admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-07T17:00:28.092861+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-07 17:03:54 +00:00
parent 2cbde8ac28
commit ca306494d2
186 changed files with 11096 additions and 542 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CVE-2021/CVE-2021-204xx/CVE-2021-20455.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2021-20455",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-07T16:15:27.430",
"lastModified": "2025-01-07T16:15:27.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 3.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7179163",
"source": "psirt@us.ibm.com"
}
]
}

56
CVE-2022/CVE-2022-223xx/CVE-2022-22363.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2022-22363",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-07T16:15:28.050",
"lastModified": "2025-01-07T16:15:28.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7179163",
"source": "psirt@us.ibm.com"
}
]
}

81
CVE-2022/CVE-2022-438xx/CVE-2022-43855.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-43855", "id": "CVE-2022-43855",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-08T18:15:48.283", "published": "2024-03-08T18:15:48.283",
"lastModified": "2024-11-21T07:27:16.697", "lastModified": "2025-01-07T15:38:33.697",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.5, "exploitabilityScore": 2.5,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
] ]
}, },
@ -49,24 +69,73 @@
"value": "CWE-399" "value": "CWE-399"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:spss_statistics:26.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "241189CD-33AF-406E-BF50-C0E56830FDAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:spss_statistics:27.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C015B1C6-9458-4229-B49A-F87113AD53E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:spss_statistics:28.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7D7D53-FFFC-42DE-8A7F-7421FC3D426D"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239235", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239235",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.ibm.com/support/pages/node/7130881", "url": "https://www.ibm.com/support/pages/node/7130881",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239235", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239235",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.ibm.com/support/pages/node/7130881", "url": "https://www.ibm.com/support/pages/node/7130881",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

165
CVE-2022/CVE-2022-486xx/CVE-2022-48641.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48641", "id": "CVE-2022-48641",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-28T13:15:06.950", "published": "2024-04-28T13:15:06.950",
"lastModified": "2024-11-21T07:33:40.470", "lastModified": "2025-01-07T16:57:26.363",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,63 +15,194 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: ebtables: corrige la p\u00e9rdida de memoria cuando el blob tiene un formato incorrecto La correcci\u00f3n del error estaba incompleta, \"reemplaz\u00f3\" el bloqueo con una p\u00e9rdida de memoria. El c\u00f3digo antiguo ten\u00eda una asignaci\u00f3n para \"ret\" incrustada en el condicional, restaurar esto." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: ebtables: corrige la p\u00e9rdida de memoria cuando el blob tiene un formato incorrecto La correcci\u00f3n del error estaba incompleta, \"reemplaz\u00f3\" el bloqueo con una p\u00e9rdida de memoria. El c\u00f3digo antiguo ten\u00eda una asignaci\u00f3n para \"ret\" incrustada en el condicional, restaurar esto."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.292",
"versionEndExcluding": "4.14.295",
"matchCriteriaId": "716DA97D-04B9-453C-974F-AE4E8DAA3F44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.257",
"versionEndExcluding": "4.19.260",
"matchCriteriaId": "222EAB98-7DFB-4D56-B3E1-03D9D708D7C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.212",
"versionEndExcluding": "5.4.215",
"matchCriteriaId": "D8822B45-EFD9-4E7D-B7C0-4B325D460411"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.140",
"versionEndExcluding": "5.10.146",
"matchCriteriaId": "46F3A060-702E-4018-94C5-4E7FC03AB0F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.64",
"versionEndExcluding": "5.15.71",
"matchCriteriaId": "E9A066D2-5BB3-49A3-9666-5736C6889680"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.6",
"versionEndExcluding": "5.19.12",
"matchCriteriaId": "F7C38106-1200-4F0A-A144-7F7E34C1383D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/11ebf32fde46572b0aaf3c2bdd97d923ef5a03ab", "url": "https://git.kernel.org/stable/c/11ebf32fde46572b0aaf3c2bdd97d923ef5a03ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/1e98318af2f163eadaff815abcef38d27ca92c1e", "url": "https://git.kernel.org/stable/c/1e98318af2f163eadaff815abcef38d27ca92c1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/38cf372b17f0a5f35c1b716a100532d539f0eb33", "url": "https://git.kernel.org/stable/c/38cf372b17f0a5f35c1b716a100532d539f0eb33",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/62ce44c4fff947eebdf10bb582267e686e6835c9", "url": "https://git.kernel.org/stable/c/62ce44c4fff947eebdf10bb582267e686e6835c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/754e8b74281dd54a324698803483f47cf3355ae1", "url": "https://git.kernel.org/stable/c/754e8b74281dd54a324698803483f47cf3355ae1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/d5917b7af7cae0e2804f9d127a03268035098b7f", "url": "https://git.kernel.org/stable/c/d5917b7af7cae0e2804f9d127a03268035098b7f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ebd97dbe3c55d68346b9c5fb00634a7f5b10bbee", "url": "https://git.kernel.org/stable/c/ebd97dbe3c55d68346b9c5fb00634a7f5b10bbee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/11ebf32fde46572b0aaf3c2bdd97d923ef5a03ab", "url": "https://git.kernel.org/stable/c/11ebf32fde46572b0aaf3c2bdd97d923ef5a03ab",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/1e98318af2f163eadaff815abcef38d27ca92c1e", "url": "https://git.kernel.org/stable/c/1e98318af2f163eadaff815abcef38d27ca92c1e",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/38cf372b17f0a5f35c1b716a100532d539f0eb33", "url": "https://git.kernel.org/stable/c/38cf372b17f0a5f35c1b716a100532d539f0eb33",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/62ce44c4fff947eebdf10bb582267e686e6835c9", "url": "https://git.kernel.org/stable/c/62ce44c4fff947eebdf10bb582267e686e6835c9",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/754e8b74281dd54a324698803483f47cf3355ae1", "url": "https://git.kernel.org/stable/c/754e8b74281dd54a324698803483f47cf3355ae1",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/d5917b7af7cae0e2804f9d127a03268035098b7f", "url": "https://git.kernel.org/stable/c/d5917b7af7cae0e2804f9d127a03268035098b7f",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ebd97dbe3c55d68346b9c5fb00634a7f5b10bbee", "url": "https://git.kernel.org/stable/c/ebd97dbe3c55d68346b9c5fb00634a7f5b10bbee",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

144
CVE-2022/CVE-2022-486xx/CVE-2022-48642.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48642", "id": "CVE-2022-48642",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-28T13:15:07.000", "published": "2024-04-28T13:15:07.000",
"lastModified": "2024-11-21T07:33:40.583", "lastModified": "2025-01-07T16:58:08.190",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,161 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: nf_tables: corrige la p\u00e9rdida de memoria de percpu en nf_tables_addchain() Me parece que la memoria de percpu para las estad\u00edsticas de la cadena comenz\u00f3 a perderse desde el commit 3bc158f8d0330f0a (\"netfilter: nf_tables: asigna la prioridad de la cadena base al hardware prioridad\") cuando nft_chain_offload_priority() devolvi\u00f3 un error." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: nf_tables: corrige la p\u00e9rdida de memoria de percpu en nf_tables_addchain() Me parece que la memoria de percpu para las estad\u00edsticas de la cadena comenz\u00f3 a perderse desde el commit 3bc158f8d0330f0a (\"netfilter: nf_tables: asigna la prioridad de la cadena base al hardware prioridad\") cuando nft_chain_offload_priority() devolvi\u00f3 un error."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3",
"versionEndExcluding": "5.10.146",
"matchCriteriaId": "98420F01-0830-4875-A0D2-726633A3487D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.71",
"matchCriteriaId": "080C1827-D257-4D5A-9071-779EF7F5EF0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.19.12",
"matchCriteriaId": "03B0F56B-C5CC-4E81-BB51-D07D569DE4CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5F0AD220-F6A9-4012-8636-155F1B841FAD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A46498B3-78E1-4623-AAE1-94D29A42BE4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F8446E87-F5F6-41CA-8201-BAE0F0CA6DD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "8E5FB72F-67CE-43CC-83FE-541604D98182"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "3A0A7397-F5F8-4753-82DC-9A11288E696D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/08d7524f366a886b99b1630a24a27dd6e0d7f852", "url": "https://git.kernel.org/stable/c/08d7524f366a886b99b1630a24a27dd6e0d7f852",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/985b031667c3177b9e7fb9787b989628e4271714", "url": "https://git.kernel.org/stable/c/985b031667c3177b9e7fb9787b989628e4271714",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/9a4d6dd554b86e65581ef6b6638a39ae079b17ac", "url": "https://git.kernel.org/stable/c/9a4d6dd554b86e65581ef6b6638a39ae079b17ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b043a525a3f5520abb676a7cd8f6328fdf959e88", "url": "https://git.kernel.org/stable/c/b043a525a3f5520abb676a7cd8f6328fdf959e88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/08d7524f366a886b99b1630a24a27dd6e0d7f852", "url": "https://git.kernel.org/stable/c/08d7524f366a886b99b1630a24a27dd6e0d7f852",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/985b031667c3177b9e7fb9787b989628e4271714", "url": "https://git.kernel.org/stable/c/985b031667c3177b9e7fb9787b989628e4271714",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/9a4d6dd554b86e65581ef6b6638a39ae079b17ac", "url": "https://git.kernel.org/stable/c/9a4d6dd554b86e65581ef6b6638a39ae079b17ac",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b043a525a3f5520abb676a7cd8f6328fdf959e88", "url": "https://git.kernel.org/stable/c/b043a525a3f5520abb676a7cd8f6328fdf959e88",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

22
CVE-2023/CVE-2023-06xx/CVE-2023-0666.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0666", "id": "CVE-2023-0666",
"sourceIdentifier": "cve@takeonme.org", "sourceIdentifier": "cve@takeonme.org",
"published": "2023-06-07T03:15:09.000", "published": "2023-06-07T03:15:09.000",
"lastModified": "2024-11-21T07:37:35.337", "lastModified": "2025-01-07T16:15:28.873",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },

22
CVE-2023/CVE-2023-06xx/CVE-2023-0668.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0668", "id": "CVE-2023-0668",
"sourceIdentifier": "cve@takeonme.org", "sourceIdentifier": "cve@takeonme.org",
"published": "2023-06-07T03:15:09.193", "published": "2023-06-07T03:15:09.193",
"lastModified": "2024-11-21T07:37:35.593", "lastModified": "2025-01-07T16:15:29.157",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },

32
CVE-2023/CVE-2023-208xx/CVE-2023-20888.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20888", "id": "CVE-2023-20888",
"sourceIdentifier": "security@vmware.com", "sourceIdentifier": "security@vmware.com",
"published": "2023-06-07T15:15:09.263", "published": "2023-06-07T15:15:09.263",
"lastModified": "2024-11-21T07:41:45.533", "lastModified": "2025-01-07T16:15:29.400",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-502" "value": "CWE-502"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-208xx/CVE-2023-20889.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20889", "id": "CVE-2023-20889",
"sourceIdentifier": "security@vmware.com", "sourceIdentifier": "security@vmware.com",
"published": "2023-06-07T15:15:09.317", "published": "2023-06-07T15:15:09.317",
"lastModified": "2024-11-21T07:41:45.643", "lastModified": "2025-01-07T16:15:29.613",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-77" "value": "CWE-77"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
} }
], ],
"configurations": [ "configurations": [

12
CVE-2023/CVE-2023-25xx/CVE-2023-2530.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2530", "id": "CVE-2023-2530",
"sourceIdentifier": "security@puppet.com", "sourceIdentifier": "security@puppet.com",
"published": "2023-06-07T20:15:09.557", "published": "2023-06-07T20:15:09.557",
"lastModified": "2024-11-21T07:58:47.160", "lastModified": "2025-01-07T16:15:29.843",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-311xx/CVE-2023-31114.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31114", "id": "CVE-2023-31114",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T21:15:13.350", "published": "2023-06-07T21:15:13.350",
"lastModified": "2024-11-21T08:01:25.737", "lastModified": "2025-01-07T15:15:06.800",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.2 "impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-669" "value": "CWE-669"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-669"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-311xx/CVE-2023-31115.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31115", "id": "CVE-2023-31115",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T21:15:13.407", "published": "2023-06-07T21:15:13.407",
"lastModified": "2024-11-21T08:01:25.877", "lastModified": "2025-01-07T15:15:07.683",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-669" "value": "CWE-669"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-669"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-311xx/CVE-2023-31116.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31116", "id": "CVE-2023-31116",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T21:15:13.453", "published": "2023-06-07T21:15:13.453",
"lastModified": "2024-11-21T08:01:26.033", "lastModified": "2025-01-07T15:15:07.850",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-276" "value": "CWE-276"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-332xx/CVE-2023-33282.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33282", "id": "CVE-2023-33282",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T20:15:09.740", "published": "2023-06-07T20:15:09.740",
"lastModified": "2024-11-21T08:05:19.683", "lastModified": "2025-01-07T15:15:08.000",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-276" "value": "CWE-276"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-332xx/CVE-2023-33283.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33283", "id": "CVE-2023-33283",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T20:15:09.790", "published": "2023-06-07T20:15:09.790",
"lastModified": "2024-11-21T08:05:19.853", "lastModified": "2025-01-07T16:15:29.973",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-326" "value": "CWE-326"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-332xx/CVE-2023-33284.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33284", "id": "CVE-2023-33284",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T20:15:09.833", "published": "2023-06-07T20:15:09.833",
"lastModified": "2024-11-21T08:05:20.000", "lastModified": "2025-01-07T16:15:30.170",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-502" "value": "CWE-502"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-334xx/CVE-2023-33496.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33496", "id": "CVE-2023-33496",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T21:15:13.513", "published": "2023-06-07T21:15:13.513",
"lastModified": "2024-11-21T08:05:38.913", "lastModified": "2025-01-07T16:15:30.370",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-502" "value": "CWE-502"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-334xx/CVE-2023-33498.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33498", "id": "CVE-2023-33498",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T14:15:09.917", "published": "2023-06-07T14:15:09.917",
"lastModified": "2024-11-21T08:05:39.070", "lastModified": "2025-01-07T16:15:30.577",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-434" "value": "CWE-434"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-335xx/CVE-2023-33510.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33510", "id": "CVE-2023-33510",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T20:15:09.877", "published": "2023-06-07T20:15:09.877",
"lastModified": "2024-11-21T08:05:39.667", "lastModified": "2025-01-07T16:15:30.803",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-668" "value": "CWE-668"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-335xx/CVE-2023-33536.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33536", "id": "CVE-2023-33536",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T04:15:10.467", "published": "2023-06-07T04:15:10.467",
"lastModified": "2024-11-21T08:05:41.220", "lastModified": "2025-01-07T16:15:31.153",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.2 "impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-125" "value": "CWE-125"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-335xx/CVE-2023-33537.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33537", "id": "CVE-2023-33537",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T04:15:10.563", "published": "2023-06-07T04:15:10.563",
"lastModified": "2024-11-21T08:05:41.383", "lastModified": "2025-01-07T16:15:31.423",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.2 "impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-125" "value": "CWE-125"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-335xx/CVE-2023-33538.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33538", "id": "CVE-2023-33538",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T04:15:10.623", "published": "2023-06-07T04:15:10.623",
"lastModified": "2024-11-21T08:05:41.547", "lastModified": "2025-01-07T15:15:08.190",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-77" "value": "CWE-77"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-335xx/CVE-2023-33553.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33553", "id": "CVE-2023-33553",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T15:15:09.480", "published": "2023-06-07T15:15:09.480",
"lastModified": "2024-11-21T08:05:42.463", "lastModified": "2025-01-07T15:15:08.367",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-287" "value": "CWE-287"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-335xx/CVE-2023-33556.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33556", "id": "CVE-2023-33556",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T21:15:13.567", "published": "2023-06-07T21:15:13.567",
"lastModified": "2024-11-21T08:05:42.613", "lastModified": "2025-01-07T15:15:08.523",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-77" "value": "CWE-77"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-336xx/CVE-2023-33601.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33601", "id": "CVE-2023-33601",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T02:15:15.887", "published": "2023-06-07T02:15:15.887",
"lastModified": "2024-11-21T08:05:45.477", "lastModified": "2025-01-07T15:15:08.683",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-434" "value": "CWE-434"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2023/CVE-2023-336xx/CVE-2023-33604.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33604", "id": "CVE-2023-33604",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T02:15:15.930", "published": "2023-06-07T02:15:15.930",
"lastModified": "2024-11-21T08:05:45.607", "lastModified": "2025-01-07T15:15:08.840",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.2 "impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
} }
] ]
}, },

