admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-19T22:00:18.094906+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-19 22:03:15 +00:00
parent e245d88a71
commit c9edff13e0
70 changed files with 3703 additions and 409 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2023/CVE-2023-402xx/CVE-2023-40277.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40277", "id": "CVE-2023-40277",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-19T01:15:44.850", "published": "2024-03-19T01:15:44.850",
"lastModified": "2024-03-19T13:26:46.000", "lastModified": "2024-08-19T20:35:00.570",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en OpenClinic GA 5.247.01. Se ha descubierto una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado en el par\u00e1metro de mensaje login.jsp." "value": "Se descubri\u00f3 un problema en OpenClinic GA 5.247.01. Se ha descubierto una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado en el par\u00e1metro de mensaje login.jsp."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/BugBountyHunterCVE/CVE-2023-40277/blob/main/CVE-2023-40277_Reflected-XSS_OpenClinic-GA_5.247.01_Report.md", "url": "https://github.com/BugBountyHunterCVE/CVE-2023-40277/blob/main/CVE-2023-40277_Reflected-XSS_OpenClinic-GA_5.247.01_Report.md",

34
CVE-2023/CVE-2023-469xx/CVE-2023-46914.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46914", "id": "CVE-2023-46914",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T09:15:15.633", "published": "2024-02-07T09:15:15.633",
"lastModified": "2024-02-14T19:27:09.817", "lastModified": "2024-08-19T20:35:01.527",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

162
CVE-2023/CVE-2023-528xx/CVE-2023-52889.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52889", "id": "CVE-2023-52889",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:07.073", "published": "2024-08-17T09:15:07.073",
"lastModified": "2024-08-19T13:00:23.117", "lastModified": "2024-08-19T21:19:16.970",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,35 +15,145 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: apparmor: corrige la deref del puntero nulo al recibir skb durante la creaci\u00f3n del calcet\u00edn. El siguiente p\u00e1nico se observa al recibir paquetes ICMP con la marca de seguridad configurada mientras se crea un socket ICMP sin formato. SK_CTX(sk)->label se actualiza en apparmor_socket_post_create(), pero el paquete se entrega al socket antes de eso, lo que provoca la desreferencia del puntero nulo. Descarte el paquete si el contexto de la etiqueta no est\u00e1 establecido. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 000000000000004c #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Ups: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 407 Comm: a.out No contaminado 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df Nombre del hardware: VMware, Inc. Plataforma virtual VMware/Plataforma de referencia de escritorio 440BX, BIOS 6.00 28/05/2020 RIP 0010:aa_label_ siguiente_confinado+0xb/0x40 C\u00f3digo: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 > 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2 RSP: 0018:ffffa92940003b08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 000 RCX: 000000000000000e RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 00000000000000000 RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002 R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400 R13: 00000000000000001 R14: 0000000000000001 R15: 00000000000 FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0 PKRU: 55555554 Seguimiento de llamadas: ? __morir+0x23/0x70 ? page_fault_oops+0x171/0x4e0? exc_page_fault+0x7f/0x180? asm_exc_page_fault+0x26/0x30? aa_label_next_confined+0xb/0x40 apparmor_secmark_check+0xec/0x330 seguridad_sock_rcv_skb+0x35/0x50 sk_filter_trim_cap+0x47/0x250 sock_queue_rcv_skb_reason+0x20/0x60 raw_rcv+0x13c/0x210 local_deliver+0x1f3/0x250 ip_protocol_deliver_rcu+0x4f/0x2f0 ip_local_deliver_finish+0x76/0xa0 __netif_receive_skb_one_core+0x89/0xa0 netif_receive_skb+0x119/0x170? __netdev_alloc_skb+0x3d/0x140 vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56 a84f9c97178c57a43a24ec073b45a9d6f01f3a] __napi_poll+0x28/0x1b0 net_rx_action+0x2a4/0x380 __do_softirq+0xd1/0x2c8 __irq_exit_rcu+0xbb/0xf0 common_interrupt+0x86/0xa0 asm_common_interrupt+0x26/0x40 RIP: 0010:apparmor_socket_post_create+0xb/0x200 C\u00f3digo: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48 RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286 RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740 RBP: 0000000000000001 R08: 000000000000 R09: 0000000000000000 R10: ffff8b57444cec70 R11: 0000000000000000 R12: 00000000000000003 R13: 0000000000000002 R14: 74eaab740 R15: fffffffbd8e4748 ? __pfx_apparmor_socket_post_create+0x10/0x10 security_socket_post_create+0x4b/0x80 __sock_create+0x176/0x1f0 __sys_socket+0x89/0x100 __x64_sys_socket+0x17/0x20 do_syscall_64+0x5d/0x 90? do_syscall_64+0x6c/0x90? do_syscall_64+0x6c/0x90? do_syscall_64+0x6c/0x90 entrada_SYSCALL_64_after_hwframe+0x72/0xdc" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: apparmor: corrige la deref del puntero nulo al recibir skb durante la creaci\u00f3n del calcet\u00edn. El siguiente p\u00e1nico se observa al recibir paquetes ICMP con la marca de seguridad configurada mientras se crea un socket ICMP sin formato. SK_CTX(sk)->label se actualiza en apparmor_socket_post_create(), pero el paquete se entrega al socket antes de eso, lo que provoca la desreferencia del puntero nulo. Descarte el paquete si el contexto de la etiqueta no est\u00e1 establecido. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 000000000000004c #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Ups: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 407 Comm: a.out No contaminado 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df Nombre del hardware: VMware, Inc. Plataforma virtual VMware/Plataforma de referencia de escritorio 440BX, BIOS 6.00 28/05/2020 RIP 0010:aa_label_ siguiente_confinado+0xb/0x40 C\u00f3digo: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 > 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2 RSP: 0018:ffffa92940003b08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 000 RCX: 000000000000000e RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 00000000000000000 RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002 R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400 R13: 00000000000000001 R14: 0000000000000001 R15: 00000000000 FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0 PKRU: 55555554 Seguimiento de llamadas: ? __morir+0x23/0x70 ? page_fault_oops+0x171/0x4e0? exc_page_fault+0x7f/0x180? asm_exc_page_fault+0x26/0x30? aa_label_next_confined+0xb/0x40 apparmor_secmark_check+0xec/0x330 seguridad_sock_rcv_skb+0x35/0x50 sk_filter_trim_cap+0x47/0x250 sock_queue_rcv_skb_reason+0x20/0x60 raw_rcv+0x13c/0x210 local_deliver+0x1f3/0x250 ip_protocol_deliver_rcu+0x4f/0x2f0 ip_local_deliver_finish+0x76/0xa0 __netif_receive_skb_one_core+0x89/0xa0 netif_receive_skb+0x119/0x170? __netdev_alloc_skb+0x3d/0x140 vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56 a84f9c97178c57a43a24ec073b45a9d6f01f3a] __napi_poll+0x28/0x1b0 net_rx_action+0x2a4/0x380 __do_softirq+0xd1/0x2c8 __irq_exit_rcu+0xbb/0xf0 common_interrupt+0x86/0xa0 asm_common_interrupt+0x26/0x40 RIP: 0010:apparmor_socket_post_create+0xb/0x200 C\u00f3digo: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48 RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286 RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740 RBP: 0000000000000001 R08: 000000000000 R09: 0000000000000000 R10: ffff8b57444cec70 R11: 0000000000000000 R12: 00000000000000003 R13: 0000000000000002 R14: 74eaab740 R15: fffffffbd8e4748 ? __pfx_apparmor_socket_post_create+0x10/0x10 security_socket_post_create+0x4b/0x80 __sock_create+0x176/0x1f0 __sys_socket+0x89/0x100 __x64_sys_socket+0x17/0x20 do_syscall_64+0x5d/0x 90? do_syscall_64+0x6c/0x90? do_syscall_64+0x6c/0x90? do_syscall_64+0x6c/0x90 entrada_SYSCALL_64_after_hwframe+0x72/0xdc"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1", "cpeMatch": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.282",
"matchCriteriaId": "A8961D98-9ACF-4188-BA88-44038B14BC28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.224",
"matchCriteriaId": "5CCEDF13-293D-4E64-B501-4409D0365AFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.165",
"matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.103",
"matchCriteriaId": "E45EAC72-8329-4F99-8276-86AF9BB3496A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

34
CVE-2024/CVE-2024-240xx/CVE-2024-24004.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24004", "id": "CVE-2024-24004",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T00:15:56.550", "published": "2024-02-07T00:15:56.550",
"lastModified": "2024-02-09T02:10:07.263", "lastModified": "2024-08-19T21:35:02.860",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

34
CVE-2024/CVE-2024-240xx/CVE-2024-24024.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24024", "id": "CVE-2024-24024",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T01:15:27.113", "published": "2024-02-08T01:15:27.113",
"lastModified": "2024-02-10T04:00:58.077", "lastModified": "2024-08-19T20:35:02.680",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-434" "value": "CWE-434"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
} }
], ],
"configurations": [ "configurations": [

39
CVE-2024/CVE-2024-241xx/CVE-2024-24156.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24156", "id": "CVE-2024-24156",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-16T06:15:13.547", "published": "2024-03-16T06:15:13.547",
"lastModified": "2024-03-17T22:38:29.433", "lastModified": "2024-08-19T20:35:03.650",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Gnuboard g6 antes de el commit de Github 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro wr_content." "value": "Vulnerabilidad de Cross Site Scripting (XSS) en Gnuboard g6 antes de el commit de Github 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro wr_content."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/gnuboard/g6/issues/316", "url": "https://github.com/gnuboard/g6/issues/316",

34
CVE-2024/CVE-2024-242xx/CVE-2024-24202.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24202", "id": "CVE-2024-24202",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T05:15:08.593", "published": "2024-02-08T05:15:08.593",
"lastModified": "2024-02-15T15:24:30.247", "lastModified": "2024-08-19T20:35:04.473",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-434" "value": "CWE-434"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2024/CVE-2024-242xx/CVE-2024-24213.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24213", "id": "CVE-2024-24213",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T18:15:08.237", "published": "2024-02-08T18:15:08.237",
"lastModified": "2024-08-02T00:15:16.890", "lastModified": "2024-08-19T20:35:05.230",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [ "cveTags": [
{ {
@ -43,6 +43,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -56,6 +76,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

