From d1249b1afa073676ed68d71f7bc4bcb6c324b1f2 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 12 Sep 2024 14:03:30 +0000 Subject: [PATCH] Auto-Update: 2024-09-12T14:00:29.248440+00:00 --- CVE-2021/CVE-2021-225xx/CVE-2021-22503.json | 56 ++++ CVE-2021/CVE-2021-225xx/CVE-2021-22518.json | 56 ++++ CVE-2021/CVE-2021-225xx/CVE-2021-22532.json | 56 ++++ CVE-2021/CVE-2021-225xx/CVE-2021-22533.json | 56 ++++ CVE-2021/CVE-2021-381xx/CVE-2021-38131.json | 56 ++++ CVE-2021/CVE-2021-381xx/CVE-2021-38132.json | 56 ++++ CVE-2021/CVE-2021-381xx/CVE-2021-38133.json | 56 ++++ CVE-2022/CVE-2022-263xx/CVE-2022-26322.json | 56 ++++ CVE-2022/CVE-2022-270xx/CVE-2022-27003.json | 34 ++- CVE-2022/CVE-2022-270xx/CVE-2022-27004.json | 34 ++- CVE-2022/CVE-2022-270xx/CVE-2022-27005.json | 34 ++- CVE-2022/CVE-2022-487xx/CVE-2022-48733.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48903.json | 112 +++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48904.json | 112 +++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48905.json | 148 +++++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48906.json | 119 +++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48907.json | 112 +++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48908.json | 172 +++++++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48909.json | 124 ++++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48910.json | 160 ++++++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48911.json | 172 +++++++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48914.json | 118 +++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48916.json | 126 ++++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48917.json | 142 +++++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48920.json | 101 ++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48921.json | 116 +++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48922.json | 119 +++++++- CVE-2022/CVE-2022-489xx/CVE-2022-48923.json | 106 +++++++- CVE-2023/CVE-2023-369xx/CVE-2023-36947.json | 34 ++- CVE-2023/CVE-2023-369xx/CVE-2023-36950.json | 34 ++- CVE-2023/CVE-2023-459xx/CVE-2023-45984.json | 34 ++- CVE-2023/CVE-2023-510xx/CVE-2023-51014.json | 34 ++- CVE-2023/CVE-2023-510xx/CVE-2023-51025.json | 34 ++- CVE-2023/CVE-2023-52xx/CVE-2023-5203.json | 24 +- CVE-2023/CVE-2023-61xx/CVE-2023-6155.json | 34 ++- CVE-2024/CVE-2024-203xx/CVE-2024-20304.json | 8 +- CVE-2024/CVE-2024-203xx/CVE-2024-20317.json | 8 +- CVE-2024/CVE-2024-203xx/CVE-2024-20343.json | 8 +- CVE-2024/CVE-2024-203xx/CVE-2024-20381.json | 8 +- CVE-2024/CVE-2024-203xx/CVE-2024-20390.json | 8 +- CVE-2024/CVE-2024-203xx/CVE-2024-20398.json | 8 +- CVE-2024/CVE-2024-204xx/CVE-2024-20406.json | 8 +- CVE-2024/CVE-2024-204xx/CVE-2024-20483.json | 8 +- CVE-2024/CVE-2024-204xx/CVE-2024-20489.json | 8 +- CVE-2024/CVE-2024-20xx/CVE-2024-2010.json | 8 +- CVE-2024/CVE-2024-273xx/CVE-2024-27320.json | 56 ++++ CVE-2024/CVE-2024-273xx/CVE-2024-27321.json | 56 ++++ CVE-2024/CVE-2024-289xx/CVE-2024-28981.json | 8 +- CVE-2024/CVE-2024-298xx/CVE-2024-29847.json | 8 +- CVE-2024/CVE-2024-31xx/CVE-2024-3163.json | 8 +- CVE-2024/CVE-2024-328xx/CVE-2024-32840.json | 8 +- CVE-2024/CVE-2024-328xx/CVE-2024-32842.json | 8 +- CVE-2024/CVE-2024-328xx/CVE-2024-32843.json | 8 +- CVE-2024/CVE-2024-328xx/CVE-2024-32845.json | 8 +- CVE-2024/CVE-2024-328xx/CVE-2024-32846.json | 8 +- CVE-2024/CVE-2024-328xx/CVE-2024-32848.json | 8 +- CVE-2024/CVE-2024-33xx/CVE-2024-3305.json | 78 ++++++ CVE-2024/CVE-2024-33xx/CVE-2024-3306.json | 78 ++++++ CVE-2024/CVE-2024-347xx/CVE-2024-34779.json | 8 +- CVE-2024/CVE-2024-347xx/CVE-2024-34783.json | 8 +- CVE-2024/CVE-2024-347xx/CVE-2024-34785.json | 8 +- CVE-2024/CVE-2024-373xx/CVE-2024-37397.json | 8 +- CVE-2024/CVE-2024-382xx/CVE-2024-38222.json | 8 +- CVE-2024/CVE-2024-385xx/CVE-2024-38577.json | 12 +- CVE-2024/CVE-2024-395xx/CVE-2024-39591.json | 106 +++++++- CVE-2024/CVE-2024-417xx/CVE-2024-41730.json | 56 +++- CVE-2024/CVE-2024-417xx/CVE-2024-41733.json | 68 ++++- CVE-2024/CVE-2024-417xx/CVE-2024-41734.json | 121 ++++++++- CVE-2024/CVE-2024-417xx/CVE-2024-41735.json | 51 +++- CVE-2024/CVE-2024-417xx/CVE-2024-41736.json | 68 ++++- CVE-2024/CVE-2024-417xx/CVE-2024-41737.json | 76 +++++- CVE-2024/CVE-2024-422xx/CVE-2024-42246.json | 20 +- CVE-2024/CVE-2024-423xx/CVE-2024-42373.json | 91 ++++++- CVE-2024/CVE-2024-423xx/CVE-2024-42375.json | 71 ++++- CVE-2024/CVE-2024-423xx/CVE-2024-42376.json | 71 ++++- CVE-2024/CVE-2024-423xx/CVE-2024-42377.json | 71 ++++- CVE-2024/CVE-2024-427xx/CVE-2024-42760.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43835.json | 18 +- CVE-2024/CVE-2024-438xx/CVE-2024-43854.json | 16 +- CVE-2024/CVE-2024-438xx/CVE-2024-43892.json | 16 +- CVE-2024/CVE-2024-438xx/CVE-2024-43897.json | 8 +- CVE-2024/CVE-2024-439xx/CVE-2024-43905.json | 12 +- CVE-2024/CVE-2024-445xx/CVE-2024-44541.json | 8 +- CVE-2024/CVE-2024-445xx/CVE-2024-44570.json | 8 +- CVE-2024/CVE-2024-445xx/CVE-2024-44571.json | 8 +- CVE-2024/CVE-2024-445xx/CVE-2024-44572.json | 8 +- CVE-2024/CVE-2024-445xx/CVE-2024-44573.json | 8 +- CVE-2024/CVE-2024-445xx/CVE-2024-44574.json | 8 +- CVE-2024/CVE-2024-445xx/CVE-2024-44575.json | 8 +- CVE-2024/CVE-2024-445xx/CVE-2024-44577.json | 8 +- CVE-2024/CVE-2024-449xx/CVE-2024-44974.json | 10 +- CVE-2024/CVE-2024-450xx/CVE-2024-45009.json | 12 +- CVE-2024/CVE-2024-456xx/CVE-2024-45624.json | 8 +- CVE-2024/CVE-2024-458xx/CVE-2024-45846.json | 56 ++++ CVE-2024/CVE-2024-458xx/CVE-2024-45847.json | 56 ++++ CVE-2024/CVE-2024-458xx/CVE-2024-45848.json | 56 ++++ CVE-2024/CVE-2024-458xx/CVE-2024-45849.json | 56 ++++ CVE-2024/CVE-2024-458xx/CVE-2024-45850.json | 56 ++++ CVE-2024/CVE-2024-458xx/CVE-2024-45851.json | 56 ++++ CVE-2024/CVE-2024-458xx/CVE-2024-45852.json | 56 ++++ CVE-2024/CVE-2024-458xx/CVE-2024-45853.json | 56 ++++ CVE-2024/CVE-2024-458xx/CVE-2024-45854.json | 56 ++++ CVE-2024/CVE-2024-458xx/CVE-2024-45855.json | 56 ++++ CVE-2024/CVE-2024-458xx/CVE-2024-45856.json | 56 ++++ CVE-2024/CVE-2024-458xx/CVE-2024-45857.json | 56 ++++ CVE-2024/CVE-2024-57xx/CVE-2024-5799.json | 8 +- CVE-2024/CVE-2024-60xx/CVE-2024-6017.json | 8 +- CVE-2024/CVE-2024-60xx/CVE-2024-6018.json | 8 +- CVE-2024/CVE-2024-60xx/CVE-2024-6019.json | 8 +- CVE-2024/CVE-2024-63xx/CVE-2024-6332.json | 53 +++- CVE-2024/CVE-2024-68xx/CVE-2024-6887.json | 8 +- CVE-2024/CVE-2024-73xx/CVE-2024-7349.json | 42 ++- CVE-2024/CVE-2024-77xx/CVE-2024-7766.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7816.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7817.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7818.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7820.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7822.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7859.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7860.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7861.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7862.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7889.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7890.json | 8 +- CVE-2024/CVE-2024-80xx/CVE-2024-8054.json | 8 +- CVE-2024/CVE-2024-80xx/CVE-2024-8056.json | 33 ++- CVE-2024/CVE-2024-80xx/CVE-2024-8097.json | 8 +- CVE-2024/CVE-2024-81xx/CVE-2024-8155.json | 63 ++++- CVE-2024/CVE-2024-82xx/CVE-2024-8292.json | 47 +++- CVE-2024/CVE-2024-85xx/CVE-2024-8522.json | 8 +- CVE-2024/CVE-2024-85xx/CVE-2024-8529.json | 8 +- CVE-2024/CVE-2024-86xx/CVE-2024-8622.json | 8 +- CVE-2024/CVE-2024-86xx/CVE-2024-8636.json | 71 ++++- CVE-2024/CVE-2024-86xx/CVE-2024-8637.json | 83 +++++- CVE-2024/CVE-2024-86xx/CVE-2024-8638.json | 71 ++++- CVE-2024/CVE-2024-86xx/CVE-2024-8639.json | 83 +++++- CVE-2024/CVE-2024-86xx/CVE-2024-8686.json | 8 +- CVE-2024/CVE-2024-86xx/CVE-2024-8687.json | 8 +- CVE-2024/CVE-2024-86xx/CVE-2024-8688.json | 8 +- CVE-2024/CVE-2024-86xx/CVE-2024-8689.json | 8 +- CVE-2024/CVE-2024-86xx/CVE-2024-8690.json | 8 +- CVE-2024/CVE-2024-86xx/CVE-2024-8691.json | 8 +- CVE-2024/CVE-2024-86xx/CVE-2024-8692.json | 8 +- CVE-2024/CVE-2024-86xx/CVE-2024-8693.json | 8 +- CVE-2024/CVE-2024-86xx/CVE-2024-8694.json | 8 +- CVE-2024/CVE-2024-87xx/CVE-2024-8705.json | 8 +- CVE-2024/CVE-2024-87xx/CVE-2024-8706.json | 8 +- CVE-2024/CVE-2024-87xx/CVE-2024-8707.json | 10 +- CVE-2024/CVE-2024-87xx/CVE-2024-8708.json | 8 +- CVE-2024/CVE-2024-87xx/CVE-2024-8709.json | 8 +- CVE-2024/CVE-2024-87xx/CVE-2024-8710.json | 8 +- CVE-2024/CVE-2024-87xx/CVE-2024-8711.json | 8 +- CVE-2024/CVE-2024-87xx/CVE-2024-8749.json | 56 ++++ CVE-2024/CVE-2024-87xx/CVE-2024-8750.json | 56 ++++ README.md | 61 ++++- _state.csv | 284 +++++++++++--------- 156 files changed, 5807 insertions(+), 533 deletions(-) create mode 100644 CVE-2021/CVE-2021-225xx/CVE-2021-22503.json create mode 100644 CVE-2021/CVE-2021-225xx/CVE-2021-22518.json create mode 100644 CVE-2021/CVE-2021-225xx/CVE-2021-22532.json create mode 100644 CVE-2021/CVE-2021-225xx/CVE-2021-22533.json create mode 100644 CVE-2021/CVE-2021-381xx/CVE-2021-38131.json create mode 100644 CVE-2021/CVE-2021-381xx/CVE-2021-38132.json create mode 100644 CVE-2021/CVE-2021-381xx/CVE-2021-38133.json create mode 100644 CVE-2022/CVE-2022-263xx/CVE-2022-26322.json create mode 100644 CVE-2024/CVE-2024-273xx/CVE-2024-27320.json create mode 100644 CVE-2024/CVE-2024-273xx/CVE-2024-27321.json create mode 100644 CVE-2024/CVE-2024-33xx/CVE-2024-3305.json create mode 100644 CVE-2024/CVE-2024-33xx/CVE-2024-3306.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45846.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45847.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45848.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45849.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45850.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45851.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45852.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45853.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45854.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45855.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45856.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45857.json create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8749.json create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8750.json diff --git a/CVE-2021/CVE-2021-225xx/CVE-2021-22503.json b/CVE-2021/CVE-2021-225xx/CVE-2021-22503.json new file mode 100644 index 00000000000..8e81fc3cda6 --- /dev/null +++ b/CVE-2021/CVE-2021-225xx/CVE-2021-22503.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-22503", + "sourceIdentifier": "security@opentext.com", + "published": "2024-09-12T13:15:08.203", + "lastModified": "2024-09-12T13:15:08.203", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Possible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.3.0000." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.netiq.com/documentation/edirectory-92/edirectory924_releasenotes/data/edirectory924_releasenotes.html", + "source": "security@opentext.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-225xx/CVE-2021-22518.json b/CVE-2021/CVE-2021-225xx/CVE-2021-22518.json new file mode 100644 index 00000000000..ac564507038 --- /dev/null +++ b/CVE-2021/CVE-2021-225xx/CVE-2021-22518.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-22518", + "sourceIdentifier": "security@opentext.com", + "published": "2024-09-12T13:15:08.553", + "lastModified": "2024-09-12T13:15:08.553", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability identified in OpenText\u2122 \nIdentity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.3, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://www.netiq.com/documentation/identity-manager-48-drivers/AzureADDriver514/data/AzureADDriver514.html", + "source": "security@opentext.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-225xx/CVE-2021-22532.json b/CVE-2021/CVE-2021-225xx/CVE-2021-22532.json new file mode 100644 index 00000000000..2a9ba7a4f09 --- /dev/null +++ b/CVE-2021/CVE-2021-225xx/CVE-2021-22532.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-22532", + "sourceIdentifier": "security@opentext.com", + "published": "2024-09-12T13:15:08.837", + "lastModified": "2024-09-12T13:15:08.837", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Possible\u00a0NLDAP Denial of Service attack Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 \neDirectory before 9.2.4.0000." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html", + "source": "security@opentext.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-225xx/CVE-2021-22533.json b/CVE-2021/CVE-2021-225xx/CVE-2021-22533.json new file mode 100644 index 00000000000..ff5e7cc3eeb --- /dev/null +++ b/CVE-2021/CVE-2021-225xx/CVE-2021-22533.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-22533", + "sourceIdentifier": "security@opentext.com", + "published": "2024-09-12T13:15:09.137", + "lastModified": "2024-09-12T13:15:09.137", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html", + "source": "security@opentext.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-381xx/CVE-2021-38131.json b/CVE-2021/CVE-2021-381xx/CVE-2021-38131.json new file mode 100644 index 00000000000..fe2956ebffd --- /dev/null +++ b/CVE-2021/CVE-2021-381xx/CVE-2021-38131.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-38131", + "sourceIdentifier": "security@opentext.com", + "published": "2024-09-12T13:15:09.700", + "lastModified": "2024-09-12T13:15:09.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Possible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.5.0000." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html", + "source": "security@opentext.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-381xx/CVE-2021-38132.json b/CVE-2021/CVE-2021-381xx/CVE-2021-38132.json new file mode 100644 index 00000000000..07240bfd2ae --- /dev/null +++ b/CVE-2021/CVE-2021-381xx/CVE-2021-38132.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-38132", + "sourceIdentifier": "security@opentext.com", + "published": "2024-09-12T13:15:10.050", + "lastModified": "2024-09-12T13:15:10.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html", + "source": "security@opentext.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-381xx/CVE-2021-38133.json b/CVE-2021/CVE-2021-381xx/CVE-2021-38133.json new file mode 100644 index 00000000000..5cdd62ad45e --- /dev/null +++ b/CVE-2021/CVE-2021-381xx/CVE-2021-38133.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-38133", + "sourceIdentifier": "security@opentext.com", + "published": "2024-09-12T13:15:10.327", + "lastModified": "2024-09-12T13:15:10.327", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-521" + } + ] + } + ], + "references": [ + { + "url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html", + "source": "security@opentext.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-263xx/CVE-2022-26322.json b/CVE-2022/CVE-2022-263xx/CVE-2022-26322.json new file mode 100644 index 00000000000..db9fd4e00bb --- /dev/null +++ b/CVE-2022/CVE-2022-263xx/CVE-2022-26322.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2022-26322", + "sourceIdentifier": "security@opentext.com", + "published": "2024-09-12T13:15:10.620", + "lastModified": "2024-09-12T13:15:10.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin Identity Manager has been discovered in\nOpenText\u2122 \nIdentity Manager REST Driver. This impact version before 1.1.2.0200." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@opentext.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html", + "source": "security@opentext.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-270xx/CVE-2022-27003.json b/CVE-2022/CVE-2022-270xx/CVE-2022-27003.json index d474fcb4091..2b33f581d77 100644 --- a/CVE-2022/CVE-2022-270xx/CVE-2022-27003.json +++ b/CVE-2022/CVE-2022-270xx/CVE-2022-27003.json @@ -2,8 +2,8 @@ "id": "CVE-2022-27003", "sourceIdentifier": "cve@mitre.org", "published": "2022-03-15T22:15:15.320", - "lastModified": "2023-08-08T14:22:24.967", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T13:35:03.300", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -74,6 +94,16 @@ "value": "CWE-78" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-270xx/CVE-2022-27004.json b/CVE-2022/CVE-2022-270xx/CVE-2022-27004.json index 44493395f0b..e8c3480b380 100644 --- a/CVE-2022/CVE-2022-270xx/CVE-2022-27004.json +++ b/CVE-2022/CVE-2022-270xx/CVE-2022-27004.json @@ -2,8 +2,8 @@ "id": "CVE-2022-27004", "sourceIdentifier": "cve@mitre.org", "published": "2022-03-15T22:15:15.373", - "lastModified": "2023-08-08T14:22:24.967", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T13:35:10.583", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -74,6 +94,16 @@ "value": "CWE-78" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-270xx/CVE-2022-27005.json b/CVE-2022/CVE-2022-270xx/CVE-2022-27005.json index 9f741b6d7f0..d2e25ef6d84 100644 --- a/CVE-2022/CVE-2022-270xx/CVE-2022-27005.json +++ b/CVE-2022/CVE-2022-270xx/CVE-2022-27005.json @@ -2,8 +2,8 @@ "id": "CVE-2022-27005", "sourceIdentifier": "cve@mitre.org", "published": "2022-03-15T22:15:15.423", - "lastModified": "2023-08-08T14:22:24.967", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T13:35:11.427", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -74,6 +94,16 @@ "value": "CWE-78" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-487xx/CVE-2022-48733.json b/CVE-2022/CVE-2022-487xx/CVE-2022-48733.json index 41f76595d82..c234534d323 100644 --- a/CVE-2022/CVE-2022-487xx/CVE-2022-48733.json +++ b/CVE-2022/CVE-2022-487xx/CVE-2022-48733.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48733", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-20T12:15:11.700", - "lastModified": "2024-08-19T17:39:17.383", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T12:15:46.847", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -84,6 +84,10 @@ "Patch" ] }, + { + "url": "https://git.kernel.org/stable/c/7e4c72dbaf62f8978af8321a24dbd35566d3a78a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/9372fa1d73da5f1673921e365d0cd2c27ec7adc2", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48903.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48903.json index 2cc986d5a1f..eef8e38b76f 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48903.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48903.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48903", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:04.897", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:58:48.473", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,119 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: corrige el fallo de reubicaci\u00f3n debido al retorno prematuro de btrfs_commit_transaction() Estamos viendo fallos similares al siguiente rastro: [38.969182] ADVERTENCIA: CPU: 20 PID: 2105 en fs/btrfs /relocation.c:4070 btrfs_relocate_block_group + 0x2dc/0x340 [btrfs] [38.973556] cpu: 20 pid: 2105 coms: btrfs no tinted 5.17.0-rc4 #54 [38.974580] nombre de hardware: qtrfs no tinteded 5.17.0-rc4 #54 [38.974580] Nombre de hardware: QTRFS no est\u00e1 Tainted 5.17.0-rc4 #54 [38.974580] Nombre de hardware: QTRFS no Tainted 5.17.0-rc4 #54 [38.974580] Nombre de hardware: QTRFS no Tainted 5.17.0-rc4 #54 [38.974580] Nombre de hardware: QTRFS no Tainted 5.17. ), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 01/04/2014 [38.976539] RIP: 0010:btrfs_relocate_block_group+0x2dc/0x340 [btrfs] [38.980336] RSP: 42e03c20 EFLAGS: 00010206 [ 38.981218] RAX: ffff96cfc4ede800 RBX: ffff96cfc3ce0000 RCX: 000000000002ca14 [38.982560] RDX: 00000000000000000 RSI: 4cfd109a0bcb5d7f RDI: 3ce0360 [38.983619] RBP: ffff96cfc309c000 R08: 0000000000000000 R09: 0000000000000000 [38.984678] R10: ffff96cec0000001 R11: 12: ffff96cfc4ede800 [38.985735] R13: 0000000000000000 R14: 0000000000000000 R15: ffff96cfc3ce0360 [38.987146] FS: 00007f11c15218c0(0000) GS:ffff96d6dfb00000(0000) 0000000000000000 [38.988662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [38.989398] CR2: 00007ffc922c8e60 CR3: 00000001147a6001 CR4: 0000000000370ee0 [38.990279] DR0: 0000000000000000 DR1: 00000000000000000 DR2: 00000000000000000 [38.991219] DR3: 000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [38.992528] Seguimiento de llamadas: [38.992854] [38.993148] btrfs_relocate_chunk+0x27/0xe0 [btrfs ] [38.993941] btrfs_balance+0x78e/0xea0 [btrfs] [38.994801] ? vsnprintf+0x33c/0x520 [38.995368] ? __kmalloc_track_caller+0x351/0x440 [38.996198] btrfs_ioctl_balance+0x2b9/0x3a0 [btrfs] [38.997084] btrfs_ioctl+0x11b0/0x2da0 [btrfs] [38.997867] ? mod_objcg_state+0xee/0x340 [38.998552] ? seq_release+0x24/0x30 [38.999184] ? proc_nr_files+0x30/0x30 [38.999654] ? call_rcu+0xc8/0x2f0 [39.000228] ? __x64_sys_ioctl+0x84/0xc0 [39.000872] ? btrfs_ioctl_get_supported_features+0x30/0x30 [btrfs] [39.001973] __x64_sys_ioctl+0x84/0xc0 [39.002566] do_syscall_64+0x3a/0x80 [39.003011] Entry_SYSCALL_64_after_hwframe+ 0x44/0xae [39.003735] RIP: 0033:0x7f11c166959b [39.007324] RSP: 002b:00007fff2543e998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [39.008521] RAX: ffffffffffffffda RBX: 00007f11c1521698 RCX: 00007f11c166959b [39.009833] RDX: 00007fff2543 ea40 RSI: 00000000c4009420 RDI: 00000000000000003 [39.011270] RBP: 0000000000000003 R08: 00000000000000013 R09: 00007f11c16f94e0 [39.0125 81] R10: 0000000000000000 R11: 0000000000000246 R12 : 00007fff25440df3 [39.014046] R13: 00000000000000000 R14: 00007fff2543ea40 R15: 0000000000000001 [39.015040] [39.015418] ---[ final de seguimiento 0 000000000000000 ]--- [43.131559] ------------ [cortar aqu\u00ed]------------ [43.132234] \u00a1ERROR del kernel en fs/btrfs/extent-tree.c:2717! [43.133031] c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP PTI [43.133702] CPU: 1 PID: 1839 Comm: btrfs Tainted: GW 5.17.0-rc4 #54 [43.134863] Nombre de hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 01/04/2014 [43.136426] RIP: 0010:unpin_extent_range+0x37a/0x4f0 [btrfs] [43.139913] RSP: 216bc70 EFLAGS: 00010246 [43.140629] RAX: 0000000000000000 RBX: ffff96cfc34490f8 RCX: 0000000000000001 [43.141604] RDX: 0000000080000001 RSI: 0000000051d00000 : 00000000ffffffff [43.142645] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff96cfd07dca50 [43.143669] R10: ffff96cfc46e8a00 R11: 00 R12: 0000000041d00000 [43.144657 ] R13: ffff96cfc3ce0000 R14: ffffb0dd4216bd08 R15: 0000000000000000 [43.145686] FS: 00007f7657dd68c0(0000) GS:ffff96d6df640000(0000) 00000000000000 [43.146808] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [43.147584] CR2: 00007f7fe81bf5b0 CR3 : 00000001093ee004 CR4: 0000000000370ee0 [43.148589] ---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.12", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "0124F44D-3165-4025-A6AD-1C47145E6B2A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", + "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*", + "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/5fd76bf31ccfecc06e2e6b29f8c809e934085b99", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/725a6ac389b182261af174176e561a36b0f39ffc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a4378947ae39f08c6ae4c6a87ccdebc981a7bbcb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48904.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48904.json index 8913b222f4d..3649899748a 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48904.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48904.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48904", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:04.980", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:55:34.123", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,119 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iommu/amd: corrige la p\u00e9rdida de memoria de la tabla de p\u00e1ginas de E/S. La l\u00f3gica actual actualiza el modo de tabla de p\u00e1ginas de E/S para el dominio antes de llamar a la l\u00f3gica para liberar la memoria utilizada para la tabla de p\u00e1ginas. Esto da como resultado una p\u00e9rdida de memoria en la tabla de p\u00e1ginas de IOMMU y se puede observar al iniciar VM con dispositivos de paso. Se soluciona liberando la memoria utilizada para la tabla de p\u00e1ginas antes de actualizar el modo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.12", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "0124F44D-3165-4025-A6AD-1C47145E6B2A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", + "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*", + "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/378e2fe1eb58d5c2ed55c8fe5e11f9db5033cdd6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6b0b2d9a6a308bcd9300c2d83000a82812c56cea", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c78627f757e37c2cf386b59c700c4e1574988597", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48905.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48905.json index ae78def353a..5d315b94e96 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48905.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48905.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48905", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:05.050", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:44:45.753", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,161 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ibmvnic: elemento de trabajo de reinicio gratuito al vaciar Se corrige una peque\u00f1a p\u00e9rdida de memoria al vaciar la cola de trabajo de reinicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.18", + "versionEndExcluding": "4.19.233", + "matchCriteriaId": "94F03986-C560-4F93-9BAB-D48C438A6B89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.183", + "matchCriteriaId": "76A7616E-E6B9-4A7F-AA7C-1D47F774215F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.104", + "matchCriteriaId": "764998FC-D1F7-4BAA-BD56-A553C7AB8F08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "B3A8E092-3021-4A34-8DCE-B89D2238818B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", + "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*", + "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/39738a2346b270e8f72f88d8856de2c167bd2899", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4c26745e4576cec224092e6cc12e37829333b183", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/58b07100c20e95c78b8cb4d6d28ca53eb9ef81f2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6acbc8875282d3ca8a73fa93cd7a9b166de5019c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/786576c03b313a9ff6585458aa0dfd039d897f51", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8d0657f39f487d904fca713e0bc39c2707382553", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48906.