22
CVE-2023/CVE-2023-337xx/CVE-2023-33781.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33781", "id": "CVE-2023-33781",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T01:15:39.247", "published": "2023-06-07T01:15:39.247",
"lastModified": "2024-11-21T08:05:59.383", "lastModified": "2025-01-07T15:15:09.010",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },

32
CVE-2023/CVE-2023-338xx/CVE-2023-33865.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33865", "id": "CVE-2023-33865",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T20:15:10.053", "published": "2023-06-07T20:15:10.053",
"lastModified": "2024-11-21T08:06:05.743", "lastModified": "2025-01-07T16:15:31.647",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-59" "value": "CWE-59"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
} }
], ],
"configurations": [ "configurations": [

139
CVE-2023/CVE-2023-389xx/CVE-2023-38945.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38945", "id": "CVE-2023-38945",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-06T00:15:52.247", "published": "2024-03-06T00:15:52.247",
"lastModified": "2024-11-21T08:14:30.217", "lastModified": "2025-01-07T15:14:46.853",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,14 +81,115 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:multilaser:re160_firmware:5.07.51_pt_mtl01:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4DBB8C-C5ED-43E2-B882-E1F44BD20606"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:multilaser:re160_firmware:5.07.52_pt_mtl01:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF009A5-ACBE-4C8C-A17E-D720547DB858"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:multilaser:re160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7159C9E6-8B5B-41CE-ADE9-C1925BDB3D42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:multilaser:re160v_firmware:12.03.01.08_pt:*:*:*:*:*:*:*",
"matchCriteriaId": "8624004B-770D-44B2-947B-E69539321521"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:multilaser:re160v_firmware:12.03.01.09_pt:*:*:*:*:*:*:*",
"matchCriteriaId": "3FACF669-288B-4B42-8120-E567A5C477C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:multilaser:re160v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70C33130-2E3E-488B-9389-BA2610A3A4BA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:multilaser:re163v_firmware:12.03.01.08_pt:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFD6025-9707-4054-8C61-913C5B5B6D92"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:multilaser:re163v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB80F4FB-89C3-4862-B8B6-7DB3F91E3B25"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Mar/1", "url": "http://seclists.org/fulldisclosure/2024/Mar/1",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Mar/1", "url": "http://seclists.org/fulldisclosure/2024/Mar/1",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

80
CVE-2023/CVE-2023-389xx/CVE-2023-38946.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38946", "id": "CVE-2023-38946",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-06T00:15:52.300", "published": "2024-03-06T00:15:52.300",
"lastModified": "2024-11-21T08:14:30.423", "lastModified": "2025-01-07T15:16:04.743",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,14 +81,56 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:multilaser:re160_firmware:5.07.51_pt_mtl01:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4DBB8C-C5ED-43E2-B882-E1F44BD20606"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:multilaser:re160_firmware:5.07.52_pt_mtl01:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF009A5-ACBE-4C8C-A17E-D720547DB858"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:multilaser:re160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7159C9E6-8B5B-41CE-ADE9-C1925BDB3D42"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Mar/2", "url": "http://seclists.org/fulldisclosure/2024/Mar/2",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Mar/2", "url": "http://seclists.org/fulldisclosure/2024/Mar/2",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

97
CVE-2023/CVE-2023-524xx/CVE-2023-52490.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52490", "id": "CVE-2023-52490",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-11T18:15:16.750", "published": "2024-03-11T18:15:16.750",
"lastModified": "2024-11-21T08:39:53.407", "lastModified": "2025-01-07T15:44:33.343",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,110 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm: migrar: se corrigi\u00f3 la asignaci\u00f3n de p\u00e1gina incorrecta durante la migraci\u00f3n de la p\u00e1gina Al ejecutar la prueba de estr\u00e9s, encontramos el siguiente bloqueo del kernel despu\u00e9s de unas horas: No se puede manejar la desreferencia del puntero NULL del kernel en virtual direcci\u00f3n 0000000000000000 pc: dentry_name+0xd8/0x224 lr: puntero+0x22c/0x370 sp: ffff800025f134c0 ...... Rastreo de llamadas: dentry_name+0xd8/0x224 puntero+0x22c/0x370 vsnprintf+0x1ec/0x730 vscnprint f+0x2c/0x60 vprintk_store+ 0x70/0x234 vprintk_emit+0xe0/0x24c vprintk_default+0x3c/0x44 vprintk_func+0x84/0x2d0 printk+0x64/0x88 __dump_page+0x52c/0x530 dump_page+0x14/0x20 set_migratetype_isolate+0x110/0x22 4 start_isolate_page_range+0xc4/0x20c offline_pages+0x124/0x474 memoria_block_offline+ 0x44/0xf4 Memory_subsys_offline+0x3c/0x70 device_offline+0xf0/0x120 ...... Despu\u00e9s de analizar vmcore, descubr\u00ed que este problema se debe a la migraci\u00f3n de la p\u00e1gina. El escenario es que un hilo est\u00e1 realizando la migraci\u00f3n de la p\u00e1gina y usaremos el campo ->mapping de la p\u00e1gina de destino para guardar el puntero 'anon_vma' entre la desasignaci\u00f3n de la p\u00e1gina y el movimiento de la p\u00e1gina, y ahora la p\u00e1gina de destino est\u00e1 bloqueada y el recuento es 1. Actualmente, Hay otro subproceso estresante que realiza una conexi\u00f3n en caliente de la memoria, intentando desconectar la p\u00e1gina de destino que se est\u00e1 migrando. Descubre que el refcount de esta p\u00e1gina de destino es 1, impidiendo la operaci\u00f3n fuera de l\u00ednea, procediendo as\u00ed a volcar la p\u00e1gina. Sin embargo, page_mapping() de la p\u00e1gina de destino puede devolver una asignaci\u00f3n de archivos incorrecta para bloquear el sistema en dump_mapping(), ya que la p\u00e1gina de destino->mapping solo guarda el puntero 'anon_vma' sin configurar el indicador PAGE_MAPPING_ANON. Hay varias formas de solucionar este problema: (1) Configurar el indicador PAGE_MAPPING_ANON para la p\u00e1gina de destino ->mapping al guardar 'anon_vma', pero esto puede confundir a PageAnon() para los usuarios de PFN, ya que la p\u00e1gina de destino a\u00fan no ha creado asignaciones. (2) Hacer que el bloqueo de p\u00e1gina llame a page_mapping() en __dump_page() para evitar bloquear el sistema; sin embargo, todav\u00eda hay algunos caminantes PFN que llaman a page_mapping() sin mantener el bloqueo de p\u00e1gina, como la compactaci\u00f3n. (3) Usar p\u00e1gina de destino->campo privado para guardar el puntero 'anon_vma' y el estado de la p\u00e1gina de 2 bits, tal como p\u00e1gina->mapping registra una p\u00e1gina an\u00f3nima, lo que puede eliminar el impacto de page_mapping() para los caminantes de PFN y tambi\u00e9n parece una soluci\u00f3n simple forma. As\u00ed que elijo la opci\u00f3n 3 para solucionar este problema, y esto tambi\u00e9n puede solucionar otros problemas potenciales para los caminantes PFN, como la compactaci\u00f3n." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm: migrar: se corrigi\u00f3 la asignaci\u00f3n de p\u00e1gina incorrecta durante la migraci\u00f3n de la p\u00e1gina Al ejecutar la prueba de estr\u00e9s, encontramos el siguiente bloqueo del kernel despu\u00e9s de unas horas: No se puede manejar la desreferencia del puntero NULL del kernel en virtual direcci\u00f3n 0000000000000000 pc: dentry_name+0xd8/0x224 lr: puntero+0x22c/0x370 sp: ffff800025f134c0 ...... Rastreo de llamadas: dentry_name+0xd8/0x224 puntero+0x22c/0x370 vsnprintf+0x1ec/0x730 vscnprint f+0x2c/0x60 vprintk_store+ 0x70/0x234 vprintk_emit+0xe0/0x24c vprintk_default+0x3c/0x44 vprintk_func+0x84/0x2d0 printk+0x64/0x88 __dump_page+0x52c/0x530 dump_page+0x14/0x20 set_migratetype_isolate+0x110/0x22 4 start_isolate_page_range+0xc4/0x20c offline_pages+0x124/0x474 memoria_block_offline+ 0x44/0xf4 Memory_subsys_offline+0x3c/0x70 device_offline+0xf0/0x120 ...... Despu\u00e9s de analizar vmcore, descubr\u00ed que este problema se debe a la migraci\u00f3n de la p\u00e1gina. El escenario es que un hilo est\u00e1 realizando la migraci\u00f3n de la p\u00e1gina y usaremos el campo ->mapping de la p\u00e1gina de destino para guardar el puntero 'anon_vma' entre la desasignaci\u00f3n de la p\u00e1gina y el movimiento de la p\u00e1gina, y ahora la p\u00e1gina de destino est\u00e1 bloqueada y el recuento es 1. Actualmente, Hay otro subproceso estresante que realiza una conexi\u00f3n en caliente de la memoria, intentando desconectar la p\u00e1gina de destino que se est\u00e1 migrando. Descubre que el refcount de esta p\u00e1gina de destino es 1, impidiendo la operaci\u00f3n fuera de l\u00ednea, procediendo as\u00ed a volcar la p\u00e1gina. Sin embargo, page_mapping() de la p\u00e1gina de destino puede devolver una asignaci\u00f3n de archivos incorrecta para bloquear el sistema en dump_mapping(), ya que la p\u00e1gina de destino->mapping solo guarda el puntero 'anon_vma' sin configurar el indicador PAGE_MAPPING_ANON. Hay varias formas de solucionar este problema: (1) Configurar el indicador PAGE_MAPPING_ANON para la p\u00e1gina de destino ->mapping al guardar 'anon_vma', pero esto puede confundir a PageAnon() para los usuarios de PFN, ya que la p\u00e1gina de destino a\u00fan no ha creado asignaciones. (2) Hacer que el bloqueo de p\u00e1gina llame a page_mapping() en __dump_page() para evitar bloquear el sistema; sin embargo, todav\u00eda hay algunos caminantes PFN que llaman a page_mapping() sin mantener el bloqueo de p\u00e1gina, como la compactaci\u00f3n. (3) Usar p\u00e1gina de destino->campo privado para guardar el puntero 'anon_vma' y el estado de la p\u00e1gina de 2 bits, tal como p\u00e1gina->mapping registra una p\u00e1gina an\u00f3nima, lo que puede eliminar el impacto de page_mapping() para los caminantes de PFN y tambi\u00e9n parece una soluci\u00f3n simple forma. As\u00ed que elijo la opci\u00f3n 3 para solucionar este problema, y esto tambi\u00e9n puede solucionar otros problemas potenciales para los caminantes PFN, como la compactaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3",
"versionEndExcluding": "6.6.15",
"matchCriteriaId": "FB27F895-1DBC-4989-B3A8-4327A549A9BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.3",
"matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/3889a418b6eb9a1113fb989aaadecf2f64964767", "url": "https://git.kernel.org/stable/c/3889a418b6eb9a1113fb989aaadecf2f64964767",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/9128bfbc5c80d8f4874dd0a0424d1f5fb010df1b", "url": "https://git.kernel.org/stable/c/9128bfbc5c80d8f4874dd0a0424d1f5fb010df1b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/d1adb25df7111de83b64655a80b5a135adbded61", "url": "https://git.kernel.org/stable/c/d1adb25df7111de83b64655a80b5a135adbded61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3889a418b6eb9a1113fb989aaadecf2f64964767", "url": "https://git.kernel.org/stable/c/3889a418b6eb9a1113fb989aaadecf2f64964767",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/9128bfbc5c80d8f4874dd0a0424d1f5fb010df1b", "url": "https://git.kernel.org/stable/c/9128bfbc5c80d8f4874dd0a0424d1f5fb010df1b",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/d1adb25df7111de83b64655a80b5a135adbded61", "url": "https://git.kernel.org/stable/c/d1adb25df7111de83b64655a80b5a135adbded61",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

114
CVE-2023/CVE-2023-526xx/CVE-2023-52663.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52663", "id": "CVE-2023-52663",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:08.577", "published": "2024-05-17T14:15:08.577",
"lastModified": "2024-11-21T08:40:18.717", "lastModified": "2025-01-07T16:58:24.913",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,131 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ASoC: SOF: amd: corrige la p\u00e9rdida de memoria en amd_sof_acp_probe() El controlador usa kasprintf() para inicializar los miembros fw_{code,data}_bin de la estructura acp_dev_data, pero kfree() nunca se llama para desasignar la memoria, lo que resulta en una p\u00e9rdida de memoria. Solucione el problema cambiando a devm_kasprintf(). Adem\u00e1s, aseg\u00farese de que la asignaci\u00f3n se haya realizado correctamente comprobando la validez del puntero." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ASoC: SOF: amd: corrige la p\u00e9rdida de memoria en amd_sof_acp_probe() El controlador usa kasprintf() para inicializar los miembros fw_{code,data}_bin de la estructura acp_dev_data, pero kfree() nunca se llama para desasignar la memoria, lo que resulta en una p\u00e9rdida de memoria. Solucione el problema cambiando a devm_kasprintf(). Adem\u00e1s, aseg\u00farese de que la asignaci\u00f3n se haya realizado correctamente comprobando la validez del puntero."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.6.23",
"matchCriteriaId": "5B28A88F-F85F-4008-8F7C-44FC9152916E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.11",
"matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.8.2",
"matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/222be59e5eed1554119294edc743ee548c2371d0", "url": "https://git.kernel.org/stable/c/222be59e5eed1554119294edc743ee548c2371d0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/7296152e58858f928db448826eb7ba5ae611297b", "url": "https://git.kernel.org/stable/c/7296152e58858f928db448826eb7ba5ae611297b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/88028c45d5871dfc449b2b0a27abf6428453a5ec", "url": "https://git.kernel.org/stable/c/88028c45d5871dfc449b2b0a27abf6428453a5ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/be4760799c6a7c01184467287f0de41e0dd255f8", "url": "https://git.kernel.org/stable/c/be4760799c6a7c01184467287f0de41e0dd255f8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/222be59e5eed1554119294edc743ee548c2371d0", "url": "https://git.kernel.org/stable/c/222be59e5eed1554119294edc743ee548c2371d0",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/7296152e58858f928db448826eb7ba5ae611297b", "url": "https://git.kernel.org/stable/c/7296152e58858f928db448826eb7ba5ae611297b",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/88028c45d5871dfc449b2b0a27abf6428453a5ec", "url": "https://git.kernel.org/stable/c/88028c45d5871dfc449b2b0a27abf6428453a5ec",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/be4760799c6a7c01184467287f0de41e0dd255f8", "url": "https://git.kernel.org/stable/c/be4760799c6a7c01184467287f0de41e0dd255f8",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

113
CVE-2023/CVE-2023-526xx/CVE-2023-52664.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52664", "id": "CVE-2023-52664",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:08.807", "published": "2024-05-17T14:15:08.807",
"lastModified": "2024-11-21T08:40:18.823", "lastModified": "2025-01-07T17:00:00.897",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,130 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: atlantic: elimina double free en la l\u00f3gica de manejo de errores El controlador tiene una fuga l\u00f3gica en la asignaci\u00f3n de datos del anillo/free, donde se podr\u00eda llamar a aq_ring_free varias veces en el mismo anillo, si el sistema est\u00e1 bajo estr\u00e9s y obtuve un error de asignaci\u00f3n de memoria. Se utiliz\u00f3 un puntero de anillo como indicador de error, pero esto no es correcto ya que solo se asignan/desasignan datos de anillo. El anillo en s\u00ed es un miembro de la matriz. Cambiar las funciones de asignaci\u00f3n de anillos para devolver el c\u00f3digo de error directamente. Esto simplifica el manejo de errores y elimina aq_ring_free en la capa superior." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: atlantic: elimina double free en la l\u00f3gica de manejo de errores El controlador tiene una fuga l\u00f3gica en la asignaci\u00f3n de datos del anillo/free, donde se podr\u00eda llamar a aq_ring_free varias veces en el mismo anillo, si el sistema est\u00e1 bajo estr\u00e9s y obtuve un error de asignaci\u00f3n de memoria. Se utiliz\u00f3 un puntero de anillo como indicador de error, pero esto no es correcto ya que solo se asignan/desasignan datos de anillo. El anillo en s\u00ed es un miembro de la matriz. Cambiar las funciones de asignaci\u00f3n de anillos para devolver el c\u00f3digo de error directamente. Esto simplifica el manejo de errores y elimina aq_ring_free en la capa superior."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"matchCriteriaId": "F749AC21-58DA-44BE-B3C5-7C53F294A67A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.16",
"matchCriteriaId": "A5007D6A-4B58-423A-8A3A-A1A656A263C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.4",
"matchCriteriaId": "848BC44C-9D25-4557-A50A-4B8BF310FA78"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d", "url": "https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928", "url": "https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf", "url": "https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d", "url": "https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d", "url": "https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928", "url": "https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf", "url": "https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d", "url": "https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

