admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-09T14:00:18.125964+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-09 14:03:17 +00:00
parent f055a106e6
commit cc4dea58f2
195 changed files with 2769 additions and 784 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
CVE-2016/CVE-2016-92xx/CVE-2016-9243.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-9243",
"sourceIdentifier": "secalert@redhat.com",
"published": "2017-03-27T17:59:00.460",
"lastModified": "2023-11-07T02:36:55.153",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:52:16.607",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,13 +16,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -71,7 +71,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "NVD-CWE-noinfo"
}
]
}
@ -85,9 +85,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*",
"versionEndIncluding": "1.5.2",
"matchCriteriaId": "6F86E75C-3D06-496D-801F-DEACF47258D4"
"matchCriteriaId": "364A7918-B64B-4A2A-9D8E-7C9FDB18E19C"
}
]
}
@ -153,6 +153,7 @@
"url": "http://www.securityfocus.com/bid/94216",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -184,20 +185,33 @@
"url": "https://github.com/pyca/cryptography/issues/3211",
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

49
CVE-2016/CVE-2016-93xx/CVE-2016-9388.json
View File

@ -2,10 +2,9 @@
"id": "CVE-2016-9388",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-03-23T18:59:00.617",
"lastModified": "2018-06-29T01:29:01.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:56:10.080",
"vulnStatus": "Analyzed",
"cveTags": [],
"evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/617.html\">CWE-617: Reachable Assertion</a>",
"descriptions": [
{
"lang": "en",
@ -17,13 +16,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -72,7 +71,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-617"
}
]
}
@ -86,8 +85,29 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jasper_project:jasper:1.900.14:*:*:*:*:*:*:*",
"matchCriteriaId": "685A05E4-E0D1-4EB5-8B5D-B7338F15ECC4"
"criteria": "cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.900.14",
"matchCriteriaId": "A6FBCB79-5C73-4E45-AAC2-7AD6C0901F61"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
}
]
}
@ -108,13 +128,17 @@
"url": "http://www.securityfocus.com/bid/94371",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1208",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure",
@ -144,7 +168,10 @@
},
{
"url": "https://usn.ubuntu.com/3693-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

99
CVE-2020/CVE-2020-243xx/CVE-2020-24370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-24370",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-08-17T17:15:13.877",
"lastModified": "2023-11-07T03:19:52.627",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:54:27.700",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -83,10 +83,90 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F41B4A37-B7E5-4405-B5EA-5F1832AF02E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.2.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "A2191642-D493-4813-87BF-20AD2E63A2AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "D810ACDB-A811-4B70-AA77-E724CD0242B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74A8D450-9B86-43DC-93A1-F68E42391948"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2293D8C6-2D69-49EF-8BB9-F5222951386B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "25977A23-CF7A-4C39-8F0D-38E958E92F75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6820CE33-926F-477F-A99E-153E88BD5248"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.3.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4D651FE4-77A4-47CC-8EC6-FB8D35A2316F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.3.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "9CBD494F-5C56-4472-9C02-09A14222E024"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED403C07-5D1C-4027-9A07-DD7AC4B9442E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A69EE245-6921-4EC4-B052-558A3BA259E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE6741D-A69C-4D2E-B5C9-EC44792BA871"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE86E188-EB0F-4D54-B1E7-0213C099DAB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6D7F5-0738-45EB-A4F2-9A65F8DD2D0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E9F78BF8-B73C-42C6-AF54-2CD935670053"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "F49EE868-BA14-48D2-9C97-B52E6576EC62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lua:lua:5.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C9117B51-57B0-4648-B937-69A6DAC06134"
}
]
}
@ -156,15 +236,24 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2020/CVE-2020-256xx/CVE-2020-25659.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-25659",
"sourceIdentifier": "secalert@redhat.com",
"published": "2021-01-11T16:15:15.040",
"lastModified": "2024-09-05T16:10:54.837",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:52:55.847",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -95,8 +95,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cryptography.io:cryptography:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8D52B0-326F-479B-A3F2-6BA7333256FD"
"criteria": "cpe:2.3:a:cryptography.io:cryptography:3.2:*:*:*:*:python:*:*",
"matchCriteriaId": "99AB97C2-2BF6-4B15-BE42-63E42B35CBB5"
}
]
}

8
CVE-2022/CVE-2022-275xx/CVE-2022-27592.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-27592",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:11.173",
"lastModified": "2024-09-06T17:15:11.173",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de ruta o elemento de b\u00fasqueda sin comillas que afecta a QVR Smart Client. Si se explota, la vulnerabilidad podr\u00eda permitir que los administradores locales autenticados ejecuten c\u00f3digo o comandos no autorizados a trav\u00e9s de vectores no especificados. Ya hemos corregido la vulnerabilidad en la siguiente versi\u00f3n: Windows 10 SP1, Windows 11, Mac OS y Mac M1: QVR Smart Client 2.4.0.0570 y posteriores"
}
],
"metrics": {

6
CVE-2022/CVE-2022-364xx/CVE-2022-36423.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-36423",
"sourceIdentifier": "scy@openharmony.io",
"published": "2022-09-09T15:15:10.757",
"lastModified": "2022-10-28T17:33:02.357",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -104,10 +104,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.1",
"versionEndIncluding": "3.1.2",
"matchCriteriaId": "F512E9AE-7313-43F9-ACB9-493AE257C79E"
"matchCriteriaId": "1851DC7A-A8D5-46D9-BC51-ED8152B8F345"
}
]
}

6
CVE-2022/CVE-2022-387xx/CVE-2022-38701.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38701",
"sourceIdentifier": "scy@openharmony.io",
"published": "2022-09-09T15:15:14.640",
"lastModified": "2022-09-14T21:16:34.453",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -97,10 +97,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.1",
"versionEndIncluding": "3.1.2",
"matchCriteriaId": "F512E9AE-7313-43F9-ACB9-493AE257C79E"
"matchCriteriaId": "1851DC7A-A8D5-46D9-BC51-ED8152B8F345"
}
]
}

6
CVE-2022/CVE-2022-416xx/CVE-2022-41686.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-41686",
"sourceIdentifier": "scy@openharmony.io",
"published": "2022-10-14T15:16:20.347",
"lastModified": "2022-10-17T18:33:45.503",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -101,10 +101,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.1",
"versionEndIncluding": "3.1.2",
"matchCriteriaId": "F512E9AE-7313-43F9-ACB9-493AE257C79E"
"matchCriteriaId": "1851DC7A-A8D5-46D9-BC51-ED8152B8F345"
}
]
}

30
CVE-2022/CVE-2022-418xx/CVE-2022-41802.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-41802",
"sourceIdentifier": "scy@openharmony.io",
"published": "2022-12-08T16:15:13.357",
"lastModified": "2022-12-12T15:50:30.547",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -88,26 +88,26 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndIncluding": "1.1.5",
"matchCriteriaId": "99040A1C-1B01-47C5-8B76-8316F0932974"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.6",
"matchCriteriaId": "B6191ACD-4550-4E57-B349-7D8300CF6DB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1",
"versionEndIncluding": "3.1.4",
"matchCriteriaId": "2976685D-D374-45B2-AC0B-0045B4C19959"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndIncluding": "1.1.5",
"matchCriteriaId": "E12F0A2B-8CE1-43F6-8D91-C3047871E8E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.6",
"matchCriteriaId": "DD78C0F7-A817-473C-88B3-E7BC1A640AB5"
}
]
}