39
CVE-2024/CVE-2024-243xx/CVE-2024-24386.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24386", "id": "CVE-2024-24386",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-15T08:15:46.497", "published": "2024-02-15T08:15:46.497",
"lastModified": "2024-02-15T14:28:31.380", "lastModified": "2024-08-19T21:35:04.070",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en VitalPBX v.3.2.4-5 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en la carpeta /var/lib/vitalpbx/scripts." "value": "Un problema en VitalPBX v.3.2.4-5 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en la carpeta /var/lib/vitalpbx/scripts."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://erickduarte.notion.site/VitalPBX-3-2-4-5-ee402173241c493687aa22ec60160c67?pvs=4", "url": "https://erickduarte.notion.site/VitalPBX-3-2-4-5-ee402173241c493687aa22ec60160c67?pvs=4",

34
CVE-2024/CVE-2024-251xx/CVE-2024-25190.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25190", "id": "CVE-2024-25190",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T17:15:11.013", "published": "2024-02-08T17:15:11.013",
"lastModified": "2024-02-15T05:03:08.533", "lastModified": "2024-08-19T20:35:06.090",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-203" "value": "CWE-203"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
} }
], ],
"configurations": [ "configurations": [

39
CVE-2024/CVE-2024-254xx/CVE-2024-25466.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25466", "id": "CVE-2024-25466",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T09:15:08.663", "published": "2024-02-16T09:15:08.663",
"lastModified": "2024-02-16T13:37:51.433", "lastModified": "2024-08-19T20:35:06.837",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de Directory Traversal en React Native Document Picker anterior a v.9.1.1 y corregida en v.9.1.1 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el componente de librer\u00eda de Android." "value": "La vulnerabilidad de Directory Traversal en React Native Document Picker anterior a v.9.1.1 y corregida en v.9.1.1 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el componente de librer\u00eda de Android."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-26"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/FixedOctocat/CVE-2024-25466/tree/main", "url": "https://github.com/FixedOctocat/CVE-2024-25466/tree/main",

39
CVE-2024/CVE-2024-255xx/CVE-2024-25503.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25503", "id": "CVE-2024-25503",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-04T08:15:06.747", "published": "2024-04-04T08:15:06.747",
"lastModified": "2024-04-04T12:48:41.700", "lastModified": "2024-08-19T20:35:07.610",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) en Advanced REST Client v.17.0.9 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de un script manipulado para el par\u00e1metro de edici\u00f3n de detalles de la funci\u00f3n New Project." "value": "Una vulnerabilidad de Cross Site Scripting (XSS) en Advanced REST Client v.17.0.9 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de un script manipulado para el par\u00e1metro de edici\u00f3n de detalles de la funci\u00f3n New Project."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/EQSTLab/PoC/tree/main/2024/XSS/CVE-2024-25503", "url": "https://github.com/EQSTLab/PoC/tree/main/2024/XSS/CVE-2024-25503",

39
CVE-2024/CVE-2024-258xx/CVE-2024-25828.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25828", "id": "CVE-2024-25828",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T16:15:54.100", "published": "2024-02-22T16:15:54.100",
"lastModified": "2024-02-22T19:07:27.197", "lastModified": "2024-08-19T21:35:05.027",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "cmseasy V7.7.7.9 tiene una vulnerabilidad de eliminaci\u00f3n de archivos arbitrarios en lib/admin/template_admin.php." "value": "cmseasy V7.7.7.9 tiene una vulnerabilidad de eliminaci\u00f3n de archivos arbitrarios en lib/admin/template_admin.php."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-27"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/sec-Kode/cve", "url": "https://github.com/sec-Kode/cve",

27
CVE-2024/CVE-2024-258xx/CVE-2024-25858.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25858", "id": "CVE-2024-25858",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T21:15:09.030", "published": "2024-03-05T21:15:09.030",
"lastModified": "2024-03-06T15:18:08.093", "lastModified": "2024-08-19T21:35:05.770",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "En Foxit PDF Reader anterior a 2024.1 y PDF Editor anterior a 2024.1, la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de JavaScript podr\u00eda ocurrir debido a un mensaje emergente no optimizado para que los usuarios revisen los par\u00e1metros de los comandos." "value": "En Foxit PDF Reader anterior a 2024.1 y PDF Editor anterior a 2024.1, la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de JavaScript podr\u00eda ocurrir debido a un mensaje emergente no optimizado para que los usuarios revisen los par\u00e1metros de los comandos."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"references": [ "references": [
{ {
"url": "https://www.foxit.com/support/security-bulletins.html", "url": "https://www.foxit.com/support/security-bulletins.html",

39
CVE-2024/CVE-2024-275xx/CVE-2024-27569.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27569", "id": "CVE-2024-27569",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T14:15:54.213", "published": "2024-03-01T14:15:54.213",
"lastModified": "2024-03-01T15:23:36.177", "lastModified": "2024-08-19T20:35:08.430",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que LBT T300-T390 v2.2.1.8 conten\u00eda un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s del par\u00e1metro ApCliSsid en la funci\u00f3n init_nvram. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una solicitud POST manipulada." "value": "Se descubri\u00f3 que LBT T300-T390 v2.2.1.8 conten\u00eda un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s del par\u00e1metro ApCliSsid en la funci\u00f3n init_nvram. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una solicitud POST manipulada."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/init_nvram.md", "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/init_nvram.md",

39
CVE-2024/CVE-2024-280xx/CVE-2024-28089.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28089", "id": "CVE-2024-28089",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-09T07:15:09.577", "published": "2024-03-09T07:15:09.577",
"lastModified": "2024-03-11T01:32:29.610", "lastModified": "2024-08-19T20:35:09.170",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Los dispositivos Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 permiten a un atacante remoto dentro de la proximidad de Wi-Fi (que tiene acceso al panel de administraci\u00f3n del router) realizar un ataque XSS almacenado basado en DOM que puede recuperar recursos remotos. El payload se ejecuta en index.html#advanced_location (tambi\u00e9n conocida como la p\u00e1gina Ubicaci\u00f3n del dispositivo). Esto puede provocar una denegaci\u00f3n de servicio o dar lugar a la divulgaci\u00f3n de informaci\u00f3n." "value": "Los dispositivos Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 permiten a un atacante remoto dentro de la proximidad de Wi-Fi (que tiene acceso al panel de administraci\u00f3n del router) realizar un ataque XSS almacenado basado en DOM que puede recuperar recursos remotos. El payload se ejecuta en index.html#advanced_location (tambi\u00e9n conocida como la p\u00e1gina Ubicaci\u00f3n del dispositivo). Esto puede provocar una denegaci\u00f3n de servicio o dar lugar a la divulgaci\u00f3n de informaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089", "url": "https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089",

14
CVE-2024/CVE-2024-283xx/CVE-2024-28319.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28319", "id": "CVE-2024-28319",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-15T15:15:09.020", "published": "2024-03-15T15:15:09.020",
"lastModified": "2024-03-15T16:26:49.320", "lastModified": "2024-08-19T20:35:09.997",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -16,6 +16,18 @@
} }
], ],
"metrics": {}, "metrics": {},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/gpac/gpac/issues/2763", "url": "https://github.com/gpac/gpac/issues/2763",

39
CVE-2024/CVE-2024-293xx/CVE-2024-29386.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29386", "id": "CVE-2024-29386",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-04T20:15:08.837", "published": "2024-04-04T20:15:08.837",
"lastModified": "2024-04-05T12:40:52.763", "lastModified": "2024-08-19T20:35:10.667",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que projeqtor hasta 11.2.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente /view/criticalResourceExport.php." "value": "Se descubri\u00f3 que projeqtor hasta 11.2.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente /view/criticalResourceExport.php."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/", "url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/",

39
CVE-2024/CVE-2024-295xx/CVE-2024-29515.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29515", "id": "CVE-2024-29515",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-25T19:15:59.190", "published": "2024-03-25T19:15:59.190",
"lastModified": "2024-03-26T12:55:05.010", "lastModified": "2024-08-19T20:35:11.413",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de carga de archivos en lepton v.7.1.0 permite a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario cargando un archivo PHP manipulado en los componentes save.php y config.php." "value": "La vulnerabilidad de carga de archivos en lepton v.7.1.0 permite a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario cargando un archivo PHP manipulado en los componentes save.php y config.php."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/zzq66/cve7/", "url": "https://github.com/zzq66/cve7/",

39
CVE-2024/CVE-2024-304xx/CVE-2024-30420.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30420", "id": "CVE-2024-30420",
"sourceIdentifier": "vultures@jpcert.or.jp", "sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-05-22T05:15:52.983", "published": "2024-05-22T05:15:52.983",
"lastModified": "2024-05-22T12:46:53.887", "lastModified": "2024-08-19T20:35:12.223",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de Server-Side Request Forgery (SSRF) existe en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.12 y en las versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.32. Si se explota esta vulnerabilidad, un usuario con privilegios de administrador o superiores que pueda iniciar sesi\u00f3n en el producto puede obtener archivos arbitrarios en el servidor e informaci\u00f3n en el servidor interno que no se divulga al p\u00fablico." "value": "La vulnerabilidad de Server-Side Request Forgery (SSRF) existe en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.12 y en las versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.32. Si se explota esta vulnerabilidad, un usuario con privilegios de administrador o superiores que pueda iniciar sesi\u00f3n en el producto puede obtener archivos arbitrarios en el servidor e informaci\u00f3n en el servidor interno que no se divulga al p\u00fablico."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html", "url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html",

27
CVE-2024/CVE-2024-305xx/CVE-2024-30570.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30570", "id": "CVE-2024-30570",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T13:16:02.563", "published": "2024-04-03T13:16:02.563",
"lastModified": "2024-08-01T13:50:10.667", "lastModified": "2024-08-19T20:35:12.990",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "Una fuga de informaci\u00f3n en debuginfo.htm de Netgear R6850 v1.1.0.88 permite a los atacantes obtener informaci\u00f3n confidencial sin necesidad de autenticaci\u00f3n." "value": "Una fuga de informaci\u00f3n en debuginfo.htm de Netgear R6850 v1.1.0.88 permite a los atacantes obtener informaci\u00f3n confidencial sin necesidad de autenticaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30603.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30603", "id": "CVE-2024-30603",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T15:15:46.787", "published": "2024-03-28T15:15:46.787",
"lastModified": "2024-03-28T16:07:30.893", "lastModified": "2024-08-19T20:35:13.213",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda FH1203 v2.0.1.6 tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro URL de la funci\u00f3n saveParentControlInfo." "value": "Tenda FH1203 v2.0.1.6 tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro URL de la funci\u00f3n saveParentControlInfo."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_urls.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_urls.md",