74
CVE-2023/CVE-2023-63xx/CVE-2023-6326.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6326", "id": "CVE-2023-6326",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-03-02T12:15:59.460", "published": "2024-03-02T12:15:59.460",
"lastModified": "2024-11-21T08:43:37.887", "lastModified": "2025-01-07T16:35:32.547",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,25 +36,87 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.5 "impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.10.0",
"matchCriteriaId": "41F915A1-5F0D-4557-992C-21EC6C73BADD"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/admin/includes/classes/class-msp-list-table.php", "url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/admin/includes/classes/class-msp-list-table.php",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5e0a7108-15ef-42d0-adce-fd5b0e6faf3c?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5e0a7108-15ef-42d0-adce-fd5b0e6faf3c?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/admin/includes/classes/class-msp-list-table.php", "url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/admin/includes/classes/class-msp-list-table.php",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5e0a7108-15ef-42d0-adce-fd5b0e6faf3c?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5e0a7108-15ef-42d0-adce-fd5b0e6faf3c?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

94
CVE-2023/CVE-2023-63xx/CVE-2023-6382.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6382", "id": "CVE-2023-6382",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-06-01T05:15:08.287", "published": "2024-06-01T05:15:08.287",
"lastModified": "2024-11-21T08:43:45.100", "lastModified": "2025-01-07T16:37:07.597",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,41 +36,115 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.9.10",
"matchCriteriaId": "D84C9E86-689D-4190-BF3F-9CF0A56D7645"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/includes/msp-shortcodes.php#L55", "url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/includes/msp-shortcodes.php#L55",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3065917%40master-slider&new=3065917%40master-slider&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3065917%40master-slider&new=3065917%40master-slider&sfp_email=&sfph_mail=",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3084860%40master-slider&new=3084860%40master-slider&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3084860%40master-slider&new=3084860%40master-slider&sfp_email=&sfph_mail=",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d2fc926-6f9f-4ed9-9598-e39b5e6c6544?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d2fc926-6f9f-4ed9-9598-e39b5e6c6544?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/includes/msp-shortcodes.php#L55", "url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/includes/msp-shortcodes.php#L55",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3065917%40master-slider&new=3065917%40master-slider&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3065917%40master-slider&new=3065917%40master-slider&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3084860%40master-slider&new=3084860%40master-slider&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3084860%40master-slider&new=3084860%40master-slider&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d2fc926-6f9f-4ed9-9598-e39b5e6c6544?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d2fc926-6f9f-4ed9-9598-e39b5e6c6544?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

78
CVE-2024/CVE-2024-06xx/CVE-2024-0611.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0611", "id": "CVE-2024-0611",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-03-02T12:16:00.210", "published": "2024-03-02T12:16:00.210",
"lastModified": "2024-11-21T08:46:59.887", "lastModified": "2025-01-07T16:41:54.303",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,25 +36,91 @@
}, },
"exploitabilityScore": 1.3, "exploitabilityScore": 1.3,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.9.10",
"matchCriteriaId": "D84C9E86-689D-4190-BF3F-9CF0A56D7645"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://advisory.abay.sh/cve-2024-0611", "url": "https://advisory.abay.sh/cve-2024-0611",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://advisory.abay.sh/cve-2024-0611", "url": "https://advisory.abay.sh/cve-2024-0611",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

47
CVE-2024/CVE-2024-100xx/CVE-2024-10012.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10012", "id": "CVE-2024-10012",
"sourceIdentifier": "security@progress.com", "sourceIdentifier": "security@progress.com",
"published": "2024-11-13T16:15:17.143", "published": "2024-11-13T16:15:17.143",
"lastModified": "2024-11-13T17:01:16.850", "lastModified": "2025-01-07T15:59:23.043",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -51,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:telerik:ui_for_wpf:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.4.1111",
"matchCriteriaId": "3F5FC2F1-C10C-488B-B6DD-C25AED0296C6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://docs.telerik.com/devtools/wpf/knowledge-base/kb-security-unsafe-deserialization-cve-2024-10012", "url": "https://docs.telerik.com/devtools/wpf/knowledge-base/kb-security-unsafe-deserialization-cve-2024-10012",
"source": "security@progress.com" "source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

47
CVE-2024/CVE-2024-100xx/CVE-2024-10013.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10013", "id": "CVE-2024-10013",
"sourceIdentifier": "security@progress.com", "sourceIdentifier": "security@progress.com",
"published": "2024-11-13T16:15:17.387", "published": "2024-11-13T16:15:17.387",
"lastModified": "2024-11-13T17:01:16.850", "lastModified": "2025-01-07T15:46:38.317",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -51,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:telerik:ui_for_winforms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.4.1113",
"matchCriteriaId": "1031C04A-A4D6-4F30-B171-A3CF91E60F66"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://docs.telerik.com/devtools/winforms/knowledge-base/unsafe-deserialization-cve-2024-10013", "url": "https://docs.telerik.com/devtools/winforms/knowledge-base/unsafe-deserialization-cve-2024-10013",
"source": "security@progress.com" "source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

110
CVE-2024/CVE-2024-116xx/CVE-2024-11681.json Normal file
View File

@ -0,0 +1,110 @@
{
"id": "CVE-2024-11681",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2025-01-07T15:15:09.207",
"lastModified": "2025-01-07T16:15:32.097",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious or compromised MacPorts mirror can execute arbitrary commands as root\u00a0on the machine of a client running port selfupdate\u00a0against the mirror."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-2j38-pjh8-wfxw",
"source": "cve-coordination@google.com"
}
]
}

27
CVE-2024/CVE-2024-126xx/CVE-2024-12692.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12692", "id": "CVE-2024-12692",
"sourceIdentifier": "chrome-cve-admin@google.com", "sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-12-18T22:15:05.730", "published": "2024-12-18T22:15:05.730",
"lastModified": "2024-12-18T22:15:05.730", "lastModified": "2025-01-07T16:15:32.573",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "La confusi\u00f3n de tipos en la versi\u00f3n 8 de Google Chrome anterior a la 131.0.6778.204 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: alta)" "value": "La confusi\u00f3n de tipos en la versi\u00f3n 8 de Google Chrome anterior a la 131.0.6778.204 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: alta)"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "chrome-cve-admin@google.com", "source": "chrome-cve-admin@google.com",

74
CVE-2024/CVE-2024-14xx/CVE-2024-1449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1449", "id": "CVE-2024-1449",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-03-02T12:16:00.547", "published": "2024-03-02T12:16:00.547",
"lastModified": "2024-11-21T08:50:36.490", "lastModified": "2025-01-07T16:38:28.197",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,25 +36,87 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.9.10",
"matchCriteriaId": "D84C9E86-689D-4190-BF3F-9CF0A56D7645"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wordpress.org/plugins/master-slider/", "url": "https://wordpress.org/plugins/master-slider/",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af9adb6b-f726-4b74-be5c-82fdab0ae1f2?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af9adb6b-f726-4b74-be5c-82fdab0ae1f2?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://wordpress.org/plugins/master-slider/", "url": "https://wordpress.org/plugins/master-slider/",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af9adb6b-f726-4b74-be5c-82fdab0ae1f2?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af9adb6b-f726-4b74-be5c-82fdab0ae1f2?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-250xx/CVE-2024-25037.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-25037",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-07T16:15:32.937",
"lastModified": "2025-01-07T16:15:32.937",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7179163",
"source": "psirt@us.ibm.com"
}
]
}

121
CVE-2024/CVE-2024-268xx/CVE-2024-26888.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26888", "id": "CVE-2024-26888",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-17T11:15:10.337", "published": "2024-04-17T11:15:10.337",
"lastModified": "2024-11-21T09:03:18.330", "lastModified": "2025-01-07T16:43:58.107",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,138 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: msft: Reparar p\u00e9rdida de memoria Reparar p\u00e9rdida de b\u00fafer asignado para enviar MSFT_OP_LE_MONITOR_ADVERTISEMENT." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: msft: Reparar p\u00e9rdida de memoria Reparar p\u00e9rdida de b\u00fafer asignado para enviar MSFT_OP_LE_MONITOR_ADVERTISEMENT."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.16",
"versionEndExcluding": "6.5",
"matchCriteriaId": "A5099559-2D15-42A5-A561-71B34FEFF36F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.3",
"versionEndExcluding": "6.6.23",
"matchCriteriaId": "43EB4ECD-2161-4C19-8280-3544598B5CD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.11",
"matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.8.2",
"matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/5987b9f7d9314c7411136005b3a52f61a8cc0911", "url": "https://git.kernel.org/stable/c/5987b9f7d9314c7411136005b3a52f61a8cc0911",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/5cb93417c93716a5404f762f331f5de3653fd952", "url": "https://git.kernel.org/stable/c/5cb93417c93716a5404f762f331f5de3653fd952",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/98e9920c75e0790bff947a00d192d24bf1c724e0", "url": "https://git.kernel.org/stable/c/98e9920c75e0790bff947a00d192d24bf1c724e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b", "url": "https://git.kernel.org/stable/c/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/5987b9f7d9314c7411136005b3a52f61a8cc0911", "url": "https://git.kernel.org/stable/c/5987b9f7d9314c7411136005b3a52f61a8cc0911",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/5cb93417c93716a5404f762f331f5de3653fd952", "url": "https://git.kernel.org/stable/c/5cb93417c93716a5404f762f331f5de3653fd952",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/98e9920c75e0790bff947a00d192d24bf1c724e0", "url": "https://git.kernel.org/stable/c/98e9920c75e0790bff947a00d192d24bf1c724e0",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b", "url": "https://git.kernel.org/stable/c/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

123
CVE-2024/CVE-2024-269xx/CVE-2024-26928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26928", "id": "CVE-2024-26928",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-28T12:15:21.140", "published": "2024-04-28T12:15:21.140",
"lastModified": "2024-11-21T09:03:24.350", "lastModified": "2025-01-07T16:44:17.763",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,140 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_debug_files_proc_show() Omita las sesiones que se est\u00e1n eliminando (estado == SES_EXITING) para evitar UAF." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_debug_files_proc_show() Omita las sesiones que se est\u00e1n eliminando (estado == SES_EXITING) para evitar UAF."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"matchCriteriaId": "B62CF0EC-6C39-4DAD-A6CC-C31C3277A460"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.26",
"matchCriteriaId": "C520696A-A594-4FFC-A32D-12DA535CE911"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.5",
"matchCriteriaId": "DBD6C99E-4250-4DFE-8447-FF2075939D10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88", "url": "https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1", "url": "https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d", "url": "https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502", "url": "https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88", "url": "https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1", "url": "https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d", "url": "https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502", "url": "https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

84
CVE-2024/CVE-2024-281xx/CVE-2024-28197.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28197", "id": "CVE-2024-28197",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-11T20:15:07.420", "published": "2024-03-11T20:15:07.420",
"lastModified": "2024-11-21T09:06:00.547", "lastModified": "2025-01-07T15:54:40.987",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 5.8 "impactScore": 5.8
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 5.8
} }
] ]
}, },
@ -49,16 +69,72 @@
"value": "CWE-269" "value": "CWE-269"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.44.3",
"matchCriteriaId": "A896302F-4289-419A-882F-8E4207B611A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zitadel:zitadel:2.45.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CDF0C992-982C-4963-BFE4-1592B681D69E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zitadel:zitadel:2.45.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BDA3827B-80DF-4A2A-A103-97FE37352090"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zitadel:zitadel:2.46.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CCEA9592-45E4-4C4A-906F-62732495B2D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zitadel:zitadel:2.46.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D5C0396B-7FFB-4700-BBFF-AC7D2748B00A"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-mq4x-r2w3-j7mr", "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-mq4x-r2w3-j7mr",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-mq4x-r2w3-j7mr", "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-mq4x-r2w3-j7mr",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-287xx/CVE-2024-28778.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-28778",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-07T16:15:33.113",
"lastModified": "2025-01-07T16:15:33.113",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7179163",
"source": "psirt@us.ibm.com"
}
]
}

73
CVE-2024/CVE-2024-314xx/CVE-2024-31456.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31456", "id": "CVE-2024-31456",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-07T14:15:10.550", "published": "2024-05-07T14:15:10.550",
"lastModified": "2024-11-21T09:13:33.447", "lastModified": "2025-01-07T16:49:45.263",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 4.0 "impactScore": 4.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },
@ -49,24 +69,65 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.3.0",
"versionEndExcluding": "10.0.15",
"matchCriteriaId": "E444DF33-1B8A-4D5F-82D8-4B16292BC806"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/glpi-project/glpi/commit/730c3db29a1edc32f9b9d1e2a940e90a0211ab26", "url": "https://github.com/glpi-project/glpi/commit/730c3db29a1edc32f9b9d1e2a940e90a0211ab26",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gcj4-2cp3-6h5j", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gcj4-2cp3-6h5j",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/glpi-project/glpi/commit/730c3db29a1edc32f9b9d1e2a940e90a0211ab26", "url": "https://github.com/glpi-project/glpi/commit/730c3db29a1edc32f9b9d1e2a940e90a0211ab26",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gcj4-2cp3-6h5j", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gcj4-2cp3-6h5j",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

45
CVE-2024/CVE-2024-354xx/CVE-2024-35498.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-35498", "id": "CVE-2024-35498",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T19:15:12.707", "published": "2025-01-06T19:15:12.707",
"lastModified": "2025-01-06T19:15:12.707", "lastModified": "2025-01-07T16:15:33.277",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload." "value": "A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting (XSS) en Grav v1.7.45 permite a los atacantes ejecutar web scripts o HTML arbitrarios a trav\u00e9s de un payload especialmente manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/r4vanan/Stored-xss-Grav-v1.7.45", "url": "https://github.com/r4vanan/Stored-xss-Grav-v1.7.45",

63
CVE-2024/CVE-2024-371xx/CVE-2024-37147.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37147", "id": "CVE-2024-37147",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-10T19:15:10.930", "published": "2024-07-10T19:15:10.930",
"lastModified": "2024-11-21T09:23:17.880", "lastModified": "2025-01-07T16:55:46.580",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
} }
] ]
}, },
@ -49,16 +69,51 @@
"value": "CWE-284" "value": "CWE-284"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.85",
"versionEndExcluding": "10.0.16",
"matchCriteriaId": "2910869A-4955-4EF7-9E9D-16E45682606A"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-f2cg-fc85-ffmh", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-f2cg-fc85-ffmh",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-f2cg-fc85-ffmh", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-f2cg-fc85-ffmh",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

63
CVE-2024/CVE-2024-371xx/CVE-2024-37148.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37148", "id": "CVE-2024-37148",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-10T20:15:03.280", "published": "2024-07-10T20:15:03.280",
"lastModified": "2024-11-21T09:23:18.003", "lastModified": "2025-01-07T16:58:37.837",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.2 "impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
} }
] ]
}, },
@ -49,16 +69,51 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.84",
"versionEndExcluding": "10.0.16",
"matchCriteriaId": "EAC2571E-EDAE-425F-B883-78BA82543BBF"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-p626-hph9-p6fj", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-p626-hph9-p6fj",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-p626-hph9-p6fj", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-p626-hph9-p6fj",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

107
CVE-2024/CVE-2024-379xx/CVE-2024-37980.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37980", "id": "CVE-2024-37980",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:19.720", "published": "2024-09-10T17:15:19.720",
"lastModified": "2024-09-10T17:43:14.410", "lastModified": "2025-01-07T15:26:25.013",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,12 +69,93 @@
"value": "CWE-269" "value": "CWE-269"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6445.1",
"matchCriteriaId": "8611D71C-D109-43DB-B24F-AD9D8DE1D754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7040.1",
"matchCriteriaId": "30B9A4F3-56C1-49B6-AC31-8E15C25409E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2060.1",
"matchCriteriaId": "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3475.1",
"matchCriteriaId": "6E6AD612-AB64-4454-970E-D868420C6CC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2120.1",
"matchCriteriaId": "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4390.2",
"matchCriteriaId": "AF8BBB82-ED5C-4943-A787-EA07536BCFBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "16.0.1000.6",
"versionEndExcluding": "16.0.1125.1",
"matchCriteriaId": "30D1D16A-0B3E-49B4-9DB4-77FC462BA503"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "16.0.4003.1",
"versionEndExcluding": "16.0.4140.3",
"matchCriteriaId": "148D362E-101A-4121-9790-B537D02CB114"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37980", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37980",
"source": "secure@microsoft.com" "source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