30
CVE-2022/CVE-2022-436xx/CVE-2022-43662.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43662",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-01-09T03:15:09.327",
"lastModified": "2023-01-12T20:54:32.723",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -88,26 +88,26 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndIncluding": "1.1.5",
"matchCriteriaId": "99040A1C-1B01-47C5-8B76-8316F0932974"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.6",
"matchCriteriaId": "B6191ACD-4550-4E57-B349-7D8300CF6DB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1.0",
"versionEndIncluding": "3.1.4",
"matchCriteriaId": "E808FE2D-D1CB-44EE-9AE4-4A456361B2AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndIncluding": "1.1.5",
"matchCriteriaId": "E12F0A2B-8CE1-43F6-8D91-C3047871E8E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.6",
"matchCriteriaId": "DD78C0F7-A817-473C-88B3-E7BC1A640AB5"
}
]
}

16
CVE-2022/CVE-2022-444xx/CVE-2022-44455.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44455",
"sourceIdentifier": "scy@openharmony.io",
"published": "2022-12-08T16:15:13.413",
"lastModified": "2022-12-12T15:49:43.390",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -88,19 +88,19 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.6",
"matchCriteriaId": "B6191ACD-4550-4E57-B349-7D8300CF6DB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1",
"versionEndIncluding": "3.1.2",
"matchCriteriaId": "C026D184-A8AE-4DE6-A339-EA4469DDD4E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.6",
"matchCriteriaId": "DD78C0F7-A817-473C-88B3-E7BC1A640AB5"
}
]
}

30
CVE-2022/CVE-2022-451xx/CVE-2022-45126.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-45126",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-01-09T03:15:09.427",
"lastModified": "2023-01-12T21:10:36.103",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -88,26 +88,26 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndIncluding": "1.1.5",
"matchCriteriaId": "99040A1C-1B01-47C5-8B76-8316F0932974"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.6",
"matchCriteriaId": "B6191ACD-4550-4E57-B349-7D8300CF6DB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1.0",
"versionEndIncluding": "3.1.4",
"matchCriteriaId": "E808FE2D-D1CB-44EE-9AE4-4A456361B2AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndIncluding": "1.1.5",
"matchCriteriaId": "E12F0A2B-8CE1-43F6-8D91-C3047871E8E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.6",
"matchCriteriaId": "DD78C0F7-A817-473C-88B3-E7BC1A640AB5"
}
]
}

111
CVE-2022/CVE-2022-487xx/CVE-2022-48768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48768",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T12:15:14.783",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T12:59:37.460",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,122 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo/histograma: corrige una posible p\u00e9rdida de memoria para kstrdup(). Falta kfree() en una ruta de error para liberar la memoria asignada por kstrdup(): p = param = kstrdup( datos-&gt;params[i], GFP_KERNEL); Por eso es mejor liberarlo mediante kfree(p)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.19",
"versionEndExcluding": "5.4.176",
"matchCriteriaId": "EC68B627-2C31-4938-8DF0-CF98CAFF1AF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6",
"versionEndExcluding": "5.10.96",
"matchCriteriaId": "F9E26D91-9F81-459D-BC57-8DC97F5DDA6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.19",
"matchCriteriaId": "DF69DD7C-FD57-4914-ABB0-FAEF87B0289D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.5",
"matchCriteriaId": "1AD9E77E-B27E-450C-8FD8-B64EC5FB002D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/8a8878ebb596281f50fc0b9a6e1f23f0d7f154e8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d71b06aa995007eafd247626d0669b9364c42ad7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/df86e2fe808c3536a9dba353cc2bebdfea00d0cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e33fa4a46ee22de88a700e2e3d033da8214a5175",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e629e7b525a179e29d53463d992bdee759c950fb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

6
CVE-2023/CVE-2023-00xx/CVE-2023-0035.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0035",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-01-09T03:15:09.503",
"lastModified": "2023-11-07T03:59:29.107",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -90,10 +90,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.5",
"matchCriteriaId": "BE80CFCD-7C98-40E9-9929-0C7FADE6A4A3"
"matchCriteriaId": "3EB94C88-3DA9-4A6C-B8CA-EBA06D8405CB"
}
]
}

6
CVE-2023/CVE-2023-00xx/CVE-2023-0036.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0036",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-01-09T03:15:09.580",
"lastModified": "2023-11-07T03:59:29.297",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -90,10 +90,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.5",
"matchCriteriaId": "BE80CFCD-7C98-40E9-9929-0C7FADE6A4A3"
"matchCriteriaId": "3EB94C88-3DA9-4A6C-B8CA-EBA06D8405CB"
}
]
}

10
CVE-2023/CVE-2023-00xx/CVE-2023-0083.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0083",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-03-10T11:15:11.117",
"lastModified": "2023-11-07T03:59:36.870",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -86,17 +86,17 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.7",
"matchCriteriaId": "A422D177-5F22-4B1C-BA5D-12310D0BD8C4"
"matchCriteriaId": "A6890018-CA05-41A8-B061-19B45BFD5281"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.1",
"versionEndIncluding": "3.1.5",
"matchCriteriaId": "32C4A5B1-6267-4882-8FA8-E42420411BAA"
"matchCriteriaId": "CD89B217-1A7D-485D-B647-5C666FBA5D46"
}
]
}

6
CVE-2023/CVE-2023-223xx/CVE-2023-22301.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22301",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-03-10T11:15:12.127",
"lastModified": "2023-11-07T04:06:49.710",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -86,10 +86,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.1",
"versionEndIncluding": "3.1.5",
"matchCriteriaId": "32C4A5B1-6267-4882-8FA8-E42420411BAA"
"matchCriteriaId": "CD89B217-1A7D-485D-B647-5C666FBA5D46"
}
]
}

6
CVE-2023/CVE-2023-224xx/CVE-2023-22436.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22436",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-03-10T11:15:12.220",
"lastModified": "2023-11-07T04:06:54.037",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -86,10 +86,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.1",
"versionEndIncluding": "3.1.5",
"matchCriteriaId": "32C4A5B1-6267-4882-8FA8-E42420411BAA"
"matchCriteriaId": "CD89B217-1A7D-485D-B647-5C666FBA5D46"
}
]
}

10
CVE-2023/CVE-2023-244xx/CVE-2023-24465.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24465",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-03-10T11:15:12.300",
"lastModified": "2023-11-07T04:08:29.010",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -86,17 +86,17 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:lts:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.7",
"matchCriteriaId": "A422D177-5F22-4B1C-BA5D-12310D0BD8C4"
"matchCriteriaId": "A6890018-CA05-41A8-B061-19B45BFD5281"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.1",
"versionEndIncluding": "3.1.4",
"matchCriteriaId": "9EF9E1DB-D248-4E64-84CC-FAE5F5406A81"
"matchCriteriaId": "9346515D-01CC-45A7-8230-E40B8EA89ADF"
}
]
}

6
CVE-2023/CVE-2023-259xx/CVE-2023-25947.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25947",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-03-10T11:15:12.377",
"lastModified": "2023-11-07T04:09:15.910",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -90,10 +90,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.1",
"versionEndIncluding": "3.1.4",
"matchCriteriaId": "9EF9E1DB-D248-4E64-84CC-FAE5F5406A81"
"matchCriteriaId": "9346515D-01CC-45A7-8230-E40B8EA89ADF"
}
]
}

