified": "2024-07-16T22:15:04.740",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{

25
CVE-2024/CVE-2024-31xx/CVE-2024-3168.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-3168",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:23.703",
"lastModified": "2024-07-16T23:15:23.703",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/323813642",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2024/CVE-2024-31xx/CVE-2024-3169.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-3169",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:23.773",
"lastModified": "2024-07-16T23:15:23.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/41491234",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2024/CVE-2024-31xx/CVE-2024-3170.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-3170",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:23.837",
"lastModified": "2024-07-16T23:15:23.837",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/41488824",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2024/CVE-2024-31xx/CVE-2024-3171.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-3171",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:23.903",
"lastModified": "2024-07-16T23:15:23.903",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/41483350",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2024/CVE-2024-31xx/CVE-2024-3172.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-3172",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:23.970",
"lastModified": "2024-07-16T23:15:23.970",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40942152",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2024/CVE-2024-31xx/CVE-2024-3173.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-3173",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:24.027",
"lastModified": "2024-07-16T23:15:24.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40075849",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2024/CVE-2024-31xx/CVE-2024-3174.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-3174",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:24.087",
"lastModified": "2024-07-16T23:15:24.087",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40073339",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2024/CVE-2024-31xx/CVE-2024-3175.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-3175",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:24.147",
"lastModified": "2024-07-16T23:15:24.147",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40069571",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2024/CVE-2024-31xx/CVE-2024-3176.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-3176",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:24.200",
"lastModified": "2024-07-16T23:15:24.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40061476",
"source": "chrome-cve-admin@google.com"
}
]
}

84
CVE-2024/CVE-2024-406xx/CVE-2024-40637.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2024-40637",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-16T23:15:24.260",
"lastModified": "2024-07-16T23:15:24.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also means that a malicious package could potentially override these components with harmful code. This issue has been fixed in versions 1.8.0, 1.6.14 and 1.7.14. Users are advised to upgrade. There are no kn own workarounds for this vulnerability. Users updating to either 1.6.14 or 1.7.14 will need to set `flags.require_explicit_package_overrides_for_builtin_materializations: False` in their configuration in `dbt_project.yml`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://docs.getdbt.com/docs/build/packages",
"source": "security-advisories@github.com"
},
{
"url": "https://docs.getdbt.com/reference/global-configs/legacy-behaviors#behavior-change-flags",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dbt-labs/dbt-core/commit/3c82a0296d227cb1be295356df314c11716f4ff6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dbt-labs/dbt-core/commit/87ac4deb00cc9fe334706e42a365903a1d581624",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dbt-labs/dbt-core/security/advisories/GHSA-p3f3-5ccg-83xq",
"source": "security-advisories@github.com"
},
{
"url": "https://tempered.works/posts/2024/07/06/preventing-data-theft-with-gcp-service-controls",
"source": "security-advisories@github.com"
},
{
"url": "https://www.elementary-data.com/post/are-dbt-packages-secure-the-answer-lies-in-your-dwh-policies",
"source": "security-advisories@github.com"
},
{
"url": "https://www.equalexperts.com/blog/tech-focus/are-you-at-risk-from-this-critical-dbt-vulnerability",
"source": "security-advisories@github.com"
}
]
}

25
CVE-2024/CVE-2024-55xx/CVE-2024-5500.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-5500",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:24.487",
"lastModified": "2024-07-16T23:15:24.487",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40069622",
"source": "chrome-cve-admin@google.com"
}
]
}

72
CVE-2024/CVE-2024-55xx/CVE-2024-5566.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-5566",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-07-16T22:15:04.887",
"lastModified": "2024-07-16T22:15:04.887",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17",
"source": "product-cna@github.com"
}
]
}

72
CVE-2024/CVE-2024-57xx/CVE-2024-5795.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-5795",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-07-16T22:15:05.253",
"lastModified": "2024-07-16T22:15:05.253",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17",
"source": "product-cna@github.com"
}
]
}

94
CVE-2024/CVE-2024-58xx/CVE-2024-5815.json Normal file
View File

@ -0,0 +1,94 @@
{
"id": "CVE-2024-5815",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-07-16T22:15:05.490",
"lastModified": "2024-07-16T22:15:05.490",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker's fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.\n\n\n This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:L/U:Amber",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "HIGH",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NEGLIGIBLE",
"automatable": "NO",
"recovery": "USER",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "LOW",
"providerUrgency": "AMBER",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
}
}
]
},
"weaknesses": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.10.14",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.11.12",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.12.6",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1",
"source": "product-cna@github.com"
}
]
}

98
CVE-2024/CVE-2024-58xx/CVE-2024-5816.json Normal file
View File

@ -0,0 +1,98 @@
{
"id": "CVE-2024-5816",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-07-16T22:15:05.657",
"lastModified": "2024-07-16T22:15:05.657",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.9.17, 3.10.14, 3.11.12, 3.12.6, 3.13.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
]
},
"weaknesses": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17",
"source": "product-cna@github.com"
}
]
}

94
CVE-2024/CVE-2024-58xx/CVE-2024-5817.json Normal file
View File

@ -0,0 +1,94 @@
{
"id": "CVE-2024-5817",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-07-16T22:15:05.840",
"lastModified": "2024-07-16T22:15:05.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "AMBER",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
}
}
]
},
"weaknesses": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17",
"source": "product-cna@github.com"
}
]
}

94
CVE-2024/CVE-2024-63xx/CVE-2024-6336.json Normal file
View File

@ -0,0 +1,94 @@
{
"id": "CVE-2024-6336",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-07-16T22:15:05.983",
"lastModified": "2024-07-16T22:15:05.983",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:X/U:Amber",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NEGLIGIBLE",
"automatable": "NO",
"recovery": "USER",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "AMBER",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
]
},
"weaknesses": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17",
"source": "product-cna@github.com"
}
]
}

6
CVE-2024/CVE-2024-63xx/CVE-2024-6387.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6387",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-07-01T13:15:06.467",
"lastModified": "2024-07-14T17:15:10.080",
"lastModified": "2024-07-16T22:15:06.133",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -586,6 +586,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:4389",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4469",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-6387",
"source": "secalert@redhat.com",

94
CVE-2024/CVE-2024-63xx/CVE-2024-6395.json Normal file
View File

@ -0,0 +1,94 @@
{
"id": "CVE-2024-6395",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-07-16T22:15:06.573",
"lastModified": "2024-07-16T22:15:06.573",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:C/RE:L/U:Amber",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NEGLIGIBLE",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "LOW",
"providerUrgency": "AMBER",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
}
]
},
"weaknesses": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17",
"source": "product-cna@github.com"
},
{
"url": "https://help.github.com/enterprise-server@3.10/admin/release-notes#3.10.15",
"source": "product-cna@github.com"
}
]
}

25
CVE-2024/CVE-2024-67xx/CVE-2024-6772.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-6772",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T22:15:06.810",
"lastModified": "2024-07-16T22:15:06.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/346597059",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2024/CVE-2024-67xx/CVE-2024-6773.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-6773",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T22:15:06.893",
"lastModified": "2024-07-16T22:15:06.893",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/347724915",
"source": "chrome-cve-admin@google.com"
}
]
}

37
CVE-2024/CVE-2024-67xx/CVE-2024-6774.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-6774",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T22:15:06.963",
"lastModified": "2024-07-16T22:15:06.963",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/346898524",
"source": "chrome-cve-admin@google.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More