97
CVE-2024/CVE-2024-386xx/CVE-2024-38625.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38625", "id": "CVE-2024-38625",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:11.430", "published": "2024-06-21T11:15:11.430",
"lastModified": "2024-11-21T09:26:31.120", "lastModified": "2025-01-07T16:09:49.880",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,110 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Verifique que el puntero 'folio' sea NULL. Puede ser NULL si se llama a bmap." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Verifique que el puntero 'folio' sea NULL. Puede ser NULL si se llama a bmap."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "92AC1231-0841-463A-9EA5-8770AEF0714B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/1cd6c96219c429ebcfa8e79a865277376c563803", "url": "https://git.kernel.org/stable/c/1cd6c96219c429ebcfa8e79a865277376c563803",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/6c8054d590668629bb2eb6fb4cbf22455d08ada8", "url": "https://git.kernel.org/stable/c/6c8054d590668629bb2eb6fb4cbf22455d08ada8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ff1068929459347f9e47f8d14c409dcf938c2641", "url": "https://git.kernel.org/stable/c/ff1068929459347f9e47f8d14c409dcf938c2641",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/1cd6c96219c429ebcfa8e79a865277376c563803", "url": "https://git.kernel.org/stable/c/1cd6c96219c429ebcfa8e79a865277376c563803",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/6c8054d590668629bb2eb6fb4cbf22455d08ada8", "url": "https://git.kernel.org/stable/c/6c8054d590668629bb2eb6fb4cbf22455d08ada8",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ff1068929459347f9e47f8d14c409dcf938c2641", "url": "https://git.kernel.org/stable/c/ff1068929459347f9e47f8d14c409dcf938c2641",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-407xx/CVE-2024-40702.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-40702",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-07T16:15:33.463",
"lastModified": "2025-01-07T16:15:33.463",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7179163",
"source": "psirt@us.ibm.com"
}
]
}

117
CVE-2024/CVE-2024-409xx/CVE-2024-40962.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40962", "id": "CVE-2024-40962",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-12T13:15:18.180", "published": "2024-07-12T13:15:18.180",
"lastModified": "2024-11-21T09:31:57.560", "lastModified": "2025-01-07T16:10:10.253",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,130 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: zonificado: asigna sumas de verificaci\u00f3n ficticias para zonas zonificadas NODATASUM escribe Shin'ichiro inform\u00f3 que cuando ejecuta el caso de prueba btrfs/167 de fstests en dispositivos zonificados emulados, ve el siguiente puntero NULL desreferencia en 'btrfs_zone_finish_endio()': Vaya: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000011: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref en el rango [0x0000000000000088-0x00000000000000 8f] CPU: 4 PID: 2332440 Comm: kworker/u80:15 Contaminado: GW 6.10.0-rc2-kts+ #4 Nombre de hardware: Supermicro Super Server/X11SPi-TF, BIOS 3.3 21/02/2020 Cola de trabajo: btrfs-endio-write btrfs_work_helper [btrfs] RIP : 0010:btrfs_zone_finish_endio.part.0+0x34/0x160 [btrfs] RSP: 0018:ffff88867f107a90 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 893e5534 RDX: 0000000000000011 RSI: 0000000000000004 RDI: 0000000000000088 RBP: 0000000000000002 R08: 0000000000000001 R09: 6028 R10: ffff88840b4b0143 R11: ffff88834dfff600 R12: ffff88840b4b0000 R13: 0000000000020000 R14: 00000000000000000 R15: ffff888530ad5210 FS: 0000000000000(0000) GS:ffff888e3f800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f87223fff38 CR3 : 00000007a7c6a002 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000000000 DR3: 0000000000000000 DR6: 000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Seguimiento de llamadas: ? __die_body.cold+0x19/0x27 ? die_addr+0x46/0x70? exc_general_protection+0x14f/0x250? asm_exc_general_protection+0x26/0x30? do_raw_read_unlock+0x44/0x70? btrfs_zone_finish_endio.part.0+0x34/0x160 [btrfs] btrfs_finish_one_ordered+0x5d9/0x19a0 [btrfs] ? __pfx_lock_release+0x10/0x10? do_raw_write_lock+0x90/0x260? __pfx_do_raw_write_lock+0x10/0x10? __pfx_btrfs_finish_one_ordered+0x10/0x10 [btrfs]? _raw_write_unlock+0x23/0x40? btrfs_finish_ordered_zoned+0x5a9/0x850 [btrfs]? lock_acquire+0x435/0x500 btrfs_work_helper+0x1b1/0xa70 [btrfs]? __programar+0x10a8/0x60b0? __pfx___might_resched+0x10/0x10 proceso_one_work+0x862/0x1410 ? __pfx_lock_acquire+0x10/0x10? __pfx_process_one_work+0x10/0x10? asignar_trabajo+0x16c/0x240 trabajador_hilo+0x5e6/0x1010? __pfx_worker_thread+0x10/0x10 kthread+0x2c3/0x3a0 ? trace_irq_enable.constprop.0+0xce/0x110? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 Al habilitar CONFIG_BTRFS_ASSERT se revel\u00f3 la siguiente aserci\u00f3n para activar: aserci\u00f3n fallida: !list_empty(&ordered->list), en fs/btrfs/zoned.c:1815 Esto indica que Falta la lista de sumas de verificaci\u00f3n en la extensi\u00f3n_ordenada. Como btrfs/167 est\u00e1 escribiendo NOCOW, esto es de esperarse. Un an\u00e1lisis m\u00e1s detallado con drgn confirm\u00f3 la suposici\u00f3n: >>> inode = prog.crashed_thread().stack_trace()[11]['ordered'].inode >>> btrfs_inode = drgn.container_of(inode, \"struct btrfs_inode\", \\ \" vfs_inode\") >>> print(btrfs_inode.flags) (u32)1 Como el modo de emulaci\u00f3n de zonas simula zonas convencionales en dispositivos normales, no podemos usar Zone-Append para escribir. Pero solo adjuntamos sumas de verificaci\u00f3n ficticias si realizamos una escritura de adici\u00f3n de zona. Entonces, para las escrituras de datos de zonas NOCOW en zonas convencionales, adjunte tambi\u00e9n una suma de verificaci\u00f3n ficticia." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: zonificado: asigna sumas de verificaci\u00f3n ficticias para zonas zonificadas NODATASUM escribe Shin'ichiro inform\u00f3 que cuando ejecuta el caso de prueba btrfs/167 de fstests en dispositivos zonificados emulados, ve el siguiente puntero NULL desreferencia en 'btrfs_zone_finish_endio()': Vaya: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000011: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref en el rango [0x0000000000000088-0x00000000000000 8f] CPU: 4 PID: 2332440 Comm: kworker/u80:15 Contaminado: GW 6.10.0-rc2-kts+ #4 Nombre de hardware: Supermicro Super Server/X11SPi-TF, BIOS 3.3 21/02/2020 Cola de trabajo: btrfs-endio-write btrfs_work_helper [btrfs] RIP : 0010:btrfs_zone_finish_endio.part.0+0x34/0x160 [btrfs] RSP: 0018:ffff88867f107a90 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 893e5534 RDX: 0000000000000011 RSI: 0000000000000004 RDI: 0000000000000088 RBP: 0000000000000002 R08: 0000000000000001 R09: 6028 R10: ffff88840b4b0143 R11: ffff88834dfff600 R12: ffff88840b4b0000 R13: 0000000000020000 R14: 00000000000000000 R15: ffff888530ad5210 FS: 0000000000000(0000) GS:ffff888e3f800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f87223fff38 CR3 : 00000007a7c6a002 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000000000 DR3: 0000000000000000 DR6: 000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Seguimiento de llamadas: ? __die_body.cold+0x19/0x27 ? die_addr+0x46/0x70? exc_general_protection+0x14f/0x250? asm_exc_general_protection+0x26/0x30? do_raw_read_unlock+0x44/0x70? btrfs_zone_finish_endio.part.0+0x34/0x160 [btrfs] btrfs_finish_one_ordered+0x5d9/0x19a0 [btrfs] ? __pfx_lock_release+0x10/0x10? do_raw_write_lock+0x90/0x260? __pfx_do_raw_write_lock+0x10/0x10? __pfx_btrfs_finish_one_ordered+0x10/0x10 [btrfs]? _raw_write_unlock+0x23/0x40? btrfs_finish_ordered_zoned+0x5a9/0x850 [btrfs]? lock_acquire+0x435/0x500 btrfs_work_helper+0x1b1/0xa70 [btrfs]? __programar+0x10a8/0x60b0? __pfx___might_resched+0x10/0x10 proceso_one_work+0x862/0x1410 ? __pfx_lock_acquire+0x10/0x10? __pfx_process_one_work+0x10/0x10? asignar_trabajo+0x16c/0x240 trabajador_hilo+0x5e6/0x1010? __pfx_worker_thread+0x10/0x10 kthread+0x2c3/0x3a0 ? trace_irq_enable.constprop.0+0xce/0x110? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 Al habilitar CONFIG_BTRFS_ASSERT se revel\u00f3 la siguiente aserci\u00f3n para activar: aserci\u00f3n fallida: !list_empty(&ordered->list), en fs/btrfs/zoned.c:1815 Esto indica que Falta la lista de sumas de verificaci\u00f3n en la extensi\u00f3n_ordenada. Como btrfs/167 est\u00e1 escribiendo NOCOW, esto es de esperarse. Un an\u00e1lisis m\u00e1s detallado con drgn confirm\u00f3 la suposici\u00f3n: >>> inode = prog.crashed_thread().stack_trace()[11]['ordered'].inode >>> btrfs_inode = drgn.container_of(inode, \"struct btrfs_inode\", \\ \" vfs_inode\") >>> print(btrfs_inode.flags) (u32)1 Como el modo de emulaci\u00f3n de zonas simula zonas convencionales en dispositivos normales, no podemos usar Zone-Append para escribir. Pero solo adjuntamos sumas de verificaci\u00f3n ficticias si realizamos una escritura de adici\u00f3n de zona. Entonces, para las escrituras de datos de zonas NOCOW en zonas convencionales, adjunte tambi\u00e9n una suma de verificaci\u00f3n ficticia."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5",
"versionEndExcluding": "6.6.36",
"matchCriteriaId": "A9A441DF-0244-4D7F-B25A-F692568FFC15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.7",
"matchCriteriaId": "0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/082b3d4e788953a3ff42ecdb70c4210149076285", "url": "https://git.kernel.org/stable/c/082b3d4e788953a3ff42ecdb70c4210149076285",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/25cfe59f4470a051d1b80f51fa0ca3a5048e4a19", "url": "https://git.kernel.org/stable/c/25cfe59f4470a051d1b80f51fa0ca3a5048e4a19",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/cebae292e0c32a228e8f2219c270a7237be24a6a", "url": "https://git.kernel.org/stable/c/cebae292e0c32a228e8f2219c270a7237be24a6a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/082b3d4e788953a3ff42ecdb70c4210149076285", "url": "https://git.kernel.org/stable/c/082b3d4e788953a3ff42ecdb70c4210149076285",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/25cfe59f4470a051d1b80f51fa0ca3a5048e4a19", "url": "https://git.kernel.org/stable/c/25cfe59f4470a051d1b80f51fa0ca3a5048e4a19",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/cebae292e0c32a228e8f2219c270a7237be24a6a", "url": "https://git.kernel.org/stable/c/cebae292e0c32a228e8f2219c270a7237be24a6a",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

72
CVE-2024/CVE-2024-434xx/CVE-2024-43474.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43474", "id": "CVE-2024-43474",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:35.183", "published": "2024-09-10T17:15:35.183",
"lastModified": "2024-09-10T17:43:14.410", "lastModified": "2025-01-07T15:19:09.057",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 4.7 "impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -49,12 +69,58 @@
"value": "CWE-170" "value": "CWE-170"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2060.1",
"matchCriteriaId": "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3475.1",
"matchCriteriaId": "6E6AD612-AB64-4454-970E-D868420C6CC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2120.1",
"matchCriteriaId": "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43474", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43474",
"source": "secure@microsoft.com" "source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

66
CVE-2024/CVE-2024-436xx/CVE-2024-43613.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43613", "id": "CVE-2024-43613",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T19:15:11.560", "published": "2024-11-12T19:15:11.560",
"lastModified": "2024-11-13T17:01:16.850", "lastModified": "2025-01-07T16:20:13.437",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -49,12 +49,72 @@
"value": "CWE-77" "value": "CWE-77"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_database_for_postgresql_flexible_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.20",
"matchCriteriaId": "F25F5854-0980-4069-BCBE-4CEC993AA077"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_database_for_postgresql_flexible_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.16",
"matchCriteriaId": "35F08558-BF70-494F-8395-671AA48E2211"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_database_for_postgresql_flexible_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.13",
"matchCriteriaId": "ECF39F10-8251-4639-B588-2D8AEBD74F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_database_for_postgresql_flexible_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.8",
"matchCriteriaId": "0579FD8F-3CE2-493C-B2AE-00F304CDE43A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_database_for_postgresql_flexible_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.4",
"matchCriteriaId": "3367EB48-658F-4ACC-86AA-2E83A54240E3"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43613", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43613",
"source": "secure@microsoft.com" "source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

84
CVE-2024/CVE-2024-44xx/CVE-2024-4470.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4470", "id": "CVE-2024-4470",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-05-21T07:15:08.810", "published": "2024-05-21T07:15:08.810",
"lastModified": "2024-11-21T09:42:53.360", "lastModified": "2025-01-07T16:37:44.157",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,33 +36,101 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.9.10",
"matchCriteriaId": "D84C9E86-689D-4190-BF3F-9CF0A56D7645"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/browser/master-slider/tags/3.9.9/includes/msp-shortcodes.php#L1078", "url": "https://plugins.trac.wordpress.org/browser/master-slider/tags/3.9.9/includes/msp-shortcodes.php#L1078",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3084860/#file2", "url": "https://plugins.trac.wordpress.org/changeset/3084860/#file2",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd59bee7-5de5-406d-8c1b-654306d68ab8?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd59bee7-5de5-406d-8c1b-654306d68ab8?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/master-slider/tags/3.9.9/includes/msp-shortcodes.php#L1078", "url": "https://plugins.trac.wordpress.org/browser/master-slider/tags/3.9.9/includes/msp-shortcodes.php#L1078",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3084860/#file2", "url": "https://plugins.trac.wordpress.org/changeset/3084860/#file2",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd59bee7-5de5-406d-8c1b-654306d68ab8?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd59bee7-5de5-406d-8c1b-654306d68ab8?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

45
CVE-2024/CVE-2024-462xx/CVE-2024-46209.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-46209", "id": "CVE-2024-46209",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T19:15:12.810", "published": "2025-01-06T19:15:12.810",
"lastModified": "2025-01-06T19:15:12.810", "lastModified": "2025-01-07T16:15:33.800",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter." "value": "A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting (XSS) almacenado en el componente /media/test.html de REDAXO CMS v5.17.1 permite a los atacantes ejecutar web scripts o HTML arbitrarios mediante la inyecci\u00f3n de un payload manipulado en el par\u00e1metro de contrase\u00f1a."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/h4ckr4v3n/CVE-2024-46209/blob/main/REDAXO%20Stored%20XSS%20%2B%20RCE.pdf", "url": "https://github.com/h4ckr4v3n/CVE-2024-46209/blob/main/REDAXO%20Stored%20XSS%20%2B%20RCE.pdf",

25
CVE-2024/CVE-2024-462xx/CVE-2024-46242.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-46242",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-07T16:15:33.950",
"lastModified": "2025-01-07T16:15:33.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration."
}
],
"metrics": {},
"references": [
{
"url": "http://ctfd.com",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/salvatore-abello/4f01f3fa54672febc0a492a11a26592c",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-466xx/CVE-2024-46601.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-46601",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-07T16:15:34.087",
"lastModified": "2025-01-07T16:15:34.087",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow."
}
],
"metrics": {},
"references": [
{
"url": "http://elspec.com",
"source": "cve@mitre.org"
},
{
"url": "http://g5.com",
"source": "cve@mitre.org"
},
{
"url": "https://www.elspec-ltd.com/support/security-advisories/",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-466xx/CVE-2024-46602.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-46602",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-07T16:15:34.213",
"lastModified": "2025-01-07T16:15:34.213",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload."
}
],
"metrics": {},
"references": [
{
"url": "http://elspec.com",
"source": "cve@mitre.org"
},
{
"url": "http://g5.com",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-466xx/CVE-2024-46603.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-46603",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-07T16:15:34.370",
"lastModified": "2025-01-07T16:15:34.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload."
}
],
"metrics": {},
"references": [
{
"url": "http://elspec.com",
"source": "cve@mitre.org"
},
{
"url": "http://g5.com",
"source": "cve@mitre.org"
},
{
"url": "https://www.elspec-ltd.com/support/security-advisories/",
"source": "cve@mitre.org"
}
]
}