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48906.json index 8e51decef63..b2da5c7b8ae 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48906.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48906.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48906", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:05.120", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:41:56.660", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,126 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: establece correctamente el tiempo de espera de DATA_FIN cuando el n\u00famero de retransmisiones es grande Syzkaller con UBSAN descubri\u00f3 un escenario en el que una gran cantidad de retransmisiones de DATA_FIN provocaban un desplazamiento fuera de los l\u00edmites en el tiempo de espera de DATA_FIN c\u00e1lculo: =================================================== ================================ UBSAN: desplazamiento fuera de los l\u00edmites en net/mptcp/protocol.c: El exponente de desplazamiento 470:29 32 es demasiado grande para el tipo 'unsigned int' de 32 bits CPU: 1 PID: 13059 Comm: kworker/1:0 Not tainted 5.17.0-rc2-00630-g5fbf21c90c60 #1 Nombre de hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 01/04/2014 Cola de trabajo: eventos mptcp_worker Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0xcd/0x134 lib/dump_stack .c:106 ubsan_epilogue+0xb/0x5a lib/ubsan.c:151 __ubsan_handle_shift_out_of_bounds.cold+0xb2/0x20e lib/ubsan.c:330 mptcp_set_datafin_timeout net/mptcp/protocol.c:470 __mptcp_retrans.cold+0x7 2/0x77 net/mptcp/protocol.c:2445 mptcp_worker+0x58a/0xa70 net/mptcp/protocol.c:2528 Process_one_work+0x9df/0x16d0 kernel/workqueue.c:2307 trabajador_thread+0x95/0xe10 kernel/workqueue.c:2454 kthread+0x2f4 /0x3b0 kernel/kthread.c:377 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 ====================== ==================================================== ========= Este cambio limita el tiempo de espera m\u00e1ximo al limitar el tama\u00f1o del turno, lo que mantiene todos los valores intermedios dentro de los l\u00edmites." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.12.4", + "versionEndExcluding": "5.13", + "matchCriteriaId": "962DCAA0-5F0D-4E2B-9CC7-53800AB2E504" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.13", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "30FF1CEF-6370-4679-8AB5-D39C2D09A3D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", + "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*", + "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/03ae283bd71f761feae3f402668d698b393b0e79", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0c3f34beb459753f9f80d0cc14c1b50ab615c631", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/877d11f0332cd2160e19e3313e262754c321fa36", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48907.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48907.json index 1a8a26456bb..8ef46c01dbf 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48907.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48907.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48907", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:05.187", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:33:22.423", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,119 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: auxdisplay: lcd2s: corrige la p\u00e9rdida de memoria en ->remove() Una vez asignada, la estructura lcd2s_data nunca se libera. Solucione la p\u00e9rdida de memoria cambiando a devm_kzalloc()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "B3A8E092-3021-4A34-8DCE-B89D2238818B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", + "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*", + "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3585ed5f9b11a6094dd991d76a1541e5d03b986a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5d53cd33f4253aa4cf02bf7e670b3c6a99674351", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/898c0a15425a5bcaa8d44bd436eae5afd2483796", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48908.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48908.json index 8c364d9ec98..cb1a417ba63 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48908.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48908.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48908", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:05.247", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:37:52.190", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,189 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: arcnet: com20020: corrija null-ptr-deref en com20020pci_probe() Durante la inicializaci\u00f3n del controlador, se requiere el puntero de informaci\u00f3n de la tarjeta, es decir, la variable 'ci'. Sin embargo, la definici\u00f3n de 'com20020pci_id_table' revela que este campo est\u00e1 vac\u00edo para algunos dispositivos, lo que provocar\u00e1 una desreferencia del puntero nulo al inicializar estos dispositivos. El siguiente registro lo revela: [3.973806] KASAN: null-ptr-deref en el rango [0x0000000000000028-0x000000000000002f] [3.973819] RIP: 0010:com20020pci_probe+0x18d/0x13e0 [com20020_p ci] [3.975181] Seguimiento de llamadas: [3.976208] local_pci_probe+0x13f /0x210 [3.977248] pci_device_probe+0x34c/0x6d0 [3.977255]? pci_uevent+0x470/0x470 [3.978265] very_probe+0x24c/0x8d0 [3.978273] __driver_probe_device+0x1b3/0x280 [3.979288] driver_probe_device+0x50/0x370 Solucione este problema comprobando primero si el 'ci' es un puntero nulo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.18", + "versionEndExcluding": "4.9.305", + "matchCriteriaId": "FD5759B6-D0C9-44AA-A127-E183C95F00A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.270", + "matchCriteriaId": "51C0B6F2-A904-4FE6-B06B-CE26226B22B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.233", + "matchCriteriaId": "B59A7E33-6262-458E-AC76-E8CC4E812344" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.183", + "matchCriteriaId": "76A7616E-E6B9-4A7F-AA7C-1D47F774215F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.104", + "matchCriteriaId": "764998FC-D1F7-4BAA-BD56-A553C7AB8F08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "B3A8E092-3021-4A34-8DCE-B89D2238818B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", + "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*", + "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/5f394102ee27dbf051a4e283390cd8d1759dacea", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8e3bc7c5bbf87e86e9cd652ca2a9166942d86206", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b1ee6b9340a38bdb9e5c90f0eac5b22b122c3049", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b838add93e1dd98210482dc433768daaf752bdef", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bd6f1fd5d33dfe5d1b4f2502d3694a7cc13f166d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ca0bdff4249a644f2ca7a49d410d95b8dacf1f72", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e50c589678e50f8d574612e473ca60ef45190896", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ea372aab54903310756217d81610901a8e66cb7d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48909.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48909.json index 71744f09c29..adf65c486c8 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48909.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48909.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48909", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:05.333", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:36:11.253", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,133 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: reparar fuga de conexi\u00f3n Hay un posible problema de fuga en la siguiente secuencia de ejecuci\u00f3n: smc_release smc_connect_work if (sk->sk_state == SMC_INIT) send_clc_confirim tcp_abort(); ... sk.sk_state = SMC_ACTIVE smc_close_active switch(sk->sk_state) { ... case SMC_ACTIVE: smc_close_final() // luego espera el par cerrado Desafortunadamente, tcp_abort() puede descartar los mensajes CLC CONFIRM que todav\u00eda est\u00e1n en el b\u00fafer de env\u00edo tcp , en cuyo caso nuestro token de conexi\u00f3n no se puede entregar al lado del servidor, lo que significa que no podemos recibir ning\u00fan mensaje de cierre pasivo. Por lo tanto, es imposible desconectarlo en absoluto. Este parche intenta una forma muy sencilla de evitar este problema, una vez que el estado ha cambiado a SMC_ACTIVE despu\u00e9s de tcp_abort(), podemos cancelar activamente la conexi\u00f3n smc, considerando que el estado es SMC_INIT antes de tcp_abort(), abandonar el proceso de desconexi\u00f3n completo no deber\u00eda causar demasiado problema. De hecho, este problema puede existir siempre y cuando el servidor no reciba el mensaje CONFIRM CLC. En el futuro se deber\u00e1 discutir si se debe agregar un temporizador despu\u00e9s de smc_close_final(). Pero aun as\u00ed, este parche proporciona una liberaci\u00f3n m\u00e1s r\u00e1pida para la conexi\u00f3n. En el caso anterior, tambi\u00e9n deber\u00eda ser valioso." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.3", + "versionEndExcluding": "5.10.104", + "matchCriteriaId": "C340B44A-7A5B-4A6D-AB90-C8B64B25908B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "B3A8E092-3021-4A34-8DCE-B89D2238818B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", + "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*", + "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2e8d465b83db307f04ad265848f8ab3f78f6918f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/80895b6f9154fb22d36fab311ccbb75503a2c87b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9f1c50cf39167ff71dc5953a3234f3f6eeb8fcb5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e98d46ccfa84b35a9e4b1ccdd83961b41a5d7ce5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48910.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48910.json index cf7b84eb08e..25a5417bbb5 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48910.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48910.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48910", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:05.403", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:31:57.197", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,35 +15,175 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ipv6: aseg\u00farese de llamar a ipv6_mc_down() como m\u00e1ximo una vez. Hay dos razones para llamar a addrconf_notify() con NETDEV_DOWN: o el dispositivo de red realmente est\u00e1 cayendo o IPv6 estaba deshabilitado en la interfaz. Si alguno de ellos permanece inactivo mientras el otro est\u00e1 activado, llamamos repetidamente al c\u00f3digo para NETDEV_DOWN, incluido ipv6_mc_down(), pero nunca llamamos al ipv6_mc_up() correspondiente en el medio. Esto har\u00e1 que se asigne una nueva entrada en idev->mc_tomb para cada grupo de multidifusi\u00f3n al que est\u00e9 suscrita la interfaz, lo que a su vez filtrar\u00e1 una estructura ifmcaddr6 por cada grupo de multidifusi\u00f3n no trivial al que est\u00e9 suscrita la interfaz. El siguiente reproductor filtrar\u00e1 al menos $n objetos: ip addr add ff2e::4242/32 dev eth0 autojoin sysctl -w net.ipv6.conf.eth0.disable_ipv6=1 for i in $(seq 1 $n); configurar el enlace ip eth0; ip link set down eth0 done Unirse a grupos con IPV6_ADD_MEMBERSHIP (sin privilegios) o configurar sysctl net.ipv6.conf.eth0.forwarding en 1 (=> suscribirse a ff02::2) tambi\u00e9n se puede usar para crear un idev->mc_list no trivial , que filtrar\u00e1 objetos con la secuencia correcta de arriba a abajo. Seg\u00fan ambas fuentes de eventos NETDEV_DOWN, se debe considerar el estado de la interfaz IPv6: - no lista si la interfaz de red no est\u00e1 lista O IPv6 est\u00e1 deshabilitado - lista si la interfaz de red est\u00e1 lista Y IPv6 est\u00e1 habilitada Las funciones ipv6_mc_up() e ipv6_down() solo debe ejecutarse cuando este estado cambie. Implemente esto recordando cu\u00e1ndo el estado de IPv6 est\u00e1 listo y solo ejecute ipv6_mc_down() si realmente cambi\u00f3 de listo a no listo. La otra direcci\u00f3n (no listo -> listo) ya funciona correctamente, ya que: - la ruta de c\u00f3digo activada de notificaci\u00f3n de interfaz para NETDEV_UP / NETDEV_CHANGE regresa antes si ipv6 est\u00e1 deshabilitado, y - la ruta de c\u00f3digo activada enable_ipv6=0 omite la inicializaci\u00f3n completa de la interfaz siempre que addrconf_link_ready (dev) devuelve falso: llamar a ipv6_mc_up() repetidamente no filtra nada" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.18", + "versionEndExcluding": "4.9.313", + "matchCriteriaId": "927E10B9-07A2-4D21-B518-62246BE28995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.278", + "matchCriteriaId": "050329AA-B7D6-45EA-9341-E396DC054423" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "5.4.193", + "matchCriteriaId": "A014E697-B30F-4699-8F9E-0FB4E2BB359C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.104", + "matchCriteriaId": "764998FC-D1F7-4BAA-BD56-A553C7AB8F08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "B3A8E092-3021-4A34-8DCE-B89D2238818B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", + "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*", + "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/72124e65a70b84e6303a5cd21b0ac1f27d7d61a4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9588ac2eddc2f223ebcebf6e9f5caed84d32922b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9995b408f17ff8c7f11bc725c8aa225ba3a63b1c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9a8736b2da28b24f01707f592ff059b9f90a058c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b11781515208dd31fbcd0b664078dce5dc44523f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c71bf3229f9e9dd60ba02f5a5be02066edf57012", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f4c63b24dea9cc2043ff845dcca9aaf8109ea38a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48911.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48911.json index bcbc32654db..d29c0e51b95 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48911.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48911.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48911", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:05.483", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:24:58.060", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,189 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_queue: corrige posible use-after-free Eric Dumazet dice: El lado sock_hold() parece sospechoso, porque no hay garant\u00eda de que sk_refcnt no sea ya 0. En caso de falla, No podemos poner en cola el paquete y necesitamos indicar un error. La persona que llama descartar\u00e1 el paquete. v2: dividir el fragmento de captaci\u00f3n previa de skb en un cambio separado" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.29", + "versionEndExcluding": "4.9.305", + "matchCriteriaId": "C3F18B92-FE18-47E9-A7F2-16F95AB41486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.270", + "matchCriteriaId": "51C0B6F2-A904-4FE6-B06B-CE26226B22B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.233", + "matchCriteriaId": "B59A7E33-6262-458E-AC76-E8CC4E812344" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.183", + "matchCriteriaId": "76A7616E-E6B9-4A7F-AA7C-1D47F774215F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.104", + "matchCriteriaId": "764998FC-D1F7-4BAA-BD56-A553C7AB8F08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "B3A8E092-3021-4A34-8DCE-B89D2238818B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", + "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*", + "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/21b27b2baa27423286e9b8d3f0b194d587083d95", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/34dc4a6a7f261736ef7183868a5bddad31c7f9e3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/43c25da41e3091b31a906651a43e80a2719aa1ff", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4d05239203fa38ea8a6f31e228460da4cb17a71a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c3873070247d9e3c7a6b0cf9bf9b45e8018427b1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dd648bd1b33a828f62befa696b206c688da0ec43", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ef97921ccdc243170fcef857ba2a17cf697aece5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48914.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48914.json index 2e505969f54..9fefdb0debf 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48914.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48914.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48914", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:05.683", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:27:34.623", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,131 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xen/netfront: destruye colas antes de que real_num_tx_queues se ponga a cero xennet_destroy_queues() se basa en info->netdev->real_num_tx_queues para eliminar colas. Dado que d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 (\"net-sysfs: actualice los recuentos de colas en la ruta de cancelaci\u00f3n de registro\"), unregister_netdev() establece indirectamente real_num_tx_queues en 0. Esos dos hechos juntos significan que xennet_destroy_queues() llamado desde xennet_remove() no puede hacer su trabajo, porque s llamado despu\u00e9s de unregister_netdev(). Esto da como resultado colas kfree-ing que todav\u00eda est\u00e1n vinculadas en napi, lo que finalmente falla: ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000000 #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - PGD de p\u00e1gina no presente 0 P4D 0 Ups: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 52 Comm: xenwatch Tainted: GW 5.16.10-1.32.fc32.qubes.x86_64+ #226 RIP: 0010:free_netdev+0xa3/0x1a0 C\u00f3digo: ff 48 89 df e8 2e e9 00 00 48 8b 43 50 48 8b 08 48 8d b8 a0 fe ff ff 48 8d a9 a0 fe ff ff 49 39 c4 75 26 eb 47 e8 ed c1 66 ff <48> 8b 85 60 01 00 0 48 8d 95 60 01 00 00 48 89 ef 48 2d 60 01 00 RSP: 0000:ffffc90000bcfd00 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88800edad000 RCX: 0000000000000 RDX: 0000000000000001 RSI: ffffc90000bcfc30 RDI: 00000000ffffffff RBP: fffffffffffffea0 R08: 00000000000000000 R09: 00000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800edad050 R13: ffff8880065f8f88 R14: 00000000000000000 R15: ffff8880066c6680 FS: 00000000000000(0000) GS:ffff8880f3300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: CR3: 00000000e998c006 CR4: 00000000003706e0 Seguimiento de llamadas: xennet_remove+0x13d/0x300 [xen_netfront] xenbus_dev_remove+0x6d/0xf0 __device_release_driver+0x17a/0x240 device_release_driver+0x24/ 0x30 bus_remove_device+0xd8/0x140 dispositivo_del+0x18b/0x410? _raw_spin_unlock+0x16/0x30? klist_iter_exit+0x14/0x20? xenbus_dev_request_and_reply+0x80/0x80 dispositivo_unregister+0x13/0x60 xenbus_dev_changed+0x18e/0x1f0 xenwatch_thread+0xc0/0x1a0 ? do_wait_intr_irq+0xa0/0xa0 kthread+0x16b/0x190 ? set_kthread_struct+0x40/0x40 ret_from_fork+0x22/0x30 Solucione este problema llamando a xennet_destroy_queues() desde xennet_uninit(), cuando real_num_tx_queues todav\u00eda est\u00e9 disponible. Esto garantiza que las colas se destruyan cuando real_num_tx_queues se establece en 0, independientemente de c\u00f3mo se llam\u00f3 a unregister_netdev(). Reportado originalmente en https://github.com/QubesOS/qubes-issues/issues/7257" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19.226", + "versionEndExcluding": "4.19.233", + "matchCriteriaId": "844F8286-579D-45F3-91F9-B0963A45C46A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4.174", + "versionEndExcluding": "5.4.183", + "matchCriteriaId": "50DC6A9D-EDB7-4237-9253-6A36CB2A79E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10.94", + "versionEndExcluding": "5.10.104", + "matchCriteriaId": "07144469-6081-4ABC-AD38-F23A8D9B3E86" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.17", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "A3C6A607-7094-4C3C-B703-C6B5A1F87670" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16.3", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "CA1CE57C-E9AE-4BFC-8E39-AECD1A63C9A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/198cdc287769c717dafff5887c6125cb7a373bf3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/47e2f166ed9fe17f24561d6315be2228f6a90209", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a1753d5c29a6fb9a8966dcf04cb4f3b71e303ae8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a63eb1e4a2e1a191a90217871e67fba42fd39255", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b40c912624775a21da32d1105e158db5f6d0554a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dcf4ff7a48e7598e6b10126cc02177abb8ae4f3f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48916.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48916.json index 6c9c458cb82..33f41c74e27 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48916.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48916.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48916", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:05.797", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:11:36.230", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,133 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: se corrige el doble list_add al habilitar VMD en modo escalable Al habilitar VMD e IOMMU en modo escalable, se muestra el siguiente registro de kernel/rastreo de llamadas de p\u00e1nico del kernel en la plataforma Eagle Stream (CPU Sapphire Rapids) durante el arranque: pci 0000:59:00.5: Agregar al grupo iommu 42... vmd 0000:59:00.5: Puente de host PCI al bus 10000:80 pci 10000:80:01.0: [8086:352a] tipo 01 clase 0x060400 pci 10000:80:01.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit] pci 10000:80:01.0: habilitaci\u00f3n de etiquetas extendidas pci 10000:80:01.0: PME# compatible desde D0 D3hot D3cold pci 10 000:80: 01.0: DMAR: La configuraci\u00f3n de RID2PASID fall\u00f3 pci 10000:80:01.0: No se pudo agregar al grupo iommu 42: -16 pci 10000:80:03.0: [8086:352b] tipo 01 clase 0x060400 pci 10000:80:03.0: reg 0x10: [mem 0x00000000-0x0001ffff 64 bits] pci 10000:80:03.0: habilitaci\u00f3n de etiquetas extendidas pci 10000:80:03.0: PME# admitido desde D0 D3hot D3cold ------------[ cortar aqu\u00ed ]--- --------- \u00a1ERROR del kernel en lib/list_debug.c:29! c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.17.0-rc3+ #7 Nombre del hardware: Lenovo ThinkSystem SR650V3/SB27A86647, BIOS ESE101Y-1.00 01/13/ Cola de trabajo 2022: eventos work_for_cpu_fn RIP: 0010:__list_add_valid.cold+0x26/0x3f C\u00f3digo: 9a 4a ab ff 4c 89 c1 48 c7 c7 40 0c d9 9e e8 b9 b1 fe ff 0f 0b 48 89 f2 4c 89 c1 48 fe 48 c7 c7 f0 0c d9 9e e8 a2 b1 fe ff <0f> 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 98 0c d9 9e e8 8b b1 fe RSP: 0000:ff5ad434865b3a40 EFLAGS: 00010246 RAX: 00000000058 RBX: ff4d61160b74b880 RCX: ff4d61255e1fffa8 RDX: 0000000000000000 RSI: 00000000fffeffff RDI: ffffffff9fd34f20 RBP: ff4d611d8e245c00 R08: 0000000000000000 R09: 888 R10: ff5ad434865b3880 R11: ff4d61257fdc6fe8 R12: ff4d61160b74b8a0 R13: ff4d61160b74b8a0 R14: ff4d611d8e245c10 R15: ff4d611d8001ba70 0000000000000000(0000) GS:ff4d611d5ea00000(0000) knlGS :0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ff4d611fa1401000 CR3: 0000000aa0210001 CR4: 0000000000771ef0 DR0: 000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 PKRU: 55555554 Llamar Seguimiento: intel_pasid_alloc_table+0x9c/0x1d0 dmar_insert_one_dev_info+0x423/0x540? device_to_iommu+0x12d/0x2f0 intel_iommu_attach_device+0x116/0x290 __iommu_attach_device+0x1a/0x90 iommu_group_add_device+0x190/0x2c0 __iommu_probe_device+0x13e/0x250 iommu_probe_device+0 x24/0x150 iommu_bus_notifier+0x69/0x90 blocking_notifier_call_chain+0x5a/0x80 device_add+0x3db/0x7b0 ? arch_memremap_can_ram_remap+0x19/0x50? memremap+0x75/0x140 pci_device_add+0x193/0x1d0 pci_scan_single_device+0xb9/0xf0 pci_scan_slot+0x4c/0x110 pci_scan_child_bus_extend+0x3a/0x290 vmd_enable_domain.constprop.0+0x63e/0x 820 vmd_probe+0x163/0x190 local_pci_probe+0x42/0x80 work_for_cpu_fn+0x13/0x20 proceso_one_work +0x1e2/0x3b0 hilo_trabajador+0x1c4/0x3a0 ? hilo_rescate+0x370/0x370 kthread+0xc7/0xf0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 m\u00f3dulos vinculados en: --- [end rastre 0xffffffff80000000-0xffffffffbffffff) ---[ fin del p\u00e1nico del kernel - no se sincroniza: excepci\u00f3n grave ]--- La siguiente salida 'lspci' muestra que los dispositivos '10000:80:*' son subdispositivos del dispositivo VMD 0000:59:00.5: $ lspci ... 0000:59:00.5 Controlador de bus RAID: Dispositivo de administraci\u00f3n de volumen Intel Corporation Controlador RAID NVMe (rev. 20) ... 10000:80:01.0 Puente PCI: Dispositivo Intel Corporation 352a (rev. 03) 10000:80:03.0 Puente PCI : Dispositivo Intel Corporation 352b (rev 03) 10000:80:05.0 Puente PCI: Dispositivo Intel Corporation 352c (rev 03) 10000:80:07.0 Puente PCI: Dispositivo Intel Corporation 352d (rev 03) 10000:81:00.0 Memoria no vol\u00e1til controlador: Intel Corporation NVMe Datacenter SSD [3DNAND, Beta Rock Controller] 10000:82:00 ---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.12.19", + "versionEndExcluding": "5.13", + "matchCriteriaId": "8C2A0F7A-34D9-4DE2-893B-3C8AB10FFB6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.13.4", + "versionEndExcluding": "5.14", + "matchCriteriaId": "B6D2AA29-7EC0-4F37-94E7-CF564CCEF770" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.14", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "6EB0EE01-99B7-49FA-874A-693CEAAE69D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", + "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*", + "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2aaa085bd012a83be7104356301828585a2253ed", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b00833768e170a31af09268f7ab96aecfcca9623", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d5ad4214d9c6c6e465c192789020a091282dfee7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48917.