8
CVE-2023/CVE-2023-305xx/CVE-2023-30582.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-30582",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-09-07T16:15:02.047",
"lastModified": "2024-09-07T16:15:02.047",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a result, malicious actors can monitor files that they do not have explicit read access to.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la versi\u00f3n 20 de Node.js que afecta a los usuarios del modelo de permisos experimental cuando se utiliza el indicador --allow-fs-read con un argumento distinto de *. Esta falla surge de un modelo de permisos inadecuado que no restringe la supervisi\u00f3n de archivos a trav\u00e9s de la API fs.watchFile. Como resultado, los actores maliciosos pueden supervisar archivos a los que no tienen acceso de lectura expl\u00edcito. Tenga en cuenta que en el momento en que se emiti\u00f3 esta CVE, el modelo de permisos es una caracter\u00edstica experimental de Node.js."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-305xx/CVE-2023-30583.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-30583",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-09-07T16:15:02.117",
"lastModified": "2024-09-07T16:15:02.117",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in Node.js 20. This flaw arises from a missing check in the `fs.openAsBlob()` API.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "fs.openAsBlob() puede eludir el modelo de permisos experimental al utilizar la restricci\u00f3n de lectura del sistema de archivos con el indicador `--allow-fs-read` en Node.js 20. Esta falla surge de una verificaci\u00f3n faltante en la API `fs.openAsBlob()`. Tenga en cuenta que en el momento en que se emiti\u00f3 esta CVE, el modelo de permisos era una caracter\u00edstica experimental de Node.js."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-305xx/CVE-2023-30584.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-30584",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-09-07T16:15:02.167",
"lastModified": "2024-09-07T16:15:02.167",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en la versi\u00f3n 20 de Node.js, espec\u00edficamente en el modelo de permisos experimental. Esta falla est\u00e1 relacionada con el manejo inadecuado de la omisi\u00f3n de la ruta de acceso al verificar los permisos de los archivos. Tenga en cuenta que, en el momento en que se emiti\u00f3 esta CVE, el modelo de permisos era una caracter\u00edstica experimental de Node.js."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-305xx/CVE-2023-30587.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-30587",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-09-07T16:15:02.223",
"lastModified": "2024-09-07T16:15:02.223",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module (node:inspector).\n\nBy exploiting the Worker class's ability to create an \"internal worker\" with the kIsInternal Symbol, attackers can modify the isInternal value when an inspector is attached within the Worker constructor before initializing a new WorkerImpl. This vulnerability exclusively affects Node.js users employing the permission model mechanism.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la versi\u00f3n 20 de Node.js permite eludir las restricciones establecidas por el indicador --experimental-permission mediante el m\u00f3dulo inspector integrado (node:inspector). Al explotar la capacidad de la clase Worker de crear un \"trabajador interno\" con el s\u00edmbolo kIsInternal, los atacantes pueden modificar el valor isInternal cuando se adjunta un inspector dentro del constructor Worker antes de inicializar un nuevo WorkerImpl. Esta vulnerabilidad afecta exclusivamente a los usuarios de Node.js que emplean el mecanismo del modelo de permisos. Tenga en cuenta que en el momento en que se emiti\u00f3 esta CVE, el modelo de permisos era una caracter\u00edstica experimental de Node.js."
}
],
"metrics": {},

6
CVE-2023/CVE-2023-31xx/CVE-2023-3116.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3116",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:07.887",
"lastModified": "2023-11-24T15:40:05.607",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
"matchCriteriaId": "9B6317C3-C255-41DD-AC2D-392EFD95D3E9"
}
]
}

15
CVE-2023/CVE-2023-332xx/CVE-2023-33202.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33202",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T16:15:07.273",
"lastModified": "2024-01-25T14:15:25.783",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:53:54.253",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -63,6 +63,12 @@
"criteria": "cpe:2.3:a:bouncycastle:bouncy_castle_for_java:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.73",
"matchCriteriaId": "A450303D-AF6E-4A81-BE1C-F744B728AC27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bouncycastle:fips_java_api:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.2.4",
"matchCriteriaId": "326EBBC5-8448-412E-9B9E-6D93A0BD4790"
}
]
}
@ -87,7 +93,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20240125-0001/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-349xx/CVE-2023-34974.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-34974",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:11.440",
"lastModified": "2024-09-06T17:15:11.440",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\nQuTScloud, QVR, QES are not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 4.5.4.2790 build 20240605 and later\nQuTS hero h4.5.4.2626 build 20231225 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios ejecutar comandos a trav\u00e9s de una red. QuTScloud, QVR y QES no se ven afectados. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 4.5.4.2790, compilaci\u00f3n 20240605 y posteriores QuTS hero h4.5.4.2626, compilaci\u00f3n 20231225 y posteriores"
}
],
"metrics": {

8
CVE-2023/CVE-2023-349xx/CVE-2023-34979.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-34979",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:11.653",
"lastModified": "2024-09-06T17:15:11.653",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 4.5.4.2790 build 20240605 and later\nQuTS hero h4.5.4.2790 build 20240606 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir que los administradores autenticados ejecuten comandos a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 4.5.4.2790, compilaci\u00f3n 20240605 y posteriores QuTS hero h4.5.4.2790, compilaci\u00f3n 20240606 y posteriores"
}
],
"metrics": {

8
CVE-2023/CVE-2023-392xx/CVE-2023-39298.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-39298",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:11.860",
"lastModified": "2024-09-06T17:15:11.860",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.\nQuTScloud, is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.0.2737 build 20240417 and later\nQuTS hero h5.2.0.2782 build 20240601 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de autorizaci\u00f3n faltante que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir que los usuarios autenticados locales accedan a datos o realicen acciones que no deber\u00edan tener permitido realizar a trav\u00e9s de vectores no especificados. QuTScloud no se ve afectado. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.2.0.2737 build 20240417 y posteriores QuTS hero h5.2.0.2782 build 20240601 y posteriores"
}
],
"metrics": {

8
CVE-2023/CVE-2023-393xx/CVE-2023-39300.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-39300",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:12.070",
"lastModified": "2024-09-06T17:15:12.070",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 4.3.6.2805 build 20240619 and later\nQTS 4.3.4.2814 build 20240618 and later\nQTS 4.3.3.2784 build 20240619 and later\nQTS 4.2.6 build 20240618 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo que afecta a la versi\u00f3n anterior de QTS. Si se explota, la vulnerabilidad podr\u00eda permitir que los administradores autenticados ejecuten comandos a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 4.3.6.2805, compilaci\u00f3n 20240619 y posteriores QTS 4.3.4.2814, compilaci\u00f3n 20240618 y posteriores QTS 4.3.3.2784, compilaci\u00f3n 20240619 y posteriores QTS 4.2.6, compilaci\u00f3n 20240618 y posteriores"
}
],
"metrics": {

8
CVE-2023/CVE-2023-393xx/CVE-2023-39333.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-39333",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-09-07T16:15:02.287",
"lastModified": "2024-09-07T16:15:02.287",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.\n\nThis vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option."
},
{
"lang": "es",
"value": "Los nombres de exportaci\u00f3n creados con fines malintencionados en un m\u00f3dulo WebAssembly importado pueden inyectar c\u00f3digo JavaScript. El c\u00f3digo inyectado puede tener acceso a datos y funciones a los que el m\u00f3dulo WebAssembly no tiene acceso, de forma similar a si el m\u00f3dulo WebAssembly fuera un m\u00f3dulo JavaScript. Esta vulnerabilidad afecta a los usuarios de cualquier l\u00ednea de versi\u00f3n activa de Node.js. La caracter\u00edstica vulnerable solo est\u00e1 disponible si Node.js se inicia con la opci\u00f3n de l\u00ednea de comandos `--experimental-wasm-modules`."
}
],
"metrics": {},