34
CVE-2024/CVE-2024-306xx/CVE-2024-30621.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30621", "id": "CVE-2024-30621",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-02T14:15:08.213", "published": "2024-04-02T14:15:08.213",
"lastModified": "2024-04-08T22:48:53.950", "lastModified": "2024-08-19T20:35:13.943",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
} }
], ],
"configurations": [ "configurations": [

39
CVE-2024/CVE-2024-306xx/CVE-2024-30629.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30629", "id": "CVE-2024-30629",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-29T13:15:16.223", "published": "2024-03-29T13:15:16.223",
"lastModified": "2024-03-29T13:28:22.880", "lastModified": "2024-08-19T20:35:14.703",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda FH1205 v2.0.0.7(775) tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro list1 de la funci\u00f3n fromDhcpListClient." "value": "Tenda FH1205 v2.0.0.7(775) tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro list1 de la funci\u00f3n fromDhcpListClient."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromDhcpListClient_list1.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromDhcpListClient_list1.md",

39
CVE-2024/CVE-2024-308xx/CVE-2024-30891.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30891", "id": "CVE-2024-30891",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-05T08:15:07.800", "published": "2024-04-05T08:15:07.800",
"lastModified": "2024-04-05T12:40:52.763", "lastModified": "2024-08-19T20:35:15.447",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en /goform/exeCommand en Tenda AC18 v15.03.05.05, que permite a los atacantes construir par\u00e1metros cmdinput para la ejecuci\u00f3n de comandos arbitrarios." "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en /goform/exeCommand en Tenda AC18 v15.03.05.05, que permite a los atacantes construir par\u00e1metros cmdinput para la ejecuci\u00f3n de comandos arbitrarios."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Lantern-r/IoT-vuln/blob/main/Tenda/AC18/formexeCommand.md", "url": "https://github.com/Lantern-r/IoT-vuln/blob/main/Tenda/AC18/formexeCommand.md",

39
CVE-2024/CVE-2024-315xx/CVE-2024-31503.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31503", "id": "CVE-2024-31503",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-17T00:15:07.220", "published": "2024-04-17T00:15:07.220",
"lastModified": "2024-04-17T12:48:07.510", "lastModified": "2024-08-19T21:35:06.150",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "El control de acceso incorrecto en las versiones 19.0.0 y anteriores de Dolibarr ERP CRM permite a atacantes autenticados robar cookies de sesi\u00f3n de los usuarios v\u00edctimas y tokens de protecci\u00f3n CSRF a trav\u00e9s de la interacci\u00f3n del usuario con una p\u00e1gina web manipulada, lo que lleva a la apropiaci\u00f3n de cuentas." "value": "El control de acceso incorrecto en las versiones 19.0.0 y anteriores de Dolibarr ERP CRM permite a atacantes autenticados robar cookies de sesi\u00f3n de los usuarios v\u00edctimas y tokens de protecci\u00f3n CSRF a trav\u00e9s de la interacci\u00f3n del usuario con una p\u00e1gina web manipulada, lo que lleva a la apropiaci\u00f3n de cuentas."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.md", "url": "https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.md",

39
CVE-2024/CVE-2024-347xx/CVE-2024-34743.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34743", "id": "CVE-2024-34743",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.957", "published": "2024-08-15T22:15:06.957",
"lastModified": "2024-08-19T13:00:23.117", "lastModified": "2024-08-19T20:35:16.253",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "En setTransactionState de SurfaceFlinger.cpp, existe una forma posible de realizar tapjacking debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." "value": "En setTransactionState de SurfaceFlinger.cpp, existe una forma posible de realizar tapjacking debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://android.googlesource.com/platform/frameworks/native/+/3f85323b27d95a57bfa87cbf68dd4a143f9f88ad", "url": "https://android.googlesource.com/platform/frameworks/native/+/3f85323b27d95a57bfa87cbf68dd4a143f9f88ad",

25
CVE-2024/CVE-2024-355xx/CVE-2024-35538.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-35538",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-19T21:15:09.850",
"lastModified": "2024-08-19T21:15:09.850",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests."
}
],
"metrics": {},
"references": [
{
"url": "https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/",
"source": "cve@mitre.org"
},
{
"url": "https://typecho.org",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-355xx/CVE-2024-35539.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-35539",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-19T21:15:09.913",
"lastModified": "2024-08-19T21:15:09.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently."
}
],
"metrics": {},
"references": [
{
"url": "https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/",
"source": "cve@mitre.org"
},
{
"url": "https://typecho.org",
"source": "cve@mitre.org"
}
]
}

67
CVE-2024/CVE-2024-392xx/CVE-2024-39241.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39241", "id": "CVE-2024-39241",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-26T20:15:16.447", "published": "2024-06-26T20:15:16.447",
"lastModified": "2024-06-27T12:47:19.847", "lastModified": "2024-08-19T21:06:05.693",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,11 +15,66 @@
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) en skycaiji 2.8 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de /admin/tool/preview." "value": "Una vulnerabilidad de Cross Site Scripting (XSS) en skycaiji 2.8 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de /admin/tool/preview."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://fushuling.com/index.php/2024/06/19/test3/", "source": "nvd@nist.gov",
"source": "cve@mitre.org" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:skycaiji:skycaiji:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F13E24D0-29A8-4E07-8959-FEDC7DB77128"
}
]
}
]
}
],
"references": [
{
"url": "https://fushuling.com/index.php/2024/06/19/test3/",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
} }
] ]
} }

67
CVE-2024/CVE-2024-392xx/CVE-2024-39242.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39242", "id": "CVE-2024-39242",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-26T20:15:16.527", "published": "2024-06-26T20:15:16.527",
"lastModified": "2024-06-27T12:47:19.847", "lastModified": "2024-08-19T21:06:24.177",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,11 +15,66 @@
"value": " Una vulnerabilidad de Cross Site Scripting (XSS) en skycaiji v2.8 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado utilizando eval(String.fromCharCode())." "value": " Una vulnerabilidad de Cross Site Scripting (XSS) en skycaiji v2.8 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado utilizando eval(String.fromCharCode())."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://fushuling.com/index.php/2024/06/13/test2/", "source": "nvd@nist.gov",
"source": "cve@mitre.org" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:skycaiji:skycaiji:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F13E24D0-29A8-4E07-8959-FEDC7DB77128"
}
]
}
]
}
],
"references": [
{
"url": "https://fushuling.com/index.php/2024/06/13/test2/",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
} }
] ]
} }

113
CVE-2024/CVE-2024-394xx/CVE-2024-39463.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39463", "id": "CVE-2024-39463",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-25T15:15:14.760", "published": "2024-06-25T15:15:14.760",
"lastModified": "2024-06-25T18:50:42.040", "lastModified": "2024-08-19T21:01:55.557",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,108 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: 9p: agregar bloqueo faltante al tomar la lista de fid de dentry. Se corrigi\u00f3 un use-after-free en la lista de fid d_fsdata de dentry cuando un subproceso busca un fid a trav\u00e9s de dentry mientras otro subproceso lo desvincula: UAF hilo: refcount_t: suma en 0; use-after-free. p9_fid_get linux/./include/net/9p/client.h:262 v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129 v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181 v9fs_fid_lookup+0xbf/0xc20 Linux /fs/9p/fid.c:314 v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400 vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248 Liberado por: p9_fid_destroy (en l\u00ednea) desconocido+0xb0 /0xe0 linux/net/9p/client.c:1456 p9_fid_put linux/./include/net/9p/client.h:278 v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55 v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518 vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335 El problema es que no se accedi\u00f3 a d_fsdata bajo d_lock, porque normalmente d_release() solo se llama una vez que dentry no est\u00e1 disponible. ya no es accesible, pero como tambi\u00e9n lo llamamos expl\u00edcitamente en v9fs_remove, ese bloqueo es necesario: mueva la hlist fuera del dentry bajo bloqueo y luego elimine la referencia de sus fids una vez que ya no sean accesibles." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: 9p: agregar bloqueo faltante al tomar la lista de fid de dentry. Se corrigi\u00f3 un use-after-free en la lista de fid d_fsdata de dentry cuando un subproceso busca un fid a trav\u00e9s de dentry mientras otro subproceso lo desvincula: UAF hilo: refcount_t: suma en 0; use-after-free. p9_fid_get linux/./include/net/9p/client.h:262 v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129 v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181 v9fs_fid_lookup+0xbf/0xc20 Linux /fs/9p/fid.c:314 v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400 vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248 Liberado por: p9_fid_destroy (en l\u00ednea) desconocido+0xb0 /0xe0 linux/net/9p/client.c:1456 p9_fid_put linux/./include/net/9p/client.h:278 v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55 v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518 vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335 El problema es que no se accedi\u00f3 a d_fsdata bajo d_lock, porque normalmente d_release() solo se llama una vez que dentry no est\u00e1 disponible. ya no es accesible, pero como tambi\u00e9n lo llamamos expl\u00edcitamente en v9fs_remove, ese bloqueo es necesario: mueva la hlist fuera del dentry bajo bloqueo y luego elimine la referencia de sus fids una vez que ya no sean accesibles."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456", "impactScore": 5.9
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "6.1.94",
"matchCriteriaId": "0F1BDCB0-B227-4406-81D0-90429CAF5F99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.34",
"matchCriteriaId": "6BD9DCFD-0342-4039-B8CE-70F26DB7173B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.5",
"matchCriteriaId": "8366481F-770F-4850-9D0F-2977BD97D5C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