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48917.json index e73b236ae08..49b18731e6f 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48917.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48917.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48917", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:05.853", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:07:29.723", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,159 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: ops: Shift valores probados en snd_soc_put_volsw() por +min Mientras que los valores $val/$val2 pasados desde el espacio de usuario son siempre >= 0 enteros, los l\u00edmites del control pueden ser n\u00fameros enteros con signo y $min puede ser distinto de cero y menor que cero. Para validar correctamente $val/$val2 contra platform_max, primero agregue el desplazamiento $min a val." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.9.300", + "versionEndExcluding": "4.9.305", + "matchCriteriaId": "7078F5FD-8C44-4848-8434-373F11E2437F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.14.265", + "versionEndExcluding": "4.14.270", + "matchCriteriaId": "EE350A5A-C35A-4391-8BF5-BD86BA58F692" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19.228", + "versionEndExcluding": "4.19.233", + "matchCriteriaId": "CAD48EEC-226F-4CEE-B62A-4C2E080C07DD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4.178", + "versionEndExcluding": "5.4.183", + "matchCriteriaId": "BFA7B940-F1DA-4FFA-B8CF-2207C6B13588" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10.99", + "versionEndExcluding": "5.10.104", + "matchCriteriaId": "EB68B618-D9A9-4D08-825F-95066EBB07B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.22", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "9274DE9A-1466-4660-ABE0-FCE84DFE75E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16.8", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "EDE53E28-A078-4F10-B3B9-EE8482DCFEC7" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/050b1821f27c5d4fd5a298f6e62c3d3c9335e622", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0b2ecc9163472128e7f30b517bee92dcd27ffc34", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6951a5888165a38bb7c39a2d18f5668b2f1241c7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/69f42e41256d5a234d3ae0d35fa66dc6d8171846", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/70712d5afbbea898d5f51fa02e315fe0a4835043", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7e0e4bc93811cf600508ff36f07abea7b40643ed", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9bdd10d57a8807dba0003af0325191f3cec0f11c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f3537f1b2bfd3b1df15723df49fc26eccd5112fe", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48920.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48920.json index 9185e7da621..3b2b117aa24 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48920.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48920.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48920", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:06.080", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:04:26.640", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,108 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: elimina la advertencia en el commit de transacci\u00f3n cuando se usa fluoncommit Cuando se usa la opci\u00f3n de montaje fluoncommit, durante casi cada commit de transacci\u00f3n activamos una advertencia de __writeback_inodes_sb_nr(): $ cat fs/fs -writeback.c: (...) vac\u00edo est\u00e1tico __writeback_inodes_sb_nr(struct super_block *sb, ... { (...) WARN_ON(!rwsem_is_locked(&sb->s_umount)); (...) } (... ) La traza producida en dmesg se parece a la siguiente: [947.473890] ADVERTENCIA: CPU: 5 PID: 930 en fs/fs-writeback.c:2610 __writeback_inodes_sb_nr+0x7e/0xb3 [947.481623] M\u00f3dulos vinculados en: nfsd nls_cp437 cifs asn1_decoder s_arc4 fscache cifs_md4 ipmi_ssif [947.489571] CPU: 5 PID: 930 Comm: btrfs-transacti No contaminado 95.16.3-srb-asrock-00001-g36437ad63879 #186 [947.497969] RIP: __writeback_inodes_sb_nr +0x7e/0xb3 [947.502097] C\u00f3digo: 24 10 4c 89 44 24 18 c6 (...) [947.519760] RSP: 0018:ffffc90000777e10 EFLAGS: 00010246 [947.523818] RAX: 0000000000000000 RBX: 0000000000963300 X: 0000000000000000 [947.529765] RDX: 0000000000000000 RSI: 000000000000fa51 RDI: ffffc90000777e50 [947.535740] RBP : ffff888101628a90 R08: ffff888100955800 R09: ffff888100956000 [947.541701] R10: 00000000000000002 R11: 0000000000000001 R12: ffff88810096 3488 [947.547645] R13: ffff888100963000 R14: ffff888112fb7200 R15: ffff888100963460 [947.553621] FS: 0000000000000000(0000) GS:ffff88841fd40 000(0000) knlGS:0000000000000000 [947.560537] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [947.565122] CR2: 0000000008be50c4 CR3: 000000000220c000 CR4: 00000000001006e 0 [947.571072] Seguimiento de llamadas: [947.572354] [947.573266] btrfs_commit_transaction+0x1f1/0x998 [947.576785] ? start_transaction+0x3ab/0x44e [947.579867] ? Schedule_timeout+0x8a/0xdd [947.582716] transacci\u00f3n_kthread+0xe9/0x156 [947.585721] ? btrfs_cleanup_transaction.isra.0+0x407/0x407 [947.590104] kthread+0x131/0x139 [947.592168] ? set_kthread_struct+0x32/0x32 [947.595174] ret_from_fork+0x22/0x30 [947.597561] [947.598553] ---[ end trace 644721052755541c ]--- Esto se debe a que comenzamos a usar writeback_inodes_sb() para vaciar delalloc cuando cometer una transacci\u00f3n (cuando se usa -o fluoncommit), para evitar interbloqueos con las operaciones de congelaci\u00f3n del sistema de archivos. Este cambio se realiz\u00f3 mediante el commit ce8ea7cc6eb313 (\"btrfs: no llame a btrfs_start_delalloc_roots en flowoncommit\"). Despu\u00e9s de ese cambio, comenzamos a producir esa advertencia y, de vez en cuando, un usuario informa esto ya que la advertencia ocurre con demasiada frecuencia, env\u00eda spam a dmesg/syslog y el usuario no est\u00e1 seguro de si esto refleja alg\u00fan problema que pueda comprometer la confiabilidad del sistema de archivos. No podemos simplemente bloquear el sem\u00e1foro sb->s_umount antes de llamar a writeback_inodes_sb(), porque eso al menos bloquear\u00eda el sistema de archivos, ya que en fs/super.c:freeze_super() se llama a sync_filesystem() mientras mantenemos ese sem\u00e1foro en modo de escritura, y eso puede desencadenar un commit de transacci\u00f3n, lo que resulta en un punto muerto. Tambi\u00e9n desencadenar\u00eda el mismo tipo de punto muerto en la ruta de desmontaje. Posiblemente, tambi\u00e9n podr\u00eda introducir algunas otras dependencias de bloqueo que lockdep informar\u00eda. Para solucionar este problema, llame a try_to_writeback_inodes_sb() en lugar de writeback_inodes_sb(), porque intentar\u00e1 leer el bloqueo sb->s_umount y luego solo llamar\u00e1 a writeback_inodes_sb() si pudo bloquearlo. Esto est\u00e1 bien porque los casos en los que no puede leer el bloqueo sb->s_umount son durante un desmontaje del sistema de archivos o durante una congelaci\u00f3n del sistema de archivos; en esos casos, sb->s_umount est\u00e1 bloqueado contra escritura y se llama a sync_filesystem(), que llama a writeback_inodes_sb() . En otras palabras, en todos los casos en los que no podemos adoptar un bloqueo de lectura en sb->s_umount, la reescritura ya se est\u00e1 activando en otro lugar. ---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-667" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "A48510A0-1C49-4D24-BB6E-AC9B5F1C4DFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/850a77c999b81dd2724efd2684068d6f90db8c16", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a0f0cf8341e34e5d2265bfd3a7ad68342da1e2aa", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e4d044dbffcd570351f21c747fc77ff90aed7f2e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48921.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48921.json index 8d5ee19df46..3b901fbe41e 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48921.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48921.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48921", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:08.197", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T12:58:50.660", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,125 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sched/fair: Solucionar falla en reweight_entity Syzbot encontr\u00f3 un GPF en reweight_entity. Esto se ha dividido en dos para el commit 4ef0c5c6b5ba (\"kernel/sched: Fix sched_fork() accede a un sched_task_group no v\u00e1lido\") Hay una ejecuci\u00f3n entre sched_post_fork() y setpriority(PRIO_PGRP) dentro de un grupo de subprocesos que provoca un null-ptr-deref en reweight_entity () en el SFC. El escenario es que el proceso principal genera una cantidad de subprocesos nuevos, que luego llaman a setpriority(PRIO_PGRP, 0, -20), esperan y salen. Para cada uno de los nuevos subprocesos, se invoca copy_process(), lo que agrega la nueva task_struct y llama a sched_post_fork() para ello. En el escenario anterior existe la posibilidad de que se llame a setpriority(PRIO_PGRP) y set_one_prio() para un subproceso en el grupo que acaba de crear copy_process(), y para el cual sched_post_fork() a\u00fan no se ha ejecutado. Esto desencadenar\u00e1 una desreferencia del puntero nulo en reweight_entity(), ya que intentar\u00e1 acceder al puntero de la cola de ejecuci\u00f3n, que no se ha configurado. Antes del cambio mencionado, el puntero cfs_rq para la tarea se configur\u00f3 en sched_fork(), que se llama mucho antes en copy_process(), antes de que la nueva tarea se agregue al thread_group. Ahora se hace en sched_post_fork(), que se llama despu\u00e9s de eso. Para solucionar el problema, elimine el par\u00e1metro update_load de la funci\u00f3n update_load param() y llame a reweight_task() solo si el indicador de tarea no tiene establecido el indicador TASK_NEW." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10.80", + "versionEndExcluding": "5.10.137", + "matchCriteriaId": "82480749-56E0-4A46-85BF-C3C44B1F8706" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.14.19", + "versionEndExcluding": "5.15", + "matchCriteriaId": "CC24A46F-AAF0-46A3-9255-D235078D50BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.3", + "versionEndExcluding": "5.15.27", + "matchCriteriaId": "61C603D7-C7CD-4505-AF1B-EBFDD4D152AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.13", + "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/13765de8148f71fa795e0a6607de37c49ea5915a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/589a954daab5e18399860b6c8ffaeaf79844eb20", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8f317cd888059c59e2fa924bf4b0957cfa53f78e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e0bcd6b5779352aed88f2e538a82a39f1a7715bb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48922.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48922.json index 4c39fa146e2..daa2e554e8b 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48922.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48922.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48922", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:08.267", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T12:52:54.023", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,128 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: corrige los errores causados por el rastreador de latencia irqsoff trace_hardirqs_{on,off}() requiere que la persona que llama configure el puntero del marco correctamente. Esto se debe a que estas dos funciones utilizan la macro 'CALLER_ADDR1' (tambi\u00e9n conocida como __builtin_return_address(1)) para adquirir informaci\u00f3n de la persona que llama. Si $fp se usa para otro prop\u00f3sito, el c\u00f3digo generado en esta macro (como se muestra a continuaci\u00f3n) podr\u00eda provocar una falla de acceso a la memoria. 0xffffffff8011510e <+80>: ld a1,-16(s0) 0xffffffff80115112 <+84>: ld s2,-8(a1) # <-- error de paginaci\u00f3n aqu\u00ed El mensaje de ups durante el arranque si se compila con el rastreador 'irqoff' habilitado: [ 0.039615][T0] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 00000000000000f8 [0.041925][T0] Ups [#1] [0.042063][T0] M\u00f3dulos vinculados en: [0.042864][T0] CPU: 0 PID: 0 Comm : swapper/0 No contaminado 5.17.0-rc1-00233-g9a20c48d1ed2 #29 [ 0.043568][ T0] Nombre de hardware: riscv-virtio,qemu (DT) [ 0.044343][ T0] epc : trace_hardirqs_on+0x56/0xe2 [ 0.044601] [T0] ra: restaurar_all+0x12/0x6e [0.044721][T0] epc: ffffffff80126a5c ra: ffffffff80003b94 sp: ffffffff81403db0 [0.044801][T0] gp: ffffffff8163acd8 tp: ffffffff81414880 t0: 0000000000000020 [0.044882][T0] t1: 0098968000000000 t2 : 0000000000000000 s0 : ffffffff81403de0 [ 0.044967][ T0] s1 : 0000000000000000 a0 : 0000000000000001 a1 : 0000000000000100 [ 0.045046][ T0] a2: 0000000000000000 a3: 0000000000000000 a4: 0000000000000000 [0.045124][T0] a5: 00000000000000000 a6: 0000000000000000 a7: 000000 0054494d45 [ 0.045210][ T0] s2 : ffffffff80003b94 s3 : ffffffff81a8f1b0 s4 : ffffffff80e27b50 [ 0.045289][ T0] s5 : ffffffff81414880 s6 : ffffffff8160fa00 s7 : 00800120e8 [ 0.045389][ T0] s8 : 0000000080013100 s9 : 000000000000007f s10: 00000000000000000 [ 0.045474][ T0 ] s11: 0000000000000000 t3: 7ffffffffffffff t4: 0000000000000000 [0.045548][T0] t5: 0000000000000000 t6: ffffffff814aa368 [0.045620][T0] 0000000200000100 badaddr: 00000000000000f8 causa: 000000000000000d [ 0.046402][ T0] [] restaurar_todo+ 0x12/0x6e Esto porque el $fp(aka. $s0) el registro no se utiliza como puntero de marco en el c\u00f3digo de entrada del ensamblado. resume_kernel: reg_l s0, task_ti_preempt_count (tp) bnez s0, restaure_all reg_l s0, task_ti_flags (tp) andi s0, s0, _tif_need_resched beqz s0, restaure_all call preempt_schedul S_ { on,off}() para que puedan ser llamados de forma segura mediante un c\u00f3digo de entrada de bajo nivel." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.9", + "versionEndExcluding": "5.10.103", + "matchCriteriaId": "7144C576-97DF-4D5F-B88F-F55AF9826BF5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.26", + "matchCriteriaId": "9AB342AE-A62E-4947-A6EA-511453062B2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.12", + "matchCriteriaId": "C76BAB21-7F23-4AD8-A25F-CA7B262A2698" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", + "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1851b9a467065b18ec2cba156eea345206df1c8f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/22e2100b1b07d6f5acc71cc1acb53f680c677d77", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9e2dbc31e367d08ee299a0d8aeb498cb2e12a1c3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b5e180490db4af8c0f80c4b65ee482d333d0e8ee", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48923.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48923.json index df9d23190ef..186d569a8d5 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48923.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48923.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48923", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-22T02:15:08.377", - "lastModified": "2024-08-22T12:48:02.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T12:50:02.173", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,113 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: btrfs: evita copiar un segmento lzo comprimido demasiado grande. La longitud comprimida puede corromperse y ser mucho mayor que la memoria que hemos asignado para el b\u00fafer. Esto har\u00e1 que memcpy en copy_compressed_segment escriba fuera de la memoria asignada. Esto principalmente da como resultado una llamada al sistema de lectura bloqueada, pero a veces, cuando se usa el env\u00edo btrfs, se puede obtener el kernel #GP: falla de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0x841551d5c1000: 0000 [#1] Kernel PREEMPT SMP NOPTI: CPU: 17 PID: 264 Comm: kworker /u256:7 Contaminado: P OE 5.17.0-rc2-1 #12 kernel: Workqueue: btrfs-endio btrfs_work_helper [btrfs] kernel: RIP: 0010:lzo_decompress_bio (./include/linux/fortify-string.h:225 fs /btrfs/lzo.c:322 fs/btrfs/lzo.c:394) C\u00f3digo btrfs que comienza con la instrucci\u00f3n err\u00f3nea ========================== ================== 0:* 48 8b 06 mov (%rsi),%rax <-- instrucci\u00f3n de captura 3: 48 8d 79 08 lea 0x8(%rcx), %rdi 7: 48 83 e7 f8 y $0xffffffffffffffff8,%rdi b: 48 89 01 mov %rax,(%rcx) e: 44 89 f0 mov %r14d,%eax 11: 48 8b 54 06 f8 mov -0x8(% rsi,%rax,1),%rdx kernel: RSP: 0018:ffffb110812efd50 EFLAGS: 00010212 kernel: RAX: 0000000000001000 RBX: 000000009ca264c8 RCX: ffff98996e6d8ff8 kernel: RDX: 0000000064 RSI: 000841551d5c1000 RDI: ffffffff9500435d kernel: RBP: ffff989a3be856c0 R08: 0000000000000000 R09: 0000000000000000 kernel: R10: 0000000000000000 R11: 0000000000001000 R12: ffff98996e6d8000 kernel: R13: 0000000000000008 R14: 00000000000 01000 R15: 000841551d5c1000 kernel: FS: 0000000000000000(0000) GS:ffff98a09d640000(0000) knlGS:00000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 00001e9f984d9ea8 CR3: 000000014971a000 CR4: 00000000003506e0 kernel: Seguimiento de llamadas: kernel: kernel: end_compressed_bio_read (fs/btrfs/compression.c: 104 fs/btrfs/compression.c:1363 fs /btrfs/compression.c:323) kernel btrfs: end_workqueue_fn (fs/btrfs/disk-io.c:1923) kernel btrfs: btrfs_work_helper (fs/btrfs/async-thread.c:326) kernel btrfs: Process_one_work (./ arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:212 ./include/trace/events/workqueue.h:108 kernel/workqueue.c:2312) kernel: trabajador_thread (. /include/linux/list.h:292 kernel/workqueue.c:2455) kernel:? Process_one_work (kernel/workqueue.c:2397) kernel: kthread (kernel/kthread.c:377) kernel:? kthread_complete_and_exit (kernel/kthread.c:332) kernel: ret_from_fork (arch/x86/entry/entry_64.S:301) kernel: " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.15.26", + "matchCriteriaId": "0988E2F0-011E-46E9-BFAE-17673706CBBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.12", + "matchCriteriaId": "C76BAB21-7F23-4AD8-A25F-CA7B262A2698" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", + "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", + "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/741b23a970a79d5d3a1db2d64fa2c7b375a4febb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8df508b7a44cd8110c726057cd28e8f8116885eb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e326bd06cdde46df952361456232022298281d16", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36947.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36947.json index 7b3922edaf6..8b2625f1115 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36947.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36947.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36947", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-16T05:15:49.740", - "lastModified": "2023-10-19T11:10:15.513", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T13:35:13.497", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36950.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36950.json index f830b1955bf..36472a1a0f3 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36950.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36950.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36950", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-16T06:15:10.253", - "lastModified": "2023-10-19T11:10:37.533", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T13:35:15.180", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-459xx/CVE-2023-45984.json b/CVE-2023/CVE-2023-459xx/CVE-2023-45984.json index 3f8b95ade6b..23e1d23a0ab 100644 --- a/CVE-2023/CVE-2023-459xx/CVE-2023-45984.json +++ b/CVE-2023/CVE-2023-459xx/CVE-2023-45984.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45984", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-16T18:15:16.510", - "lastModified": "2023-10-19T13:05:29.860", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T13:35:15.987", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51014.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51014.json index 2d59d501d12..cc439920faf 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51014.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51014.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51014", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T19:15:09.403", - "lastModified": "2023-12-27T21:10:13.203", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T13:35:17.787", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51025.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51025.json index e2ac98ea092..a4d205df56d 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51025.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51025.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51025", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T18:15:07.860", - "lastModified": "2023-12-27T21:10:57.747", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T13:35:20.590", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5203.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5203.json index 2a127bca6a4..32c35ee8617 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5203.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5203.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5203", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:07.770", - "lastModified": "2024-01-02T20:43:49.667", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T13:35:21.440", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6155.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6155.json index e502c9c4afe..acabf3d2e43 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6155.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6155.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6155", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:08.307", - "lastModified": "2024-01-02T20:16:59.773", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T13:35:21.663", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-287" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20304.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20304.json index b85856006b4..a7a94a567db 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20304.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20304.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20304", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-09-11T17:15:11.853", - "lastModified": "2024-09-11T17:15:11.853", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device.\r\n\r\nThis vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.\r\nNote: This vulnerability can be exploited using IPv4 or IPv6." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n multicast traceroute versi\u00f3n 2 (Mtrace2) del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado agote la memoria de paquetes UDP de un dispositivo afectado. Esta vulnerabilidad existe porque el c\u00f3digo Mtrace2 no maneja correctamente la memoria de paquetes. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando paquetes manipulados a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante agote la memoria de paquetes UDP entrantes. El dispositivo afectado no podr\u00eda procesar paquetes de protocolos basados en UDP de nivel superior, lo que posiblemente provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Nota: Esta vulnerabilidad se puede aprovechar utilizando IPv4 o IPv6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20317.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20317.json index 09d11dfe576..bdb725a0cac 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20317.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20317.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20317", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-09-11T17:15:12.043", - "lastModified": "2024-09-11T17:15:12.043", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethernet frames to or through the affected device. A successful exploit could allow the attacker to cause control plane protocol relationships to fail, resulting in a DoS condition. For more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el manejo de tramas Ethernet espec\u00edficas por parte del software Cisco IOS XR para varias plataformas Cisco Network Convergence System (NCS) podr\u00eda permitir que un atacante adyacente no autenticado provoque que se descarten paquetes de prioridad cr\u00edtica, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a la clasificaci\u00f3n incorrecta de ciertos tipos de tramas Ethernet que se reciben en una interfaz. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tipos espec\u00edficos de tramas Ethernet al dispositivo afectado o a trav\u00e9s de \u00e9l. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante provoque que las relaciones de protocolo del plano de control fallen, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio. Para obtener m\u00e1s informaci\u00f3n, consulte la secci\u00f3n de este aviso. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20343.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20343.json index a76a073ad75..9c0ca6d9d8f 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20343.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20343.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20343", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-09-11T17:15:12.223", - "lastModified": "2024-09-11T17:15:12.223", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device.