6
CVE-2023/CVE-2023-427xx/CVE-2023-42774.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42774",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:08.157",
"lastModified": "2023-11-24T15:39:53.750",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
"matchCriteriaId": "9B6317C3-C255-41DD-AC2D-392EFD95D3E9"
}
]
}

6
CVE-2023/CVE-2023-436xx/CVE-2023-43612.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43612",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:08.323",
"lastModified": "2023-11-24T15:39:42.253",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
"matchCriteriaId": "9B6317C3-C255-41DD-AC2D-392EFD95D3E9"
}
]
}

6
CVE-2023/CVE-2023-437xx/CVE-2023-43756.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43756",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:08.890",
"lastModified": "2024-02-06T19:58:28.737",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "86CDAE84-BD14-434C-8CAC-1262E5E4B7CE"
"matchCriteriaId": "9070D0D2-7962-4C4E-9159-28A16DD4EC75"
}
]
}

8
CVE-2023/CVE-2023-450xx/CVE-2023-45038.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-45038",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:12.300",
"lastModified": "2024-09-06T17:15:12.300",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following version:\nMusic Station 5.4.0 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de autenticaci\u00f3n incorrecta que afecta a Music Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios poner en peligro la seguridad del sistema a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en la siguiente versi\u00f3n: Music Station 5.4.0 y posteriores"
}
],
"metrics": {

6
CVE-2023/CVE-2023-457xx/CVE-2023-45734.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45734",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:09.267",
"lastModified": "2024-02-07T18:14:15.370",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,10 +90,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
"matchCriteriaId": "9BB7FE14-3FB6-402C-9F39-EA560E4DC12C"
}
]
}

6
CVE-2023/CVE-2023-461xx/CVE-2023-46100.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46100",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:08.550",
"lastModified": "2023-11-24T15:39:29.250",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
"matchCriteriaId": "9B6317C3-C255-41DD-AC2D-392EFD95D3E9"
}
]
}

6
CVE-2023/CVE-2023-467xx/CVE-2023-46705.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46705",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:08.800",
"lastModified": "2023-11-24T15:39:18.037",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
"matchCriteriaId": "9B6317C3-C255-41DD-AC2D-392EFD95D3E9"
}
]
}

8
CVE-2023/CVE-2023-468xx/CVE-2023-46809.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-46809",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-09-07T16:15:02.343",
"lastModified": "2024-09-07T16:15:02.343",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key."
},
{
"lang": "es",
"value": "Las versiones de Node.js que incluyen una versi\u00f3n sin parches de OpenSSL o se ejecutan contra una versi\u00f3n vinculada din\u00e1micamente de OpenSSL que no tiene parches son vulnerables al ataque Marvin - https://people.redhat.com/~hkario/marvin/, si se permite el relleno PCKS #1 v1.5 al realizar el descifrado RSA usando una clave privada."
}
],
"metrics": {},

6
CVE-2023/CVE-2023-472xx/CVE-2023-47216.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47216",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-01-02T08:15:09.077",
"lastModified": "2024-01-05T22:22:24.657",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
"matchCriteriaId": "9B6317C3-C255-41DD-AC2D-392EFD95D3E9"
}
]
}

6
CVE-2023/CVE-2023-472xx/CVE-2023-47217.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47217",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:08.990",
"lastModified": "2023-11-24T15:39:09.297",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
"matchCriteriaId": "9B6317C3-C255-41DD-AC2D-392EFD95D3E9"
}
]
}

8
CVE-2023/CVE-2023-475xx/CVE-2023-47563.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-47563",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:12.513",
"lastModified": "2024-09-06T17:15:12.513",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.8.2 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo que afecta a Video Station. Si se explota, la vulnerabilidad podr\u00eda permitir que los usuarios autenticados ejecuten comandos a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en la siguiente versi\u00f3n: Video Station 5.8.2 y posteriores"
}
],
"metrics": {

6
CVE-2023/CVE-2023-478xx/CVE-2023-47857.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47857",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-01-02T08:15:09.480",
"lastModified": "2024-01-05T22:05:02.297",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
"matchCriteriaId": "9B6317C3-C255-41DD-AC2D-392EFD95D3E9"
}
]
}

6
CVE-2023/CVE-2023-47xx/CVE-2023-4753.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4753",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-09-21T10:15:09.597",
"lastModified": "2024-01-12T20:46:22.983",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.1",
"matchCriteriaId": "1F93DEC4-593A-4CE5-ACC2-8338C7EEE1B3"
"matchCriteriaId": "ECDF52EE-DD69-4F63-B4B9-5034CAD711B4"
}
]
}

6
CVE-2023/CVE-2023-483xx/CVE-2023-48360.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-48360",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-01-02T08:15:09.707",
"lastModified": "2024-01-05T22:04:53.347",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
"matchCriteriaId": "9B6317C3-C255-41DD-AC2D-392EFD95D3E9"
}
]
}

6
CVE-2023/CVE-2023-491xx/CVE-2023-49118.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49118",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:09.600",
"lastModified": "2024-02-07T18:15:10.577",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,10 +90,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
"matchCriteriaId": "9BB7FE14-3FB6-402C-9F39-EA560E4DC12C"
}
]
}

6
CVE-2023/CVE-2023-491xx/CVE-2023-49135.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49135",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-01-02T08:15:09.927",
"lastModified": "2024-01-05T22:04:16.437",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
"matchCriteriaId": "9B6317C3-C255-41DD-AC2D-392EFD95D3E9"
}
]
}

6
CVE-2023/CVE-2023-491xx/CVE-2023-49142.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49142",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-01-02T08:15:10.123",
"lastModified": "2024-01-05T22:03:59.797",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
"matchCriteriaId": "9B6317C3-C255-41DD-AC2D-392EFD95D3E9"
}
]
}

8
CVE-2023/CVE-2023-503xx/CVE-2023-50360.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50360",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:12.710",
"lastModified": "2024-09-06T17:15:12.710",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.8.1 ( 2024/02/26 ) and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de inyecci\u00f3n SQL que afecta a Video Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en la siguiente versi\u00f3n: Video Station 5.8.1 (2024/02/26) y posteriores"
}
],
"metrics": {

8
CVE-2023/CVE-2023-503xx/CVE-2023-50366.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50366",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:12.907",
"lastModified": "2024-09-06T17:15:12.907",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de cross site scripting (XSS) que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.1.6.2722, compilaci\u00f3n 20240402 y posteriores QuTS hero h5.1.6.2734, compilaci\u00f3n 20240414 y posteriores"
}
],
"metrics": {

8
CVE-2023/CVE-2023-513xx/CVE-2023-51366.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-51366",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:13.107",
"lastModified": "2024-09-06T17:15:13.107",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de path traversal que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios leer el contenido de archivos inesperados y exponer datos confidenciales a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.1.6.2722 build 20240402 y posteriores QuTS hero h5.1.6.2734 build 20240414 y posteriores"
}
],
"metrics": {