92
CVE-2024/CVE-2024-394xx/CVE-2024-39464.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39464", "id": "CVE-2024-39464",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-25T15:15:14.953", "published": "2024-06-25T15:15:14.953",
"lastModified": "2024-06-25T18:50:42.040", "lastModified": "2024-08-19T21:02:16.113",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: v4l: async: correcci\u00f3n de la entrada de la lista de notificadores init struct v4l2_async_notifier tiene varios miembros list_head, pero solo se inicializan la lista de espera y la lista de hechos. notifier_entry se mantuvo 'puesto a cero', lo que gener\u00f3 un list_head no inicializado. Esto da como resultado una desreferencia del puntero NULL si csi2_async_register() falla, por ejemplo, el nodo para el endpoint remoto est\u00e1 deshabilitado y devuelve -ENOTCONN. Las siguientes llamadas a v4l2_async_nf_unregister() dan como resultado una desreferencia del puntero NULL. Agregue el inicializador de encabezado de lista que falta." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: v4l: async: correcci\u00f3n de la entrada de la lista de notificadores init struct v4l2_async_notifier tiene varios miembros list_head, pero solo se inicializan la lista de espera y la lista de hechos. notifier_entry se mantuvo 'puesto a cero', lo que gener\u00f3 un list_head no inicializado. Esto da como resultado una desreferencia del puntero NULL si csi2_async_register() falla, por ejemplo, el nodo para el endpoint remoto est\u00e1 deshabilitado y devuelve -ENOTCONN. Las siguientes llamadas a v4l2_async_nf_unregister() dan como resultado una desreferencia del puntero NULL. Agregue el inicializador de encabezado de lista que falta."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/44f6d619c30f0c65fcdd2b6eba70fdb4460d87ad", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/6d8acd02c4c6a8f917eefac1de2e035521ca119d", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/a80d1da923f671c1e6a14e8417cd2f117b27a442", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.6.34",
"matchCriteriaId": "AC0C6E24-8240-425A-BD1A-F78E6D3A67FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.5",
"matchCriteriaId": "8366481F-770F-4850-9D0F-2977BD97D5C5"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/44f6d619c30f0c65fcdd2b6eba70fdb4460d87ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6d8acd02c4c6a8f917eefac1de2e035521ca119d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a80d1da923f671c1e6a14e8417cd2f117b27a442",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

86
CVE-2024/CVE-2024-394xx/CVE-2024-39465.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39465", "id": "CVE-2024-39465",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-25T15:15:15.037", "published": "2024-06-25T15:15:15.037",
"lastModified": "2024-06-25T18:50:42.040", "lastModified": "2024-08-19T21:04:27.467",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,85 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: mgb4: Fix double debugfs remove Corrige un error donde se llama a debugfs_remove_recursive() primero en un directorio principal y luego nuevamente en un hijo, lo que provoca un p\u00e1nico en el kernel. [hverkuil: se agregaron correcciones/etiquetas CC]" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: mgb4: Fix double debugfs remove Corrige un error donde se llama a debugfs_remove_recursive() primero en un directorio principal y luego nuevamente en un hijo, lo que provoca un p\u00e1nico en el kernel. [hverkuil: se agregaron correcciones/etiquetas CC]"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/252204b634efffd8b167d77413c93d0192aaf5f6", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/825fc49497957310e421454fe3fb8b8d8d8e2dd2", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.5",
"matchCriteriaId": "8366481F-770F-4850-9D0F-2977BD97D5C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/252204b634efffd8b167d77413c93d0192aaf5f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/825fc49497957310e421454fe3fb8b8d8d8e2dd2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

126
CVE-2024/CVE-2024-394xx/CVE-2024-39466.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39466", "id": "CVE-2024-39466",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-25T15:15:15.117", "published": "2024-06-25T15:15:15.117",
"lastModified": "2024-06-25T18:50:42.040", "lastModified": "2024-08-19T20:59:54.867",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal/drivers/qcom/lmh: Verificar la disponibilidad de SCM en la sonda Hasta ahora, no se ha realizado la verificaci\u00f3n de disponibilidad de SCM necesaria, lo que lleva a posibles desreferencias de puntero nulo (lo que me pas\u00f3 en RB1). Arregla eso." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal/drivers/qcom/lmh: Verificar la disponibilidad de SCM en la sonda Hasta ahora, no se ha realizado la verificaci\u00f3n de disponibilidad de SCM necesaria, lo que lleva a posibles desreferencias de puntero nulo (lo que me pas\u00f3 en RB1). Arregla eso."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "E2AB5A01-EFFD-4A24-8CCB-4A016C8C4BB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.94",
"matchCriteriaId": "9D20DE32-76F8-4E4C-A8DF-5B53082D18E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.34",
"matchCriteriaId": "6BD9DCFD-0342-4039-B8CE-70F26DB7173B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.5",
"matchCriteriaId": "8366481F-770F-4850-9D0F-2977BD97D5C5"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

92
CVE-2024/CVE-2024-394xx/CVE-2024-39470.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39470", "id": "CVE-2024-39470",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-25T15:15:15.417", "published": "2024-06-25T15:15:15.417",
"lastModified": "2024-06-25T18:50:42.040", "lastModified": "2024-08-19T20:58:03.040",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: eventfs: se corrige una posible desreferencia de puntero nulo en eventfs_find_events() En la funci\u00f3n eventfs_find_events, existe un posible puntero nulo que puede deberse a la llamada a update_events_attr que realizar\u00e1 algunas operaciones en los miembros de la estructura ei cuando ei es NULL. Por lo tanto, cuando se establece ei->is_freed, se devuelve NULL directamente." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: eventfs: se corrige una posible desreferencia de puntero nulo en eventfs_find_events() En la funci\u00f3n eventfs_find_events, existe un posible puntero nulo que puede deberse a la llamada a update_events_attr que realizar\u00e1 algunas operaciones en los miembros de la estructura ei cuando ei es NULL. Por lo tanto, cuando se establece ei->is_freed, se devuelve NULL directamente."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/5ade5fbdbbb1f023bb70730ba4d74146c8bc7eb9", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/7a1b2d138189375ed1dcd7d0851118230221bd1d", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/d4e9a968738bf66d3bb852dd5588d4c7afd6d7f4", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.18",
"versionEndExcluding": "6.6.34",
"matchCriteriaId": "2F943865-D05D-4337-A71C-88AC81AA7E29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.9.5",
"matchCriteriaId": "8B3D6E66-FEFD-4991-BA30-CE0850746435"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/5ade5fbdbbb1f023bb70730ba4d74146c8bc7eb9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7a1b2d138189375ed1dcd7d0851118230221bd1d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d4e9a968738bf66d3bb852dd5588d4c7afd6d7f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

81
CVE-2024/CVE-2024-422xx/CVE-2024-42262.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42262", "id": "CVE-2024-42262",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:07.680", "published": "2024-08-17T09:15:07.680",
"lastModified": "2024-08-19T12:59:59.177", "lastModified": "2024-08-19T20:05:15.407",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,80 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: corrige una posible p\u00e9rdida de memoria en la extensi\u00f3n de rendimiento. Si falla la recuperaci\u00f3n de la memoria del espacio de usuario durante el bucle principal, todos los objetos de sincronizaci\u00f3n de drm buscados hasta ese punto se filtrar\u00e1n debido a la falta drm_syncobj_put. Solucionarlo exportando y utilizando un asistente de limpieza com\u00fan. (cereza escogida del commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)" "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: corrige una posible p\u00e9rdida de memoria en la extensi\u00f3n de rendimiento. Si falla la recuperaci\u00f3n de la memoria del espacio de usuario durante el bucle principal, todos los objetos de sincronizaci\u00f3n de drm buscados hasta ese punto se filtrar\u00e1n debido a la falta drm_syncobj_put. Solucionarlo exportando y utilizando un asistente de limpieza com\u00fan. (cereza escogida del commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.10.4",
"matchCriteriaId": "F8B935B3-1FAC-4502-A5BA-A3C286A20469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

81
CVE-2024/CVE-2024-422xx/CVE-2024-42263.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42263", "id": "CVE-2024-42263",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:07.770", "published": "2024-08-17T09:15:07.770",
"lastModified": "2024-08-19T12:59:59.177", "lastModified": "2024-08-19T20:41:11.240",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,80 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: corrige una posible p\u00e9rdida de memoria en la extensi\u00f3n de marca de tiempo. Si falla la recuperaci\u00f3n de la memoria del espacio de usuario durante el bucle principal, todos los objetos de sincronizaci\u00f3n de drm buscados hasta ese punto se filtrar\u00e1n debido a la falta drm_syncobj_put. Solucionarlo exportando y utilizando un asistente de limpieza com\u00fan. (cereza escogida del commit 753ce4fea62182c77e1691ab4f9022008f25b62e)" "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: corrige una posible p\u00e9rdida de memoria en la extensi\u00f3n de marca de tiempo. Si falla la recuperaci\u00f3n de la memoria del espacio de usuario durante el bucle principal, todos los objetos de sincronizaci\u00f3n de drm buscados hasta ese punto se filtrar\u00e1n debido a la falta drm_syncobj_put. Solucionarlo exportando y utilizando un asistente de limpieza com\u00fan. (cereza escogida del commit 753ce4fea62182c77e1691ab4f9022008f25b62e)"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.10.4",
"matchCriteriaId": "F8B935B3-1FAC-4502-A5BA-A3C286A20469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

113
CVE-2024/CVE-2024-422xx/CVE-2024-42268.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42268", "id": "CVE-2024-42268",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.110", "published": "2024-08-17T09:15:08.110",
"lastModified": "2024-08-19T12:59:59.177", "lastModified": "2024-08-19T20:52:49.323",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,108 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5: se corrigi\u00f3 el bloqueo faltante en la recarga de reinicio de sincronizaci\u00f3n. En el trabajo de recarga de reinicio de sincronizaci\u00f3n, cuando el host remoto actualiza devlink en las acciones de recarga realizadas en ese host, no toma el bloqueo de devlink antes de llamar a devlink_remote_reload_actions_performed. () lo que da como resultado la activaci\u00f3n de un bloqueo como el siguiente: ADVERTENCIA: CPU: 4 PID: 1164 en net/devlink/core.c:261 devl_assert_locked+0x3e/0x50 \u2026 CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted : GSW 6.10.0-rc2+ #116 Nombre del hardware: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 18/12/2015 Cola de trabajo: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core] RIP: devl_assert_locked+0x3e/0x50 \u2026 Seguimiento de llamadas: ? __advertir+0xa4/0x210 ? devl_assert_locked+0x3e/0x50? report_bug+0x160/0x280? handle_bug+0x3f/0x80? exc_invalid_op+0x17/0x40? asm_exc_invalid_op+0x1a/0x20? devl_assert_locked+0x3e/0x50 devlink_notify+0x88/0x2b0? mlx5_attach_device+0x20c/0x230 [mlx5_core] ? __pfx_devlink_notify+0x10/0x10? proceso_one_work+0x4b6/0xbb0 proceso_one_work+0x4b6/0xbb0 [\u2026]" "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5: se corrigi\u00f3 el bloqueo faltante en la recarga de reinicio de sincronizaci\u00f3n. En el trabajo de recarga de reinicio de sincronizaci\u00f3n, cuando el host remoto actualiza devlink en las acciones de recarga realizadas en ese host, no toma el bloqueo de devlink antes de llamar a devlink_remote_reload_actions_performed. () lo que da como resultado la activaci\u00f3n de un bloqueo como el siguiente: ADVERTENCIA: CPU: 4 PID: 1164 en net/devlink/core.c:261 devl_assert_locked+0x3e/0x50 \u2026 CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted : GSW 6.10.0-rc2+ #116 Nombre del hardware: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 18/12/2015 Cola de trabajo: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core] RIP: devl_assert_locked+0x3e/0x50 \u2026 Seguimiento de llamadas: ? __advertir+0xa4/0x210 ? devl_assert_locked+0x3e/0x50? report_bug+0x160/0x280? handle_bug+0x3f/0x80? exc_invalid_op+0x17/0x40? asm_exc_invalid_op+0x1a/0x20? devl_assert_locked+0x3e/0x50 devlink_notify+0x88/0x2b0? mlx5_attach_device+0x20c/0x230 [mlx5_core] ? __pfx_devlink_notify+0x10/0x10? proceso_one_work+0x4b6/0xbb0 proceso_one_work+0x4b6/0xbb0 [\u2026]"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0",
"versionEndExcluding": "6.1.104",
"matchCriteriaId": "7CD59F09-76BC-4BEB-8B0C-B909A6F9E6BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.45",
"matchCriteriaId": "6ED8FBDF-48EE-4FEB-8B1A-CFF4FBCB27BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.4",
"matchCriteriaId": "1F9FECDC-6CB8-41E5-B32A-E46776100D9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