\r\n\r\nThis vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la CLI del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado lea cualquier archivo en el sistema de archivos del sistema operativo Linux subyacente. El atacante debe tener credenciales v\u00e1lidas en el dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los argumentos que se pasan a un comando CLI espec\u00edfico. Un atacante podr\u00eda aprovechar esta vulnerabilidad iniciando sesi\u00f3n en un dispositivo afectado con credenciales con pocos privilegios y utilizando el comando afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante acceda a archivos en modo de solo lectura en el sistema de archivos Linux." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20381.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20381.json index 24f3d6a32f5..89cdfe72dad 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20381.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20381.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20381", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-09-11T17:15:12.403", - "lastModified": "2024-09-11T17:15:12.403", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management interfaces of Cisco Crosswork Network Services Orchestrator (NSO), Cisco Optical Site Manager, and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.\r\n\r\nThis vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n API JSON-RPC en ConfD que utilizan las interfaces de administraci\u00f3n basadas en web de Cisco Crosswork Network Services Orchestrator (NSO), Cisco Optical Site Manager y Cisco RV340 Dual WAN Gigabit VPN Routers podr\u00eda permitir que un atacante remoto autenticado modifique la configuraci\u00f3n de una aplicaci\u00f3n o dispositivo afectado. Esta vulnerabilidad se debe a comprobaciones de autorizaci\u00f3n incorrectas en la API. Un atacante con privilegios suficientes para acceder a la aplicaci\u00f3n o dispositivo afectado podr\u00eda explotar esta vulnerabilidad enviando solicitudes maliciosas a la API JSON-RPC. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar modificaciones no autorizadas a la configuraci\u00f3n de la aplicaci\u00f3n o dispositivo afectado, incluida la creaci\u00f3n de nuevas cuentas de usuario o la elevaci\u00f3n de sus propios privilegios en un sistema afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20390.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20390.json index 667465b265e..5723978d390 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20390.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20390.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20390", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-09-11T17:15:12.613", - "lastModified": "2024-09-11T17:15:12.613", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751.\r\n\r\nThis vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n Dedicated XML Agent del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio (DoS) en el puerto de escucha XML TCP 38751. Esta vulnerabilidad se debe a la falta de una validaci\u00f3n de errores adecuada de los paquetes XML de entrada. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un flujo continuo y elaborado de tr\u00e1fico XML a un dispositivo de destino. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante hacer que el puerto XML TCP 38751 se vuelva inaccesible mientras persista el tr\u00e1fico de ataque." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20398.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20398.json index 857d7f0fbd5..d28ede56606 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20398.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20398.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20398", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-09-11T17:15:12.860", - "lastModified": "2024-09-11T17:15:12.860", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la CLI del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado obtenga acceso de lectura y escritura al sistema de archivos en el sistema operativo subyacente de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de los argumentos de usuario que se pasan a comandos CLI espec\u00edficos. Un atacante con una cuenta con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad mediante el uso de comandos manipulados en el indicador. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante elevar los privilegios a superusuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20406.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20406.json index af2e441b5c5..1c0ecee6d19 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20406.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20406.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20406", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-09-11T17:15:13.040", - "lastModified": "2024-09-11T17:15:13.040", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending specific IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process on all affected devices that are participating in the Flexible Algorithm to crash and restart, resulting in a DoS condition.\r\nNote: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency. This vulnerability affects segment routing for IS-IS over IPv4 and IPv6 control planes as well as devices that are configured as level 1, level 2, or multi-level routing IS-IS type." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de enrutamiento de segmentos para el protocolo de sistema intermedio a sistema intermedio (IS-IS) del software Cisco IOS XR podr\u00eda permitir que un atacante adyacente no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de los paquetes IS-IS de entrada. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando paquetes IS-IS espec\u00edficos a un dispositivo afectado despu\u00e9s de formar una adyacencia. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante provoque que el proceso IS-IS en todos los dispositivos afectados que participan en el algoritmo flexible se bloquee y se reinicie, lo que da como resultado una condici\u00f3n de DoS. Nota: El protocolo IS-IS es un protocolo de enrutamiento. Para aprovechar esta vulnerabilidad, un atacante debe estar adyacente a la capa 2 del dispositivo afectado y debe haber formado una adyacencia. Esta vulnerabilidad afecta al enrutamiento de segmentos para IS-IS sobre planos de control IPv4 e IPv6, as\u00ed como a dispositivos que est\u00e1n configurados como tipo IS-IS de enrutamiento de nivel 1, nivel 2 o multinivel." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20483.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20483.json index 95ba50e66af..cf1447c3af8 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20483.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20483.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20483", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-09-11T17:15:13.213", - "lastModified": "2024-09-11T17:15:13.213", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root.\r\n\r\nThese vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command. A successful exploit could allow the attacker to execute arbitrary commands as root on the PON controller." + }, + { + "lang": "es", + "value": "Varias vulnerabilidades en el software Cisco Routed PON Controller, que se ejecuta como un contenedor Docker en hardware compatible con el software Cisco IOS XR, podr\u00edan permitir que un atacante remoto autenticado con privilegios de nivel de administrador en el administrador de PON o acceso directo a la instancia MongoDB del administrador de PON realice ataques de inyecci\u00f3n de comandos en el contenedor del controlador de PON y ejecute comandos arbitrarios como superusuario. Estas vulnerabilidades se deben a una validaci\u00f3n insuficiente de los argumentos que se pasan a comandos de configuraci\u00f3n espec\u00edficos. Un atacante podr\u00eda aprovechar estas vulnerabilidades al incluir una entrada manipulada como argumento de un comando de configuraci\u00f3n afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios como superusuario en el controlador de PON." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20489.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20489.json index 47fda851f6a..14df66f15ab 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20489.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20489.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20489", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-09-11T17:15:13.393", - "lastModified": "2024-09-11T17:15:13.393", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.\r\n\r\nThis vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el m\u00e9todo de almacenamiento del archivo de configuraci\u00f3n del controlador PON podr\u00eda permitir que un atacante local autenticado con privilegios bajos obtenga las credenciales de MongoDB. Esta vulnerabilidad se debe al almacenamiento inadecuado de las credenciales de la base de datos sin cifrar en el dispositivo que ejecuta el software Cisco IOS XR. Un atacante podr\u00eda aprovechar esta vulnerabilidad accediendo a los archivos de configuraci\u00f3n en un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ver las credenciales de MongoDB." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2010.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2010.json index ad14531c15a..6c6692c917c 100644 --- a/CVE-2024/CVE-2024-20xx/CVE-2024-2010.json +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2010.json @@ -2,13 +2,17 @@ "id": "CVE-2024-2010", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-09-12T09:15:05.210", - "lastModified": "2024-09-12T09:15:05.210", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE Informatics V5 allows Reflected XSS.This issue affects V5: before 6.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de etiquetas HTML relacionadas con scripts en una p\u00e1gina web (XSS b\u00e1sico) en TE Informatics V5 permite XSS reflejado. Este problema afecta a V5: anteriores a 6.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27320.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27320.json new file mode 100644 index 00000000000..d57700faefa --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27320.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-27320", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:11.987", + "lastModified": "2024-09-12T13:15:11.987", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-95" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-autolabel/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27321.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27321.json new file mode 100644 index 00000000000..8dc640222e3 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27321.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-27321", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:12.267", + "lastModified": "2024-09-12T13:15:12.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-95" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-autolabel/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-289xx/CVE-2024-28981.json b/CVE-2024/CVE-2024-289xx/CVE-2024-28981.json index 1a9666a4477..9d056c8f5da 100644 --- a/CVE-2024/CVE-2024-289xx/CVE-2024-28981.json +++ b/CVE-2024/CVE-2024-289xx/CVE-2024-28981.json @@ -2,13 +2,17 @@ "id": "CVE-2024-28981", "sourceIdentifier": "security.vulnerabilities@hitachivantara.com", "published": "2024-09-12T00:15:02.127", - "lastModified": "2024-09-12T00:15:02.127", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields." + }, + { + "lang": "es", + "value": "Las versiones de Hitachi Vantara Pentaho Data Integration & Analytics anteriores a 10.1.0.0 y 9.3.0.8, incluida 8.3.x, revelan contrase\u00f1as de bases de datos al buscar campos inyectables de metadatos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-298xx/CVE-2024-29847.json b/CVE-2024/CVE-2024-298xx/CVE-2024-29847.json index 793b0eb5e0c..5beefdccaa0 100644 --- a/CVE-2024/CVE-2024-298xx/CVE-2024-29847.json +++ b/CVE-2024/CVE-2024-298xx/CVE-2024-29847.json @@ -2,13 +2,17 @@ "id": "CVE-2024-29847", "sourceIdentifier": "support@hackerone.com", "published": "2024-09-12T02:15:02.077", - "lastModified": "2024-09-12T02:15:02.077", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution." + }, + { + "lang": "es", + "value": "La deserializaci\u00f3n de datos no confiables en el portal del agente de Ivanti EPM antes de 2022 SU6 o la actualizaci\u00f3n de septiembre de 2024 permite que un atacante remoto no autenticado logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3163.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3163.json index 87b7c1b2630..596a6be12fc 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3163.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3163.json @@ -2,13 +2,17 @@ "id": "CVE-2024-3163", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:23.607", - "lastModified": "2024-09-12T06:15:23.607", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack" + }, + { + "lang": "es", + "value": "El complemento Easy Property Listings de WordPress anterior a la versi\u00f3n 3.5.4 no tiene verificaci\u00f3n CSRF al eliminar contactos en masa, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los elimine mediante un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32840.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32840.json index 4e50fa2abcd..8c1d52eda50 100644 --- a/CVE-2024/CVE-2024-328xx/CVE-2024-32840.json +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32840.json @@ -2,13 +2,17 @@ "id": "CVE-2024-32840", "sourceIdentifier": "support@hackerone.com", "published": "2024-09-12T02:15:02.257", - "lastModified": "2024-09-12T02:15:02.257", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "Una inyecci\u00f3n SQL no especificada en Ivanti EPM antes de 2022 SU6 o la actualizaci\u00f3n de septiembre de 2024 permite que un atacante autenticado remoto con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32842.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32842.json index 6b521005f86..2d6a044e9c6 100644 --- a/CVE-2024/CVE-2024-328xx/CVE-2024-32842.json +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32842.json @@ -2,13 +2,17 @@ "id": "CVE-2024-32842", "sourceIdentifier": "support@hackerone.com", "published": "2024-09-12T02:15:02.417", - "lastModified": "2024-09-12T02:15:02.417", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "Una inyecci\u00f3n SQL no especificada en Ivanti EPM antes de 2022 SU6 o la actualizaci\u00f3n de septiembre de 2024 permite que un atacante autenticado remoto con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32843.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32843.json index 8d4106fa9e5..9a0b6ffc919 100644 --- a/CVE-2024/CVE-2024-328xx/CVE-2024-32843.json +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32843.json @@ -2,13 +2,17 @@ "id": "CVE-2024-32843", "sourceIdentifier": "support@hackerone.com", "published": "2024-09-12T02:15:02.567", - "lastModified": "2024-09-12T02:15:02.567", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "Una inyecci\u00f3n SQL no especificada en Ivanti EPM antes de 2022 SU6 o la actualizaci\u00f3n de septiembre de 2024 permite que un atacante autenticado remoto con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32845.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32845.json index 45c0e14e50a..4c90d107c50 100644 --- a/CVE-2024/CVE-2024-328xx/CVE-2024-32845.json +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32845.json @@ -2,13 +2,17 @@ "id": "CVE-2024-32845", "sourceIdentifier": "support@hackerone.com", "published": "2024-09-12T02:15:02.730", - "lastModified": "2024-09-12T02:15:02.730", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "Una inyecci\u00f3n SQL no especificada en Ivanti EPM antes de 2022 SU6 o la actualizaci\u00f3n de septiembre de 2024 permite que un atacante autenticado remoto con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32846.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32846.json index f8ad94bfafb..932f8708311 100644 --- a/CVE-2024/CVE-2024-328xx/CVE-2024-32846.json +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32846.json @@ -2,13 +2,17 @@ "id": "CVE-2024-32846", "sourceIdentifier": "support@hackerone.com", "published": "2024-09-12T02:15:02.883", - "lastModified": "2024-09-12T02:15:02.883", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "Una inyecci\u00f3n SQL no especificada en Ivanti EPM antes de 2022 SU6 o la actualizaci\u00f3n de septiembre de 2024 permite que un atacante autenticado remoto con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32848.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32848.json index b024be7535e..024a8464ed6 100644 --- a/CVE-2024/CVE-2024-328xx/CVE-2024-32848.json +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32848.json @@ -2,13 +2,17 @@ "id": "CVE-2024-32848", "sourceIdentifier": "support@hackerone.com", "published": "2024-09-12T02:15:03.043", - "lastModified": "2024-09-12T02:15:03.043", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "Una inyecci\u00f3n SQL no especificada en Ivanti EPM antes de 2022 SU6 o la actualizaci\u00f3n de septiembre de 2024 permite que un atacante autenticado remoto con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3305.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3305.json new file mode 100644 index 00000000000..b81c1a56577 --- /dev/null +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3305.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-3305", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2024-09-12T13:15:12.540", + "lastModified": "2024-09-12T13:15:12.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.8, + "baseSeverity": "HIGH" + } + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-1457", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3306.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3306.json new file mode 100644 index 00000000000..4f0a0a961d7 --- /dev/null +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3306.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-3306", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2024-09-12T13:15:12.767", + "lastModified": "2024-09-12T13:15:12.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.8, + "baseSeverity": "HIGH" + } + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-1457", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34779.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34779.json index 73ff2aefb6d..b5f4554aaae 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34779.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34779.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34779", "sourceIdentifier": "support@hackerone.com", "published": "2024-09-12T02:15:03.207", - "lastModified": "2024-09-12T02:15:03.207", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "Una inyecci\u00f3n SQL no especificada en Ivanti EPM antes de 2022 SU6 o la actualizaci\u00f3n de septiembre de 2024 permite que un atacante autenticado remoto con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34783.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34783.json index 19f2a6c0e9d..ad24b931312 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34783.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34783.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34783", "sourceIdentifier": "support@hackerone.com", "published": "2024-09-12T02:15:03.380", - "lastModified": "2024-09-12T02:15:03.380", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "Una inyecci\u00f3n SQL no especificada en Ivanti EPM antes de 2022 SU6 o la actualizaci\u00f3n de septiembre de 2024 permite que un atacante autenticado remoto con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34785.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34785.json index ec3544d3d9c..1be391ff59d 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34785.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34785.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34785", "sourceIdentifier": "support@hackerone.com", "published": "2024-09-12T02:15:03.540", - "lastModified": "2024-09-12T02:15:03.540", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "Una inyecci\u00f3n SQL no especificada en Ivanti EPM antes de 2022 SU6 o la actualizaci\u00f3n de septiembre de 2024 permite que un atacante autenticado remoto con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-373xx/CVE-2024-37397.json b/CVE-2024/CVE-2024-373xx/CVE-2024-37397.json index 2c6358d94dc..c849f76a84d 100644 --- a/CVE-2024/CVE-2024-373xx/CVE-2024-37397.json +++ b/CVE-2024/CVE-2024-373xx/CVE-2024-37397.json @@ -2,13 +2,17 @@ "id": "CVE-2024-37397", "sourceIdentifier": "support@hackerone.com", "published": "2024-09-12T02:15:03.700", - "lastModified": "2024-09-12T02:15:03.700", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de entidad XML externa (XXE) en el servicio web de aprovisionamiento de Ivanti EPM antes de 2022 SU6 o la actualizaci\u00f3n de septiembre de 2024 permite que un atacante remoto no autenticado filtre secretos de API." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-382xx/CVE-2024-38222.json b/CVE-2024/CVE-2024-382xx/CVE-2024-38222.json index 6374298c0b2..1951aa67e00 100644 --- a/CVE-2024/CVE-2024-382xx/CVE-2024-38222.json +++ b/CVE-2024/CVE-2024-382xx/CVE-2024-38222.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38222", "sourceIdentifier": "secure@microsoft.com", "published": "2024-09-12T03:15:02.983", - "lastModified": "2024-09-12T03:15:02.983", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Microsoft Edge (basado en Chromium)" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38577.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38577.json index 009c37e2e0e..fa43b409086 100644 --- a/CVE-2024/CVE-2024-385xx/CVE-2024-38577.json +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38577.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38577", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-19T14:15:17.787", - "lastModified": "2024-08-01T20:13:24.763", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T12:15:47.620", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -99,6 +99,10 @@ "Patch" ] }, + { + "url": "https://git.kernel.org/stable/c/17c43211d45f13d1badea3942b76bf16bcc49281", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/1a240e138071b25944ded0f5b3e357aa99fabcb7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", @@ -120,6 +124,10 @@ "Patch" ] }, + { + "url": "https://git.kernel.org/stable/c/af7b560c88fb420099e29890aa682b8a3efc8784", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/cc5645fddb0ce28492b15520306d092730dffa48", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39591.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39591.json index cb89ef07426..a54fe6b0f2b 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39591.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39591.json @@ -2,8 +2,8 @@ "id": "CVE-2024-39591", "sourceIdentifier": "cna@sap.com", "published": "2024-08-13T05:15:13.347", - "lastModified": "2024-08-13T12:58:25.437", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:29:47.207", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -51,14 +71,92 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*", + "matchCriteriaId": "3273C74F-E5FE-47A2-B7F8-E76095A64359" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_103:*:*:*:*:*:*:*", + "matchCriteriaId": "65DD3306-BD29-4E59-A0BE-7BEFB80E83A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_104:*:*:*:*:*:*:*", + "matchCriteriaId": "49820851-29AD-4467-9CC9-6938197538A7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_105:*:*:*:*:*:*:*", + "matchCriteriaId": "6012CA9C-F45A-44FD-84A2-960D41638458" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_106:*:*:*:*:*:*:*", + "matchCriteriaId": "25337ED2-24AC-4329-89FE-2ACC8F806721" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_107:*:*:*:*:*:*:*", + "matchCriteriaId": "A48BA465-1906-4E24-BCC4-43677988EE56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_108:*:*:*:*:*:*:*", + "matchCriteriaId": "7562A2A3-BBA4-4FE7-800C-1D0A9FD750D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*", + "matchCriteriaId": "3A14342E-3477-457C-AF13-54AFFA9DE1C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_731:*:*:*:*:*:*:*", + "matchCriteriaId": "A1FA8D4E-C6EB-4DD9-9729-0CE94FC1023D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_746:*:*:*:*:*:*:*", + "matchCriteriaId": "B2ED89F2-6C57-4393-9D7C-EF02C399F514" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_747:*:*:*:*:*:*:*", + "matchCriteriaId": "8D738350-C117-4248-9334-2D1540986E34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_748:*:*:*:*:*:*:*", + "matchCriteriaId": "9242A4C0-3C2B-4877-A3CA-F17C2A036162" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3477423", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://url.sap/sapsecuritypatchday", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41730.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41730.json index d46e1697832..58ccc3d84a9 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41730.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41730.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41730", "sourceIdentifier": "cna@sap.com", "published": "2024-08-13T04:15:08.050", - "lastModified": "2024-08-13T12:58:25.437", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:56:51.237", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -51,14 +71,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_430:*:*:*:*:*:*:*", + "matchCriteriaId": "0764428E-CA9F-4BEF-90A9-E81D21398B91" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_440:*:*:*:*:*:*:*", + "matchCriteriaId": "C464A193-F7CE-49A3-9B9D-17C1EA8E08AF" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3479478", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://url.sap/sapsecuritypatchday", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41733.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41733.json index fa4e21c7790..aac113b3c8f 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41733.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41733.