8
CVE-2023/CVE-2023-513xx/CVE-2023-51367.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-51367",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:13.300",
"lastModified": "2024-09-06T17:15:13.300",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.1.6.2722 build 20240402 y posteriores QuTS hero h5.1.6.2734 build 20240414 y posteriores"
}
],
"metrics": {

8
CVE-2023/CVE-2023-513xx/CVE-2023-51368.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-51368",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:13.487",
"lastModified": "2024-09-06T17:15:13.487",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de desreferencia de puntero NULL que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios lanzar un ataque de denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.1.6.2722 build 20240402 y posteriores QuTS hero h5.1.6.2734 build 20240414 y posteriores"
}
],
"metrics": {

6
CVE-2023/CVE-2023-60xx/CVE-2023-6045.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6045",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:09.387",
"lastModified": "2023-11-24T15:38:56.320",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
"matchCriteriaId": "9B6317C3-C255-41DD-AC2D-392EFD95D3E9"
}
]
}

10
CVE-2024/CVE-2024-02xx/CVE-2024-0285.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0285",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:09.980",
"lastModified": "2024-02-07T18:16:33.733",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,15 +90,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
"matchCriteriaId": "9BB7FE14-3FB6-402C-9F39-EA560E4DC12C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943"
"criteria": "cpe:2.3:o:openatom:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "1E7BF175-F661-43C6-951C-E6F5D62374B2"
}
]
}

8
CVE-2024/CVE-2024-15xx/CVE-2024-1596.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-1596",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-07T12:15:11.017",
"lastModified": "2024-09-07T12:15:11.017",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Ninja Forms - File Uploads para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de un archivo cargado (por ejemplo, un archivo RTX) en todas las versiones hasta la 3.3.16 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

10
CVE-2024/CVE-2024-218xx/CVE-2024-21845.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21845",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:10.633",
"lastModified": "2024-02-07T18:23:06.690",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,15 +90,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
"matchCriteriaId": "9BB7FE14-3FB6-402C-9F39-EA560E4DC12C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943"
"criteria": "cpe:2.3:o:openatom:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "1E7BF175-F661-43C6-951C-E6F5D62374B2"
}
]
}

10
CVE-2024/CVE-2024-218xx/CVE-2024-21851.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21851",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:11.070",
"lastModified": "2024-02-07T18:15:48.700",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,15 +90,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
"matchCriteriaId": "9BB7FE14-3FB6-402C-9F39-EA560E4DC12C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943"
"criteria": "cpe:2.3:o:openatom:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "1E7BF175-F661-43C6-951C-E6F5D62374B2"
}
]
}

10
CVE-2024/CVE-2024-218xx/CVE-2024-21860.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21860",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:11.530",
"lastModified": "2024-02-07T18:23:16.470",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,15 +90,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
"matchCriteriaId": "9BB7FE14-3FB6-402C-9F39-EA560E4DC12C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943"
"criteria": "cpe:2.3:o:openatom:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "1E7BF175-F661-43C6-951C-E6F5D62374B2"
}
]
}

10
CVE-2024/CVE-2024-218xx/CVE-2024-21863.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21863",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:12.067",
"lastModified": "2024-02-07T18:23:11.090",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,15 +90,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
"matchCriteriaId": "9BB7FE14-3FB6-402C-9F39-EA560E4DC12C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943"
"criteria": "cpe:2.3:o:openatom:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "1E7BF175-F661-43C6-951C-E6F5D62374B2"
}
]
}

8
CVE-2024/CVE-2024-218xx/CVE-2024-21897.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21897",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:13.713",
"lastModified": "2024-09-06T17:15:13.713",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de cross site scripting (XSS) que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.1.6.2722, compilaci\u00f3n 20240402 y posteriores QuTS hero h5.1.6.2734, compilaci\u00f3n 20240414 y posteriores"
}
],
"metrics": {

8
CVE-2024/CVE-2024-218xx/CVE-2024-21898.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21898",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:13.920",
"lastModified": "2024-09-06T17:15:13.920",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir que los usuarios autenticados ejecuten comandos a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.1.6.2722, compilaci\u00f3n 20240402 y posteriores QuTS hero h5.1.6.2734, compilaci\u00f3n 20240414 y posteriores"
}
],
"metrics": {

8
CVE-2024/CVE-2024-219xx/CVE-2024-21903.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21903",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:14.113",
"lastModified": "2024-09-06T17:15:14.113",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir que los administradores autenticados ejecuten comandos a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.1.6.2722, compilaci\u00f3n 20240402 y posteriores QuTS hero h5.1.6.2734, compilaci\u00f3n 20240414 y posteriores"
}
],
"metrics": {

8
CVE-2024/CVE-2024-219xx/CVE-2024-21904.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21904",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:14.317",
"lastModified": "2024-09-06T17:15:14.317",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.7.2770 build 20240520 and later\nQuTS hero h5.1.7.2770 build 20240520 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de path traversal que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios leer el contenido de archivos inesperados y exponer datos confidenciales a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.1.7.2770 build 20240520 y posteriores QuTS hero h5.1.7.2770 build 20240520 y posteriores"
}
],
"metrics": {

8
CVE-2024/CVE-2024-219xx/CVE-2024-21906.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21906",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:14.513",
"lastModified": "2024-09-06T17:15:14.513",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.8.2823 build 20240712 and later\nQuTS hero h5.1.8.2823 build 20240712 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir que los administradores autenticados ejecuten comandos a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.1.8.2823, compilaci\u00f3n 20240712 y posteriores QuTS hero h5.1.8.2823, compilaci\u00f3n 20240712 y posteriores"
}
],
"metrics": {

8
CVE-2024/CVE-2024-271xx/CVE-2024-27122.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27122",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:14.723",
"lastModified": "2024-09-06T17:15:14.723",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nNotes Station 3 3.9.6 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de cross site scripting (XSS) que afecta a Notes Station 3. Si se explota, la vulnerabilidad podr\u00eda permitir que los usuarios autenticados inyecten c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: Notes Station 3 3.9.6 y posteriores"
}
],
"metrics": {

8
CVE-2024/CVE-2024-271xx/CVE-2024-27125.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27125",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:14.927",
"lastModified": "2024-09-06T17:15:14.927",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nHelpdesk 3.3.1 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de cross site scripting (XSS) que afecta a Helpdesk. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en la siguiente versi\u00f3n: Helpdesk 3.3.1 y posteriores"
}
],
"metrics": {

8
CVE-2024/CVE-2024-271xx/CVE-2024-27126.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27126",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:15.130",
"lastModified": "2024-09-06T17:15:15.130",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nNotes Station 3 3.9.6 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de cross site scripting (XSS) que afecta a Notes Station 3. Si se explota, la vulnerabilidad podr\u00eda permitir que los usuarios autenticados inyecten c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: Notes Station 3 3.9.6 y posteriores"
}
],
"metrics": {

6
CVE-2024/CVE-2024-310xx/CVE-2024-31071.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31071",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-07-02T09:15:18.087",
"lastModified": "2024-07-03T18:01:57.697",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "4.0",
"matchCriteriaId": "DF3DD72C-1D10-447C-BDF7-3D514450E904"
"matchCriteriaId": "CCBB689E-DAAB-4966-AA0E-60398C10F625"
}
]
}