45
CVE-2024/CVE-2024-466xx/CVE-2024-46622.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-46622", "id": "CVE-2024-46622",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T18:15:19.660", "published": "2025-01-06T18:15:19.660",
"lastModified": "2025-01-06T18:15:19.660", "lastModified": "2025-01-07T16:15:34.500",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion." "value": "An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de seguridad de escalada de privilegios en SecureAge Security Suite software 7.0.x anterior a 7.0.38, 7.1.x anterior a 7.1.11, 8.0.x anterior a 8.0.18 y 8.1.x anterior a 8.1.18 que permite la creaci\u00f3n, modificaci\u00f3n y eliminaci\u00f3n arbitraria de archivos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://www.secureage.com/", "url": "https://www.secureage.com/",

25
CVE-2024/CVE-2024-482xx/CVE-2024-48245.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-48245",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-07T16:15:34.730",
"lastModified": "2025-01-07T16:15:34.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include \"Booking ID\", \"Action Name\", and \"Payment Confirmation ID\", which are present in /newvehicle.php and /newdriver.php."
}
],
"metrics": {},
"references": [
{
"url": "http://vehicle.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ShadowByte1/CVE-2024-48245",
"source": "cve@mitre.org"
}
]
}

43
CVE-2024/CVE-2024-484xx/CVE-2024-48456.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48456", "id": "CVE-2024-48456",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T22:15:09.620", "published": "2025-01-06T22:15:09.620",
"lastModified": "2025-01-06T22:15:09.620", "lastModified": "2025-01-07T16:15:34.867",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the parameter password at the change admin password page at the router web interface." "value": "An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the parameter password at the change admin password page at the router web interface."
},
{
"lang": "es",
"value": "Un problema en Netis Wifi6 Router NX10 2.0.1.3643 y 2.0.1.3582 y Netis Wifi 11AC Router NC65 3.0.0.3749 y Netis Wifi 11AC Router NC63 3.0.0.3327 y 3.0.0.3503 y Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 y 3.0.0.3329 y Netis Wifi Router MW5360 1.0.1.3442 y 1.0.1.3031 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro password en la p\u00e1gina de cambio de contrase\u00f1a de administrador en la interfaz web del enrutador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/users/h00die-gr3y/projects/1/views/1", "url": "https://github.com/users/h00die-gr3y/projects/1/views/1",

43
CVE-2024/CVE-2024-484xx/CVE-2024-48457.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48457", "id": "CVE-2024-48457",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T22:15:09.727", "published": "2025-01-06T22:15:09.727",
"lastModified": "2025-01-06T22:15:09.727", "lastModified": "2025-01-07T16:15:35.057",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the endpoint /cgi-bin/skk_set.cgi and binary /bin/scripts/start_wifi.sh" "value": "An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the endpoint /cgi-bin/skk_set.cgi and binary /bin/scripts/start_wifi.sh"
},
{
"lang": "es",
"value": "Un problema en Netis Wifi6 Router NX10 2.0.1.3643 y 2.0.1.3582 y Netis Wifi 11AC Router NC65 3.0.0.3749 y Netis Wifi 11AC Router NC63 3.0.0.3327 y 3.0.0.3503 y Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 y 3.0.0.3329 y Netis Wifi Router MW5360 1.0.1.3442 y 1.0.1.3031 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del endpoint /cgi-bin/skk_set.cgi y el binario /bin/scripts/start_wifi.sh"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/users/h00die-gr3y/projects/1/views/1", "url": "https://github.com/users/h00die-gr3y/projects/1/views/1",

6
CVE-2024/CVE-2024-489xx/CVE-2024-48987.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48987", "id": "CVE-2024-48987",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-10-11T13:15:16.197", "published": "2024-10-11T13:15:16.197",
"lastModified": "2024-10-15T12:58:51.050", "lastModified": "2025-01-07T16:15:35.237",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -43,6 +43,10 @@
{ {
"url": "https://github.com/snipe/snipe-it/releases/tag/v7.0.10", "url": "https://github.com/snipe/snipe-it/releases/tag/v7.0.10",
"source": "cve@mitre.org" "source": "cve@mitre.org"
},
{
"url": "https://www.synacktiv.com/advisories/snipe-it-unauthenticated-remote-command-execution-when-appkey-known",
"source": "cve@mitre.org"
} }
] ]
} }

57
CVE-2024/CVE-2024-490xx/CVE-2024-49025.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49025", "id": "CVE-2024-49025",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-14T20:15:25.207", "published": "2024-11-14T20:15:25.207",
"lastModified": "2024-11-15T13:58:08.913", "lastModified": "2025-01-07T15:42:37.300",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.5 "impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
} }
] ]
}, },
@ -49,12 +69,43 @@
"value": "CWE-359" "value": "CWE-359"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "131.0.2903.48",
"matchCriteriaId": "037D3C64-2DB8-4C53-BE41-B19F87780DC8"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49025", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49025",
"source": "secure@microsoft.com" "source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

66
CVE-2024/CVE-2024-490xx/CVE-2024-49042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49042", "id": "CVE-2024-49042",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T19:15:17.507", "published": "2024-11-12T19:15:17.507",
"lastModified": "2024-11-13T17:01:16.850", "lastModified": "2025-01-07T16:18:47.907",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -49,12 +49,72 @@
"value": "CWE-77" "value": "CWE-77"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_database_for_postgresql_flexible_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.20",
"matchCriteriaId": "F25F5854-0980-4069-BCBE-4CEC993AA077"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_database_for_postgresql_flexible_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.16",
"matchCriteriaId": "35F08558-BF70-494F-8395-671AA48E2211"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_database_for_postgresql_flexible_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.13",
"matchCriteriaId": "ECF39F10-8251-4639-B588-2D8AEBD74F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_database_for_postgresql_flexible_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.8",
"matchCriteriaId": "0579FD8F-3CE2-493C-B2AE-00F304CDE43A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_database_for_postgresql_flexible_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.4",
"matchCriteriaId": "3367EB48-658F-4ACC-86AA-2E83A54240E3"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49042", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49042",
"source": "secure@microsoft.com" "source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-490xx/CVE-2024-49056.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49056", "id": "CVE-2024-49056",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:46.273", "published": "2024-11-12T18:15:46.273",
"lastModified": "2024-11-13T17:01:58.603", "lastModified": "2025-01-07T16:33:01.547",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [ "cveTags": [
{ {
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
@ -43,6 +43,26 @@
}, },
"exploitabilityScore": 2.1, "exploitabilityScore": 2.1,
"impactScore": 5.2 "impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -56,12 +76,42 @@
"value": "CWE-302" "value": "CWE-302"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:airlift_microsoft_com:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3D0CED-1CBE-43AA-9B62-DF77F3FCEA37"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49056", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49056",
"source": "secure@microsoft.com" "source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

148
CVE-2024/CVE-2024-502xx/CVE-2024-50292.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50292", "id": "CVE-2024-50292",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-19T02:16:31.363", "published": "2024-11-19T02:16:31.363",
"lastModified": "2024-11-19T21:57:32.967", "lastModified": "2025-01-07T16:10:33.080",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,161 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: stm32: spdifrx: corrige la liberaci\u00f3n del canal DMA en stm32_spdifrx_remove En caso de error al solicitar el canal DMA ctrl_chan, ctrl_chan no es nulo. Por lo tanto, la liberaci\u00f3n del canal DMA genera el siguiente problema: [4.879000] st,stm32-spdifrx 500d0000.audio-controller: error dma_request_slave_channel -19 [4.888975] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 000000000000003d [...] [5.096577] Rastreo de llamadas: [5.099099] dma_release_channel+0x24/0x100 [5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx] Para evitar este problema, libere el canal solo si el puntero es v\u00e1lido." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: stm32: spdifrx: corrige la liberaci\u00f3n del canal DMA en stm32_spdifrx_remove En caso de error al solicitar el canal DMA ctrl_chan, ctrl_chan no es nulo. Por lo tanto, la liberaci\u00f3n del canal DMA genera el siguiente problema: [4.879000] st,stm32-spdifrx 500d0000.audio-controller: error dma_request_slave_channel -19 [4.888975] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 000000000000003d [...] [5.096577] Rastreo de llamadas: [5.099099] dma_release_channel+0x24/0x100 [5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx] Para evitar este problema, libere el canal solo si el puntero es v\u00e1lido."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7",
"versionEndExcluding": "5.10.230",
"matchCriteriaId": "04A73BBB-C9E5-4486-B220-A64782E11B3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.172",
"matchCriteriaId": "88812664-4296-42AC-AE0F-ED71086C1BB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.117",
"matchCriteriaId": "0DD7F755-2F6B-4707-8973-78496AD5AA8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.61",
"matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.8",
"matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*",
"matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*",
"matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/0d75f887aabd80cf37ea48d28f159afa7850ea28", "url": "https://git.kernel.org/stable/c/0d75f887aabd80cf37ea48d28f159afa7850ea28",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/22ae9321054cf7f36c537702af133659f51a0b88", "url": "https://git.kernel.org/stable/c/22ae9321054cf7f36c537702af133659f51a0b88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/23bdbd1ef3e063e03d3c50c15a591b005ebbae39", "url": "https://git.kernel.org/stable/c/23bdbd1ef3e063e03d3c50c15a591b005ebbae39",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3a977b554f668382dfba31fd62e4cce4fe5643db", "url": "https://git.kernel.org/stable/c/3a977b554f668382dfba31fd62e4cce4fe5643db",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/4f1d74f74752eab8af6b8b28797dc6490d57374c", "url": "https://git.kernel.org/stable/c/4f1d74f74752eab8af6b8b28797dc6490d57374c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/9bb4af400c386374ab1047df44c508512c08c31f", "url": "https://git.kernel.org/stable/c/9bb4af400c386374ab1047df44c508512c08c31f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

100
CVE-2024/CVE-2024-502xx/CVE-2024-50293.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50293", "id": "CVE-2024-50293",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-19T02:16:31.493", "published": "2024-11-19T02:16:31.493",
"lastModified": "2024-11-19T21:57:32.967", "lastModified": "2025-01-07T16:11:07.423",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,105 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: no deje un puntero sk colgando en __smc_create() Gracias a el commit 4bbd360a5084 (\"socket: Imprimir pf->create() cuando no borra sock->sk en caso de error.\"), syzbot encontr\u00f3 un problema con AF_SMC: smc_create debe borrar sock->sk en caso de error, familia: 43, tipo: 1, protocolo: 0 ADVERTENCIA: CPU: 0 PID: 5827 en net/socket.c:1565 __sock_create+0x96f/0xa30 net/socket.c:1563 M\u00f3dulos vinculados: CPU: 0 UID: 0 PID: 5827 Comm: syz-executor259 No contaminado 6.12.0-rc6-next-20241106-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 RIP: 0010:__sock_create+0x96f/0xa30 net/socket.c:1563 C\u00f3digo: 03 00 74 08 4c 89 e7 e8 4f 3b 85 f8 49 8b 34 24 48 c7 c7 40 89 0c 8d 8b 54 24 04 8b 4c 24 0c 44 8b 44 24 08 e8 32 78 db f7 90 <0f> 0b 90 90 e9 d3 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c ee f7 RSP: 0018:ffffc90003e4fda0 EFLAGS: 00010246 RAX: 099c6f938c7f4700 RBX: 1ffffffff1a595fd RCX: ffff888034823c00 RDX: 0000000000000000 RSI: 000000000000000 RDI: 000000000000000 RBP: 00000000ffffffe9 R08: ffffffff81567052 R09: 1ffff920007c9f50 R10: dffffc0000000000 R11: fffff520007c9f51 R12: ffffffff8d2cafe8 R13: 1ffffffff1a595fe R14: ffffffff9a789c40 R15: ffff8880764298c0 FS: 000055557b518380(0000) GS:ffff8880b860 0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa62ff43225 CR3: 0000000031628000 CR4: 000000000003526f0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: sock_create net/socket.c:1616 [en l\u00ednea] __sys_socket_create net/socket.c:1653 [en l\u00ednea] __sys_socket+0x150/0x3c0 net/socket.c:1700 __do_sys_socket net/socket.c:1714 [en l\u00ednea] __se_sys_socket net/socket.c:1712 [en l\u00ednea] Para referencia, consulte el commit 2d859aff775d (\"Fusionar rama 'do-not-leave-dangling-sk-pointers-in-pf-create-functions'\")" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: no deje un puntero sk colgando en __smc_create() Gracias a el commit 4bbd360a5084 (\"socket: Imprimir pf->create() cuando no borra sock->sk en caso de error.\"), syzbot encontr\u00f3 un problema con AF_SMC: smc_create debe borrar sock->sk en caso de error, familia: 43, tipo: 1, protocolo: 0 ADVERTENCIA: CPU: 0 PID: 5827 en net/socket.c:1565 __sock_create+0x96f/0xa30 net/socket.c:1563 M\u00f3dulos vinculados: CPU: 0 UID: 0 PID: 5827 Comm: syz-executor259 No contaminado 6.12.0-rc6-next-20241106-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 RIP: 0010:__sock_create+0x96f/0xa30 net/socket.c:1563 C\u00f3digo: 03 00 74 08 4c 89 e7 e8 4f 3b 85 f8 49 8b 34 24 48 c7 c7 40 89 0c 8d 8b 54 24 04 8b 4c 24 0c 44 8b 44 24 08 e8 32 78 db f7 90 <0f> 0b 90 90 e9 d3 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c ee f7 RSP: 0018:ffffc90003e4fda0 EFLAGS: 00010246 RAX: 099c6f938c7f4700 RBX: 1ffffffff1a595fd RCX: ffff888034823c00 RDX: 0000000000000000 RSI: 000000000000000 RDI: 000000000000000 RBP: 00000000ffffffe9 R08: ffffffff81567052 R09: 1ffff920007c9f50 R10: dffffc0000000000 R11: fffff520007c9f51 R12: ffffffff8d2cafe8 R13: 1ffffffff1a595fe R14: ffffffff9a789c40 R15: ffff8880764298c0 FS: 000055557b518380(0000) GS:ffff8880b860 0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa62ff43225 CR3: 0000000031628000 CR4: 000000000003526f0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: sock_create net/socket.c:1616 [en l\u00ednea] __sys_socket_create net/socket.c:1653 [en l\u00ednea] __sys_socket+0x150/0x3c0 net/socket.c:1700 __do_sys_socket net/socket.c:1714 [en l\u00ednea] __se_sys_socket net/socket.c:1712 [en l\u00ednea] Para referencia, consulte el commit 2d859aff775d (\"Fusionar rama 'do-not-leave-dangling-sk-pointers-in-pf-create-functions'\")"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.8",
"matchCriteriaId": "728427FE-4653-45EF-AA11-DA6A6AF58B8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*",
"matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*",
"matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/d293958a8595ba566fb90b99da4d6263e14fee15", "url": "https://git.kernel.org/stable/c/d293958a8595ba566fb90b99da4d6263e14fee15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/d2cc492124e1f22daa1700f069bcc58788043381", "url": "https://git.kernel.org/stable/c/d2cc492124e1f22daa1700f069bcc58788043381",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

45
CVE-2024/CVE-2024-511xx/CVE-2024-51112.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-51112", "id": "CVE-2024-51112",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T16:15:28.943", "published": "2025-01-06T16:15:28.943",
"lastModified": "2025-01-06T16:15:28.943", "lastModified": "2025-01-07T15:15:10.270",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script" "value": "Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script"
},
{
"lang": "es",
"value": "La vulnerabilidad de redirecci\u00f3n abierta en Pnetlab 5.3.11 permite a un atacante manipular las URL para redirigir a los usuarios a sitios web externos arbitrarios a trav\u00e9s de un script manipulado espec\u00edficamente para ello."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "http://pnetlab.com", "url": "http://pnetlab.com",