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41733", "sourceIdentifier": "cna@sap.com", "published": "2024-08-13T04:15:08.987", - "lastModified": "2024-08-13T12:58:25.437", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:55:49.880", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "cna@sap.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "cna@sap.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,14 +81,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:commerce:com_cloud_2211:*:*:*:*:*:*:*", + "matchCriteriaId": "9675EB72-CE1B-44EB-830C-5EE3760B4E8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:commerce:hy_com_2205:*:*:*:*:*:*:*", + "matchCriteriaId": "1D604185-AD43-4C48-8B43-ADC9560A677E" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3471450", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://url.sap/sapsecuritypatchday", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41734.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41734.json index dea8a35893f..1b7305be3ba 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41734.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41734.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41734", "sourceIdentifier": "cna@sap.com", "published": "2024-08-13T05:15:13.587", - "lastModified": "2024-08-13T12:58:25.437", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:28:03.450", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -51,14 +71,107 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:*", + "matchCriteriaId": "AB7909F4-1D66-4C4F-95F3-34ACB0190DB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:*", + "matchCriteriaId": "F8310EBA-2438-427F-80C2-BE151E35D97D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:*", + "matchCriteriaId": "732E155D-C866-4F0E-BC86-037B94308B7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:*", + "matchCriteriaId": "035EDBAC-C29B-49DB-ACEE-CA64750E7290" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_740:*:*:*:*:*:*:*", + "matchCriteriaId": "CFD1A272-9FD0-426F-AF7D-5A8D7CF4A4BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_750:*:*:*:*:*:*:*", + "matchCriteriaId": "05BE37AE-1CC3-4A84-BC9A-B353747B9151" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_751:*:*:*:*:*:*:*", + "matchCriteriaId": "78B1673C-7EF7-4658-91EE-A5BFFDD068B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_752:*:*:*:*:*:*:*", + "matchCriteriaId": "1A69E6E2-46AD-4973-8F39-500D34D50570" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_753:*:*:*:*:*:*:*", + "matchCriteriaId": "15141B2A-8186-454F-BC4D-6BF07420C899" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_754:*:*:*:*:*:*:*", + "matchCriteriaId": "50137ED8-017E-4D0C-ADB4-8FD227301371" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_755:*:*:*:*:*:*:*", + "matchCriteriaId": "021DE052-25C3-49DF-B2AD-BF9D28B1CAD4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_756:*:*:*:*:*:*:*", + "matchCriteriaId": "FFAA63CF-0FD5-4568-A88C-82AD97A14EFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_757:*:*:*:*:*:*:*", + "matchCriteriaId": "17767460-94A3-443D-8D60-3607D3A894D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_758:*:*:*:*:*:*:*", + "matchCriteriaId": "63B654DB-8E10-422A-94B5-42F9D4EAB10F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC51692-5E94-4678-99B0-4EC1D633DDF8" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3494349", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://url.sap/sapsecuritypatchday", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41735.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41735.json index dcc686ed716..88cfae2b4eb 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41735.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41735.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41735", "sourceIdentifier": "cna@sap.com", "published": "2024-08-13T04:15:09.323", - "lastModified": "2024-08-13T12:58:25.437", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:53:32.993", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -51,14 +71,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:commerce_backoffice:hy_com_2205:*:*:*:*:*:*:*", + "matchCriteriaId": "BDC3D015-A14B-416E-9E67-81B59E581ACC" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3483256", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://url.sap/sapsecuritypatchday", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41736.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41736.json index 1b391d43cf1..07f9027ba6a 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41736.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41736.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41736", "sourceIdentifier": "cna@sap.com", "published": "2024-08-13T04:15:09.607", - "lastModified": "2024-08-13T12:58:25.437", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:51:42.727", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "cna@sap.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "cna@sap.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,14 +81,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:permit_to_work:uis4hop1_800:*:*:*:*:*:*:*", + "matchCriteriaId": "C89623C8-C8AC-47B1-8EB5-CAAFBD64FAE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:permit_to_work:uis4hop1_900:*:*:*:*:*:*:*", + "matchCriteriaId": "40CB5F2B-8B3E-4266-AB66-7680174E69F5" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3475427", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://url.sap/sapsecuritypatchday", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41737.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41737.json index 2154b8cc63a..b71e8172503 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41737.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41737.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41737", "sourceIdentifier": "cna@sap.com", "published": "2024-08-13T04:15:10.003", - "lastModified": "2024-08-13T12:58:25.437", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:49:41.953", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -51,14 +71,62 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_700:*:*:*:*:*:*:*", + "matchCriteriaId": "56146502-6778-454C-A517-01ED658B57D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_701:*:*:*:*:*:*:*", + "matchCriteriaId": "6B715AC7-4B63-4EF0-A365-0AF70C353A13" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_702:*:*:*:*:*:*:*", + "matchCriteriaId": "6563AFD1-DD7A-45FE-92B2-E658B51F2BAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_712:*:*:*:*:*:*:*", + "matchCriteriaId": "1F64314D-14EB-4CAE-8E23-17C32DB5B2C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_713:*:*:*:*:*:*:*", + "matchCriteriaId": "46B2C8CC-A497-4E96-B052-54FB241FB29A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_714:*:*:*:*:*:*:*", + "matchCriteriaId": "6B40DA99-17DA-4DB1-9ACB-5C9E91FCF54E" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3487537", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://url.sap/sapsecuritypatchday", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42246.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42246.json index 59e17a1f348..05cff3d4494 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42246.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42246.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42246", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-07T16:15:47.297", - "lastModified": "2024-08-08T14:52:35.353", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T12:15:48.497", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -85,6 +85,14 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/02ee1976edb21a96ce8e3fd4ef563f14cc16d041", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5d8254e012996cee1a0f9cc920531cb7e4d9a011", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/626dfed5fa3bfb41e0dffd796032b555b69f9cde", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", @@ -92,6 +100,14 @@ "Patch" ] }, + { + "url": "https://git.kernel.org/stable/c/934247ea65bc5eca8bdb7f8c0ddc15cef992a5d6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bc790261218952635f846aaf90bcc0974f6f62c6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/d6c686c01c5f12ff8f7264e0ddf71df6cb0d4414", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42373.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42373.json index 91d390f1c9b..e41969c8d8e 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42373.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42373.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42373", "sourceIdentifier": "cna@sap.com", "published": "2024-08-13T05:15:13.800", - "lastModified": "2024-08-13T12:58:25.437", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:26:37.753", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -51,14 +71,77 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:student_life_cycle_management:617:*:*:*:*:*:*:*", + "matchCriteriaId": "49D1564B-9F48-442C-B521-B79A982B6010" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*", + "matchCriteriaId": "9630E381-1579-4D71-B49D-1079A31E3A63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*", + "matchCriteriaId": "B60BA131-5DA5-409F-806A-641A7BBB9D33" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*", + "matchCriteriaId": "1CE9F776-1B68-4ABA-850E-44DB58C2F616" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*", + "matchCriteriaId": "CA4A7443-E21B-4EAE-A4EC-E3B9A8908FBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*", + "matchCriteriaId": "6025F055-0E0E-41A3-BE2D-95229710FB1D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*", + "matchCriteriaId": "8C49CAC0-C207-4BC6-AE05-65645B54011C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*", + "matchCriteriaId": "463C241E-928C-4FE8-993D-F09E6F4EEC69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*", + "matchCriteriaId": "F34FAC4C-4E0A-4E80-8276-E7DA12EC5BF3" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3479293", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://url.sap/sapsecuritypatchday", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42375.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42375.json index c487c981d29..13edfbc867a 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42375.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42375.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42375", "sourceIdentifier": "cna@sap.com", "published": "2024-08-13T04:15:10.567", - "lastModified": "2024-08-13T12:58:25.437", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:46:39.527", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "cna@sap.com", "type": "Secondary", @@ -51,14 +81,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:business_objects_business_intelligence_platform:420:*:*:*:*:*:*:*", + "matchCriteriaId": "1F7F8064-45BC-4A01-897A-0A2893BBBEC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:*", + "matchCriteriaId": "6EB0EFA3-8AD2-42F2-86E1-A62ECF8340E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:business_objects_business_intelligence_platform:440:*:*:*:*:*:*:*", + "matchCriteriaId": "AD397634-7D49-454E-9854-0A8212008655" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3433545", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://url.sap/sapsecuritypatchday", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42376.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42376.json index aa84b173656..e26aa72fcf0 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42376.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42376.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42376", "sourceIdentifier": "cna@sap.com", "published": "2024-08-13T04:15:10.837", - "lastModified": "2024-08-13T12:58:25.437", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:43:27.507", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -51,14 +71,57 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:*:*:*:*:*:*:*", + "matchCriteriaId": "5AC1EAA0-7B20-4B4C-9F7D-8F7832D91BCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:*:*:*:*:*:*:*", + "matchCriteriaId": "CFE56A04-ADDE-4A27-87CA-C801DFA5CD80" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:*:*:*:*:*:*:*", + "matchCriteriaId": "36822481-BB89-421A-99D5-33854E6080B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:*:*:*:*:*:*:*", + "matchCriteriaId": "6BA0ED8A-F75D-49DF-BD37-CD3273E2F8E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:*:*:*:*:*:*:*", + "matchCriteriaId": "6852223A-C675-4F29-92E4-90092DBDF11E" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3474590", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://url.sap/sapsecuritypatchday", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42377.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42377.json index e6fa0ab6bc8..36aee647be7 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42377.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42377.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42377", "sourceIdentifier": "cna@sap.com", "published": "2024-08-13T04:15:11.290", - "lastModified": "2024-08-13T12:58:25.437", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:42:11.890", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -51,14 +71,57 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:*:*:*:*:*:*:*", + "matchCriteriaId": "5AC1EAA0-7B20-4B4C-9F7D-8F7832D91BCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:*:*:*:*:*:*:*", + "matchCriteriaId": "CFE56A04-ADDE-4A27-87CA-C801DFA5CD80" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:*:*:*:*:*:*:*", + "matchCriteriaId": "36822481-BB89-421A-99D5-33854E6080B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:*:*:*:*:*:*:*", + "matchCriteriaId": "6BA0ED8A-F75D-49DF-BD37-CD3273E2F8E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:*:*:*:*:*:*:*", + "matchCriteriaId": "6852223A-C675-4F29-92E4-90092DBDF11E" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3474590", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://url.sap/sapsecuritypatchday", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-427xx/CVE-2024-42760.json b/CVE-2024/CVE-2024-427xx/CVE-2024-42760.json index 3fcc1f0a747..9b36f668e22 100644 --- a/CVE-2024/CVE-2024-427xx/CVE-2024-42760.json +++ b/CVE-2024/CVE-2024-427xx/CVE-2024-42760.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42760", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-11T19:15:14.983", - "lastModified": "2024-09-11T19:15:14.983", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component." + }, + { + "lang": "es", + "value": "La vulnerabilidad de inyecci\u00f3n SQL en Ellevo v.6.2.0.38160 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del componente /api/mob/instrucao/conta/destinatarios." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43835.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43835.json index 54e9771a649..93e65c99e9b 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43835.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43835.json @@ -2,7 +2,7 @@ "id": "CVE-2024-43835", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.183", - "lastModified": "2024-09-08T08:15:12.870", + "lastModified": "2024-09-12T12:15:48.653", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -17,6 +17,10 @@ ], "metrics": {}, "references": [ + { + "url": "https://git.kernel.org/stable/c/19ac6f29bf64304ef04630c8ab56ecd2059d7aa1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/468a729b78895893d0e580ceea49bed8ada2a2bd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" @@ -25,6 +29,18 @@ "url": "https://git.kernel.org/stable/c/6b5325f2457521bbece29499970c0117a648c620", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/842a97b5e44f0c8a9fc356fe976e0e13ddcf7783", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cc7340f18e45886121c131227985d64ef666012f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d3af435e8ace119e58d8e21d3d2d6a4e7c4a4baa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/f5e9a22d19bb98a7e86034db85eb295e94187caa", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43854.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43854.json index 333700ad719..b8b3b9b1889 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43854.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43854.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43854", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.447", - "lastModified": "2024-08-22T18:12:28.620", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T12:15:49.423", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -92,6 +92,10 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", @@ -99,6 +103,10 @@ "Patch" ] }, + { + "url": "https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", @@ -106,6 +114,10 @@ "Patch" ] }, + { + "url": "https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43892.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43892.json index e3bc50e93d0..830bcd7c511 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43892.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43892.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43892", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-26T11:15:04.157", - "lastModified": "2024-09-05T18:41:38.723", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T12:15:49.593", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -102,12 +102,24 @@ "Patch" ] }, + { + "url": "https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] + }, + { + "url": "https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43897.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43897.json index 4eae010174f..7a99e58551a 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43897.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43897.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43897", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-26T11:15:04.437", - "lastModified": "2024-09-05T18:36:30.347", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T12:15:50.297", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -97,6 +97,10 @@ "Patch" ] }, + { + "url": "https://git.kernel.org/stable/c/413e785a89f8bde0d4156a54b8ac2fa003c06756", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/6772c4868a8e7ad5305957cdb834ce881793acb7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43905.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43905.json index 364c8293d77..099cf409ad6 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43905.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43905.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43905", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-26T11:15:04.897", - "lastModified": "2024-08-27T13:41:03.730", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-12T12:15:51.260", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -84,6 +84,14 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44541.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44541.json index a932a7a12a9..6e1079e6206 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44541.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44541.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44541", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-11T19:15:15.070", - "lastModified": "2024-09-11T21:35:09.840", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the \"username\" parameter in \"/?action=processlogin.\"" + }, + { + "lang": "es", + "value": "Las versiones v4 y anteriores de evilnapsis Inventio Lite son vulnerables a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro \"nombre de usuario\" en \"/?action=processlogin\"." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44570.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44570.json index 1000347bbe5..b828ab16749 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44570.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44570.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44570", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-11T17:15:13.580", - "lastModified": "2024-09-11T21:35:10.697", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que RELY-PCIe v22.2.1 a v23.1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n de c\u00f3digo a trav\u00e9s de la funci\u00f3n getParams en phpinf.php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44571.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44571.json index 0694cb4bc8c..d8c81d0835c 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44571.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44571.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44571", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-11T17:15:13.630", - "lastModified": "2024-09-11T21:35:11.500", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que RELY-PCIe v22.2.1 a v23.1.0 conten\u00eda un control de acceso incorrecto en la funci\u00f3n mService en phpinf.php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44572.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44572.json index a63f6693ef8..ac9b8bd156b 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44572.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44572.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44572", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-11T17:15:13.677", - "lastModified": "2024-09-11T21:35:12.387", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que RELY-PCIe v22.2.1 a v23.1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n sys_mgmt." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44573.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44573.json index 17694428347..83a7bd47aea 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44573.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44573.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44573", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-11T17:15:13.727", - "lastModified": "2024-09-11T17:15:13.727", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross site scripting (XSS) almacenado en la configuraci\u00f3n de VLAN de RELY-PCIe v22.2.1 a v23.1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado espec\u00edficamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44574.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44574.json index 13dc27c67dd..c6f1de114f4 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44574.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44574.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44574", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-11T17:15:13.770", - "lastModified": "2024-09-11T20:35:12.833", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que RELY-PCIe v22.2.1 a v23.1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n sys_conf." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44575.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44575.json index 4e5df113ef5..a98d3531a7b 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44575.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44575.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44575", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-11T17:15:13.820", - "lastModified": "2024-09-11T17:15:13.820", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session." + }, + { + "lang": "es", + "value": "RELY-PCIe v22.2.1 a v23.1.0 no establece el atributo Seguro para cookies confidenciales en sesiones HTTPS, lo que podr\u00eda provocar que el agente de usuario env\u00ede esas cookies en texto plano a trav\u00e9s de una sesi\u00f3n HTTP." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44577.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44577.json index 0294a3537fc..4e6d19ed089 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44577.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44577.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44577", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-11T17:15:13.870", - "lastModified": "2024-09-11T20:35:13.697", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que RELY-PCIe v22.2.1 a v23.1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n time_date." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-449xx/CVE-2024-44974.json b/CVE-2024/CVE-2024-449xx/CVE-2024-44974.json index 6e458c72909..8f0d970323b 100644 --- a/CVE-2024/CVE-2024-449xx/CVE-2024-44974.json +++ b/CVE-2024/CVE-2024-449xx/CVE-2024-44974.json @@ -2,7 +2,7 @@ "id": "CVE-2024-44974", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-04T20:15:07.100", - "lastModified": "2024-09-08T08:15:13.053", + "lastModified": "2024-09-12T12:15:51.397", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -122,6 +122,14 @@ "tags": [ "Patch" ] + }, + { + "url": "https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-450xx/CVE-2024-45009.json b/CVE-2024/CVE-2024-450xx/CVE-2024-45009.json index e02e680aa04..b325db711a1 100644 --- a/CVE-2024/CVE-2024-450xx/CVE-2024-45009.json +++ b/CVE-2024/CVE-2024-450xx/CVE-2024-45009.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45009", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-11T16:15:06.427", - "lastModified": "2024-09-11T16:26:11.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-12T12:15:52.183", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a 'subflow' endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That's not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: pm: solo decrementar add_addr_accepted para solicitud MPJ Agregar la siguiente advertencia ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ... antes de decrementar el contador add_addr_accepted ayud\u00f3 a encontrar un error al ejecutar la subprueba \"eliminar un solo subflujo\" de la autoprueba mptcp_join.sh. Eliminar un endpoint de 'subflujo' primero activar\u00e1 un RM_ADDR, luego el cierre del subflujo. Antes de este parche, y tras la recepci\u00f3n del RM_ADDR, el otro par intentar\u00e1 decrementar este add_addr_accepted. Eso no es correcto porque los subflujos adjuntos no se han creado tras la recepci\u00f3n de un ADD_ADDR. Una forma de resolver esto es disminuir el contador solo si el subflujo adjunto fue un MP_JOIN a una identificaci\u00f3n remota que no era 0, e iniciado por el host que recibi\u00f3 el RM_ADDR." } ], "metrics": {}, @@ -21,6 +25,10 @@ "url": "https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45624.