8
CVE-2024/CVE-2024-327xx/CVE-2024-32762.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32762",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:15.697",
"lastModified": "2024-09-06T17:15:15.697",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\nQuLog Center 1.7.0.827 ( 2024/06/17 ) and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de cross site scripting (XSS) que afecta a QuLog Center. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QuLog Center 1.8.0.872 (17/06/2024) y posteriores QuLog Center 1.7.0.827 (17/06/2024) y posteriores"
}
],
"metrics": {

8
CVE-2024/CVE-2024-327xx/CVE-2024-32763.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32763",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:15.920",
"lastModified": "2024-09-06T17:15:15.920",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.8.2823 build 20240712 and later\nQuTS hero h5.1.8.2823 build 20240712 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de copia de b\u00fafer sin verificaci\u00f3n del tama\u00f1o de entrada que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir que los usuarios autenticados ejecuten c\u00f3digo a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.1.8.2823 build 20240712 y posteriores QuTS hero h5.1.8.2823 build 20240712 y posteriores"
}
],
"metrics": {

8
CVE-2024/CVE-2024-327xx/CVE-2024-32771.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32771",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-09-06T17:15:16.077",
"lastModified": "2024-09-06T17:15:16.077",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.\nQuTScloud is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.0.2782 build 20240601 and later\nQuTS hero h5.2.0.2782 build 20240601 and later"
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de restricci\u00f3n indebida de intentos de autenticaci\u00f3n excesivos que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir que los administradores autenticados de la red local realicen una cantidad arbitraria de intentos de autenticaci\u00f3n a trav\u00e9s de vectores no especificados. QuTScloud no se ve afectado. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.2.0.2782 compilaci\u00f3n 20240601 y posteriores QuTS hero h5.2.0.2782 compilaci\u00f3n 20240601 y posteriores"
}
],
"metrics": {

8
CVE-2024/CVE-2024-341xx/CVE-2024-34155.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34155",
"sourceIdentifier": "security@golang.org",
"published": "2024-09-06T21:15:11.947",
"lastModified": "2024-09-06T21:15:11.947",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion."
},
{
"lang": "es",
"value": "Llamar a cualquiera de las funciones Parse en el c\u00f3digo fuente de Go que contiene literales profundamente anidados puede provocar p\u00e1nico debido al agotamiento de la pila."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-341xx/CVE-2024-34156.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34156",
"sourceIdentifier": "security@golang.org",
"published": "2024-09-06T21:15:12.020",
"lastModified": "2024-09-06T21:15:12.020",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635."
},
{
"lang": "es",
"value": "Llamar a Decoder.Decode en un mensaje que contiene estructuras profundamente anidadas puede provocar un p\u00e1nico debido al agotamiento de la pila. Esta es una continuaci\u00f3n de CVE-2022-30635."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-341xx/CVE-2024-34158.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34158",
"sourceIdentifier": "security@golang.org",
"published": "2024-09-06T21:15:12.083",
"lastModified": "2024-09-06T21:15:12.083",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion."
},
{
"lang": "es",
"value": "Llamar a Parse en una l\u00ednea de compilaci\u00f3n \"// +build\" con expresiones profundamente anidadas puede causar p\u00e1nico debido al agotamiento de la pila."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-361xx/CVE-2024-36137.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36137",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-09-07T16:15:02.410",
"lastModified": "2024-09-07T16:15:02.410",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Node.js que afecta a los usuarios del modelo de permisos experimental cuando se utiliza el indicador --allow-fs-write. El modelo de permisos de Node.js no funciona con descriptores de archivos; sin embargo, operaciones como fs.fchown o fs.fchmod pueden utilizar un descriptor de archivos de \"solo lectura\" para cambiar el propietario y los permisos de un archivo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-361xx/CVE-2024-36138.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36138",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-09-07T16:15:02.620",
"lastModified": "2024-09-07T16:15:02.620",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled."
},
{
"lang": "es",
"value": "Se omite la correcci\u00f3n incompleta de CVE-2024-27980, que surge del manejo inadecuado de archivos por lotes con todas las extensiones posibles en Windows a trav\u00e9s de child_process.spawn / child_process.spawnSync. Un argumento de l\u00ednea de comandos malintencionado puede inyectar comandos arbitrarios y lograr la ejecuci\u00f3n del c\u00f3digo incluso si la opci\u00f3n de shell no est\u00e1 habilitada."
}
],
"metrics": {

6
CVE-2024/CVE-2024-362xx/CVE-2024-36243.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36243",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-07-02T09:15:18.323",
"lastModified": "2024-07-03T18:02:07.793",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -98,9 +98,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "4.0",
"matchCriteriaId": "DF3DD72C-1D10-447C-BDF7-3D514450E904"
"matchCriteriaId": "CCBB689E-DAAB-4966-AA0E-60398C10F625"
}
]
}

6
CVE-2024/CVE-2024-362xx/CVE-2024-36260.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36260",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-07-02T09:15:18.557",
"lastModified": "2024-07-03T18:02:17.700",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "4.0",
"matchCriteriaId": "DF3DD72C-1D10-447C-BDF7-3D514450E904"
"matchCriteriaId": "CCBB689E-DAAB-4966-AA0E-60398C10F625"
}
]
}

135
CVE-2024/CVE-2024-362xx/CVE-2024-36270.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36270",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:10.117",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:16:22.050",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,150 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: tproxy: rescate si se ha deshabilitado la IP en el dispositivo syzbot informa: falla de protecci\u00f3n general, probablemente para direcci\u00f3n no can\u00f3nica 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref en el rango [0x0000000000000018-0x000000000000001f] [..] RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62 Seguimiento de llamadas: nft_tproxy_ eval_v4 net/netfilter/nft_tproxy.c: 56 [en l\u00ednea] nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168 __in_dev_get_rcu() puede devolver NULL, as\u00ed que verifique esto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.37",
"versionEndExcluding": "5.4.278",
"matchCriteriaId": "FD9FAB17-6B05-46D3-970B-37496D272CB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

6
CVE-2024/CVE-2024-362xx/CVE-2024-36278.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36278",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-07-02T09:15:18.757",
"lastModified": "2024-07-03T18:02:26.597",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "4.0",
"matchCriteriaId": "DF3DD72C-1D10-447C-BDF7-3D514450E904"
"matchCriteriaId": "CCBB689E-DAAB-4966-AA0E-60398C10F625"
}
]
}

87
CVE-2024/CVE-2024-362xx/CVE-2024-36281.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36281",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:10.197",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:28:25.937",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,94 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5: utilice mlx5_ipsec_rx_status_destroy para eliminar correctamente las reglas de estado. rx_create ya no asigna una instancia de modifique_hdr que debe limpiarse. La llamada mlx5_modify_header_dealloc dar\u00e1 lugar a una desreferencia del puntero NULL. Anteriormente tambi\u00e9n se produjo una fuga en las reglas, ya que ahora hay dos reglas relacionadas con el estado. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000000 #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - p\u00e1gina no presente PGD 109907067 P4D 109907067 PUD 116890067 PMD 0 Ups: 0000 [#1] SMP CPU: 1 PID: 484 Comm: ip Not tainted 6.9.0-rc2-rrameshbabu+ #254 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS Arch Linux 1.16.3-1-1 01/04/2014 RIP: 0010: mlx5_modify_header_dealloc+0xd/0x70 Seguimiento de llamadas: ? mostrar_regs+0x60/0x70? __morir+0x24/0x70 ? page_fault_oops+0x15f/0x430? free_to_partial_list.constprop.0+0x79/0x150? do_user_addr_fault+0x2c9/0x5c0? exc_page_fault+0x63/0x110? asm_exc_page_fault+0x27/0x30? mlx5_modify_header_dealloc+0xd/0x70 rx_create+0x374/0x590 rx_add_rule+0x3ad/0x500 ? rx_add_rule+0x3ad/0x500? mlx5_cmd_exec+0x2c/0x40? mlx5_create_ipsec_obj+0xd6/0x200 mlx5e_accel_ipsec_fs_add_rule+0x31/0xf0 mlx5e_xfrm_add_state+0x426/0xc00 "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.8",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "A12D90AD-0D84-4AE3-B5F4-16E063D03DD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/16d66a4fa81da07bc4ed19f4e53b87263c2f8d38",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b0a15cde37a8388e57573686f650a17208ae1212",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cc9ac559f2e21894c21ac5b0c85fb24a5cab266c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