59
CVE-2024/CVE-2024-520xx/CVE-2024-52000.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-52000", "id": "CVE-2024-52000",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-08T23:15:03.817", "published": "2024-11-08T23:15:03.817",
"lastModified": "2024-11-12T13:56:54.483", "lastModified": "2025-01-07T16:52:48.723",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
@ -49,12 +71,43 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "A59157AC-6016-4FB6-A3BD-08EAB161CF96"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-r58g-p5r9-8hfg", "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-r58g-p5r9-8hfg",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

61
CVE-2024/CVE-2024-520xx/CVE-2024-52001.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-52001", "id": "CVE-2024-52001",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-08T23:15:04.153", "published": "2024-11-08T23:15:04.153",
"lastModified": "2024-11-12T13:56:54.483", "lastModified": "2025-01-07T16:48:41.057",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
@ -42,19 +64,50 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
"value": "CWE-200" "value": "CWE-200"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "A59157AC-6016-4FB6-A3BD-08EAB161CF96"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-9p26-v3wj-6q34", "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-9p26-v3wj-6q34",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

49
CVE-2024/CVE-2024-520xx/CVE-2024-52002.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-52002", "id": "CVE-2024-52002",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-08T23:15:04.410", "published": "2024-11-08T23:15:04.410",
"lastModified": "2024-11-12T13:56:54.483", "lastModified": "2025-01-07T16:43:28.527",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
@ -51,10 +73,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "A59157AC-6016-4FB6-A3BD-08EAB161CF96"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-xr4x-xq7v-7gqm", "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-xr4x-xq7v-7gqm",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

60
CVE-2024/CVE-2024-528xx/CVE-2024-52813.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-52813",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-07T16:15:35.610",
"lastModified": "2025-01-07T16:15:35.610",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation enum variant which indicates that a previously verified identity has been changed."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-223"
}
]
}
],
"references": [
{
"url": "https://github.com/matrix-org/matrix-rust-sdk/pull/3795",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-r5vf-wf4h-82gg",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-530xx/CVE-2024-53096.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53096", "id": "CVE-2024-53096",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-25T22:15:15.287", "published": "2024-11-25T22:15:15.287",
"lastModified": "2024-12-24T15:23:55.943", "lastModified": "2025-01-07T15:42:04.183",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -22,20 +22,20 @@
"type": "Primary", "type": "Primary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.1, "baseScore": 7.8,
"baseSeverity": "MEDIUM", "baseSeverity": "HIGH",
"attackVector": "LOCAL", "attackVector": "LOCAL",
"attackComplexity": "LOW", "attackComplexity": "LOW",
"privilegesRequired": "LOW", "privilegesRequired": "LOW",
"userInteraction": "NONE", "userInteraction": "NONE",
"scope": "UNCHANGED", "scope": "UNCHANGED",
"confidentialityImpact": "LOW", "confidentialityImpact": "HIGH",
"integrityImpact": "NONE", "integrityImpact": "HIGH",
"availabilityImpact": "HIGH" "availabilityImpact": "HIGH"
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 4.2 "impactScore": 5.9
} }
] ]
}, },
@ -61,37 +61,42 @@
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.231", "versionStartIncluding": "5.10.150",
"versionEndExcluding": "5.11", "versionEndExcluding": "5.10.231",
"matchCriteriaId": "055DF185-747E-444A-AEC9-E23AA67777A2" "matchCriteriaId": "5E49B9C7-7B50-4126-8CBA-66256295EB63"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.174", "versionStartIncluding": "5.15.75",
"versionEndExcluding": "5.16", "versionEndExcluding": "5.15.174",
"matchCriteriaId": "5EDFC1D5-0414-42C6-B6E2-1101700AA7DE" "matchCriteriaId": "B8A791EF-FA57-4BA6-B758-F85DB2C9C332"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1", "versionStartIncluding": "6.0.3",
"versionEndExcluding": "6.1.119",
"matchCriteriaId": "5D6C7A20-9E1E-4463-9822-61E01EE9EE64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.63",
"matchCriteriaId": "8800BB45-48BC-4B52-BDA5-B1E4633F42E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12", "versionEndExcluding": "6.12",
"matchCriteriaId": "24339331-7EFB-4BFD-A9FA-7F0B819B687F" "matchCriteriaId": "D251AFC3-8DFD-4F80-861D-362FF9D2EA73"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "criteria": "cpe:2.3:o:linux:linux_kernel:5.19.17:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.119", "matchCriteriaId": "B02CA4B2-2E84-45BE-A5D3-122D9820527C"
"versionEndExcluding": "6.2",
"matchCriteriaId": "B76EFDD3-28A2-4DA2-B93A-00B7E269C313"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.63",
"versionEndExcluding": "6.7",
"matchCriteriaId": "2A5C3DA2-445F-4402-A7D0-93986901EBE0"
}, },
{ {
"vulnerable": true, "vulnerable": true,

186
CVE-2024/CVE-2024-531xx/CVE-2024-53103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53103", "id": "CVE-2024-53103",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-02T08:15:08.537", "published": "2024-12-02T08:15:08.537",
"lastModified": "2024-12-02T08:15:08.537", "lastModified": "2025-01-07T16:25:33.233",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,43 +15,205 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hv_sock: inicializaci\u00f3n de vsk->trans en NULL para evitar un puntero colgante. Cuando se lanza hvs, existe la posibilidad de que vsk->trans no se inicialice en NULL, lo que podr\u00eda provocar un puntero colgante. Este problema se resuelve inicializando vsk->trans en NULL." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hv_sock: inicializaci\u00f3n de vsk->trans en NULL para evitar un puntero colgante. Cuando se lanza hvs, existe la posibilidad de que vsk->trans no se inicialice en NULL, lo que podr\u00eda provocar un puntero colgante. Este problema se resuelve inicializando vsk->trans en NULL."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.324",
"matchCriteriaId": "0EBF3108-DBF4-4E6D-B699-384F2299858B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.286",
"matchCriteriaId": "9952C897-8A61-4D4B-9D6D-7D063E9EA15E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.230",
"matchCriteriaId": "BF5B32D0-72C9-41C3-A0BB-D4946153C134"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.172",
"matchCriteriaId": "88812664-4296-42AC-AE0F-ED71086C1BB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.117",
"matchCriteriaId": "0DD7F755-2F6B-4707-8973-78496AD5AA8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.61",
"matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.8",
"matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:-:*:*:*:*:*:*",
"matchCriteriaId": "0E698080-7669-4132-8817-4C674EEBCE54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*",
"matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*",
"matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*",
"matchCriteriaId": "1EF8CD82-1EAE-4254-9545-F85AB94CF90F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/285266ef92f7b4bf7d26e1e95e215ce6a6badb4a", "url": "https://git.kernel.org/stable/c/285266ef92f7b4bf7d26e1e95e215ce6a6badb4a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/414476c4fb11be070c09ab8f3e75c9ee324a108a", "url": "https://git.kernel.org/stable/c/414476c4fb11be070c09ab8f3e75c9ee324a108a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/4bdc5a62c6e50600d8a1c3e18fd6dce0c27c9497", "url": "https://git.kernel.org/stable/c/4bdc5a62c6e50600d8a1c3e18fd6dce0c27c9497",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/4fe1d42f2acc463b733bb42e3f8e67dbc2a0eb2d", "url": "https://git.kernel.org/stable/c/4fe1d42f2acc463b733bb42e3f8e67dbc2a0eb2d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/7cf25987820350cb950856c71b409e5b6eed52bd", "url": "https://git.kernel.org/stable/c/7cf25987820350cb950856c71b409e5b6eed52bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/8621725afb38e111969c64280b71480afde2aace", "url": "https://git.kernel.org/stable/c/8621725afb38e111969c64280b71480afde2aace",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/98d8dde9232250a57ad5ef16479bf6a349e09b80", "url": "https://git.kernel.org/stable/c/98d8dde9232250a57ad5ef16479bf6a349e09b80",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/e0fe3392371293175f25028020ded5267f4cd8e3", "url": "https://git.kernel.org/stable/c/e0fe3392371293175f25028020ded5267f4cd8e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/e629295bd60abf4da1db85b82819ca6a4f6c1e79", "url": "https://git.kernel.org/stable/c/e629295bd60abf4da1db85b82819ca6a4f6c1e79",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

142
CVE-2024/CVE-2024-531xx/CVE-2024-53145.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53145", "id": "CVE-2024-53145",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-24T12:15:22.507", "published": "2024-12-24T12:15:22.507",
"lastModified": "2024-12-24T12:15:22.507", "lastModified": "2025-01-07T16:14:57.543",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: um: corrige el posible desbordamiento de enteros durante la configuraci\u00f3n de physmem. Este problema ocurre cuando el tama\u00f1o real del mapa es mayor que LONG_MAX, lo que se puede activar f\u00e1cilmente en UML/i386." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: um: corrige el posible desbordamiento de enteros durante la configuraci\u00f3n de physmem. Este problema ocurre cuando el tama\u00f1o real del mapa es mayor que LONG_MAX, lo que se puede activar f\u00e1cilmente en UML/i386."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1",
"versionEndExcluding": "5.4.287",
"matchCriteriaId": "4B08AFEE-D4EF-47B3-BD35-5A861B359191"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.231",
"matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.174",
"matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/1575df968650d11771359e5ac78278c5b0cc19f3", "url": "https://git.kernel.org/stable/c/1575df968650d11771359e5ac78278c5b0cc19f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/1bd118c5f887802cef2d9ba0d1917258667f1cae", "url": "https://git.kernel.org/stable/c/1bd118c5f887802cef2d9ba0d1917258667f1cae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/5c710f45811e7e2bfcf703980c306f19c7e1ecfe", "url": "https://git.kernel.org/stable/c/5c710f45811e7e2bfcf703980c306f19c7e1ecfe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a875c023155ea92b75d6323977003e64d92ae7fc", "url": "https://git.kernel.org/stable/c/a875c023155ea92b75d6323977003e64d92ae7fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a98b7761f697e590ed5d610d87fa12be66f23419", "url": "https://git.kernel.org/stable/c/a98b7761f697e590ed5d610d87fa12be66f23419",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a9c95f787b88b29165563fd97761032db77116e7", "url": "https://git.kernel.org/stable/c/a9c95f787b88b29165563fd97761032db77116e7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/d1a211e5210d31da8f49fc0021bf7129b726468c", "url": "https://git.kernel.org/stable/c/d1a211e5210d31da8f49fc0021bf7129b726468c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/e6102b72edc4eb8c0858df00ba74b5ce579c8fa2", "url": "https://git.kernel.org/stable/c/e6102b72edc4eb8c0858df00ba74b5ce579c8fa2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

82
CVE-2024/CVE-2024-531xx/CVE-2024-53149.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53149", "id": "CVE-2024-53149",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-24T12:15:23.007", "published": "2024-12-24T12:15:23.007",
"lastModified": "2024-12-24T12:15:23.007", "lastModified": "2025-01-07T16:36:45.343",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,89 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: usb: typec: ucsi: glink: fix off-by-one in Connector_status Los \u00edndices del conector UCSI comienzan desde 1 hasta 3, PMIC_GLINK_MAX_PORTS. Corrija la condici\u00f3n en la devoluci\u00f3n de llamada pmic_glink_ucsi_connector_status(), arreglando el informe de orientaci\u00f3n tipo C para el tercer conector USB-C." "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: usb: typec: ucsi: glink: fix off-by-one in Connector_status Los \u00edndices del conector UCSI comienzan desde 1 hasta 3, PMIC_GLINK_MAX_PORTS. Corrija la condici\u00f3n en la devoluci\u00f3n de llamada pmic_glink_ucsi_connector_status(), arreglando el informe de orientaci\u00f3n tipo C para el tercer conector USB-C."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-193"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "158A6B22-9260-41D7-965A-A81798A5A969"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/4a22918810980897393fa1776ea3877e4baf8cca", "url": "https://git.kernel.org/stable/c/4a22918810980897393fa1776ea3877e4baf8cca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/6ba6f7f29e0dff47a2799e60dcd1b5c29cd811a5", "url": "https://git.kernel.org/stable/c/6ba6f7f29e0dff47a2799e60dcd1b5c29cd811a5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/9a5a8b5bd72169aa7a8ec800ef57be2f2cb4d9b2", "url": "https://git.kernel.org/stable/c/9a5a8b5bd72169aa7a8ec800ef57be2f2cb4d9b2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

141
CVE-2024/CVE-2024-531xx/CVE-2024-53150.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53150", "id": "CVE-2024-53150",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-24T12:15:23.117", "published": "2024-12-24T12:15:23.117",
"lastModified": "2024-12-24T12:15:23.117", "lastModified": "2025-01-07T16:38:32.010",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,158 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ALSA: usb-audio: corrige lecturas fuera de los l\u00edmites al encontrar fuentes de reloj. El c\u00f3digo actual del controlador de audio USB no verifica la bLongitud de cada descriptor al atravesar los descriptores de reloj. Es decir, cuando un dispositivo proporciona un descriptor falso con una longitud b m\u00e1s corta, el controlador podr\u00eda alcanzar lecturas fuera de los l\u00edmites. Para solucionarlo, este parche agrega controles de cordura a las funciones de validaci\u00f3n para el recorrido del descriptor de reloj. Cuando la longitud del descriptor es m\u00e1s corta de lo esperado, se omite en el bucle. Para los descriptores de fuente de reloj y multiplicador de reloj, podemos comparar bLength con el sizeof() de cada tipo de descriptor. OTOH, el descriptor del selector de reloj de UAC2 y UAC3 tiene una matriz de elementos bNrInPins y dos campos m\u00e1s en su cola, por lo que deben verificarse adem\u00e1s de la verificaci\u00f3n sizeof()." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ALSA: usb-audio: corrige lecturas fuera de los l\u00edmites al encontrar fuentes de reloj. El c\u00f3digo actual del controlador de audio USB no verifica la bLongitud de cada descriptor al atravesar los descriptores de reloj. Es decir, cuando un dispositivo proporciona un descriptor falso con una longitud b m\u00e1s corta, el controlador podr\u00eda alcanzar lecturas fuera de los l\u00edmites. Para solucionarlo, este parche agrega controles de cordura a las funciones de validaci\u00f3n para el recorrido del descriptor de reloj. Cuando la longitud del descriptor es m\u00e1s corta de lo esperado, se omite en el bucle. Para los descriptores de fuente de reloj y multiplicador de reloj, podemos comparar bLength con el sizeof() de cada tipo de descriptor. OTOH, el descriptor del selector de reloj de UAC2 y UAC3 tiene una matriz de elementos bNrInPins y dos campos m\u00e1s en su cola, por lo que deben verificarse adem\u00e1s de la verificaci\u00f3n sizeof()."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.287",
"matchCriteriaId": "DC7D5C80-B677-4131-A399-3366D7F3961C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.231",
"matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.174",
"matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/096bb5b43edf755bc4477e64004fa3a20539ec2f", "url": "https://git.kernel.org/stable/c/096bb5b43edf755bc4477e64004fa3a20539ec2f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/45a92cbc88e4013bfed7fd2ccab3ade45f8e896b", "url": "https://git.kernel.org/stable/c/45a92cbc88e4013bfed7fd2ccab3ade45f8e896b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/74cb86e1006c5437b1d90084d22018da30fddc77", "url": "https://git.kernel.org/stable/c/74cb86e1006c5437b1d90084d22018da30fddc77",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a3dd4d63eeb452cfb064a13862fb376ab108f6a6", "url": "https://git.kernel.org/stable/c/a3dd4d63eeb452cfb064a13862fb376ab108f6a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acd", "url": "https://git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9", "url": "https://git.kernel.org/stable/c/ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/da13ade87a12dd58829278bc816a61bea06a56a9", "url": "https://git.kernel.org/stable/c/da13ade87a12dd58829278bc816a61bea06a56a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ea0fa76f61cf8e932d1d26e6193513230816e11d", "url": "https://git.kernel.org/stable/c/ea0fa76f61cf8e932d1d26e6193513230816e11d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