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45624.json index 87d721beb91..585c4743fe6 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45624.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45624.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45624", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-09-12T05:15:05.053", - "lastModified": "2024-09-12T05:15:05.053", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved." + }, + { + "lang": "es", + "value": "Existe un problema de exposici\u00f3n de informaci\u00f3n confidencial debido a pol\u00edticas incompatibles en Pgpool-II. Si un usuario de la base de datos accede a un cach\u00e9 de consultas, es posible que se recuperen datos de tablas no autorizados para el usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45846.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45846.json new file mode 100644 index 00000000000..542742df978 --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45846.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45846", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:12.920", + "lastModified": "2024-09-12T13:15:12.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted \u2018SELECT WHERE\u2019 clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-95" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45847.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45847.json new file mode 100644 index 00000000000..5ddba7f273c --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45847.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45847", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:13.177", + "lastModified": "2024-09-12T13:15:13.177", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted \u2018UPDATE\u2019 query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-95" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45848.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45848.json new file mode 100644 index 00000000000..ae2826d0dc9 --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45848.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45848", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:13.437", + "lastModified": "2024-09-12T13:15:13.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted \u2018INSERT\u2019 query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-95" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45849.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45849.json new file mode 100644 index 00000000000..49e94dcb135 --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45849.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45849", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:13.700", + "lastModified": "2024-09-12T13:15:13.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-95" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45850.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45850.json new file mode 100644 index 00000000000..b348a07f819 --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45850.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45850", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:13.933", + "lastModified": "2024-09-12T13:15:13.933", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-95" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45851.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45851.json new file mode 100644 index 00000000000..f78be5fa067 --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45851.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45851", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:14.170", + "lastModified": "2024-09-12T13:15:14.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-95" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45852.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45852.json new file mode 100644 index 00000000000..53c32553f73 --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45852.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45852", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:14.403", + "lastModified": "2024-09-12T13:15:14.403", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45853.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45853.json new file mode 100644 index 00000000000..031f6d15700 --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45853.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45853", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:14.643", + "lastModified": "2024-09-12T13:15:14.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when used for a prediction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45854.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45854.json new file mode 100644 index 00000000000..e8272e5b0a3 --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45854.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45854", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:14.900", + "lastModified": "2024-09-12T13:15:14.900", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when a \u2018describe\u2019 query is run on it." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45855.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45855.json new file mode 100644 index 00000000000..aa5d4bfdc1b --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45855.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45855", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:15.143", + "lastModified": "2024-09-12T13:15:15.143", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when using \u2018finetune\u2019 on it." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45856.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45856.json new file mode 100644 index 00000000000..060be710db9 --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45856.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45856", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:15.373", + "lastModified": "2024-09-12T13:15:15.373", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45857.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45857.json new file mode 100644 index 00000000000..d92847ed1d2 --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45857.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45857", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-09-12T13:15:16.227", + "lastModified": "2024-09-12T13:15:16.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user\u2019s system when the data directory is loaded." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-cleanlab/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5799.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5799.json index 402a2b16a03..6ee91fa5317 100644 --- a/CVE-2024/CVE-2024-57xx/CVE-2024-5799.json +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5799.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5799", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:23.777", - "lastModified": "2024-09-12T06:15:23.777", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento CM Pop-Up Banners para WordPress anterior a la versi\u00f3n 1.7.3 no desinfecta ni escapa de algunos de sus campos emergentes, lo que podr\u00eda permitir que usuarios con altos privilegios como los colaboradores realicen ataques de cross site scripting." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6017.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6017.json index 50f56a9fb8c..6245f4ccc5a 100644 --- a/CVE-2024/CVE-2024-60xx/CVE-2024-6017.json +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6017.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6017", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:23.850", - "lastModified": "2024-09-12T06:15:23.850", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack" + }, + { + "lang": "es", + "value": "El complemento Music Request Manager de WordPress hasta la versi\u00f3n 1.3 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta desinfecci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6018.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6018.json index 723ac380e65..6e876911fe9 100644 --- a/CVE-2024/CVE-2024-60xx/CVE-2024-6018.json +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6018.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6018", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:23.920", - "lastModified": "2024-09-12T06:15:23.920", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers" + }, + { + "lang": "es", + "value": "El complemento Music Request Manager de WordPress hasta la versi\u00f3n 1.3 no escapa al par\u00e1metro $_SERVER['REQUEST_URI'] antes de mostrarlo nuevamente en un atributo, lo que podr\u00eda generar cross site scripting reflejado en navegadores web antiguos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6019.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6019.json index b5e6083ed7e..4b993f5c9a2 100644 --- a/CVE-2024/CVE-2024-60xx/CVE-2024-6019.json +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6019.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6019", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:24.000", - "lastModified": "2024-09-12T06:15:24.000", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators" + }, + { + "lang": "es", + "value": "El complemento Music Request Manager de WordPress hasta la versi\u00f3n 1.3 no desinfecta ni evita las solicitudes de m\u00fasica entrantes, lo que podr\u00eda permitir que usuarios no autenticados realicen ataques de cross site scripting contra administradores." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-63xx/CVE-2024-6332.json b/CVE-2024/CVE-2024-63xx/CVE-2024-6332.json index c778e076c0d..22ad2df88ab 100644 --- a/CVE-2024/CVE-2024-63xx/CVE-2024-6332.json +++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6332.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6332", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-05T10:15:02.970", - "lastModified": "2024-09-05T12:53:21.110", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-12T12:45:37.917", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -40,6 +40,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -51,18 +61,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tmsproducts:amelia:*:*:*:*:lite:wordpress:*:*", + "versionEndIncluding": "1.2.3", + "matchCriteriaId": "660A14FE-663B-45F0-82A4-5F9A1169B5C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tmsproducts:amelia:*:*:*:*:premium:wordpress:*:*", + "versionEndIncluding": "7.7", + "matchCriteriaId": "382CBCFD-4A86-42F8-BE43-6C0E165FFB96" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/ameliabooking/trunk/assets/js/tinymce/amelia-mce.js#L741", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/ameliabooking/trunk/public/js/tinymce/amelia-mce.js#L741", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ac1e3ee-4dcc-4f45-ad07-17af750da3d1?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-68xx/CVE-2024-6887.json b/CVE-2024/CVE-2024-68xx/CVE-2024-6887.json index 48be009d853..564b95251a9 100644 --- a/CVE-2024/CVE-2024-68xx/CVE-2024-6887.json +++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6887.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6887", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:24.293", - "lastModified": "2024-09-12T06:15:24.293", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": "El complemento Giveaways and Contests by RafflePress para WordPress anterior a la versi\u00f3n 1.12.16 no desinfecta ni elude algunas de sus configuraciones de Sorteos, lo que podr\u00eda permitir que usuarios con privilegios elevados, como editores y superiores, realicen ataques de cross site scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-73xx/CVE-2024-7349.json b/CVE-2024/CVE-2024-73xx/CVE-2024-7349.json index 248ad4a0fa7..96db7d53c6f 100644 --- a/CVE-2024/CVE-2024-73xx/CVE-2024-7349.json +++ b/CVE-2024/CVE-2024-73xx/CVE-2024-7349.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7349", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-06T07:15:02.427", - "lastModified": "2024-09-06T12:08:04.550", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-12T12:43:32.957", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -40,6 +40,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -51,14 +61,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lifterlms:lifterlms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "7.7.6", + "matchCriteriaId": "4FB31A1B-FBCF-46F8-83AE-6EA171A71D9F" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3139798/lifterlms/tags/7.7.6/includes/abstracts/abstract.llms.database.query.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a096506-b18e-419c-808b-6099baa628ce?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-77xx/CVE-2024-7766.json b/CVE-2024/CVE-2024-77xx/CVE-2024-7766.json index 2d1d4888783..02a84b7b6ea 100644 --- a/CVE-2024/CVE-2024-77xx/CVE-2024-7766.json +++ b/CVE-2024/CVE-2024-77xx/CVE-2024-7766.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7766", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:24.363", - "lastModified": "2024-09-12T06:15:24.363", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks" + }, + { + "lang": "es", + "value": "El complemento Adicon Server de WordPress hasta la versi\u00f3n 1.2 no desinfecta ni escapa un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que permite a los administradores realizar ataques de inyecci\u00f3n SQL" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7816.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7816.json index 90339fa5860..4f1593365b5 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7816.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7816.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7816", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:24.440", - "lastModified": "2024-09-12T06:15:24.440", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento Gixaw Chat para WordPress hasta la versi\u00f3n 1.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta desinfecci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7817.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7817.json index 1e800935ec7..2c95597b7b6 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7817.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7817.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7817", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:24.503", - "lastModified": "2024-09-12T06:15:24.503", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack" + }, + { + "lang": "es", + "value": "El complemento Misiek Photo Album de WordPress hasta la versi\u00f3n 1.4.3 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados eliminen \u00e1lbumes arbitrarios mediante un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7818.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7818.json index 8a554bcde23..4fae5c6cd2e 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7818.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7818.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7818", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:24.570", - "lastModified": "2024-09-12T06:15:24.570", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento Misiek Photo Album de WordPress hasta la versi\u00f3n 1.4.3 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta desinfecci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7820.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7820.json index caffa451a80..229d25ee7c0 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7820.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7820.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7820", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:24.633", - "lastModified": "2024-09-12T06:15:24.633", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack" + }, + { + "lang": "es", + "value": "El complemento ILC Thickbox WordPress hasta la versi\u00f3n 1.0 no tiene una verificaci\u00f3n CSRF activada al actualizar sus configuraciones, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n las cambie a trav\u00e9s de un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7822.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7822.json index c2d956cb462..9b9ba93db4e 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7822.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7822.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7822", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:24.713", - "lastModified": "2024-09-12T06:15:24.713", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento Quick Code de WordPress hasta la versi\u00f3n 1.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta desinfecci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7859.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7859.json index 172f74d5bb9..9475381f741 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7859.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7859.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7859", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:24.783", - "lastModified": "2024-09-12T06:15:24.783", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack" + }, + { + "lang": "es", + "value": "El complemento Visual Sound de WordPress hasta la versi\u00f3n 1.03 no tiene una verificaci\u00f3n CSRF activada al actualizar sus configuraciones, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n las cambie mediante un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7860.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7860.json index 4c17c6c6d87..966dab6da66 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7860.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7860.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7860", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:24.853", - "lastModified": "2024-09-12T06:15:24.853", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento Simple Headline Rotator para WordPress hasta la versi\u00f3n 1.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta saneamiento y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7861.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7861.json index 587275362bc..a72adbd406f 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7861.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7861.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7861", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:24.933", - "lastModified": "2024-09-12T06:15:24.933", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento Misiek Paypal para WordPress hasta la versi\u00f3n 1.1.20090324 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta desinfecci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7862.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7862.json index 5d74dfef30a..e560547eac1 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7862.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7862.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7862", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:25.003", - "lastModified": "2024-09-12T06:15:25.003", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack" + }, + { + "lang": "es", + "value": "El complemento blogintroduction-wordpress-plugin de WordPress hasta la versi\u00f3n 0.3.0 no tiene la comprobaci\u00f3n CSRF activada al actualizar sus configuraciones, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n las cambie mediante un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7889.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7889.json index f7fea53af90..61ef7b051d7 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7889.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7889.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7889", "sourceIdentifier": "secure@citrix.com", "published": "2024-09-11T23:15:10.023", - "lastModified": "2024-09-11T23:15:10.023", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in\u00a0Citrix Workspace app for Windows" + }, + { + "lang": "es", + "value": "La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en la aplicaci\u00f3n Citrix Workspace para Windows" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7890.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7890.json index 53af2e96cf8..a5ce3bd7bcc 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7890.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7890.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7890", "sourceIdentifier": "secure@citrix.com", "published": "2024-09-11T23:15:10.133", - "lastModified": "2024-09-11T23:15:10.133", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows" + }, + { + "lang": "es", + "value": "La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en la aplicaci\u00f3n Citrix Workspace para Windows" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8054.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8054.json index f6854939b4a..4cdbcb3fdbb 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8054.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8054.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8054", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:25.077", - "lastModified": "2024-09-12T06:15:25.077", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento MM-Breaking News para WordPress hasta la versi\u00f3n 0.7.9 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta saneamiento y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8056.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8056.json index 63ac19c76b1..800760bfbd4 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8056.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8056.json @@ -2,16 +2,43 @@ "id": "CVE-2024-8056", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-12T06:15:25.140", - "lastModified": "2024-09-12T06:15:25.140", - "vulnStatus": "Received", + "lastModified": "2024-09-12T13:35:23.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers" + }, + { + "lang": "es", + "value": "El complemento MM-Breaking News de WordPress hasta la versi\u00f3n 0.7.9 no escapa al par\u00e1metro $_SERVER['REQUEST_URI'] antes de mostrarlo nuevamente en un atributo, lo que podr\u00eda generar cross site scripting reflejado en navegadores web antiguos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "references": [ { "url": "https://wpscan.com/vulnerability/203b8122-f1e5-4e9e-ba83-f5cd59d8a289/", diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8097.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8097.json index cc90c939c5e..5bf4c5939b1 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8097.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8097.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8097", "sourceIdentifier": "769c9ae7-73c3-4e47-ae19-903170fc3eb8", "published": "2024-09-11T17:15:13.917", - "lastModified": "2024-09-11T17:15:13.917", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50." + }, + { + "lang": "es", + "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Payara Platform Payara Server (m\u00f3dulos de registro) permite que las credenciales confidenciales se publiquen en texto plano en el registro del servidor. Este problema afecta a Payara Server: desde 6.0.0 antes de 6.18.0, desde 6.2022.1 antes de 6.2024.9, desde 5.20.0 antes de 5.67.0, desde 5.2020.2 antes de 5.2022.5, desde 4.1.2.191.0 antes de 4.1.2.191.50." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-81xx/CVE-2024-8155.json b/CVE-2024/CVE-2024-81xx/CVE-2024-8155.json index 15237829118..f2636df6b04 100644 --- a/CVE-2024/CVE-2024-81xx/CVE-2024-8155.json +++ b/CVE-2024/CVE-2024-81xx/CVE-2024-8155.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8155", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-25T23:15:04.123", - "lastModified": "2024-08-26T12:47:20.187", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-12T13:53:23.827", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,22 +140,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:continew:admin:3.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C339F881-93D0-46ED-89B4-B8FA0E22E861" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Chiexf/cve/issues/3", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.275743", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.275743", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.391851", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8292.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8292.json index 0475ace5c4b..b7d0f65fcc1 100644 --- a/CVE-2024/CVE-2024-82xx/CVE-2024-8292.json +++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8292.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8292", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-06T07:15:03.010", - "lastModified": "2024-09-06T12:08:04.550", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-12T12:37:18.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,26 +51,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:plechevandrey:wp-recall:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "16.26.9", + "matchCriteriaId": "EC02C22E-6A74-41AC-BABD-7F1B4D1D481D" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/add-on/commerce/classes/class-rcl-create-order.php#L127", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/add-on/commerce/functions-frontend.php#L113", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/rcl-functions.php#L1339", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3145798/wp-recall/trunk/add-on/commerce/classes/class-rcl-create-order.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fa4b5df-dc71-49de-880b-895eb1d9cdca?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8522.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8522.json index 1706aa9922e..82205ceea04 100644 --- a/CVE-2024/CVE-2024-85xx/CVE-2024-8522.json +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8522.