70
CVE-2024/CVE-2024-364xx/CVE-2024-36478.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36478",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:10.360",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:30:12.647",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: null_blk: corrige la dereferencia null-ptr al configurar 'power' y 'submit_queues'. Escribir 'power' y 'submit_queues' simult\u00e1neamente provocar\u00e1 un p\u00e1nico en el kernel: Script de prueba: modprobe null_blk nr_devices= 0 mkdir -p /sys/kernel/config/nullb/nullb0 mientras sea verdadero; hacer eco 1 &gt; enviar_queues; eco 4 &gt; enviar_colas; hecho y mientras sea cierto; hacer eco 1 &gt; potencia; eco 0 &gt; potencia; hecho Resultado de la prueba: ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000148 Ups: 0000 [#1] RIP SMP PREEMPLEADO: 0010:__lock_acquire+0x41d/0x28f0 Seguimiento de llamada: lock_acquire+0x121/0x450 down_write+0x5f/0x1d0 simple_recursive _eliminaci\u00f3n+ 0x12f/0x5c0 blk_mq_debugfs_unregister_hctxs+0x7c/0x100 blk_mq_update_nr_hw_queues+0x4a3/0x720 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] /0xf0 [null_blk] configfs_write_iter+0x119/0x1e0 vfs_write+0x326/0x730 ksys_write+0x74/0x150 Esto se debe a que del_gendisk() puede concurrente con blk_mq_update_nr_hw_queues(): nullb_device_power_store nullb_apply_submit_queues null_del_dev del_gendisk nullb_update_nr_hw_queues if (!dev-&gt;nullb) // todav\u00eda est\u00e1 configurado mientras se elimina gendisk return 0 blk_mq_update_nr_hw_queues dev-&gt;nullb = NULL Fix este problema reutilizando el mutex global para proteger nullb_device_power_store() y nullb_update_nr_hw_queues() de configfs."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "BA9EDDA6-4A33-4936-9152-D0D896107EF8"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/5d0495473ee4c1d041b5a917f10446a22c047f47",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a2db328b0839312c169eb42746ec46fc1ab53ed2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

118
CVE-2024/CVE-2024-364xx/CVE-2024-36489.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36489",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:10.513",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:32:13.087",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,131 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: tls: corrige la barrera de memoria faltante en tls_init En tls_init(), falta una barrera de memoria de escritura y el reordenamiento tienda-tienda puede causar una desreferencia NULL en tls_{setsockopt,getsockopt}. CPU0 CPU1 ----- ----- // En tls_init() // En tls_ctx_create() ctx = kzalloc() ctx-&gt;sk_proto = READ_ONCE(sk-&gt;sk_prot) -(1) // En update_sk_prot( ) WRITE_ONCE(sk-&gt;sk_prot, tls_prots) -(2) // En sock_common_setsockopt() READ_ONCE(sk-&gt;sk_prot)-&gt;setsockopt() // En tls_{setsockopt,getsockopt}() ctx-&gt;sk_proto-&gt;setsockopt () -(3) En el escenario anterior, cuando (1) y (2) se reordenan, (3) puede observar el valor NULL de ctx-&gt;sk_proto, lo que provoca la desreferencia NULL. Para solucionarlo, confiamos en rcu_assign_pointer() que implica la sem\u00e1ntica de barrera de liberaci\u00f3n. Al mover rcu_assign_pointer() despu\u00e9s de inicializar ctx-&gt;sk_proto, podemos asegurarnos de que ctx-&gt;sk_proto sean visibles al cambiar sk-&gt;sk_prot."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "1EDE42D8-582E-4251-943B-96BC242F2876"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2c260a24cf1c4d30ea3646124f766ee46169280b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/335c8f1566d8e44c384d16b450a18554896d4e8b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/91e61dd7a0af660408e87372d8330ceb218be302",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ab67c2fd3d070a21914d0c31319d3858ab4e199c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d72e126e9a36d3d33889829df8fc90100bb0e071",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ef21007a7b581c7fe64d5a10c320880a033c837b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

6
CVE-2024/CVE-2024-370xx/CVE-2024-37030.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37030",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-07-02T09:15:18.963",
"lastModified": "2024-07-03T18:02:36.730",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "4.0",
"matchCriteriaId": "DF3DD72C-1D10-447C-BDF7-3D514450E904"
"matchCriteriaId": "CCBB689E-DAAB-4966-AA0E-60398C10F625"
}
]
}

8
CVE-2024/CVE-2024-370xx/CVE-2024-37068.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37068",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-07T14:15:02.123",
"lastModified": "2024-09-07T14:15:02.123",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
},
{
"lang": "es",
"value": "IBM Maximo Application Suite - Manage Component 8.10, 8.11 y 9.0 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial."
}
],
"metrics": {

6
CVE-2024/CVE-2024-370xx/CVE-2024-37077.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37077",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-07-02T09:15:19.157",
"lastModified": "2024-07-03T18:02:47.117",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "4.0",
"matchCriteriaId": "DF3DD72C-1D10-447C-BDF7-3D514450E904"
"matchCriteriaId": "CCBB689E-DAAB-4966-AA0E-60398C10F625"
}
]
}

6
CVE-2024/CVE-2024-371xx/CVE-2024-37185.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37185",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-07-02T09:15:19.353",
"lastModified": "2024-07-03T18:02:57.857",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "4.0",
"matchCriteriaId": "DF3DD72C-1D10-447C-BDF7-3D514450E904"
"matchCriteriaId": "CCBB689E-DAAB-4966-AA0E-60398C10F625"
}
]
}

8
CVE-2024/CVE-2024-372xx/CVE-2024-37288.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37288",
"sourceIdentifier": "bressers@elastic.co",
"published": "2024-09-09T09:15:02.183",
"lastModified": "2024-09-09T09:15:02.183",
"vulnStatus": "Received",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security\u2019s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html \u00a0and have configured an Amazon Bedrock connector https://www.elastic.co/guide/en/security/current/assistant-connect-to-bedrock.html ."
},
{
"lang": "es",
"value": "Un problema de deserializaci\u00f3n en Kibana puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario cuando Kibana intenta analizar un documento YAML que contiene un payload manipulado. Este problema solo afecta a los usuarios que utilizan las herramientas de inteligencia artificial integradas de Elastic Security https://www.elastic.co/guide/en/security/current/ai-for-security.html y han configurado un conector de Amazon Bedrock https://www.elastic.co/guide/en/security/current/assistant-connect-to-bedrock.html"
}
],
"metrics": {