118
CVE-2024/CVE-2024-531xx/CVE-2024-53151.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53151", "id": "CVE-2024-53151",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-24T12:15:23.240", "published": "2024-12-24T12:15:23.240",
"lastModified": "2024-12-24T12:15:23.240", "lastModified": "2025-01-07T16:41:42.637",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,131 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: svcrdma: soluciona un desbordamiento de enteros Dan Carpenter informa: > Commit 78147ca8b4a9 (\"svcrdma: agrega una estructura de datos de lista de fragmentos analizados\") del 22 de junio de 2020 (linux-next ), conduce a la siguiente > Advertencia del comprobador est\u00e1tico Smatch: > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk() > advertencia: tama\u00f1o de desbordamiento potencial controlado por el usuario 'segcount * 4 * 4' > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c > 488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt) > 489 { > 490 u32 segcount; > 491 __be32 *p; > 492 > 493 if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount)) > ^^^^^^^^ > > 494 devuelve falso; > 495 > 496 /* Un recuento de segmentos falso provoca que esta comprobaci\u00f3n de desbordamiento del b\u00fafer falle. */> 497 p = xdr_inline_decode(&rctxt->rc_stream, > --> 498 segcount * rpcrdma_segment_maxsz * sizeof(*p)); > > > segcount es un u32 que no es de confianza. En sistemas de 32 bits, cualquier cosa >= TAMA\u00d1O_MAX / 16 tendr\u00e1 > un desbordamiento de enteros y algunos de esos valores ser\u00e1n aceptados por > xdr_inline_decode()." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: svcrdma: soluciona un desbordamiento de enteros Dan Carpenter informa: > Commit 78147ca8b4a9 (\"svcrdma: agrega una estructura de datos de lista de fragmentos analizados\") del 22 de junio de 2020 (linux-next ), conduce a la siguiente > Advertencia del comprobador est\u00e1tico Smatch: > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk() > advertencia: tama\u00f1o de desbordamiento potencial controlado por el usuario 'segcount * 4 * 4' > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c > 488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt) > 489 { > 490 u32 segcount; > 491 __be32 *p; > 492 > 493 if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount)) > ^^^^^^^^ > > 494 devuelve falso; > 495 > 496 /* Un recuento de segmentos falso provoca que esta comprobaci\u00f3n de desbordamiento del b\u00fafer falle. */> 497 p = xdr_inline_decode(&rctxt->rc_stream, > --> 498 segcount * rpcrdma_segment_maxsz * sizeof(*p)); > > > segcount es un u32 que no es de confianza. En sistemas de 32 bits, cualquier cosa >= TAMA\u00d1O_MAX / 16 tendr\u00e1 > un desbordamiento de enteros y algunos de esos valores ser\u00e1n aceptados por > xdr_inline_decode()."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.174",
"matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/21e1cf688fb0397788c8dd42e1e0b08d58ac5c7b", "url": "https://git.kernel.org/stable/c/21e1cf688fb0397788c8dd42e1e0b08d58ac5c7b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3c63d8946e578663b868cb9912dac616ea68bfd0", "url": "https://git.kernel.org/stable/c/3c63d8946e578663b868cb9912dac616ea68bfd0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/4cbc3ba6dc2f746497cade60bcbaa82ae3696689", "url": "https://git.kernel.org/stable/c/4cbc3ba6dc2f746497cade60bcbaa82ae3696689",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/838dd342962cef4c320632a5af48d3c31f2f9877", "url": "https://git.kernel.org/stable/c/838dd342962cef4c320632a5af48d3c31f2f9877",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/c1f8195bf68edd2cef0f18a4cead394075a54b5a", "url": "https://git.kernel.org/stable/c/c1f8195bf68edd2cef0f18a4cead394075a54b5a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/e5c440c227ecdc721f2da0dd88b6358afd1031a7", "url": "https://git.kernel.org/stable/c/e5c440c227ecdc721f2da0dd88b6358afd1031a7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

106
CVE-2024/CVE-2024-531xx/CVE-2024-53154.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53154", "id": "CVE-2024-53154",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-24T12:15:23.580", "published": "2024-12-24T12:15:23.580",
"lastModified": "2024-12-24T12:15:23.580", "lastModified": "2025-01-07T15:58:21.587",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: clk-apple-nco: Agregar verificaci\u00f3n NULL en applnco_probe Agregar verificaci\u00f3n NULL en applnco_probe, para gestionar el error de desreferencia del puntero NULL del kernel." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: clk-apple-nco: Agregar verificaci\u00f3n NULL en applnco_probe Agregar verificaci\u00f3n NULL en applnco_probe, para gestionar el error de desreferencia del puntero NULL del kernel."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "4EB97A09-F7D3-4B32-8BA0-E85161566B20"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/066c14619e8379c1bafbbf8196fd38eac303472b", "url": "https://git.kernel.org/stable/c/066c14619e8379c1bafbbf8196fd38eac303472b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/534e02f83889ccef5fe6beb46e773ab9d4ae1655", "url": "https://git.kernel.org/stable/c/534e02f83889ccef5fe6beb46e773ab9d4ae1655",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/72ea9a7e9e260aa39f9d1c9254cf92adfb05c4f5", "url": "https://git.kernel.org/stable/c/72ea9a7e9e260aa39f9d1c9254cf92adfb05c4f5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/969c765e2b508cca9099d246c010a1e48dcfd089", "url": "https://git.kernel.org/stable/c/969c765e2b508cca9099d246c010a1e48dcfd089",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/9a5905b725739af6a105f9e564e7c80d69969d2b", "url": "https://git.kernel.org/stable/c/9a5905b725739af6a105f9e564e7c80d69969d2b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

154
CVE-2024/CVE-2024-531xx/CVE-2024-53155.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53155", "id": "CVE-2024-53155",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-24T12:15:23.700", "published": "2024-12-24T12:15:23.700",
"lastModified": "2024-12-24T12:15:23.700", "lastModified": "2025-01-07T16:00:13.753",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,43 +15,173 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: corrige el valor no inicializado en ocfs2_file_read_iter() Syzbot ha informado el siguiente s\u00edmbolo KMSAN: ERROR: KMSAN: valor uninicial en ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read+0x8d4/0x20f0 io_read+0x3e/0xf0 io_issue_sqe+0x42b/0x22c0 io_wq_submit_work+0xaf9/0xdc0 io_worker_handle_work+0xd13/0x2110 io_wq_worker+0x447/0x1410 ret_from_fork+0x6f/0x90 ret_from_fork_asm+0x1a/0x30 Uninit se cre\u00f3 en: __alloc_pages_noprof+0x9a7/0xe00 alloc_pages_mpol_noprof+0x299/0x990 alloc_pages_noprof+0x1bf/0x1e0 allocate_slab+0x33a/0x1250 ___slab_alloc+0x12ef/0x35e0 kmem_cache_alloc_bulk_noprof+0x486/0x1330 __io_alloc_req_refill+0x84/0x560 io_submit_sqes+0x172f/0x2f30 __se_sys_io_uring_enter+0x406/0x41c0 __x64_sys_io_uring_enter+0x11f/0x1a0 x64_sys_call+0x2b54/0x3ba0 do_syscall_64+0xcd/0x1e0 Entry_SYSCALL_64_after_hwframe+0x77/0x7f Dado que una instancia de 'struct kiocb' puede pasarse desde la capa de bloque con el campo 'privado' no inicializado, introduzca 'ocfs2_iocb_init_rw_locked()' y util\u00edcelo desde donde podr\u00eda tomar 'ocfs2_dio_end_io()' cuidado, es decir en 'ocfs2_file_read_iter()' y 'ocfs2_file_write_iter()'." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: corrige el valor no inicializado en ocfs2_file_read_iter() Syzbot ha informado el siguiente s\u00edmbolo KMSAN: ERROR: KMSAN: valor uninicial en ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read+0x8d4/0x20f0 io_read+0x3e/0xf0 io_issue_sqe+0x42b/0x22c0 io_wq_submit_work+0xaf9/0xdc0 io_worker_handle_work+0xd13/0x2110 io_wq_worker+0x447/0x1410 ret_from_fork+0x6f/0x90 ret_from_fork_asm+0x1a/0x30 Uninit se cre\u00f3 en: __alloc_pages_noprof+0x9a7/0xe00 alloc_pages_mpol_noprof+0x299/0x990 alloc_pages_noprof+0x1bf/0x1e0 allocate_slab+0x33a/0x1250 ___slab_alloc+0x12ef/0x35e0 kmem_cache_alloc_bulk_noprof+0x486/0x1330 __io_alloc_req_refill+0x84/0x560 io_submit_sqes+0x172f/0x2f30 __se_sys_io_uring_enter+0x406/0x41c0 __x64_sys_io_uring_enter+0x11f/0x1a0 x64_sys_call+0x2b54/0x3ba0 do_syscall_64+0xcd/0x1e0 Entry_SYSCALL_64_after_hwframe+0x77/0x7f Dado que una instancia de 'struct kiocb' puede pasarse desde la capa de bloque con el campo 'privado' no inicializado, introduzca 'ocfs2_iocb_init_rw_locked()' y util\u00edcelo desde donde podr\u00eda tomar 'ocfs2_dio_end_io()' cuidado, es decir en 'ocfs2_file_read_iter()' y 'ocfs2_file_write_iter()'."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.22",
"versionEndExcluding": "4.19.325",
"matchCriteriaId": "7E224302-1ABD-4043-A983-C2B7F13E4454"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.287",
"matchCriteriaId": "E4B15788-D35E-4E5B-A9C0-070AE3729B34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.231",
"matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.174",
"matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/366c933c2ab34dd6551acc03b4872726b7605143", "url": "https://git.kernel.org/stable/c/366c933c2ab34dd6551acc03b4872726b7605143",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62f", "url": "https://git.kernel.org/stable/c/66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/6c8f8d1e595dabd5389817f6d798cc8bd95c40ab", "url": "https://git.kernel.org/stable/c/6c8f8d1e595dabd5389817f6d798cc8bd95c40ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/83f8713a0ef1d55d6a287bcfadcaab8245ac5098", "url": "https://git.kernel.org/stable/c/83f8713a0ef1d55d6a287bcfadcaab8245ac5098",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/8c966150d5abff58c3c2bdb9a6e63fd773782905", "url": "https://git.kernel.org/stable/c/8c966150d5abff58c3c2bdb9a6e63fd773782905",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/8e0de82ed18ba0e71f817adbd81317fd1032ca5a", "url": "https://git.kernel.org/stable/c/8e0de82ed18ba0e71f817adbd81317fd1032ca5a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/adc77b19f62d7e80f98400b2fca9d700d2afdd6f", "url": "https://git.kernel.org/stable/c/adc77b19f62d7e80f98400b2fca9d700d2afdd6f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/dc78efe556fed162d48736ef24066f42e463e27c", "url": "https://git.kernel.org/stable/c/dc78efe556fed162d48736ef24066f42e463e27c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/f4078ef38d3163e6be47403a619558b19c4bfccd", "url": "https://git.kernel.org/stable/c/f4078ef38d3163e6be47403a619558b19c4bfccd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

154
CVE-2024/CVE-2024-531xx/CVE-2024-53156.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53156", "id": "CVE-2024-53156",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-24T12:15:23.833", "published": "2024-12-24T12:15:23.833",
"lastModified": "2024-12-24T12:15:23.833", "lastModified": "2025-01-07T16:02:00.303",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,43 +15,173 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: ath9k: agregue verificaci\u00f3n de rango para conn_rsp_epid en htc_connect_service() Encontr\u00e9 el siguiente error en mi fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/ wireless/ath/ath9k/htc_hst.c:26:51 el \u00edndice 255 est\u00e1 fuera del rango para el tipo 'htc_endpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.15.0- 1 01/04/2014 Cola de trabajo: eventos request_firmware_work_func Seguimiento de llamadas: dump_stack_lvl+0x180/0x1b0 __ubsan_handle_out_of_bounds+0xd4/0x130 htc_issue_send.constprop.0+0x20c/0x230 ? _raw_spin_unlock_irqrestore+0x3c/0x70 ath9k_wmi_cmd+0x41d/0x610 ? mark_held_locks+0x9f/0xe0... Dado que se ha confirmado que este error es causado por una verificaci\u00f3n insuficiente de conn_rsp_epid, creo que ser\u00eda apropiado agregar una verificaci\u00f3n de rango para conn_rsp_epid a htc_connect_service() para evitar que ocurra el error." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: ath9k: agregue verificaci\u00f3n de rango para conn_rsp_epid en htc_connect_service() Encontr\u00e9 el siguiente error en mi fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/ wireless/ath/ath9k/htc_hst.c:26:51 el \u00edndice 255 est\u00e1 fuera del rango para el tipo 'htc_endpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.15.0- 1 01/04/2014 Cola de trabajo: eventos request_firmware_work_func Seguimiento de llamadas: dump_stack_lvl+0x180/0x1b0 __ubsan_handle_out_of_bounds+0xd4/0x130 htc_issue_send.constprop.0+0x20c/0x230 ? _raw_spin_unlock_irqrestore+0x3c/0x70 ath9k_wmi_cmd+0x41d/0x610 ? mark_held_locks+0x9f/0xe0... Dado que se ha confirmado que este error es causado por una verificaci\u00f3n insuficiente de conn_rsp_epid, creo que ser\u00eda apropiado agregar una verificaci\u00f3n de rango para conn_rsp_epid a htc_connect_service() para evitar que ocurra el error."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.35",
"versionEndExcluding": "4.19.325",
"matchCriteriaId": "F75B4423-D5AE-4F06-9130-EB774DC1DF91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.287",
"matchCriteriaId": "E4B15788-D35E-4E5B-A9C0-070AE3729B34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.231",
"matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.174",
"matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/3fe99b9690b99606d3743c9961ebee865cfa1ab8", "url": "https://git.kernel.org/stable/c/3fe99b9690b99606d3743c9961ebee865cfa1ab8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/5f177fb9d01355ac183e65ad8909ea8ef734e0cf", "url": "https://git.kernel.org/stable/c/5f177fb9d01355ac183e65ad8909ea8ef734e0cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/70eae50d2156cb6e078d0d78809b49bf2f4c7540", "url": "https://git.kernel.org/stable/c/70eae50d2156cb6e078d0d78809b49bf2f4c7540",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/8619593634cbdf5abf43f5714df49b04e4ef09ab", "url": "https://git.kernel.org/stable/c/8619593634cbdf5abf43f5714df49b04e4ef09ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/8965db7fe2e913ee0802b05fc94c6d6aa74e0596", "url": "https://git.kernel.org/stable/c/8965db7fe2e913ee0802b05fc94c6d6aa74e0596",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b6551479daf2bfa80bfd5d9016b02a810e508bfb", "url": "https://git.kernel.org/stable/c/b6551479daf2bfa80bfd5d9016b02a810e508bfb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/bc981179ab5d1a2715f35e3db4e4bb822bacc849", "url": "https://git.kernel.org/stable/c/bc981179ab5d1a2715f35e3db4e4bb822bacc849",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/c941af142200d975dd3be632aeb490f4cb91dae4", "url": "https://git.kernel.org/stable/c/c941af142200d975dd3be632aeb490f4cb91dae4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/cb480ae80fd4d0f1ac9e107ce799183beee5124b", "url": "https://git.kernel.org/stable/c/cb480ae80fd4d0f1ac9e107ce799183beee5124b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