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8522", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-12T09:15:05.480", - "lastModified": "2024-09-12T09:15:05.480", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento LearnPress \u2013 WordPress LMS Plugin para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'c_only_fields' del endpoint de la API REST /wp-json/learnpress/v1/courses en todas las versiones hasta la 4.2.7 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8529.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8529.json index 2eb35d15552..92bef1c2658 100644 --- a/CVE-2024/CVE-2024-85xx/CVE-2024-8529.json +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8529.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8529", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-12T09:15:05.720", - "lastModified": "2024-09-12T09:15:05.720", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento LearnPress \u2013 WordPress LMS Plugin para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'c_fields' del endpoint de la API REST /wp-json/lp/v1/courses/archive-course en todas las versiones hasta la 4.2.7 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8622.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8622.json index 79e7af98011..3a0c7d00de9 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8622.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8622.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8622", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-12T09:15:06.077", - "lastModified": "2024-09-12T09:15:06.077", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amcharts_javascript' parameter in all versions up to, and including, 1.4.4 due to the ability to supply arbitrary JavaScript a lack of nonce validation on the preview functionality. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento amCharts: Charts and Maps para WordPress es vulnerable a ataques de cross site scripting reflejado a trav\u00e9s del par\u00e1metro 'amcharts_javascript' en todas las versiones hasta la 1.4.4 incluida, debido a la capacidad de proporcionar JavaScript arbitrario debido a la falta de validaci\u00f3n de nonce en la funci\u00f3n de vista previa. Esto permite que atacantes no autenticados inyecten scripts web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8636.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8636.json index 1822351d575..8d4837fbf8b 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8636.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8636.json @@ -2,17 +2,54 @@ "id": "CVE-2024-8636", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-11T14:15:13.850", - "lastModified": "2024-09-11T16:26:11.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-12T13:35:12.283", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "El desbordamiento del b\u00fafer de pila en Skia en Google Chrome anterior a la versi\u00f3n 128.0.6613.137 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de pila a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "chrome-cve-admin@google.com", "type": "Secondary", @@ -24,14 +61,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "128.0.6613.137", + "matchCriteriaId": "32E3A0E3-2B4B-4806-B4F2-5610C64FB3B8" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://issues.chromium.org/issues/361461526", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8637.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8637.json index 99ad1f7bfda..c088226037d 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8637.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8637.json @@ -2,17 +2,54 @@ "id": "CVE-2024-8637", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-11T14:15:13.943", - "lastModified": "2024-09-11T16:26:11.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-12T13:35:17.667", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "Use after free en Media Router en Google Chrome en Android antes de la versi\u00f3n 128.0.6613.137 permiti\u00f3 que un atacante remoto potencialmente explotara la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "chrome-cve-admin@google.com", "type": "Secondary", @@ -24,14 +61,50 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "128.0.6613.137", + "matchCriteriaId": "32E3A0E3-2B4B-4806-B4F2-5610C64FB3B8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://issues.chromium.org/issues/361784548", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8638.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8638.json index 732ec5f8de6..cd16c129828 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8638.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8638.json @@ -2,17 +2,54 @@ "id": "CVE-2024-8638", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-11T14:15:14.027", - "lastModified": "2024-09-11T16:26:11.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-12T13:35:04.660", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "La confusi\u00f3n de tipos en la versi\u00f3n 8 de Google Chrome anterior a la 128.0.6613.137 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de objetos a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + }, { "source": "chrome-cve-admin@google.com", "type": "Secondary", @@ -24,14 +61,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "128.0.6613.137", + "matchCriteriaId": "32E3A0E3-2B4B-4806-B4F2-5610C64FB3B8" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://issues.chromium.org/issues/362539773", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8639.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8639.json index 8d205f13082..fd82075c86d 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8639.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8639.json @@ -2,17 +2,54 @@ "id": "CVE-2024-8639", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-11T14:15:14.103", - "lastModified": "2024-09-11T16:26:11.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-12T13:35:02.863", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "Use after free de la funci\u00f3n de autocompletar en Google Chrome en Android antes de la versi\u00f3n 128.0.6613.137 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "chrome-cve-admin@google.com", "type": "Secondary", @@ -24,14 +61,50 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "128.0.6613.137", + "matchCriteriaId": "32E3A0E3-2B4B-4806-B4F2-5610C64FB3B8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://issues.chromium.org/issues/362658609", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8686.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8686.json index b5cbad9c6d8..3f747e160a5 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8686.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8686.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8686", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2024-09-11T17:15:14.033", - "lastModified": "2024-09-11T17:15:14.033", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado eludir las restricciones del sistema y ejecutar comandos arbitrarios como superusuario en el firewall." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8687.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8687.json index 2876d85c92a..de99d0d9241 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8687.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8687.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8687", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2024-09-11T17:15:14.157", - "lastModified": "2024-09-11T17:15:14.157", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de exposici\u00f3n de informaci\u00f3n en el software PAN-OS de Palo Alto Networks que permite que un usuario final de GlobalProtect conozca tanto la contrase\u00f1a de desinstalaci\u00f3n de GlobalProtect configurada como el c\u00f3digo de acceso de deshabilitaci\u00f3n o desconexi\u00f3n configurado. Una vez que se conoce la contrase\u00f1a o el c\u00f3digo de acceso, los usuarios finales pueden desinstalar, deshabilitar o desconectar GlobalProtect incluso si la configuraci\u00f3n de la aplicaci\u00f3n GlobalProtect normalmente no les permitir\u00eda hacerlo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8688.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8688.json index bfc12275e9f..0d1619414fd 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8688.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8688.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8688", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2024-09-11T17:15:14.273", - "lastModified": "2024-09-11T17:15:14.273", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de s\u00edmbolos coincidentes en la interfaz de l\u00ednea de comandos (CLI) PAN-OS de Palo Alto Networks permite a los administradores autenticados (incluidos los administradores de solo lectura) con acceso a la CLI leer archivos arbitrarios en el firewall." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8689.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8689.json index 797081f098e..5afc3a12c66 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8689.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8689.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8689", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2024-09-11T17:15:14.380", - "lastModified": "2024-09-11T17:15:14.380", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles." + }, + { + "lang": "es", + "value": "Un problema con la integraci\u00f3n de ActiveMQ tanto para Cortex XSOAR como para Cortex XSIAM puede provocar la exposici\u00f3n de texto plano de las credenciales de ActiveMQ configuradas en paquetes de registros." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8690.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8690.json index 1c111fc07c2..20b86593c84 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8690.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8690.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8690", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2024-09-11T17:15:14.487", - "lastModified": "2024-09-11T17:15:14.487", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity." + }, + { + "lang": "es", + "value": "Un problema con un mecanismo de detecci\u00f3n en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite que un usuario con privilegios de administrador de Windows deshabilite el agente. Este problema puede ser aprovechado por malware para deshabilitar el agente Cortex XDR y luego realizar una actividad maliciosa." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8691.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8691.json index 489ee6a0fd7..cb4963313ed 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8691.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8691.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8691", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2024-09-11T17:15:14.587", - "lastModified": "2024-09-11T17:15:14.587", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el portal GlobalProtect del software PAN-OS de Palo Alto Networks permite que un usuario autenticado de GlobalProtect se haga pasar por otro usuario de GlobalProtect. Los usuarios activos de GlobalProtect suplantados por un atacante que explota esta vulnerabilidad se desconectan de GlobalProtect. Tras la explotaci\u00f3n, los registros de PAN-OS indican que el usuario suplantado se autentic\u00f3 en GlobalProtect, lo que oculta la identidad del atacante." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8692.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8692.json index 18908baf670..6357e043f80 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8692.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8692.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8692", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-11T19:15:15.410", - "lastModified": "2024-09-11T19:15:15.410", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en TDuckCloud TDuckPro hasta la versi\u00f3n 6.3. Esta vulnerabilidad afecta a una funcionalidad desconocida. La manipulaci\u00f3n da lugar a una recuperaci\u00f3n de contrase\u00f1as poco segura. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 primeramente con el proveedor sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8693.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8693.json index 5f4666ba0af..e8be9b41cf2 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8693.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8693.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8693", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-11T20:15:03.503", - "lastModified": "2024-09-11T20:15:03.503", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43. Affected by this issue is some unknown functionality of the component dhcpcd Command Handler. The manipulation of the argument -h with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como problem\u00e1tica, en Kaon CG3000 1.01.43. Este problema afecta a algunas funciones desconocidas del componente dhcpcd Command Handler. La manipulaci\u00f3n del argumento -h con la entrada provoca cross site scripting. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 primeramente con el proveedor sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8694.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8694.json index 28a839cdc4d..7e2fb54f098 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8694.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8694.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8694", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-11T21:15:10.863", - "lastModified": "2024-09-11T21:15:10.863", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Hasta el 20240903 se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en JFinalCMS. Afecta a la funci\u00f3n update del archivo /admin/template/update del componente com.cms.controller.admin.TemplateController. La manipulaci\u00f3n del argumento fileName provoca un path traversal. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8705.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8705.json index cd38b1f55cb..5a0c61feb6e 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8705.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8705.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8705", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-11T23:15:10.230", - "lastModified": "2024-09-11T23:15:10.230", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetDataKindByType of the file /DataSrvs/UCCGSrv.asmx. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 y se clasific\u00f3 como cr\u00edtica. Este problema afecta a la funci\u00f3n GetDataKindByType del archivo /DataSrvs/UCCGSrv.asmx. La manipulaci\u00f3n conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha revelado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8706.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8706.json index 57b93a4595f..53871386f4a 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8706.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8706.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8706", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-12T00:15:02.363", - "lastModified": "2024-09-12T00:15:02.363", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en JFinalCMS hasta el 20240903. Se ha clasificado como problem\u00e1tica. Afecta a la funci\u00f3n update del archivo /admin/template/update del componente com.cms.util.TemplateUtils. La manipulaci\u00f3n del argumento fileName provoca un path traversal. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8707.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8707.json index f74742b0ebf..e44e3a0033f 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8707.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8707.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8707", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-12T01:15:10.110", - "lastModified": "2024-09-12T01:15:10.110", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability was found in \u4e91\u8bfe\u7f51\u7edc\u79d1\u6280\u6709\u9650\u516c\u53f8 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + "value": "A vulnerability was found in ?????????? Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en ?????????? Yunke Online School System hasta la versi\u00f3n 3.0.6. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n downfile del archivo application/admin/controller/Appadmin.php. La manipulaci\u00f3n del argumento url provoca un path traversal. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8708.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8708.json index 1c0d961587e..3628f5fda59 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8708.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8708.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8708", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-12T02:15:03.870", - "lastModified": "2024-09-12T02:15:03.870", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file categories.php. The manipulation leads to cross site scripting. The attack may be initiated remotely." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en SourceCodester Best House Rental Management System 1.0. Se ha calificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del archivo category.php. La manipulaci\u00f3n conduce a cross site scripting. El ataque puede iniciarse de forma remota." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8709.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8709.json index 27e81daf227..9ce09a92354 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8709.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8709.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8709", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-12T03:15:04.837", - "lastModified": "2024-09-12T03:15:04.837", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Best House Rental Management System 1.0. La funci\u00f3n delete_user/save_user del archivo /admin_class.php est\u00e1 afectada. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8710.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8710.json index 7dc88488f7d..d967a3ba7b0 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8710.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8710.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8710", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-12T03:15:05.103", - "lastModified": "2024-09-12T03:15:05.103", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Inventory Management 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /model/viewProduct.php del componente Products Table Page. La manipulaci\u00f3n del argumento id conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8711.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8711.json index c1585f471cf..2c088d79979 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8711.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8711.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8711", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-12T04:15:07.283", - "lastModified": "2024-09-12T04:15:07.283", - "vulnStatus": "Received", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en SourceCodester Food Ordering Management System 1.0. Este problema afecta a algunas funciones desconocidas del archivo /includes/. La manipulaci\u00f3n conduce a la exposici\u00f3n de informaci\u00f3n a trav\u00e9s de la lista de directorios. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8749.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8749.json new file mode 100644 index 00000000000..aff346f879b --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8749.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-8749", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-09-12T12:15:53.060", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the information stored in the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-synetics-idoit-pro", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8750.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8750.json new file mode 100644 index 00000000000..695c739d5dd --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8750.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-8750", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-09-12T12:15:54.007", + "lastModified": "2024-09-12T12:35:54.013", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,type,view)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-synetics-idoit-pro", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 8848f7c898f..af1d8632661 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-12T12:00:19.385516+00:00 +2024-09-12T14:00:29.248440+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-12T11:15:15.173000+00:00 +2024-09-12T13:58:48.473000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -262637 +262663 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `26` +- [CVE-2021-22518](CVE-2021/CVE-2021-225xx/CVE-2021-22518.json) (`2024-09-12T13:15:08.553`) +- [CVE-2021-22532](CVE-2021/CVE-2021-225xx/CVE-2021-22532.json) (`2024-09-12T13:15:08.837`) +- [CVE-2021-22533](CVE-2021/CVE-2021-225xx/CVE-2021-22533.json) (`2024-09-12T13:15:09.137`) +- [CVE-2021-38131](CVE-2021/CVE-2021-381xx/CVE-2021-38131.json) (`2024-09-12T13:15:09.700`) +- [CVE-2021-38132](CVE-2021/CVE-2021-381xx/CVE-2021-38132.json) (`2024-09-12T13:15:10.050`) +- [CVE-2021-38133](CVE-2021/CVE-2021-381xx/CVE-2021-38133.json) (`2024-09-12T13:15:10.327`) +- [CVE-2022-26322](CVE-2022/CVE-2022-263xx/CVE-2022-26322.json) (`2024-09-12T13:15:10.620`) +- [CVE-2024-27320](CVE-2024/CVE-2024-273xx/CVE-2024-27320.json) (`2024-09-12T13:15:11.987`) +- [CVE-2024-27321](CVE-2024/CVE-2024-273xx/CVE-2024-27321.json) (`2024-09-12T13:15:12.267`) +- [CVE-2024-3305](CVE-2024/CVE-2024-33xx/CVE-2024-3305.json) (`2024-09-12T13:15:12.540`) +- [CVE-2024-3306](CVE-2024/CVE-2024-33xx/CVE-2024-3306.json) (`2024-09-12T13:15:12.767`) +- [CVE-2024-45846](CVE-2024/CVE-2024-458xx/CVE-2024-45846.json) (`2024-09-12T13:15:12.920`) +- [CVE-2024-45847](CVE-2024/CVE-2024-458xx/CVE-2024-45847.json) (`2024-09-12T13:15:13.177`) +- [CVE-2024-45848](CVE-2024/CVE-2024-458xx/CVE-2024-45848.json) (`2024-09-12T13:15:13.437`) +- [CVE-2024-45849](CVE-2024/CVE-2024-458xx/CVE-2024-45849.json) (`2024-09-12T13:15:13.700`) +- [CVE-2024-45850](CVE-2024/CVE-2024-458xx/CVE-2024-45850.json) (`2024-09-12T13:15:13.933`) +- [CVE-2024-45851](CVE-2024/CVE-2024-458xx/CVE-2024-45851.json) (`2024-09-12T13:15:14.170`) +- [CVE-2024-45852](CVE-2024/CVE-2024-458xx/CVE-2024-45852.json) (`2024-09-12T13:15:14.403`) +- [CVE-2024-45853](CVE-2024/CVE-2024-458xx/CVE-2024-45853.json) (`2024-09-12T13:15:14.643`) +- [CVE-2024-45854](CVE-2024/CVE-2024-458xx/CVE-2024-45854.json) (`2024-09-12T13:15:14.900`) +- [CVE-2024-45855](CVE-2024/CVE-2024-458xx/CVE-2024-45855.json) (`2024-09-12T13:15:15.143`) +- [CVE-2024-45856](CVE-2024/CVE-2024-458xx/CVE-2024-45856.json) (`2024-09-12T13:15:15.373`) +- [CVE-2024-45857](CVE-2024/CVE-2024-458xx/CVE-2024-45857.json) (`2024-09-12T13:15:16.227`) +- [CVE-2024-8749](CVE-2024/CVE-2024-87xx/CVE-2024-8749.json) (`2024-09-12T12:15:53.060`) +- [CVE-2024-8750](CVE-2024/CVE-2024-87xx/CVE-2024-8750.json) (`2024-09-12T12:15:54.007`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `128` -- [CVE-2023-49069](CVE-2023/CVE-2023-490xx/CVE-2023-49069.json) (`2024-09-12T11:15:15.173`) +- [CVE-2024-8155](CVE-2024/CVE-2024-81xx/CVE-2024-8155.json) (`2024-09-12T13:53:23.827`) +- [CVE-2024-8292](CVE-2024/CVE-2024-82xx/CVE-2024-8292.json) (`2024-09-12T12:37:18.380`) +- [CVE-2024-8522](CVE-2024/CVE-2024-85xx/CVE-2024-8522.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8529](CVE-2024/CVE-2024-85xx/CVE-2024-8529.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8622](CVE-2024/CVE-2024-86xx/CVE-2024-8622.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8636](CVE-2024/CVE-2024-86xx/CVE-2024-8636.json) (`2024-09-12T13:35:12.283`) +- [CVE-2024-8637](CVE-2024/CVE-2024-86xx/CVE-2024-8637.json) (`2024-09-12T13:35:17.667`) +- [CVE-2024-8638](CVE-2024/CVE-2024-86xx/CVE-2024-8638.json) (`2024-09-12T13:35:04.660`) +- [CVE-2024-8639](CVE-2024/CVE-2024-86xx/CVE-2024-8639.json) (`2024-09-12T13:35:02.863`) +- [CVE-2024-8686](CVE-2024/CVE-2024-86xx/CVE-2024-8686.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8687](CVE-2024/CVE-2024-86xx/CVE-2024-8687.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8688](CVE-2024/CVE-2024-86xx/CVE-2024-8688.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8689](CVE-2024/CVE-2024-86xx/CVE-2024-8689.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8690](CVE-2024/CVE-2024-86xx/CVE-2024-8690.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8691](CVE-2024/CVE-2024-86xx/CVE-2024-8691.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8692](CVE-2024/CVE-2024-86xx/CVE-2024-8692.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8693](CVE-2024/CVE-2024-86xx/CVE-2024-8693.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8694](CVE-2024/CVE-2024-86xx/CVE-2024-8694.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8705](CVE-2024/CVE-2024-87xx/CVE-2024-8705.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8706](CVE-2024/CVE-2024-87xx/CVE-2024-8706.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8707](CVE-2024/CVE-2024-87xx/CVE-2024-8707.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8708](CVE-2024/CVE-2024-87xx/CVE-2024-8708.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8709](CVE-2024/CVE-2024-87xx/CVE-2024-8709.