124
CVE-2024/CVE-2024-422xx/CVE-2024-42269.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42269", "id": "CVE-2024-42269",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.177", "published": "2024-08-17T09:15:08.177",
"lastModified": "2024-08-19T12:59:59.177", "lastModified": "2024-08-19T20:53:51.717",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,27 +15,115 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: iptables: corrige el potencial null-ptr-deref en ip6table_nat_table_init(). ip6table_nat_table_init() accede a net->gen->ptr[ip6table_nat_net_ops.id], pero la funci\u00f3n est\u00e1 expuesta al espacio del usuario antes de que la entrada se asigne a trav\u00e9s de Register_pernet_subsys(). Llamemos a Register_pernet_subsys() antes de xt_register_template()." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: iptables: corrige el potencial null-ptr-deref en ip6table_nat_table_init(). ip6table_nat_table_init() accede a net->gen->ptr[ip6table_nat_net_ops.id], pero la funci\u00f3n est\u00e1 expuesta al espacio del usuario antes de que la entrada se asigne a trav\u00e9s de Register_pernet_subsys(). Llamemos a Register_pernet_subsys() antes de xt_register_template()."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "6.1.104",
"matchCriteriaId": "47935D4A-35BC-4583-8B6B-49D49E8D999C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.45",
"matchCriteriaId": "6ED8FBDF-48EE-4FEB-8B1A-CFF4FBCB27BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.4",
"matchCriteriaId": "1F9FECDC-6CB8-41E5-B32A-E46776100D9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

124
CVE-2024/CVE-2024-422xx/CVE-2024-42270.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42270", "id": "CVE-2024-42270",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.240", "published": "2024-08-17T09:15:08.240",
"lastModified": "2024-08-19T12:59:59.177", "lastModified": "2024-08-19T20:01:09.520",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,27 +15,115 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: netfilter: iptables: corrige null-ptr-deref en iptable_nat_table_init(). Recibimos un informe de que iptables-restore a veces activaba null-ptr-deref en el momento del arranque. [0] El problema es que iptable_nat_table_init() est\u00e1 expuesto al espacio del usuario antes de que el kernel inicialice completamente netns. En la ventana de ejecuci\u00f3n peque\u00f1a, un usuario podr\u00eda llamar a iptable_nat_table_init() que accede a net_generic(net, iptable_nat_net_id), que est\u00e1 disponible solo despu\u00e9s de registrar iptable_nat_net_ops. Llamemos a Register_pernet_subsys() antes de xt_register_template(). [0]: bpfilter: Bpfilter_umh pid 11702 iniciado bpfilter ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000013 PF: acceso de escritura del supervisor en modo kernel PF: error_code(0x0002) - p\u00e1gina no presente PGD 0 P4D 0 PREEMPT SMP NOPTI CPU: 2 PID: 11879 Comm: iptables-restor No contaminado 6.1.92-99.174.amzn2023.x86_64 #1 Nombre del hardware: Amazon EC2 c6i.4xlarge/, BIOS 1.0 16/10/2017 RIP: 0010:iptable_nat_table_init (net/ipv4/netfilter /iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat C\u00f3digo: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 pa 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c RSP: 0018:ffffbef902843cd0 EFLAGS: 00010246 RAX: 0000000000000013RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80 RDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0 RBP: ffff9f4b29394000 R08: ffff9f4b07f77 258 R09: ffff9f4b07f77240 R10: 00000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000 R13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 : 0000000000000004 FS: 00007f6284340000(0000) GS:ffff9f51fe280000( 0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007 706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 00000000000000000 DR6: 00000000ffe0ff0 DR7: 0000000000000400 PK RU: 55555554 Seguimiento de llamadas: ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)? xt_find_table_lock (net/netfilter/x_tables.c:1259)? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)? page_fault_oops (arch/x86/mm/fault.c:727)? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault .c:1518)? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat xt_find_table_lock (net/netfilter/x_tables.c:1259) xt_request_find_table_lock (net/netfilter/x_tables.c:1287) get_info (net/ipv4/netfilter/ip_tables.c:965)? security_capable (seguridad/seguridad.c:809 (discriminador 13))? ns_capable (kernel/capability.c:376 kernel/capability.c:397)? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter nf_getsockopt (net/netfilter/nf_sockopt.c:116) ip_getsockopt (net/ipv4/ip_sockglue.c:1827) __sys_getsockopt (net/socket.c:2327) _sys_getsockopt (neto /socket.c:2342 net/socket.c:2339 net/socket.c:2339) do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81) Entry_SYSCALL_64_after_hwframe (arch/ x86/entry/entry_64.S:121) RIP: 0033:0x7f62844685ee C\u00f3digo: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f 3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09 RSP: 002b:00007ffd1f83d638 EFLAGS: 46 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00000000000000004 R08: 00007ffd1f83d670 : 0000558798ffa2a0 R10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2 R13: 00007f6284 ---truncado---" "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: netfilter: iptables: corrige null-ptr-deref en iptable_nat_table_init(). Recibimos un informe de que iptables-restore a veces activaba null-ptr-deref en el momento del arranque. [0] El problema es que iptable_nat_table_init() est\u00e1 expuesto al espacio del usuario antes de que el kernel inicialice completamente netns. En la ventana de ejecuci\u00f3n peque\u00f1a, un usuario podr\u00eda llamar a iptable_nat_table_init() que accede a net_generic(net, iptable_nat_net_id), que est\u00e1 disponible solo despu\u00e9s de registrar iptable_nat_net_ops. Llamemos a Register_pernet_subsys() antes de xt_register_template(). [0]: bpfilter: Bpfilter_umh pid 11702 iniciado bpfilter ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000013 PF: acceso de escritura del supervisor en modo kernel PF: error_code(0x0002) - p\u00e1gina no presente PGD 0 P4D 0 PREEMPT SMP NOPTI CPU: 2 PID: 11879 Comm: iptables-restor No contaminado 6.1.92-99.174.amzn2023.x86_64 #1 Nombre del hardware: Amazon EC2 c6i.4xlarge/, BIOS 1.0 16/10/2017 RIP: 0010:iptable_nat_table_init (net/ipv4/netfilter /iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat C\u00f3digo: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 pa 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c RSP: 0018:ffffbef902843cd0 EFLAGS: 00010246 RAX: 0000000000000013RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80 RDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0 RBP: ffff9f4b29394000 R08: ffff9f4b07f77 258 R09: ffff9f4b07f77240 R10: 00000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000 R13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 : 0000000000000004 FS: 00007f6284340000(0000) GS:ffff9f51fe280000( 0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007 706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 00000000000000000 DR6: 00000000ffe0ff0 DR7: 0000000000000400 PK RU: 55555554 Seguimiento de llamadas: ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)? xt_find_table_lock (net/netfilter/x_tables.c:1259)? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)? page_fault_oops (arch/x86/mm/fault.c:727)? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault .c:1518)? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat xt_find_table_lock (net/netfilter/x_tables.c:1259) xt_request_find_table_lock (net/netfilter/x_tables.c:1287) get_info (net/ipv4/netfilter/ip_tables.c:965)? security_capable (seguridad/seguridad.c:809 (discriminador 13))? ns_capable (kernel/capability.c:376 kernel/capability.c:397)? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter nf_getsockopt (net/netfilter/nf_sockopt.c:116) ip_getsockopt (net/ipv4/ip_sockglue.c:1827) __sys_getsockopt (net/socket.c:2327) _sys_getsockopt (neto /socket.c:2342 net/socket.c:2339 net/socket.c:2339) do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81) Entry_SYSCALL_64_after_hwframe (arch/ x86/entry/entry_64.S:121) RIP: 0033:0x7f62844685ee C\u00f3digo: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f 3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09 RSP: 002b:00007ffd1f83d638 EFLAGS: 46 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00000000000000004 R08: 00007ffd1f83d670 : 0000558798ffa2a0 R10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2 R13: 00007f6284 ---truncado---"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "6.1.104",
"matchCriteriaId": "47935D4A-35BC-4583-8B6B-49D49E8D999C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.45",
"matchCriteriaId": "6ED8FBDF-48EE-4FEB-8B1A-CFF4FBCB27BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.4",
"matchCriteriaId": "1F9FECDC-6CB8-41E5-B32A-E46776100D9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