154
CVE-2024/CVE-2024-531xx/CVE-2024-53157.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53157", "id": "CVE-2024-53157",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-24T12:15:23.970", "published": "2024-12-24T12:15:23.970",
"lastModified": "2024-12-24T12:15:23.970", "lastModified": "2025-01-07T16:02:21.087",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,43 +15,173 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scpi: Verificar el recuento de OPP de DVFS devuelto por el firmware Corrige un fallo del kernel con el siguiente seguimiento de llamadas cuando el firmware SCPI devuelve un recuento de OPP de cero. dvfs_info.opp_count puede ser cero en algunas plataformas durante la prueba de reinicio, y el kernel se bloquear\u00e1 despu\u00e9s de desreferenciar el puntero a kcalloc(info->count, sizeof(*opp), GFP_KERNEL). | No se puede gestionar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000028 | Informaci\u00f3n de aborto de memoria: | ESR = 0x96000004 | Clase de excepci\u00f3n = DABT (EL actual), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | Informaci\u00f3n de aborto de datos: | ISV = 0, ISS = 0x00000004 | CM = 0, WnR = 0 | usuario pgtable: 4k p\u00e1ginas, VAs de 48 bits, pgdp = 00000000faefa08c | [0000000000000028] pgd=0000000000000000 | Error interno: Oops: 96000004 [#1] SMP | scpi-hwmon: la sonda de PHYT000D:00 fall\u00f3 con el error -110 | Proceso systemd-udevd (pid: 1701, l\u00edmite de pila = 0x00000000aaede86c) | CPU: 2 PID: 1701 Comm: systemd-udevd No contaminado 4.19.90+ #1 | Nombre del hardware: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS | pstate: 60000005 (nZCv daif -PAN -UAO) | pc : scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | lr : clk_register+0x438/0x720 | Rastreo de llamadas: | scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | devm_clk_hw_register+0x50/0xa0 | scpi_clk_ops_init.isra.2+0xa0/0x138 [clk_scpi] | scpi_clocks_probe+0x528/0x70c [clk_scpi] | plataforma_drv_probe+0x58/0xa8 | realmente_probe+0x260/0x3d0 | dispositivo_sonda_controlador+0x12c/0x148 | adjuntar_controlador_dispositivo+0x74/0x98 | __adjuntar_controlador+0xb4/0xe8 | bus_para_cada_dispositivo+0x88/0xe0 | adjuntar_controlador+0x30/0x40 | agregar_controlador_bus+0x178/0x2b0 | registro_controlador+0x64/0x118 | __registro_controlador_plataforma+0x54/0x60 | scpi_clocks_driver_init+0x24/0x1000 [clk_scpi] | hacer_una_llamada_inicio+0x54/0x220 | do_init_module+0x54/0x1c8 | load_module+0x14a4/0x1668 | __se_sys_finit_module+0xf8/0x110 | __arm64_sys_finit_module+0x24/0x30 | el0_svc_common+0x78/0x170 | el0_svc_handler+0x38/0x78 | el0_svc+0x8/0x340 | C\u00f3digo: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820) | ---[ fin del seguimiento 06feb22469d89fa8 ]--- | P\u00e1nico del kernel: no se sincroniza: Excepci\u00f3n fatal | SMP: deteniendo las CPU secundarias | Desplazamiento del kernel: deshabilitado | Caracter\u00edsticas de la CPU: 0x10,a0002008 | L\u00edmite de memoria: ninguno" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scpi: Verificar el recuento de OPP de DVFS devuelto por el firmware Corrige un fallo del kernel con el siguiente seguimiento de llamadas cuando el firmware SCPI devuelve un recuento de OPP de cero. dvfs_info.opp_count puede ser cero en algunas plataformas durante la prueba de reinicio, y el kernel se bloquear\u00e1 despu\u00e9s de desreferenciar el puntero a kcalloc(info->count, sizeof(*opp), GFP_KERNEL). | No se puede gestionar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000028 | Informaci\u00f3n de aborto de memoria: | ESR = 0x96000004 | Clase de excepci\u00f3n = DABT (EL actual), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | Informaci\u00f3n de aborto de datos: | ISV = 0, ISS = 0x00000004 | CM = 0, WnR = 0 | usuario pgtable: 4k p\u00e1ginas, VAs de 48 bits, pgdp = 00000000faefa08c | [0000000000000028] pgd=0000000000000000 | Error interno: Oops: 96000004 [#1] SMP | scpi-hwmon: la sonda de PHYT000D:00 fall\u00f3 con el error -110 | Proceso systemd-udevd (pid: 1701, l\u00edmite de pila = 0x00000000aaede86c) | CPU: 2 PID: 1701 Comm: systemd-udevd No contaminado 4.19.90+ #1 | Nombre del hardware: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS | pstate: 60000005 (nZCv daif -PAN -UAO) | pc : scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | lr : clk_register+0x438/0x720 | Rastreo de llamadas: | scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | devm_clk_hw_register+0x50/0xa0 | scpi_clk_ops_init.isra.2+0xa0/0x138 [clk_scpi] | scpi_clocks_probe+0x528/0x70c [clk_scpi] | plataforma_drv_probe+0x58/0xa8 | realmente_probe+0x260/0x3d0 | dispositivo_sonda_controlador+0x12c/0x148 | adjuntar_controlador_dispositivo+0x74/0x98 | __adjuntar_controlador+0xb4/0xe8 | bus_para_cada_dispositivo+0x88/0xe0 | adjuntar_controlador+0x30/0x40 | agregar_controlador_bus+0x178/0x2b0 | registro_controlador+0x64/0x118 | __registro_controlador_plataforma+0x54/0x60 | scpi_clocks_driver_init+0x24/0x1000 [clk_scpi] | hacer_una_llamada_inicio+0x54/0x220 | do_init_module+0x54/0x1c8 | load_module+0x14a4/0x1668 | __se_sys_finit_module+0xf8/0x110 | __arm64_sys_finit_module+0x24/0x30 | el0_svc_common+0x78/0x170 | el0_svc_handler+0x38/0x78 | el0_svc+0x8/0x340 | C\u00f3digo: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820) | ---[ fin del seguimiento 06feb22469d89fa8 ]--- | P\u00e1nico del kernel: no se sincroniza: Excepci\u00f3n fatal | SMP: deteniendo las CPU secundarias | Desplazamiento del kernel: deshabilitado | Caracter\u00edsticas de la CPU: 0x10,a0002008 | L\u00edmite de memoria: ninguno"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4",
"versionEndExcluding": "4.19.325",
"matchCriteriaId": "460C0DA0-B91D-44E5-B1F9-455944C5AD6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.287",
"matchCriteriaId": "E4B15788-D35E-4E5B-A9C0-070AE3729B34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.231",
"matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.174",
"matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/025067eeb945aa17c7dd483a63960125b7efb577", "url": "https://git.kernel.org/stable/c/025067eeb945aa17c7dd483a63960125b7efb577",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/06258e57fee253f4046d3a6a86d7fde09f596eac", "url": "https://git.kernel.org/stable/c/06258e57fee253f4046d3a6a86d7fde09f596eac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/109aa654f85c5141e813b2cd1bd36d90be678407", "url": "https://git.kernel.org/stable/c/109aa654f85c5141e813b2cd1bd36d90be678407",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/12e2c520a0a4202575e4a45ea41f06a8e9aa3417", "url": "https://git.kernel.org/stable/c/12e2c520a0a4202575e4a45ea41f06a8e9aa3417",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/2a5b8de6fcb944f9af0c5fcb30bb0c039705e051", "url": "https://git.kernel.org/stable/c/2a5b8de6fcb944f9af0c5fcb30bb0c039705e051",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/380c0e1d96f3b522f3170c18ee5e0f1a28fec5d6", "url": "https://git.kernel.org/stable/c/380c0e1d96f3b522f3170c18ee5e0f1a28fec5d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/8be4e51f3ecfb0915e3510b600c4cce0dc68a383", "url": "https://git.kernel.org/stable/c/8be4e51f3ecfb0915e3510b600c4cce0dc68a383",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/9beaff47bcea5eec7d4ead98f5043057161fd71a", "url": "https://git.kernel.org/stable/c/9beaff47bcea5eec7d4ead98f5043057161fd71a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/dfc9c2aa7f04f7db7e7225a5e118a24bf1c3b325", "url": "https://git.kernel.org/stable/c/dfc9c2aa7f04f7db7e7225a5e118a24bf1c3b325",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

70
CVE-2024/CVE-2024-532xx/CVE-2024-53235.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53235", "id": "CVE-2024-53235",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T14:15:31.900", "published": "2024-12-27T14:15:31.900",
"lastModified": "2024-12-27T14:15:31.900", "lastModified": "2025-01-07T16:02:48.350",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: se corrigen los montajes respaldados por archivos sobre FUSE syzbot inform\u00f3 de un null-ptr-deref en fuse_read_args_fill: fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905 filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367 do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825 read_mapping_folio include/linux/pagemap.h:1011 [en l\u00ednea] erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41 erofs_read_superblock fs/erofs/super.c:281 [en l\u00ednea] erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625 A diferencia de la mayor\u00eda de los sistemas de archivos, algunos sistemas de archivos de red y FUSE necesitan punteros de `archivo` v\u00e1lidos e inevitables para sus E/S de lectura [1]. De todos modos, esos casos de uso tambi\u00e9n deben ser compatibles. [1] https://docs.kernel.org/filesystems/vfs.html" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: se corrigen los montajes respaldados por archivos sobre FUSE syzbot inform\u00f3 de un null-ptr-deref en fuse_read_args_fill: fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905 filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367 do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825 read_mapping_folio include/linux/pagemap.h:1011 [en l\u00ednea] erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41 erofs_read_superblock fs/erofs/super.c:281 [en l\u00ednea] erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625 A diferencia de la mayor\u00eda de los sistemas de archivos, algunos sistemas de archivos de red y FUSE necesitan punteros de `archivo` v\u00e1lidos e inevitables para sus E/S de lectura [1]. De todos modos, esos casos de uso tambi\u00e9n deben ser compatibles. [1] https://docs.kernel.org/filesystems/vfs.html"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/3a23787ca8756920d65fda39f41353a4be1d1642", "url": "https://git.kernel.org/stable/c/3a23787ca8756920d65fda39f41353a4be1d1642",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/5036f2f024cac40a02ea6ea70de2c3a4407d16bc", "url": "https://git.kernel.org/stable/c/5036f2f024cac40a02ea6ea70de2c3a4407d16bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

25
CVE-2024/CVE-2024-533xx/CVE-2024-53345.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-53345",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-07T16:15:35.777",
"lastModified": "2025-01-07T16:15:35.777",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file."
}
],
"metrics": {},
"references": [
{
"url": "http://car.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ShadowByte1/CVE-2024-53345",
"source": "cve@mitre.org"
}
]
}

86
CVE-2024/CVE-2024-538xx/CVE-2024-53800.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2024-53800",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-07T16:15:35.883",
"lastModified": "2025-01-07T16:15:35.883",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through 4.15."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-829"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/rezgo/vulnerability/wordpress-rezgo-online-booking-plugin-4-15-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

43
CVE-2024/CVE-2024-547xx/CVE-2024-54767.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-54767", "id": "CVE-2024-54767",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T23:15:07.513", "published": "2025-01-06T23:15:07.513",
"lastModified": "2025-01-06T23:15:07.513", "lastModified": "2025-01-07T16:15:36.157",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication." "value": "An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication."
},
{
"lang": "es",
"value": "Un problema de control de acceso en el componente /juis_boxinfo.xml de AVM FRITZ!Box 7530 AX v7.59 permite a los atacantes obtener informaci\u00f3n confidencial sin autenticaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/Shuanunio/CVE_Requests/blob/main/AVM/fritz/AVM_FRITZ%21Box_7530%20AX_unauthorized_access_vulnerability_first.md", "url": "https://github.com/Shuanunio/CVE_Requests/blob/main/AVM/fritz/AVM_FRITZ%21Box_7530%20AX_unauthorized_access_vulnerability_first.md",

13
CVE-2024/CVE-2024-549xx/CVE-2024-54984.json
View File

@ -2,13 +2,20 @@
"id": "CVE-2024-54984", "id": "CVE-2024-54984",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-12-19T22:15:06.563", "published": "2024-12-19T22:15:06.563",
"lastModified": "2024-12-31T20:16:07.547", "lastModified": "2025-01-07T15:15:10.720",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message." "value": "An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message. NOTE: this is disputed by the supplier."
}, },
{ {
"lang": "es", "lang": "es",

25
CVE-2024/CVE-2024-550xx/CVE-2024-55008.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-55008",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-07T16:15:36.337",
"lastModified": "2025-01-07T16:15:36.337",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the attacker can trigger the account lockout mechanism on the account level, effectively locking the user out indefinitely. Since the lockout is applied to the user account and not based on the IP address, any attacker can trigger the lockout on any user account, regardless of their privileges."
}
],
"metrics": {},
"references": [
{
"url": "http://jatos.com",
"source": "cve@mitre.org"
},
{
"url": "https://hacking-notes.medium.com/cve-2024-51379-jatos-v3-9-4-account-lockout-denial-of-service-cc970f4ca58f",
"source": "cve@mitre.org"
}
]
}

45
CVE-2024/CVE-2024-554xx/CVE-2024-55407.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-55407", "id": "CVE-2024-55407",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T19:15:12.910", "published": "2025-01-06T19:15:12.910",
"lastModified": "2025-01-06T19:15:12.910", "lastModified": "2025-01-07T16:15:36.480",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests." "value": "An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests."
},
{
"lang": "es",
"value": "Un problema en la funci\u00f3n DeviceloControl de ITE Tech. Inc ITE IO Access v1.0.0.0 permite a los atacantes realizar acciones arbitrarias de lectura y escritura de puertos mediante el suministro de solicitudes IOCTL manipuladas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "http://ite.com", "url": "http://ite.com",

4
CVE-2024/CVE-2024-555xx/CVE-2024-55550.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-55550", "id": "CVE-2024-55550",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-12-10T19:15:31.110", "published": "2024-12-10T19:15:31.110",
"lastModified": "2024-12-11T15:15:19.653", "lastModified": "2025-01-07T16:15:36.660",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -46,7 +46,7 @@
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
"value": "CWE-125" "value": "CWE-22"
} }
] ]
} }

43
CVE-2024/CVE-2024-555xx/CVE-2024-55553.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-55553", "id": "CVE-2024-55553",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T23:15:07.637", "published": "2025-01-06T23:15:07.637",
"lastModified": "2025-01-06T23:15:07.637", "lastModified": "2025-01-07T16:15:36.840",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In FRRouting (FRR) before 10.3, it is possible for an attacker to trigger repeated RIB revalidation by sending approximately 500 RPKI updates, potentially leading to prolonged revalidation times and a Denial of Service (DoS) scenario." "value": "In FRRouting (FRR) before 10.3, it is possible for an attacker to trigger repeated RIB revalidation by sending approximately 500 RPKI updates, potentially leading to prolonged revalidation times and a Denial of Service (DoS) scenario."
},
{
"lang": "es",
"value": "En FRRouting (FRR) anterior a 10.3, es posible que un atacante active la revalidaci\u00f3n repetida de RIB enviando aproximadamente 500 actualizaciones de RPKI, lo que potencialmente genera tiempos de revalidaci\u00f3n prolongados y un escenario de denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://frrouting.org/security/cve-2024-55553/", "url": "https://frrouting.org/security/cve-2024-55553/",

29
CVE-2024/CVE-2024-555xx/CVE-2024-55556.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-55556",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-07T16:15:37.017",
"lastModified": "2025-01-07T16:15:37.017",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this vulnerability relies on an attacker obtaining Laravel's secret APP_KEY, which would allow them to decrypt and manipulate session cookies (laravel_session) containing serialized data. By altering this data and re-encrypting it with the APP_KEY, the attacker could trigger arbitrary deserialization on the server, potentially leading to remote command execution (RCE). The vulnerability is primarily exploited by accessing an exposed cookie and manipulating it using the secret key to gain malicious access to the server."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/crater-invoice/crater",
"source": "cve@mitre.org"
},
{
"url": "https://www.synacktiv.com/",
"source": "cve@mitre.org"
},
{
"url": "https://www.synacktiv.com/advisories/crater-invoice-unauthenticated-remote-command-execution-when-appkey-known",
"source": "cve@mitre.org"
}
]
}

86
CVE-2024/CVE-2024-560xx/CVE-2024-56056.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2024-56056",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-07T16:15:37.140",
"lastModified": "2025-01-07T16:15:37.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through 1.4.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/simplecharm/vulnerability/wordpress-simplecharm-theme-1-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

43
CVE-2024/CVE-2024-88xx/CVE-2024-8855.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-8855", "id": "CVE-2024-8855",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2025-01-07T06:15:17.977", "published": "2025-01-07T06:15:17.977",
"lastModified": "2025-01-07T06:15:17.977", "lastModified": "2025-01-07T16:15:37.873",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks" "value": "The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks"
},
{
"lang": "es",
"value": "El complemento WordPress Auction Plugin de WordPress El complemento de WordPress hasta la versi\u00f3n 3.7 no desinfecta ni escapa un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que permite a los editores y superiores realizar ataques de inyecci\u00f3n SQL"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/04084f2a-45b8-4249-a472-f156fad0c90a/", "url": "https://wpscan.com/vulnerability/04084f2a-45b8-4249-a472-f156fad0c90a/",

43
CVE-2024/CVE-2024-88xx/CVE-2024-8857.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-8857", "id": "CVE-2024-8857",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2025-01-07T06:15:18.100", "published": "2025-01-07T06:15:18.100",
"lastModified": "2025-01-07T06:15:18.100", "lastModified": "2025-01-07T16:15:38.023",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks." "value": "The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks."
},
{
"lang": "es",
"value": "El complemento WordPress Auction Plugin de WordPress El complemento de WordPress hasta la versi\u00f3n 3.7 no desinfecta ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir que usuarios con altos privilegios, como editores, realicen ataques de cross site scripting almacenado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/08ca6daa-09f4-4604-ac9e-15a1b33d599d/", "url": "https://wpscan.com/vulnerability/08ca6daa-09f4-4604-ac9e-15a1b33d599d/",

Some files were not shown because too many files have changed in this diff Show More