57
CVE-2024/CVE-2024-373xx/CVE-2024-37349.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37349",
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"published": "2024-06-20T18:15:11.850",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:09:59.713",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.7,
"impactScore": 1.4
},
{
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.06",
"matchCriteriaId": "1113DB3C-BD71-42ED-A4AF-0098AA744FD8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37349/",
"source": "SecurityResponse@netmotionsoftware.com"
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-373xx/CVE-2024-37350.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37350",
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"published": "2024-06-20T18:15:12.103",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:12:24.530",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.06",
"matchCriteriaId": "1113DB3C-BD71-42ED-A4AF-0098AA744FD8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37350/",
"source": "SecurityResponse@netmotionsoftware.com"
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-373xx/CVE-2024-37351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37351",
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"published": "2024-06-20T18:15:12.347",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:14:08.810",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.7,
"impactScore": 1.4
},
{
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.06",
"matchCriteriaId": "1113DB3C-BD71-42ED-A4AF-0098AA744FD8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37351/",
"source": "SecurityResponse@netmotionsoftware.com"
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-373xx/CVE-2024-37352.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37352",
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"published": "2024-06-20T18:15:12.590",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:14:39.787",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.7,
"impactScore": 1.4
},
{
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.06",
"matchCriteriaId": "1113DB3C-BD71-42ED-A4AF-0098AA744FD8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37352/",
"source": "SecurityResponse@netmotionsoftware.com"
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-382xx/CVE-2024-38289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38289",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-25T20:15:05.017",
"lastModified": "2024-08-13T13:28:13.263",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:53:35.767",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -91,8 +91,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0",
"matchCriteriaId": "32333E42-D464-4970-BFB1-452AE4B59E39"
"versionEndIncluding": "8.0",
"matchCriteriaId": "92BEFB9D-7B50-4284-B61C-9CEF29008D54"
}
]
}

142
CVE-2024/CVE-2024-383xx/CVE-2024-38381.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38381",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:10.757",
"lastModified": "2024-07-15T07:15:07.803",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:37:39.093",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nfc: nci: corrigi\u00f3 el valor uninit en nci_rx_work syzbot inform\u00f3 el siguiente problema de acceso al valor uninit [1] nci_rx_work() analiza el paquete recibido de ndev-&gt;rx_q. Se debe validar el tama\u00f1o del encabezado, el tama\u00f1o del payload y el tama\u00f1o total del paquete antes de procesar el paquete. Si se detecta un paquete no v\u00e1lido, se debe descartar silenciosamente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.312",
"versionEndExcluding": "6.19.316",
"matchCriteriaId": "6FEBAC1F-E636-4DB5-B5DC-5AA613FA8BCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.274",
"versionEndExcluding": "5.4.278",
"matchCriteriaId": "EBA12E3E-3226-4BFE-80FA-CD00384BB4A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.215",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "EFD9B2DB-0408-4028-A90E-3F67DBA2BE2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.154",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "3873B618-2078-4018-8EE8-F39FEC6600A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.85",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "14DD8BC5-AB23-4D66-9B55-49AAEC715BE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.26",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "D9039270-312D-4ADA-865A-BF010D3A4230"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.5",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "BEF6A8C7-1C2F-4ED1-B8B2-57BEC82588F2"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

94
CVE-2024/CVE-2024-383xx/CVE-2024-38390.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38390",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:10.913",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:38:26.600",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm/a6xx: evite una desreferencia de nullptr cuando falla la configuraci\u00f3n de speedbin. Llamar a a6xx_destroy() antes de adreno_gpu_init() conduce a una desreferencia de puntero nulo en: msm_gpu_cleanup() : platform_set_drvdata(gpu- &gt;pdev, NULO); ya que gpu-&gt;pdev solo se asigna en: a6xx_gpu_init() |_ adreno_gpu_init |_ msm_gpu_init() En lugar de depender de comprobaciones nulas manuales en la cadena de limpieza, desasigne expl\u00edcitamente los datos LLC y libere a6xx_gpu en su lugar. Remiendo: https://patchwork.freedesktop.org/patch/588919/"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "7446FC33-DC4F-4D31-94B5-FB577CFA66F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/247849eeb3fd88f8990ed73e33af70d5c10f9aec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/46d4efcccc688cbacdd70a238bedca510acaa8e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/617e3d1680504a3f9d88e1582892c68be155498f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a1955a6df91355fef72a3a254700acd3cc1fec0d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

142
CVE-2024/CVE-2024-386xx/CVE-2024-38627.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38627",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:11.583",
"lastModified": "2024-07-15T07:15:13.540",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:39:48.990",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clase stm: corrige un doble free en stm_register_device() La llamada put_device(&amp;stm-&gt;dev) activar\u00e1 stm_device_release() que libera \"stm\" para que vfree(stm) en el La siguiente l\u00ednea es un doble libre."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7",
"versionEndExcluding": "4.19.316",
"matchCriteriaId": "594BEF43-C2C9-4680-A8DA-DAE0487DAEB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.278",
"matchCriteriaId": "7FDBF235-DA18-49A1-8690-6C7272FD0701"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2024/CVE-2024-386xx/CVE-2024-38630.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38630",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:11.810",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:43:13.500",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: watchdog: cpu5wdt.c: corrige el error de use-after-free causado por cpu5wdt_trigger Cuando se elimina el m\u00f3dulo cpu5wdt, el c\u00f3digo de origen usa del_timer() para desactivar el temporizador. Si el controlador del temporizador se est\u00e1 ejecutando, del_timer() no pudo detenerlo y regresar\u00e1 directamente. Si la regi\u00f3n del puerto es liberada por release_region() y luego el controlador del temporizador cpu5wdt_trigger() llama a outb() para escribir en la regi\u00f3n que se libera, se producir\u00e1 el error de use-after-free. Cambie del_timer() a timer_shutdown_sync() para que el controlador del temporizador pueda finalizar antes de que se libere la regi\u00f3n del puerto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "CFD35FD5-8F34-4C7B-803E-84957DD73AFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/573601521277119f2e2ba5f28ae6e87fc594f4d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9b1c063ffc075abf56f63e55d70b9778ff534314",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f19686d616500cd0d47b30cee82392b53f7f784a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

70
CVE-2024/CVE-2024-386xx/CVE-2024-38631.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38631",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:11.890",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:46:40.597",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: adc: PAC1934: corrige el acceso al \u00edndice de matriz fuera de los l\u00edmites. Se corrige el acceso al \u00edndice de matriz fuera de los l\u00edmites para mediciones promedio de corriente y voltaje. El dispositivo en s\u00ed tiene s\u00f3lo 4 canales, pero en sysfs tambi\u00e9n hay canales \"falsos\" para voltajes y corrientes promedio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "A500F935-F0ED-4DC7-AD02-9D7C365D13AE"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/51fafb3cd7fcf4f4682693b4d2883e2a5bfffe33",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8dbcb3a8cfdf8ff5afce62dad50790278ff0d3b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2024/CVE-2024-386xx/CVE-2024-38632.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38632",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:11.960",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-09T13:52:25.037",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: vfio/pci: corrige una posible p\u00e9rdida de memoria en vfio_intx_enable() Si falla vfio_irq_ctx_alloc(), se producir\u00e1 una p\u00e9rdida de memoria del 'nombre'."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.24",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "DB888D1C-4D37-4664-917F-4DAA7558AD9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "A500F935-F0ED-4DC7-AD02-9D7C365D13AE"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More