185
CVE-2024/CVE-2024-422xx/CVE-2024-42271.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42271", "id": "CVE-2024-42271",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.307", "published": "2024-08-17T09:15:08.307",
"lastModified": "2024-08-19T12:59:59.177", "lastModified": "2024-08-19T20:03:31.840",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,164 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/iucv: corrige el use after free en iucv_sock_close() iucv_sever_path() se llama desde el contexto del proceso y desde el contexto bh. iucv->path se utiliza como indicador de si alguien m\u00e1s se est\u00e1 encargando de cortar la ruta (o si ya se elimin\u00f3 o nunca existi\u00f3). Esto debe hacerse con comparaci\u00f3n e intercambio at\u00f3mico; de lo contrario, hay una peque\u00f1a ventana donde iucv_sock_close() intentar\u00e1 trabajar con una ruta que ya ha sido cortada y liberada por iucv_callback_connrej() llamada por iucv_tasklet_fn(). Ejemplo: [452744.123844] Seguimiento de llamadas: [452744.123845] ([<0000001e87f03880>] 0x1e87f03880) [452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x13 8 [452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv] [452744.124336 ] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv] [452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv] [452744.124345] 000000d574794e>] __sock_release+0x5e/0xe8 [452744.124815] [<00000000d5747a0c> ] sock_close+0x34/0x48 [452744.124820] [<00000000d5421642>] __fput+0xba/0x268 [452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0 [452744.1 24832] [<00000000d5145710>] do_notify_resume+0x88/0x90 [452744.124841] [< 00000000d5978096>] system_call+0xe2/0x2c8 [452744.125319] \u00daltima direcci\u00f3n del evento de \u00faltima hora: [452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138 [452744.125 324] [452744.125325] P\u00e1nico del kernel: no se sincroniza: excepci\u00f3n fatal en la interrupci\u00f3n. Tenga en cuenta que bh_lock_sock () no serializa el contexto del tasklet con respecto al contexto del proceso, porque falta la verificaci\u00f3n de sock_owned_by_user() y el manejo correspondiente. Ideas para un futuro parche de limpieza: A) Uso correcto de bh_lock_sock() en el contexto del tasklet, como se describe en Volver a poner en cola, si es necesario. Esto puede requerir agregar valores de retorno a las funciones del tasklet y, por lo tanto, cambios para todos los usuarios de iucv. B) Cambie el tasklet iucv a trabajador y use solo lock_sock() en af_iucv." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/iucv: corrige el use after free en iucv_sock_close() iucv_sever_path() se llama desde el contexto del proceso y desde el contexto bh. iucv->path se utiliza como indicador de si alguien m\u00e1s se est\u00e1 encargando de cortar la ruta (o si ya se elimin\u00f3 o nunca existi\u00f3). Esto debe hacerse con comparaci\u00f3n e intercambio at\u00f3mico; de lo contrario, hay una peque\u00f1a ventana donde iucv_sock_close() intentar\u00e1 trabajar con una ruta que ya ha sido cortada y liberada por iucv_callback_connrej() llamada por iucv_tasklet_fn(). Ejemplo: [452744.123844] Seguimiento de llamadas: [452744.123845] ([<0000001e87f03880>] 0x1e87f03880) [452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x13 8 [452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv] [452744.124336 ] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv] [452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv] [452744.124345] 000000d574794e>] __sock_release+0x5e/0xe8 [452744.124815] [<00000000d5747a0c> ] sock_close+0x34/0x48 [452744.124820] [<00000000d5421642>] __fput+0xba/0x268 [452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0 [452744.1 24832] [<00000000d5145710>] do_notify_resume+0x88/0x90 [452744.124841] [< 00000000d5978096>] system_call+0xe2/0x2c8 [452744.125319] \u00daltima direcci\u00f3n del evento de \u00faltima hora: [452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138 [452744.125 324] [452744.125325] P\u00e1nico del kernel: no se sincroniza: excepci\u00f3n fatal en la interrupci\u00f3n. Tenga en cuenta que bh_lock_sock () no serializa el contexto del tasklet con respecto al contexto del proceso, porque falta la verificaci\u00f3n de sock_owned_by_user() y el manejo correspondiente. Ideas para un futuro parche de limpieza: A) Uso correcto de bh_lock_sock() en el contexto del tasklet, como se describe en Volver a poner en cola, si es necesario. Esto puede requerir agregar valores de retorno a las funciones del tasklet y, por lo tanto, cambios para todos los usuarios de iucv. B) Cambie el tasklet iucv a trabajador y use solo lock_sock() en af_iucv."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/01437282fd3904810603f3dc98d2cac6b8b6fc84", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/37652fbef9809411cea55ea5fa1a170e299efcd0", "impactScore": 5.9
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/69620522c48ce8215e5eb55ffbab8cafee8f407d", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/84f40b46787ecb67c7ad08a5bb1376141fa10c01", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-416"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/8b424c9e44111c5a76f41c6b741f8d4c4179d876", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/ac758e1f663fe9bc64f6b47212a2aa18697524f5", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/c65f72eec60a34ace031426e04e9aff8e5f04895", "cpeMatch": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "vulnerable": true,
{ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"url": "https://git.kernel.org/stable/c/f558120cd709682b739207b48cf7479fd9568431", "versionStartIncluding": "3.4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "versionEndExcluding": "4.19.320",
"matchCriteriaId": "D4F8C11A-E708-4EBE-97BC-D7F6041074D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.282",
"matchCriteriaId": "A8961D98-9ACF-4188-BA88-44038B14BC28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.224",
"matchCriteriaId": "5CCEDF13-293D-4E64-B501-4409D0365AFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.165",
"matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.104",
"matchCriteriaId": "20DB9042-F89E-4024-B005-ACBBA99CA659"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.45",
"matchCriteriaId": "6ED8FBDF-48EE-4FEB-8B1A-CFF4FBCB27BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.4",
"matchCriteriaId": "1F9FECDC-6CB8-41E5-B32A-E46776100D9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/01437282fd3904810603f3dc98d2cac6b8b6fc84",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/37652fbef9809411cea55ea5fa1a170e299efcd0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/69620522c48ce8215e5eb55ffbab8cafee8f407d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/84f40b46787ecb67c7ad08a5bb1376141fa10c01",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8b424c9e44111c5a76f41c6b741f8d4c4179d876",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ac758e1f663fe9bc64f6b47212a2aa18697524f5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c65f72eec60a34ace031426e04e9aff8e5f04895",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f558120cd709682b739207b48cf7479fd9568431",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

25
CVE-2024/CVE-2024-428xx/CVE-2024-42812.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42812",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-19T20:15:07.070",
"lastModified": "2024-08-19T20:15:07.070",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/XiaoCurry/574ed9c2b0d12cd0b45399116d82121c",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

56
CVE-2024/CVE-2024-428xx/CVE-2024-42813.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-42813",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-19T20:15:07.147",
"lastModified": "2024-08-19T21:35:07.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/XiaoCurry/204680035c1efffa27d14956820ad928",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-428xx/CVE-2024-42815.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-42815",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-19T20:15:07.193",
"lastModified": "2024-08-19T20:15:07.193",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/XiaoCurry/14d46e0becd79d9bb9907f2fbe147cfe",
"source": "cve@mitre.org"
}
]
}

34
CVE-2024/CVE-2024-429xx/CVE-2024-42977.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42977", "id": "CVE-2024-42977",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T17:15:20.860", "published": "2024-08-15T17:15:20.860",
"lastModified": "2024-08-16T13:31:11.107", "lastModified": "2024-08-19T20:35:17.330",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
} }
], ],
"configurations": [ "configurations": [

34
CVE-2024/CVE-2024-429xx/CVE-2024-42986.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42986", "id": "CVE-2024-42986",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T17:15:21.717", "published": "2024-08-15T17:15:21.717",
"lastModified": "2024-08-16T13:26:43.100", "lastModified": "2024-08-19T21:35:07.937",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
} }
], ],
"configurations": [ "configurations": [

56
CVE-2024/CVE-2024-433xx/CVE-2024-43311.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43311",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T20:15:07.283",
"lastModified": "2024-08-19T20:15:07.283",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.This issue affects Login As Users: from n/a through 1.4.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/login-as-users/wordpress-login-as-users-plugin-1-4-2-broken-authentication-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-433xx/CVE-2024-43317.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43317",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T20:15:07.480",
"lastModified": "2024-08-19T20:15:07.480",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration Team RegistrationMagic allows Cross-Site Scripting (XSS).This issue affects RegistrationMagic: from n/a through 6.0.1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-6-0-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-433xx/CVE-2024-43326.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43326",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T20:15:07.667",
"lastModified": "2024-08-19T20:15:07.667",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/plugin-notes-plus/wordpress-plugin-notes-plus-plugin-1-2-7-arbitrary-content-deletion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-433xx/CVE-2024-43328.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43328",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T20:15:07.853",
"lastModified": "2024-08-19T20:15:07.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4.0.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/embedpress/wordpress-embedpress-plugin-4-0-9-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-433xx/CVE-2024-43345.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43345",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T20:15:08.047",
"lastModified": "2024-08-19T20:15:08.047",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginOps Landing Page Builder allows PHP Local File Inclusion.This issue affects Landing Page Builder: from n/a through 1.5.2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/page-builder-add/wordpress-landing-page-builder-plugin-1-5-2-0-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-433xx/CVE-2024-43354.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43354",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T20:15:08.233",
"lastModified": "2024-08-19T20:15:08.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in myCred allows Object Injection.This issue affects myCred: from n/a through 2.7.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-7-2-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

61
CVE-2024/CVE-2024-438xx/CVE-2024-43807.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43807", "id": "CVE-2024-43807",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-08-16T15:15:29.197", "published": "2024-08-16T15:15:29.197",
"lastModified": "2024-08-19T13:00:23.117", "lastModified": "2024-08-19T21:09:42.313",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -51,10 +81,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "nodes": [
"source": "cve@jetbrains.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.07.1",
"matchCriteriaId": "68722EA9-3239-42A3-9A3E-20CFF2E0209F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

61
CVE-2024/CVE-2024-438xx/CVE-2024-43808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43808", "id": "CVE-2024-43808",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-08-16T15:15:29.417", "published": "2024-08-16T15:15:29.417",
"lastModified": "2024-08-19T13:00:23.117", "lastModified": "2024-08-19T21:10:14.093",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -51,10 +81,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "nodes": [
"source": "cve@jetbrains.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.07.1",
"matchCriteriaId": "68722EA9-3239-42A3-9A3E-20CFF2E0209F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

61
CVE-2024/CVE-2024-438xx/CVE-2024-43809.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43809", "id": "CVE-2024-43809",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-08-16T15:15:29.597", "published": "2024-08-16T15:15:29.597",
"lastModified": "2024-08-19T13:00:23.117", "lastModified": "2024-08-19T21:11:28.327",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -51,10 +81,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "nodes": [
"source": "cve@jetbrains.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.07.1",
"matchCriteriaId": "68722EA9-3239-42A3-9A3E-20CFF2E0209F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

61
CVE-2024/CVE-2024-438xx/CVE-2024-43810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43810", "id": "CVE-2024-43810",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-08-16T15:15:29.790", "published": "2024-08-16T15:15:29.790",
"lastModified": "2024-08-19T13:00:23.117", "lastModified": "2024-08-19T21:11:45.823",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -51,10 +81,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "nodes": [
"source": "cve@jetbrains.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.07.1",
"matchCriteriaId": "68722EA9-3239-42A3-9A3E-20CFF2E0209F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

4
CVE-2024/CVE-2024-43xx/CVE-2024-4350.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-4350", "id": "CVE-2024-4350",
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"published": "2024-08-12T13:38:36.460", "published": "2024-08-12T13:38:36.460",
"lastModified": "2024-08-12T13:41:36.517", "lastModified": "2024-08-19T21:15:10.053",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer\u00a0when user input is stored and later embedded into responses. A\u00a0rogue administrator could inject malicious code into fields due to insufficient input validation.\u00a0The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.0 with a vector of AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator \u00a0and a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N \u00a0Thanks, m3dium for reporting." "value": "Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.0 with a vector of AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator and a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Thanks, m3dium for\u00a0reporting."
}, },
{ {
"lang": "es", "lang": "es",

52
CVE-2024/CVE-2024-59xx/CVE-2024-5933.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5933", "id": "CVE-2024-5933",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2024-06-27T19:15:17.840", "published": "2024-06-27T19:15:17.840",
"lastModified": "2024-06-27T19:25:12.067", "lastModified": "2024-08-19T21:07:56.627",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security@huntr.dev", "source": "security@huntr.dev",
@ -51,10 +73,30 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://huntr.com/bounties/51a2e370-3b64-45cd-9afc-0e4856ab5517", "nodes": [
"source": "security@huntr.dev" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lollms:lollms_webui:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDA7C0A-5EEC-4F3F-BA31-A87414C9217E"
}
]
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/51a2e370-3b64-45cd-9afc-0e4856ab5517",
"source": "security@huntr.dev",
"tags": [
"Exploit"
]
} }
] ]
} }

52
CVE-2024/CVE-2024-59xx/CVE-2024-5935.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5935", "id": "CVE-2024-5935",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2024-06-27T19:15:18.073", "published": "2024-06-27T19:15:18.073",
"lastModified": "2024-06-27T19:25:12.067", "lastModified": "2024-08-19T21:08:52.097",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security@huntr.dev", "source": "security@huntr.dev",
@ -51,10 +73,30 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://huntr.com/bounties/b374f1c9-fa25-4b52-a34d-5153afd5a295", "nodes": [
"source": "security@huntr.dev" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zylon:privategpt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A301D502-A9C9-4020-AC8E-AFD473C58839"
}
]
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/b374f1c9-fa25-4b52-a34d-5153afd5a295",
"source": "security@huntr.dev",
"tags": [
"Exploit"
]
} }
] ]
} }

63
CVE-2024/CVE-2024-75xx/CVE-2024-7544.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7544", "id": "CVE-2024-7544",
"sourceIdentifier": "zdi-disclosures@trendmicro.com", "sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-08-06T00:15:36.050", "published": "2024-08-06T00:15:36.050",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-19T20:00:24.957",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "zdi-disclosures@trendmicro.com", "source": "zdi-disclosures@trendmicro.com",
@ -40,6 +62,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{ {
"source": "zdi-disclosures@trendmicro.com", "source": "zdi-disclosures@trendmicro.com",
"type": "Secondary", "type": "Secondary",
@ -51,10 +83,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1084/", "nodes": [
"source": "zdi-disclosures@trendmicro.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ofono_project:ofono:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C23EE-8748-4C6E-B445-A9A9A9B3AF85"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1084/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

63
CVE-2024/CVE-2024-75xx/CVE-2024-7545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7545", "id": "CVE-2024-7545",
"sourceIdentifier": "zdi-disclosures@trendmicro.com", "sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-08-06T00:15:36.247", "published": "2024-08-06T00:15:36.247",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-19T20:00:57.433",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "zdi-disclosures@trendmicro.com", "source": "zdi-disclosures@trendmicro.com",
@ -40,6 +62,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{ {
"source": "zdi-disclosures@trendmicro.com", "source": "zdi-disclosures@trendmicro.com",
"type": "Secondary", "type": "Secondary",
@ -51,10 +83,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1085/", "nodes": [
"source": "zdi-disclosures@trendmicro.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ofono_project:ofono:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C23EE-8748-4C6E-B445-A9A9A9B3AF85"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1085/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

63
CVE-2024/CVE-2024-75xx/CVE-2024-7547.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7547", "id": "CVE-2024-7547",
"sourceIdentifier": "zdi-disclosures@trendmicro.com", "sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-08-06T00:15:36.637", "published": "2024-08-06T00:15:36.637",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-19T20:03:12.377",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "zdi-disclosures@trendmicro.com", "source": "zdi-disclosures@trendmicro.com",
@ -40,6 +62,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{ {
"source": "zdi-disclosures@trendmicro.com", "source": "zdi-disclosures@trendmicro.com",
"type": "Secondary", "type": "Secondary",
@ -51,10 +83,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1087/", "nodes": [
"source": "zdi-disclosures@trendmicro.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ofono_project:ofono:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C23EE-8748-4C6E-B445-A9A9A9B3AF85"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1087/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

79
CVE-2024/CVE-2024-78xx/CVE-2024-7839.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7839", "id": "CVE-2024-7839",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-15T21:15:18.237", "published": "2024-08-15T21:15:18.237",
"lastModified": "2024-08-19T13:00:23.117", "lastModified": "2024-08-19T21:18:14.097",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -61,6 +61,26 @@
} }
], ],
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Secondary", "type": "Secondary",
@ -120,22 +140,51 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/ppp-src/a/issues/2", "nodes": [
"source": "cna@vuldb.com"
},
{ {
"url": "https://vuldb.com/?ctiid.274743", "operator": "OR",
"source": "cna@vuldb.com" "negate": false,
}, "cpeMatch": [
{ {
"url": "https://vuldb.com/?id.274743", "vulnerable": true,
"source": "cna@vuldb.com" "criteria": "cpe:2.3:a:angeljudesuarez:billing_system:1.0:*:*:*:*:*:*:*",
}, "matchCriteriaId": "E6AB542E-F5A5-4637-8D8D-E45F0ED68384"
{ }
"url": "https://vuldb.com/?submit.391531", ]
"source": "cna@vuldb.com" }
]
}
],
"references": [
{
"url": "https://github.com/ppp-src/a/issues/2",
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.274743",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.274743",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?submit.391531",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

4
CVE-2024/CVE-2024-79xx/CVE-2024-7901.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-7901", "id": "CVE-2024-7901",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-17T21:15:03.773", "published": "2024-08-17T21:15:03.773",
"lastModified": "2024-08-19T12:59:59.177", "lastModified": "2024-08-19T21:15:10.157",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." "value": "A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: A fix is planned for the upcoming release at the end of September 2024."
}, },
{ {
"lang": "es", "lang": "es",

137
CVE-2024/CVE-2024-79xx/CVE-2024-7926.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-7926",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-19T20:15:08.447",
"lastModified": "2024-08-19T20:15:08.447",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal2/zzcms%20siteinfo.php%20Directory%20traversal.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275112",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275112",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.392181",
"source": "cna@vuldb.com"
}
]
}

137
CVE-2024/CVE-2024-79xx/CVE-2024-7927.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-7927",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-19T20:15:08.680",
"lastModified": "2024-08-19T20:15:08.680",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argument skin[] leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal3/zzcms%20class.php%20Directory%20traversal.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275113",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275113",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.392186",
"source": "cna@vuldb.com"
}
]
}

16
CVE-2024/CVE-2024-79xx/CVE-2024-7958.json Normal file
View File

@ -0,0 +1,16 @@
{
"id": "CVE-2024-7958",
"sourceIdentifier": "cna@python.org",
"published": "2024-08-19T20:15:08.907",
"lastModified": "2024-08-19T20:15:08.907",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": []
}

91
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-08-19T20:00:19.099372+00:00 2024-08-19T22:00:18.094906+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-08-19T19:59:55.340000+00:00 2024-08-19T21:35:07.937000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -33,61 +33,58 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
260511 260525
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `17` Recently added CVEs: `14`
- [CVE-2024-23729](CVE-2024/CVE-2024-237xx/CVE-2024-23729.json) (`2024-08-19T19:15:07.867`) - [CVE-2024-35538](CVE-2024/CVE-2024-355xx/CVE-2024-35538.json) (`2024-08-19T21:15:09.850`)
- [CVE-2024-43242](CVE-2024/CVE-2024-432xx/CVE-2024-43242.json) (`2024-08-19T18:15:10.463`) - [CVE-2024-35539](CVE-2024/CVE-2024-355xx/CVE-2024-35539.json) (`2024-08-19T21:15:09.913`)
- [CVE-2024-43245](CVE-2024/CVE-2024-432xx/CVE-2024-43245.json) (`2024-08-19T18:15:10.660`) - [CVE-2024-42812](CVE-2024/CVE-2024-428xx/CVE-2024-42812.json) (`2024-08-19T20:15:07.070`)
- [CVE-2024-43247](CVE-2024/CVE-2024-432xx/CVE-2024-43247.json) (`2024-08-19T18:15:10.843`) - [CVE-2024-42813](CVE-2024/CVE-2024-428xx/CVE-2024-42813.json) (`2024-08-19T20:15:07.147`)
- [CVE-2024-43248](CVE-2024/CVE-2024-432xx/CVE-2024-43248.json) (`2024-08-19T18:15:11.030`) - [CVE-2024-42815](CVE-2024/CVE-2024-428xx/CVE-2024-42815.json) (`2024-08-19T20:15:07.193`)
- [CVE-2024-43249](CVE-2024/CVE-2024-432xx/CVE-2024-43249.json) (`2024-08-19T18:15:11.217`) - [CVE-2024-43311](CVE-2024/CVE-2024-433xx/CVE-2024-43311.json) (`2024-08-19T20:15:07.283`)
- [CVE-2024-43250](CVE-2024/CVE-2024-432xx/CVE-2024-43250.json) (`2024-08-19T18:15:11.420`) - [CVE-2024-43317](CVE-2024/CVE-2024-433xx/CVE-2024-43317.json) (`2024-08-19T20:15:07.480`)
- [CVE-2024-43252](CVE-2024/CVE-2024-432xx/CVE-2024-43252.json) (`2024-08-19T18:15:11.607`) - [CVE-2024-43326](CVE-2024/CVE-2024-433xx/CVE-2024-43326.json) (`2024-08-19T20:15:07.667`)
- [CVE-2024-43256](CVE-2024/CVE-2024-432xx/CVE-2024-43256.json) (`2024-08-19T18:15:11.787`) - [CVE-2024-43328](CVE-2024/CVE-2024-433xx/CVE-2024-43328.json) (`2024-08-19T20:15:07.853`)
- [CVE-2024-43261](CVE-2024/CVE-2024-432xx/CVE-2024-43261.json) (`2024-08-19T18:15:11.970`) - [CVE-2024-43345](CVE-2024/CVE-2024-433xx/CVE-2024-43345.json) (`2024-08-19T20:15:08.047`)
- [CVE-2024-43271](CVE-2024/CVE-2024-432xx/CVE-2024-43271.json) (`2024-08-19T18:15:12.157`) - [CVE-2024-43354](CVE-2024/CVE-2024-433xx/CVE-2024-43354.json) (`2024-08-19T20:15:08.233`)
- [CVE-2024-43272](CVE-2024/CVE-2024-432xx/CVE-2024-43272.json) (`2024-08-19T18:15:12.333`) - [CVE-2024-7926](CVE-2024/CVE-2024-79xx/CVE-2024-7926.json) (`2024-08-19T20:15:08.447`)
- [CVE-2024-43280](CVE-2024/CVE-2024-432xx/CVE-2024-43280.json) (`2024-08-19T18:15:12.527`) - [CVE-2024-7927](CVE-2024/CVE-2024-79xx/CVE-2024-7927.json) (`2024-08-19T20:15:08.680`)
- [CVE-2024-43281](CVE-2024/CVE-2024-432xx/CVE-2024-43281.json) (`2024-08-19T18:15:12.707`) - [CVE-2024-7958](CVE-2024/CVE-2024-79xx/CVE-2024-7958.json) (`2024-08-19T20:15:08.907`)
- [CVE-2024-7592](CVE-2024/CVE-2024-75xx/CVE-2024-7592.json) (`2024-08-19T19:15:08.180`)
- [CVE-2024-7924](CVE-2024/CVE-2024-79xx/CVE-2024-7924.json) (`2024-08-19T18:15:13.050`)
- [CVE-2024-7925](CVE-2024/CVE-2024-79xx/CVE-2024-7925.json) (`2024-08-19T18:15:13.287`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `106` Recently modified CVEs: `54`
- [CVE-2024-6039](CVE-2024/CVE-2024-60xx/CVE-2024-6039.json) (`2024-08-19T19:26:48.043`) - [CVE-2024-39463](CVE-2024/CVE-2024-394xx/CVE-2024-39463.json) (`2024-08-19T21:01:55.557`)
- [CVE-2024-6181](CVE-2024/CVE-2024-61xx/CVE-2024-6181.json) (`2024-08-19T18:45:06.147`) - [CVE-2024-39464](CVE-2024/CVE-2024-394xx/CVE-2024-39464.json) (`2024-08-19T21:02:16.113`)
- [CVE-2024-6182](CVE-2024/CVE-2024-61xx/CVE-2024-6182.json) (`2024-08-19T18:46:05.410`) - [CVE-2024-39465](CVE-2024/CVE-2024-394xx/CVE-2024-39465.json) (`2024-08-19T21:04:27.467`)
- [CVE-2024-6348](CVE-2024/CVE-2024-63xx/CVE-2024-6348.json) (`2024-08-19T18:36:20.123`) - [CVE-2024-39466](CVE-2024/CVE-2024-394xx/CVE-2024-39466.json) (`2024-08-19T20:59:54.867`)
- [CVE-2024-6533](CVE-2024/CVE-2024-65xx/CVE-2024-6533.json) (`2024-08-19T18:13:59.457`) - [CVE-2024-39470](CVE-2024/CVE-2024-394xx/CVE-2024-39470.json) (`2024-08-19T20:58:03.040`)
- [CVE-2024-6534](CVE-2024/CVE-2024-65xx/CVE-2024-6534.json) (`2024-08-19T18:17:15.110`) - [CVE-2024-42262](CVE-2024/CVE-2024-422xx/CVE-2024-42262.json) (`2024-08-19T20:05:15.407`)
- [CVE-2024-7543](CVE-2024/CVE-2024-75xx/CVE-2024-7543.json) (`2024-08-19T19:59:55.340`) - [CVE-2024-42263](CVE-2024/CVE-2024-422xx/CVE-2024-42263.json) (`2024-08-19T20:41:11.240`)
- [CVE-2024-7808](CVE-2024/CVE-2024-78xx/CVE-2024-7808.json) (`2024-08-19T18:07:44.270`) - [CVE-2024-42268](CVE-2024/CVE-2024-422xx/CVE-2024-42268.json) (`2024-08-19T20:52:49.323`)
- [CVE-2024-7809](CVE-2024/CVE-2024-78xx/CVE-2024-7809.json) (`2024-08-19T18:11:18.537`) - [CVE-2024-42269](CVE-2024/CVE-2024-422xx/CVE-2024-42269.json) (`2024-08-19T20:53:51.717`)
- [CVE-2024-7810](CVE-2024/CVE-2024-78xx/CVE-2024-7810.json) (`2024-08-19T18:12:14.090`) - [CVE-2024-42270](CVE-2024/CVE-2024-422xx/CVE-2024-42270.json) (`2024-08-19T20:01:09.520`)
- [CVE-2024-7811](CVE-2024/CVE-2024-78xx/CVE-2024-7811.json) (`2024-08-19T18:15:40.487`) - [CVE-2024-42271](CVE-2024/CVE-2024-422xx/CVE-2024-42271.json) (`2024-08-19T20:03:31.840`)
- [CVE-2024-7812](CVE-2024/CVE-2024-78xx/CVE-2024-7812.json) (`2024-08-19T18:16:21.283`) - [CVE-2024-42977](CVE-2024/CVE-2024-429xx/CVE-2024-42977.json) (`2024-08-19T20:35:17.330`)
- [CVE-2024-7813](CVE-2024/CVE-2024-78xx/CVE-2024-7813.json) (`2024-08-19T18:16:48.327`) - [CVE-2024-42986](CVE-2024/CVE-2024-429xx/CVE-2024-42986.json) (`2024-08-19T21:35:07.937`)
- [CVE-2024-7814](CVE-2024/CVE-2024-78xx/CVE-2024-7814.json) (`2024-08-19T18:31:16.473`) - [CVE-2024-4350](CVE-2024/CVE-2024-43xx/CVE-2024-4350.json) (`2024-08-19T21:15:10.053`)
- [CVE-2024-7815](CVE-2024/CVE-2024-78xx/CVE-2024-7815.json) (`2024-08-19T18:32:00.617`) - [CVE-2024-43807](CVE-2024/CVE-2024-438xx/CVE-2024-43807.json) (`2024-08-19T21:09:42.313`)
- [CVE-2024-7828](CVE-2024/CVE-2024-78xx/CVE-2024-7828.json) (`2024-08-19T18:33:17.583`) - [CVE-2024-43808](CVE-2024/CVE-2024-438xx/CVE-2024-43808.json) (`2024-08-19T21:10:14.093`)
- [CVE-2024-7829](CVE-2024/CVE-2024-78xx/CVE-2024-7829.json) (`2024-08-19T18:34:00.040`) - [CVE-2024-43809](CVE-2024/CVE-2024-438xx/CVE-2024-43809.json) (`2024-08-19T21:11:28.327`)
- [CVE-2024-7830](CVE-2024/CVE-2024-78xx/CVE-2024-7830.json) (`2024-08-19T18:34:36.987`) - [CVE-2024-43810](CVE-2024/CVE-2024-438xx/CVE-2024-43810.json) (`2024-08-19T21:11:45.823`)
- [CVE-2024-7831](CVE-2024/CVE-2024-78xx/CVE-2024-7831.json) (`2024-08-19T18:35:25.813`) - [CVE-2024-5933](CVE-2024/CVE-2024-59xx/CVE-2024-5933.json) (`2024-08-19T21:07:56.627`)
- [CVE-2024-7907](CVE-2024/CVE-2024-79xx/CVE-2024-7907.json) (`2024-08-19T18:53:05.753`) - [CVE-2024-5935](CVE-2024/CVE-2024-59xx/CVE-2024-5935.json) (`2024-08-19T21:08:52.097`)
- [CVE-2024-7908](CVE-2024/CVE-2024-79xx/CVE-2024-7908.json) (`2024-08-19T18:51:45.210`) - [CVE-2024-7544](CVE-2024/CVE-2024-75xx/CVE-2024-7544.json) (`2024-08-19T20:00:24.957`)
- [CVE-2024-7909](CVE-2024/CVE-2024-79xx/CVE-2024-7909.json) (`2024-08-19T18:51:07.600`) - [CVE-2024-7545](CVE-2024/CVE-2024-75xx/CVE-2024-7545.json) (`2024-08-19T20:00:57.433`)
- [CVE-2024-7910](CVE-2024/CVE-2024-79xx/CVE-2024-7910.json) (`2024-08-19T18:49:49.110`) - [CVE-2024-7547](CVE-2024/CVE-2024-75xx/CVE-2024-7547.json) (`2024-08-19T20:03:12.377`)
- [CVE-2024-7911](CVE-2024/CVE-2024-79xx/CVE-2024-7911.json) (`2024-08-19T18:48:06.527`) - [CVE-2024-7839](CVE-2024/CVE-2024-78xx/CVE-2024-7839.json) (`2024-08-19T21:18:14.097`)
- [CVE-2024-7922](CVE-2024/CVE-2024-79xx/CVE-2024-7922.json) (`2024-08-19T18:36:20.123`) - [CVE-2024-7901](CVE-2024/CVE-2024-79xx/CVE-2024-7901.json) (`2024-08-19T21:15:10.157`)
## Download and Usage ## Download and Usage

368
_state.csv
View File

File diff suppressed because it is too large Load Diff