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8710](CVE-2024/CVE-2024-87xx/CVE-2024-8710.json) (`2024-09-12T12:35:54.013`) +- [CVE-2024-8711](CVE-2024/CVE-2024-87xx/CVE-2024-8711.json) (`2024-09-12T12:35:54.013`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 8ed9e0ce539..483c4a3449e 100644 --- a/_state.csv +++ b/_state.csv @@ -168723,6 +168723,7 @@ CVE-2021-22499,0,0,70c055aa31b37148dca64de83c87eeb1f43d27137b2496f17ef113f50d482 CVE-2021-2250,0,0,3a87a38ad4938462c03de55ab516a234235f4da6cfa48a3f28229d40f9d4b95e,2022-09-23T13:27:38.033000 CVE-2021-22500,0,0,bc568527a8f921b7d318316f66d48f00a67d6993e13f79bedaa2128449593258,2023-11-07T03:30:14.327000 CVE-2021-22502,0,0,e32c3dc7dba463b0f8bea66cf991a2b26228941d3e9adf82f206da08b4cdfa6c,2024-07-25T17:52:31.453000 +CVE-2021-22503,1,1,0b278b1d6a1640b45a5e5614d6eaba52fd6ad8b93bb86434e2cab293d545dd34,2024-09-12T13:15:08.203000 CVE-2021-22504,0,0,a934ec069d5c4d2c90c76aac69d1c73a45459029286161b251ecd4721d8c8e93,2023-11-07T03:30:14.997000 CVE-2021-22505,0,0,675e854cabcaeacf3b78a58593a856837df3f64f635c2f4dd4c947fa88d2f6f3,2023-11-07T03:30:15.257000 CVE-2021-22506,0,0,7377ec998ae060ed34b511d8dd7b1645447b5531a985bd6c0ecd5db299ab8c1d,2024-07-26T20:01:47.710000 @@ -168738,6 +168739,7 @@ CVE-2021-22514,0,0,8e3a075292032f763628c85554f5c2f69f3a2119c7d4d915625b0f6c61d01 CVE-2021-22515,0,0,d5d9c4633cb99577d00912a48205489b53f3ad8216660fc95e68df9cb4700418,2023-11-07T03:30:17.387000 CVE-2021-22516,0,0,360fc4a2a6473080797119cb4592870152572368993c6eb823854ef0d1d34fac,2023-11-07T03:30:17.613000 CVE-2021-22517,0,0,3f8db58a324ed832f25a5c30c02cf604eadc18ad7b27ab795858edb5dc2a1474,2023-11-07T03:30:17.900000 +CVE-2021-22518,1,1,37818c6e513761ea0e4674751522d5394518bf4782b00c113d81a34d8c2e83f7,2024-09-12T13:15:08.553000 CVE-2021-22519,0,0,9e3616afe340966651f08a0581129e9a33a0208f1e92c7b863668a89efe71aaf,2023-11-07T03:30:18.160000 CVE-2021-2252,0,0,f732e389d5f0da8a27d20c1ea9b59e42162179f0f11af0391630f653380a4d63,2021-04-29T12:58:18.223000 CVE-2021-22521,0,0,520037ed9a82a64b433b975e996f24f9dc1e905547ecb64e14a0ed212673c8fb,2023-11-07T03:30:18.417000 @@ -168752,6 +168754,8 @@ CVE-2021-22529,0,0,cdcbcd062fb7f9870c47c8bc14636ac9f8c02643f36031bd4ff1b89140509 CVE-2021-2253,0,0,9e2be9bb813a2e3899ee4a36c9db4012f6aae0eed717889a70a4a84f203004b0,2021-04-29T12:57:58.230000 CVE-2021-22530,0,0,00e01806384084e8163bc8f5510cf7ff9efd69cfedee055cdd090e19ae62e25f,2024-08-28T12:57:17.117000 CVE-2021-22531,0,0,2ffef1a3095a1f67c14a48602d93f0c886d38c01b7653274771e69e8e9e12dcb,2023-11-07T03:30:20.380000 +CVE-2021-22532,1,1,9c3630d21621055c42a030eafeb25ffd3659aab12151ccb742c3ebf2da392774,2024-09-12T13:15:08.837000 +CVE-2021-22533,1,1,9d4bc412f0ddb82a269470e804cf6a9908048b3efcb475de2b82901a03487e80,2024-09-12T13:15:09.137000 CVE-2021-22535,0,0,0cff80698ce8ede7035f297b2f9817048e9d9e9718e7dc9eb83b3305cbb47e07,2023-11-07T03:30:20.670000 CVE-2021-22538,0,0,447322567d97db99dd06b56b17c4818a654489f5f18b93925c9e7c6e4f0028d2,2021-04-06T14:11:52.257000 CVE-2021-22539,0,0,ab26a79b38b3ff6b1f55feed5488a8adaa85a7b58c7eac64009e1979b006d609,2022-10-25T16:36:46.623000 @@ -180331,6 +180335,9 @@ CVE-2021-38127,0,0,62d79b0ca2ea7804467f82eb3d2c206ac02f1e5aa0dfbcef95bb17f5dc323 CVE-2021-38129,0,0,211f6fe50496995a361fe454c985c9c091a1fca5c52405349f3b165cbb2119d3,2023-11-07T03:37:19.620000 CVE-2021-3813,0,0,c5bdf0c4b3810a3b61e4bc5b663568787d7daf575e6d5ffbbe9760323d11ff11,2022-10-27T11:53:48.567000 CVE-2021-38130,0,0,64242ee1b6ab1dd8e143fbf949c411ac308e78bfaccdc6ea842400cc2368e449,2023-11-07T03:37:21.320000 +CVE-2021-38131,1,1,98058df09a0795ebc0c496575bdad2d8cd61383a91333b82f27c9fd66f55dcd1,2024-09-12T13:15:09.700000 +CVE-2021-38132,1,1,396dcf3bced67f53a2216ad23a30b35451eb11d9b1cc7742e6a1798bf8653cb2,2024-09-12T13:15:10.050000 +CVE-2021-38133,1,1,3ca420a77cd4636853bc0a700fdfd65a49d1bbf633c9bf218cef3caea49bc540,2024-09-12T13:15:10.327000 CVE-2021-38136,0,0,99abafadd29664ff7e73aaddb0e4dd8e90faf2f76a379188e73b31045a6e40be,2021-08-13T16:05:37.600000 CVE-2021-38137,0,0,4ed6daee83bdd907d0d027e9b6cb9ab4e4a315fc0407142681da73df71dcac02,2022-07-12T17:42:04.277000 CVE-2021-38138,0,0,4d84b6bb6ea7f7a0c97d4950ad6b78c0175c93c9603dab4a6d2826c2e56a6333,2022-09-28T17:19:39.460000 @@ -195072,6 +195079,7 @@ CVE-2022-26317,0,0,9c3778762ebd62b5c88b18d617a321f87f2f3cd2e79d6a4238ec738f50f6b CVE-2022-26318,0,0,3164c0ae6f338172eda55b12f58a3708a3217e7c65e42299722e7024448c4e8e,2023-08-08T14:21:49.707000 CVE-2022-26319,0,0,df89539e33ae729765bbf5708419e9238cd5395f00f3879c2a7d76f26e1eb725,2022-03-19T23:55:42.653000 CVE-2022-26320,0,0,0821ab29948bcb8ff6394127add06f2455ef2463ce545b333685d1b7d5e7ee9b,2022-03-23T15:02:20.840000 +CVE-2022-26322,1,1,b96f23dd6ec62278f1ef356d839c0c081531b5c15a190e1d83b811a9bf0d8da6,2024-09-12T13:15:10.620000 CVE-2022-26325,0,0,71c58e61480c4b27374f3a990d8a54d98de2bdee3e9fb84b64281d4b075b3b7a,2023-11-07T03:44:56.980000 CVE-2022-26326,0,0,9ad27885fa0c540266ca1167975a0cab125c731a5ab45882b07301ce6001b68d,2023-11-07T03:44:57.197000 CVE-2022-26327,0,0,7940acac4e72dc19f89caa27a931bc65c9c7e042d50d2b29976f338f3c1d6aed,2024-08-21T17:25:08.560000 @@ -195666,9 +195674,9 @@ CVE-2022-2700,0,0,0e33332395881b2cefbbffac1937294df11a919b4c217142b8eeb7474edfce CVE-2022-27000,0,0,82c8244d9393fa2eb7977a21170da7258697071d271c3fe0f72ebd69582aefde,2023-08-08T14:21:49.707000 CVE-2022-27001,0,0,e831efb13b66b6b2ff526743bc62fc1d8a3976c5333b46a1cd7313ac85315b3c,2023-08-08T14:21:49.707000 CVE-2022-27002,0,0,a744baf868ae2703d8932147e073934fea361eb9d534076c66357cf32c982ba5,2023-11-07T03:45:16.493000 -CVE-2022-27003,0,0,95f7f8c6d8054e31aaedf0360660d447c1d2266bb8c2a0c2c12b70085c62a3c3,2023-08-08T14:22:24.967000 -CVE-2022-27004,0,0,b5f29f55ea4c34b7cfbaf2b0db5a24cd987a200212dd896d197b6af11848a033,2023-08-08T14:22:24.967000 -CVE-2022-27005,0,0,bf339abc36e3b91dc7e8ce44fda6eba4d72cd2e1c270f1252a361542b30a38dc,2023-08-08T14:22:24.967000 +CVE-2022-27003,0,1,59157f86bbba24e05a979304479f77003c8c01d1fc0661c74a2a543f637bb4bc,2024-09-12T13:35:03.300000 +CVE-2022-27004,0,1,68d96251bfad76b5f83669535576d6feb02698d1a9b03daec8a4c97d92ed0e18,2024-09-12T13:35:10.583000 +CVE-2022-27005,0,1,e8f2678c67957d35d2bec417887e2f2413b904d37446aa161a5f3c2b88298833,2024-09-12T13:35:11.427000 CVE-2022-27007,0,0,37d40ad69c9907e259c2ffd9ea657f7215f809ff95e54e3cd66ebdfaf6014042,2022-09-09T16:53:23.317000 CVE-2022-27008,0,0,142836377f7f099cd728f8bad387cd8200ca3211e20b05da6c41b7a17c9ec15e,2022-09-09T16:53:52.590000 CVE-2022-2701,0,0,871991395f39a5dedd8e37f45d0a5b27a12e51f97e68bf7c9e60170980580d1b,2022-08-11T13:53:23.687000 @@ -212252,7 +212260,7 @@ CVE-2022-4873,0,0,666c94076854a8a821e8edd91b9090dda2c8e9960022c374c3759cf89e6c2e CVE-2022-48730,0,0,927e7fae9500f7d1d76c595495e5d68ddde80a2da0a22ed9d01a96f4a588ddf8,2024-06-20T12:43:25.663000 CVE-2022-48731,0,0,f2137fdaa4becb4ed0190377e8df6f4b116a98b0fb57b5a4ce7886128d2a2fb4,2024-06-20T12:43:25.663000 CVE-2022-48732,0,0,d6cc74e82f107b126febfe008777c2c97d6e8cbe09c0878031c0fd17cd48e390,2024-08-19T17:58:27.230000 -CVE-2022-48733,0,0,b9654e7a5a6010b53a0c8f511fbd859018567fefc2bc6c92a4a95b1469e952f9,2024-08-19T17:39:17.383000 +CVE-2022-48733,0,1,9ee2e6e9ecabae5b87258617eb99e87307e6a5268d57b03c37e160e5d564f656,2024-09-12T12:15:46.847000 CVE-2022-48734,0,0,a10c6df7a42e2cfe05caa8c89dfd6fc497700a9e09171ca89bd5070583fc92fa,2024-08-19T17:22:11.393000 CVE-2022-48735,0,0,f6e636dab2ea285d480bff4ef4cf308fbc0f6a9ee0941d7e62ec484863a3959c,2024-08-19T16:41:21.037000 CVE-2022-48736,0,0,81ca9bdcd7e3a82c08985a14ce832c395c4228e286c7331dc57b0f38ea5fffd7,2024-07-05T07:15:09.673000 @@ -212438,29 +212446,29 @@ CVE-2022-4890,0,0,6681cfa53e1bf5f370bc8c8bc62693e3d5b22cda3aa6b9f40531dae97a716d CVE-2022-48900,0,0,3d3abc510bd2bdcb727ecba5ff8ee20443365f0e7442b7ce50fe28fe2c089d32,2024-08-22T08:15:04.233000 CVE-2022-48901,0,0,27dcaf94e83e51c704998f574606d45652a56b6673c775b1e373714e83cc418c,2024-08-22T12:48:02.790000 CVE-2022-48902,0,0,0babd0f9b5559f1d6f05ba784549600b73b15033279a839f5c6f325e4331e964,2024-08-22T12:48:02.790000 -CVE-2022-48903,0,0,0853fd735d16c2218c748dd31c433b928b4627ca94b17c30f93d256254aceb92,2024-08-22T12:48:02.790000 -CVE-2022-48904,0,0,badc2502660298ff846841dc2758fa985777225472ae27d140156b063740fd09,2024-08-22T12:48:02.790000 -CVE-2022-48905,0,0,5167f0cda1aa0eb4ba3ec15e8cdd08e9d425af5fd06bbe3d73959275fd337071,2024-08-22T12:48:02.790000 -CVE-2022-48906,0,0,c32aecb02d53e84eb1606d35685467e8da67b526b7c26280d949d1f7790f143d,2024-08-22T12:48:02.790000 -CVE-2022-48907,0,0,2bfe57e61364a5cf304782e4ff988f931421fc2f69216b55ff1d063404635481,2024-08-22T12:48:02.790000 -CVE-2022-48908,0,0,1c810a81b94a08ea08b3321294b10bd4569707dae8ef7ec6977da216d0bcff17,2024-08-22T12:48:02.790000 -CVE-2022-48909,0,0,3ddbf0bb720192c042186d7d3269e4b77091d088153fb999f7cc98b97d97bffc,2024-08-22T12:48:02.790000 +CVE-2022-48903,0,1,075f468f96cfd244098a03984ad1bc5d8eafa109acdf3d1fcbe6d48dc2a8d6f9,2024-09-12T13:58:48.473000 +CVE-2022-48904,0,1,f02beac0acb507eb492011f9936eac015b9f07536ccf213556f84d686cf19d34,2024-09-12T13:55:34.123000 +CVE-2022-48905,0,1,87f979d82f30ebdaf7907a93f1fe7e9d6135ba45f78bf986e8ab97814763e212,2024-09-12T13:44:45.753000 +CVE-2022-48906,0,1,ca1326718540f13cc0237639af26c38aa928672a7564b2618555bcb17531076e,2024-09-12T13:41:56.660000 +CVE-2022-48907,0,1,1db12a668bbdfba096ddf32c9270801fe7d337c346c852f73092cea806962eeb,2024-09-12T13:33:22.423000 +CVE-2022-48908,0,1,25c17c88806f23e30dba3af96f0065984b08c37ab3d762925c6e926ec89eda3b,2024-09-12T13:37:52.190000 +CVE-2022-48909,0,1,022ceb1ed0e8370f4f8034d502d9594b2b2f2d6ddbb32245812f4667131053ec,2024-09-12T13:36:11.253000 CVE-2022-4891,0,0,a455b0842f19c717ee670b5db60155cb5018f293a7aaf3547e3c50a0a475a09d,2024-05-17T02:17:01.767000 -CVE-2022-48910,0,0,08ee02186982dc1a40f553d50bfe684647fdd96ed463905c4bafef4b05e7d16f,2024-08-22T12:48:02.790000 -CVE-2022-48911,0,0,67b19231003646107ba5487b8e675d3ea3a96bd38a2a1b84a09cad34ba506685,2024-08-22T12:48:02.790000 +CVE-2022-48910,0,1,515d307d0932c285233fb77181675d4b7cdc65f630da06dba4580b7081831f80,2024-09-12T13:31:57.197000 +CVE-2022-48911,0,1,65a1700969705417fffddf0aece45b8f3e93aeffe510818de11966f71bac96aa,2024-09-12T13:24:58.060000 CVE-2022-48912,0,0,4685b9e0b04647e6391699b48fe4ec760b8fb2a11c99c401b692a1b301b0a4c2,2024-08-27T16:12:47.173000 CVE-2022-48913,0,0,713c03b83b436a4ed81d31fa61e38a9c0b02c5d54599e753ca949890fd4f7312,2024-08-27T16:12:58.620000 -CVE-2022-48914,0,0,7feeb27a4836ea7454bbd25cd3617b71e714f392a3d82f0301435ddd9f873765,2024-08-22T12:48:02.790000 +CVE-2022-48914,0,1,de12b704cc32b0a5e74f53e1499e421f271cfcf8530e6f1db808bed152cae819,2024-09-12T13:27:34.623000 CVE-2022-48915,0,0,c80b107b935c48929981801a893b263b71560ca74e5ba8b7bdc00b678cfcbb35,2024-08-27T16:07:09.037000 -CVE-2022-48916,0,0,5cb9acc140c1d79db1c1fb08181f713534b2963a1f1536a8298694c32dcf76d9,2024-08-22T12:48:02.790000 -CVE-2022-48917,0,0,573912c45734ed7e24c7ddbd64062ba688da4d0d49817965bcd5f7389b04e4c6,2024-08-22T12:48:02.790000 +CVE-2022-48916,0,1,a075fd379091e1297d3e5326de458c36857ef8c6e4896d2e85875bb54ee16883,2024-09-12T13:11:36.230000 +CVE-2022-48917,0,1,df96467b68c8ae7bf16088d95a9147bce4804ef366abd37fdb6c7e98131ba937,2024-09-12T13:07:29.723000 CVE-2022-48918,0,0,dcfb706418ae75fe3a7007d02977541ca10039ee009c0974217f4396febbaf6a,2024-08-27T16:07:19.127000 CVE-2022-48919,0,0,e5790babb6da0b073ed5bbf67690020a0aac3bba58730f51363a0ef2d8059741,2024-08-27T16:07:32.900000 CVE-2022-4892,0,0,a02afb40fce024abebfb05a40298b81994dfc2b7567f3762fdb2b328cbdbe6a9,2024-05-17T02:17:01.897000 -CVE-2022-48920,0,0,358a09d0da281805f37f2374022684b9d7c90932ca7829637d293d4e05a08d75,2024-08-22T12:48:02.790000 -CVE-2022-48921,0,0,fab09a079a239e49e01e549ea2844a2807f0967ba981161a15fc7faba749f8f2,2024-08-22T12:48:02.790000 -CVE-2022-48922,0,0,cbedce06bf0cb0a5b6d5aac3d0b21cd5bc77bdb4acf7b56339728710b7dd1ced,2024-08-22T12:48:02.790000 -CVE-2022-48923,0,0,40013a0d54c5c0466d515e0bcc8ee2d710eabc65b22e700e1581259d33bf0195,2024-08-22T12:48:02.790000 +CVE-2022-48920,0,1,a1ccdf5044d655da581f83f79835f2662c26eec81d5cefa764e656b0f5b78fd1,2024-09-12T13:04:26.640000 +CVE-2022-48921,0,1,39c41872203d1683f24e0241088eec3827e9b7e44b4862c98dfc92383c1ba5e6,2024-09-12T12:58:50.660000 +CVE-2022-48922,0,1,ce6260139eb421825a12f425c83c825f671c91568e44098c60a482c7f17411fa,2024-09-12T12:52:54.023000 +CVE-2022-48923,0,1,52406e728e5fcee226d8223e60ee3a149f2b0e969846b642569f4a809b177bab,2024-09-12T12:50:02.173000 CVE-2022-48924,0,0,7b72b5b3779cbd334a58cc81c4e33f1856c26dfe0ed7b0b6108d32c9ead83b93,2024-08-27T16:07:43.660000 CVE-2022-48925,0,0,12c2847f9c2abd72fae449a80a3efdbc821679cca9a301519e7e3dab31ee93f8,2024-08-23T02:07:41.047000 CVE-2022-48926,0,0,7c14eba9301c644179737e4ff06c47dd3ab70d7b7dc5b7cdc8ddbc7cbe0a8516,2024-08-23T02:05:14.960000 @@ -227785,9 +227793,9 @@ CVE-2023-3694,0,0,b3d7b36d99422cc5ddb58a5a27c755d655d777d2a00055fe0c2c495aab3148 CVE-2023-36940,0,0,1b43d4a6f4cd7b13dc376d4e310eebfbbadb93d58b4ad29f97fc0c8b28787183,2023-12-21T03:58:37.810000 CVE-2023-36941,0,0,1a0f4ed7e3c4c8723a7b1da4bf54a6a7a6b1862f63acfaaade19db8b382d75aa,2023-12-21T01:48:24.940000 CVE-2023-36942,0,0,9a2970c45435a656c9429e700c7833111f36464bd86d7a04fc922fa5f5522d7b,2023-12-28T14:36:28.463000 -CVE-2023-36947,0,0,541d9c8192144559fa8bf9d9dcc982a48efa1578080ed45987ac123ab711e6a1,2023-10-19T11:10:15.513000 +CVE-2023-36947,0,1,20e82224048a65ce0c8d3f6c79c3f7280162a8cdde79d9518f30a951dd36ebbd,2024-09-12T13:35:13.497000 CVE-2023-3695,0,0,0d250e79024675060835025e102b961d57a179ac7d6a5484b54dd08dfa8328b9,2024-05-17T02:27:43.757000 -CVE-2023-36950,0,0,8c60f62fe432412e3b12e98df0a07e559fa5fb88b2a61e8b2f2b5fd6e37cae14,2023-10-19T11:10:37.533000 +CVE-2023-36950,0,1,8f22796e27990181cb796e959262c278f3b0c17ce0752805db4b7bf7525034c1,2024-09-12T13:35:15.180000 CVE-2023-36952,0,0,3aaeea75ebe0866b23bd5f866dc3098285b61bc08d29799398d8a7b7f9158b8e,2023-10-19T11:10:31.540000 CVE-2023-36953,0,0,f9ad1c5c329695f744983d4681687634e285de4e9e8901d8ab3030d95641e113,2023-10-19T11:10:43.373000 CVE-2023-36954,0,0,14a5bec6747b443c16832f008545ba9f1e56e177badd853f518ac0ee7f860e45,2023-10-19T11:10:49.327000 @@ -234369,7 +234377,7 @@ CVE-2023-45960,0,0,b60ca086d7e781b599600f55c001e52e60402b7c8b53d659fb0d7e1482274 CVE-2023-45966,0,0,5770c23d7a1055925da75e30237365daf9b25eb3ab24d68eff7bd1883a3acb1f,2023-10-30T11:36:04.983000 CVE-2023-4597,0,0,37f4e825d223bcac78b0fd4971391bf181b167c9f77973cf513b20328d557be7,2023-11-07T04:22:46.810000 CVE-2023-4598,0,0,30ecfcece6a135395d77ec5bd149a9e9f7764624b99ed4b4eb6f0fdef4a87984,2023-11-07T04:22:46.967000 -CVE-2023-45984,0,0,8bc9b34435c774e205f328f48341e4f9d862ea0b3308c5df9021a66006e92318,2023-10-19T13:05:29.860000 +CVE-2023-45984,0,1,3350883358c9cbe745683f8800ad354769be613f75b3c9d0bbff66cfa5d239b5,2024-09-12T13:35:15.987000 CVE-2023-45985,0,0,6f6cff27e522f1a9c4ed08f05809f336a5cceb16e4c2e8bfd2842f5711e6990b,2023-10-19T13:05:14.910000 CVE-2023-4599,0,0,bf65c63aa8c185a85104c44b82d5d9dfafee212a7388fbf49b37629b3ab2f770,2023-11-07T04:22:47.130000 CVE-2023-45990,0,0,d0dfe21b4b9588af001bdf27bd6216896d4d5a6d7e9da31cd0209a36589edef9,2023-11-02T15:56:06.930000 @@ -236618,7 +236626,7 @@ CVE-2023-49060,0,0,0f125d0d07dbe270a6f07b57aa641d1848f31c22fb855ca4bf11b4d5b4ef2 CVE-2023-49061,0,0,dc7136ec78ed5cf0b1889d9e499076dc7861b57a74e858b10a634425002df41f,2023-11-28T19:45:33.650000 CVE-2023-49062,0,0,1d72476c88fb45368b58247aec1688b0093de275b1093249720b62193de89ed0,2023-12-04T19:46:20.953000 CVE-2023-49068,0,0,182c6949abe2a827480e4301e5ed188cb126ad03424cd6905a2140b6a730140b,2023-12-01T13:53:23.050000 -CVE-2023-49069,0,1,62d865d4a658b9739ae2022a8230c20829ca750d7eb0c28ff0c914cca64aa0b5,2024-09-12T11:15:15.173000 +CVE-2023-49069,0,0,62d865d4a658b9739ae2022a8230c20829ca750d7eb0c28ff0c914cca64aa0b5,2024-09-12T11:15:15.173000 CVE-2023-4907,0,0,ee7fec7a11df58ff005b9b63ad49a50bb70f5f4e575258375cd0f49a03cc2ad7,2024-01-31T17:15:17.750000 CVE-2023-49070,0,0,631766166232ba486ccd48cb00f4afe564eec8aa0b473067715b1f04d1a8cd4e,2023-12-29T18:15:39.103000 CVE-2023-49073,0,0,2a69c4407ae45adf60baf11d8aa993141dc3f78b1f8dc71c70987fff6214c4d6,2024-07-11T16:00:30.427000 @@ -237890,7 +237898,7 @@ CVE-2023-51010,0,0,d60af8a0ac1d722da984cff22e061fb1af97f5e876af4aeefe71ccd2f4f31 CVE-2023-51011,0,0,8499ff04d8a804b9293e8e451c8181ff2e1753bf3ead1ad48a0b5eab3902ed99,2023-12-27T21:10:33.847000 CVE-2023-51012,0,0,0d04c446f81f1b10f76f9be9488f2220a67c008b373b72a6a7bfdfe77969da10,2023-12-27T21:10:27.917000 CVE-2023-51013,0,0,d540acde61c6a0816d8214343da7f21d898e1e5738ec7065a1b498e4d05a72ee,2023-12-27T21:10:22.830000 -CVE-2023-51014,0,0,0c3905cb9e26bd964565507f7f6008e9afdb90a2facb561fe3f4cc9855dee6e9,2023-12-27T21:10:13.203000 +CVE-2023-51014,0,1,7a416dd88fb13dd4671f518ea4295c806a74d21ae582c829bc0c228dbb42eda6,2024-09-12T13:35:17.787000 CVE-2023-51015,0,0,f04ba1d51d5facd8714d1334c83e1227011c11a53fd9c2ea6d1729104e8be057,2024-08-27T20:35:06.640000 CVE-2023-51016,0,0,61ceaa15cef820a3a123ce1b88ddb80bec8a57b30d17ad67cf0ca5774934779d,2023-12-27T21:07:25.007000 CVE-2023-51017,0,0,91f71748c8584726ac785f883d240e345da011e02d754cbd5729f6b76e8a6dd4,2023-12-27T21:09:57.983000 @@ -237902,7 +237910,7 @@ CVE-2023-51021,0,0,ed61a40cac7029040bfd50696f5a8268fc879f410d488489bb806ccdb5b82 CVE-2023-51022,0,0,62ac5f7a3652397f9416cf18b3fc32001e92227d8e056b5ca565197d5eda7e73,2023-12-27T21:08:45.027000 CVE-2023-51023,0,0,97fd10b657e979f02ff01872561b3bc89bb54d4285929f3d237eefc50fa4a9f3,2023-12-27T21:11:11.397000 CVE-2023-51024,0,0,cfc1b278a9c197b16b490384a9d547ff37dc7e7e969aa0669548d53b216bd4f4,2023-12-27T21:11:05.060000 -CVE-2023-51025,0,0,7dea97a39ec59f9fd1c6506e0caa96651485808512d0d022aab7435a104ba91d,2023-12-27T21:10:57.747000 +CVE-2023-51025,0,1,51b4cb55ef600183f7474341575a0622afb7ecd2662bb5e62be415325b0776db,2024-09-12T13:35:20.590000 CVE-2023-51026,0,0,469c6bc86a9803d2bc97b4672eddc902338da8d54e3575585bd28fac2770080c,2024-08-27T21:35:04.070000 CVE-2023-51027,0,0,36d78e7e4fb6f6d3a1dd064e6461d5fda34eb3e45e61356f69a1805313d44aed,2023-12-27T21:10:41.763000 CVE-2023-51028,0,0,c45a34077d471b7125aa2cbc11bce0da1d1f6f51e351f1883a73eedec46c187e,2023-12-29T19:25:10.280000 @@ -238546,7 +238554,7 @@ CVE-2023-52026,0,0,97e210a7f595754664d5ef40b6d2d6bfd47bf2efe0c39fc35540e8b01a98e CVE-2023-52027,0,0,193fcb4723dbc6f6df50c2a741f36f147bcc58cbe679fe018cd81ab06f835b7b,2024-01-17T21:46:49.123000 CVE-2023-52028,0,0,ca649cf6420af6a916d4ff6f573aa07e9755fff5083ddd89cad045dc95f8ab11,2024-01-17T18:26:49.623000 CVE-2023-52029,0,0,f273d8a19ed98bb890b6fbda29808d2fc4a9593a969a333209d93a879cc5dbf8,2024-01-17T18:26:18.677000 -CVE-2023-5203,0,0,8e21efefa71678051eb6c66941cc32f09188402cfc672329f3b82095fcf7cfb8,2024-01-02T20:43:49.667000 +CVE-2023-5203,0,1,2e3b5ddcdf8daa7f1f05a91e81304f61872052d4962b0df8a5d2b69b641b971e,2024-09-12T13:35:21.440000 CVE-2023-52030,0,0,76d554e95f16c64503e7b6018e2d99319376d1d27ea9579f62077528e8ba84bf,2024-01-17T18:25:43.917000 CVE-2023-52031,0,0,b5700d96bf9c3bc724e272100f7bceeee700dc1f84164452fc1688de1fd80cf2,2024-01-17T18:24:45.007000 CVE-2023-52032,0,0,97ab280ce7f21720b81b7f6893c45f8f4965477ca6bac23b53d863df7c1b8814,2024-01-17T18:10:27.367000 @@ -240192,7 +240200,7 @@ CVE-2023-6151,0,0,c74bd4f52d23e8ab5950a1a437b3d7ee59bc95b0878829f08be40405e2f4b8 CVE-2023-6152,0,0,0d2825ec69cb4b721a6f1646fd77933be6585a1e1d45fd8c34332975f0217d22,2024-02-14T13:59:35.580000 CVE-2023-6153,0,0,64c8750e1add6b283c202acc9f7c145138f085f17b9a40e6d77edbf949e4648d,2024-03-27T15:49:51.300000 CVE-2023-6154,0,0,ea79ef7106538fbc68e1e41b2608f4b1a33d1c9bd0e166ed2658519f1ceeb79f,2024-04-01T12:49:00.877000 -CVE-2023-6155,0,0,33314b7857ecd1fc49835811fc2e75b3af45cc13f8e7415854096b46e8136700,2024-01-02T20:16:59.773000 +CVE-2023-6155,0,1,8999e28dacf358c98e2deb0d543f61d7454111fd1c5e35599649cebc3b861eb6,2024-09-12T13:35:21.663000 CVE-2023-6156,0,0,cce0f565e31bbd5b369b30b0d530576fb9249e1dbb1b5f89f4393ae594d53bdd,2024-07-23T19:37:16.630000 CVE-2023-6157,0,0,782b912eab721255f9c55fa132b62392c4c9b34a5e1fa4665d20d55ef1a3ac08,2024-07-23T19:37:16.630000 CVE-2023-6158,0,0,62a89451846c950ce19dfd20a450b8496f2772cda6944d8c586f76270905e41a,2024-01-17T17:36:01.273000 @@ -243069,7 +243077,7 @@ CVE-2024-20087,0,0,2f5d7a31aa34aa82f766600cc0380d879410c6c21363c39a9c898fbc9d48e CVE-2024-20088,0,0,32cc03fb498193be949fe1ffa83586a9683f15b97311ca3d66ce33be6ac946fe,2024-09-05T14:27:24.840000 CVE-2024-20089,0,0,f13b8ab21b15dc030dc24d817cc35e46777b9ef3b81f1ca22a499430278aeff9,2024-09-05T14:28:02.713000 CVE-2024-2009,0,0,e315bb187496fdfbd237809339603453c22bbf947712d2f37b8c2f26c500e401,2024-05-17T02:37:59.337000 -CVE-2024-2010,0,0,588ba43c879552a6f0c540d140036c1137bd6ed00514c9ba4b90587c293fdafb,2024-09-12T09:15:05.210000 +CVE-2024-2010,0,1,aa8252b752543a7021f6ec665f991b01935989d11bbc2ce1d9d3c73d6ca240db,2024-09-12T12:35:54.013000 CVE-2024-2011,0,0,4150023a6f5b05ff7bb1f10e004dac522c292e22a6fa4bc68fed9003ca68fddf,2024-08-15T21:25:45.037000 CVE-2024-2012,0,0,02707995e28bba3e21e37a0cc9698bd91832709b25d71785b53bd5ea8c9a7518,2024-08-15T21:19:03.770000 CVE-2024-2013,0,0,00ec85b9018843d83179244785c9b4c96e5ba8e015239a21d2d4ac8bf1b712fa,2024-08-15T21:08:02.010000 @@ -243130,7 +243138,7 @@ CVE-2024-2030,0,0,f47e609ec6da92e4d0f51eb73197726fa40c04bd5fba84d7e80690a86556bb CVE-2024-20301,0,0,ee58125f54e59b57e5b1ea49a524ecc5e7feeaab3c308ff448cca9b61624ff41,2024-03-07T13:52:27.110000 CVE-2024-20302,0,0,bb282df08e1d4adc1029a76ce336553cafd173c3d92914cdfd5b12151cc62afc,2024-04-03T17:24:18.150000 CVE-2024-20303,0,0,393665d251452d2f76b8a508b1c314e9e2878d06110c2d34091d44dcf2cc0a6d,2024-03-27T17:48:21.140000 -CVE-2024-20304,0,0,c81c59bbb63e601bfa646562deea72e7dd1914365cb99e33e3b994f42ec36c07,2024-09-11T17:15:11.853000 +CVE-2024-20304,0,1,3812936275e0a166362c6d7eaaeefb6bce56f66dc1bd8b9bf9cb5cda78792939,2024-09-12T12:35:54.013000 CVE-2024-20305,0,0,e4850a7e4dfd71e4153c0c643b6c021aca041e6b1000ad76e287dea34422e456,2024-02-15T19:56:38.910000 CVE-2024-20306,0,0,a55540a2cb6844d768b14dffbabe4bb78cc3a5c4d9558b64001a5a52e8d62bc6,2024-03-27T17:48:21.140000 CVE-2024-20307,0,0,c9b1980d050b3fffe9b920134a5cc15d4bc4342c9015ce0f25b18451c8603eb9,2024-03-28T02:01:21.693000 @@ -243144,7 +243152,7 @@ CVE-2024-20313,0,0,96b72ec3ea9a86485607e2ffa69836dccdb51202f4c2887cc83e951c773db CVE-2024-20314,0,0,a98784f9bd6648b4e9213d024554c4bdc3787c88a73e5444218360086545b280,2024-03-27T17:48:21.140000 CVE-2024-20315,0,0,5caa6584a9f7867d452c644b063cd61c8678e63915145863d235ac082ed1caf7,2024-03-13T18:15:58.530000 CVE-2024-20316,0,0,1089bd3d53e5b2c49a8770723814eaf98c1e5899b4afab359e71b3645406a923,2024-03-27T17:48:21.140000 -CVE-2024-20317,0,0,6e2eb8d9bcdbc36d8de5a50868e1939589475ce2099972b46e78215da0825b22,2024-09-11T17:15:12.043000 +CVE-2024-20317,0,1,669b143dbdcaa85e2b1322632669051074327ab943b5c5aec98dcf35c1b64a00,2024-09-12T12:35:54.013000 CVE-2024-20318,0,0,41adde3fb857f9cea03517c6a4e2f4dbc032d61fb88e0a42b8543d819f5a2d70,2024-03-13T18:15:58.530000 CVE-2024-20319,0,0,0a1466563a9818d205ff8725c3cf2a5afe9d75f3720a76315e91f8e81770c747,2024-03-13T18:15:58.530000 CVE-2024-2032,0,0,6c9fab941a4b444e93407737c1e5c294d8f201f8109308d2a41aae9e970336f2,2024-06-07T14:56:05.647000 @@ -243165,7 +243173,7 @@ CVE-2024-20335,0,0,3ae82e4e51ce7dc67e890bbf3242dddc369bcec5a9c67ccb96545dde173de CVE-2024-20336,0,0,7da9174c756054acc761610c3354924a4d132dd65f90fcdc8e0995c2dbe104c8,2024-03-07T13:52:27.110000 CVE-2024-20337,0,0,a7c8d58b2276bc115bd59fc582b798a8fadaf5ed39ee4effba6490a0740366a8,2024-03-07T13:52:27.110000 CVE-2024-20338,0,0,510c65881ff77bd5a9b4264c80e30939b8e2e91bda87ae599bea8187a8352e74,2024-03-07T13:52:27.110000 -CVE-2024-20343,0,0,043d69c8ca4526cdda0ef9461650b14c7ec5cf70175bc87e6b29f97c78e518c6,2024-09-11T17:15:12.223000 +CVE-2024-20343,0,1,6d459c359b803056556eafa204a9c75c219dfa0e37ccc8515b9843ba8c10d3de,2024-09-12T12:35:54.013000 CVE-2024-20344,0,0,0c95d8c456a266581d87105f2300bfe021552d9f4a6b780624736cdaf9bbf776,2024-02-29T13:49:29.390000 CVE-2024-20345,0,0,e5a5f742b4ff4031a273ec9fe2b2ad050940d29d6b880414ea07f31d237eeb39,2024-03-07T13:52:27.110000 CVE-2024-20346,0,0,e4704ca0489e4b87a71ea5f4cd06c08893e2d13b9b7afaf3042bc49437657528,2024-03-06T21:42:54.697000 @@ -243194,24 +243202,24 @@ CVE-2024-20376,0,0,616e740c2ab9d6be811f96c68e43db8bad88fc7cef9833f2acf95234fb3cc CVE-2024-20378,0,0,1d0c211142ee7b64cb979c7d6fe81a8dda4cc3d613763c0904f9ebf5643e5461,2024-05-01T19:50:25.633000 CVE-2024-2038,0,0,84783e34583c406994ceb062343516951516f0b07f0d721026ee845e3108d0ec,2024-05-24T01:15:30.977000 CVE-2024-20380,0,0,ed7ad99e229e06574506624c01ede2d6fb857cd8a1e722ec6a335ed1ef4a76e1,2024-04-19T13:10:25.637000 -CVE-2024-20381,0,0,702ad492819ac5969cb3884f7ab92b7cd4afd761a6b22adb92235c695282cdab,2024-09-11T17:15:12.403000 +CVE-2024-20381,0,1,206ca6b90b48001500d951647099fc1ca56b0d1770630ec5c7fd8591f92f83a7,2024-09-12T12:35:54.013000 CVE-2024-20383,0,0,3adbaddaf4554eb7166804e65fe9fdbf83fea813b82dd738821e310951cf1618,2024-05-15T19:15:07.900000 CVE-2024-20389,0,0,160949b8c6cf6fc5f7f18a2471e2354fcd0f701247dfba3a85f25095732dcffa,2024-05-16T15:44:44.683000 CVE-2024-2039,0,0,0fb3eb6d9df1cb8dd04206e4fde20555dc794b24595aa985157932f2a933450d,2024-04-10T13:23:38.787000 -CVE-2024-20390,0,0,c77b77364307357fd7d3b4b2c2eba2d20af5c82b0498cc5e9b37168e7ae566ce,2024-09-11T17:15:12.613000 +CVE-2024-20390,0,1,5a2907cab8e9bf15e845ea050c44bed3aeb43d2fce6592a7a3404a48f7d61dbb,2024-09-12T12:35:54.013000 CVE-2024-20391,0,0,901fcf36cebee039d4f38edb4044ef84c4f44829a18fc236320c17fd1b5f7286,2024-05-15T18:35:11.453000 CVE-2024-20392,0,0,94a9ebb2bcbc95d69522cf1a691e2eef5f012e7892caae86240bb4af40e4b8c2,2024-05-15T18:35:11.453000 CVE-2024-20394,0,0,ef9256f36e7609b8b050262ee885b4f4c47119c80c5a1a8288a0a5eef0d4f23d,2024-05-15T18:35:11.453000 CVE-2024-20395,0,0,28ce7d382757f62de6c6fa8be8ab2c7d5b7fe481f67f112d437fdc5648f5ed0d,2024-07-18T12:28:43.707000 CVE-2024-20396,0,0,ab24e73adad18da7437bdd92525b27eaf5bf0f1df88229897bcf01b790a24b3d,2024-07-18T12:28:43.707000 -CVE-2024-20398,0,0,3138dc9c462ae8906df5a02dad80d95e549797bd07ee7b36fd039415c91c8739,2024-09-11T17:15:12.860000 +CVE-2024-20398,0,1,e5f8f1014ec093b19c3aee1e58f0d383406da3978da2e5e7f51f4a4a4493a0ae,2024-09-12T12:35:54.013000 CVE-2024-20399,0,0,1658084bea8e53da217e51840f29eeda502742ddfa8390e457cdfba97449b979,2024-08-14T19:41:18.033000 CVE-2024-2040,0,0,84818b4f00c676396e69702449b7daec96ba4021835b05a5adb074a919ab8480,2024-07-08T14:18:10.367000 CVE-2024-20400,0,0,e22f5359b4eae3d1123c96473d077f1ed8cfcffe9256c923e22249fabd71dd12,2024-07-18T12:28:43.707000 CVE-2024-20401,0,0,4e570494182ec3fb0c9186b46f7948499e59b61e9f8ec1f0ca5200f010002753,2024-07-18T12:28:43.707000 CVE-2024-20404,0,0,9ff8f593f71d4a0ff7aecb6b668971610942799ed16450e68ad59cf7f0b9f5af,2024-06-13T20:25:46.837000 CVE-2024-20405,0,0,2fa5b4e65c2f399507a2e57227d51876c94b3517d024d761ea8ec8bc4f4a8a91,2024-06-18T18:04:04.497000 -CVE-2024-20406,0,0,78a6fe8d58c22cca81f92a693391c0082e148c928a904ffde9862234366a5518,2024-09-11T17:15:13.040000 +CVE-2024-20406,0,1,01aaafe449ee420500b1edefdacc3ddc2b6232e6350a88c752467bf1ed2b3c7d,2024-09-12T12:35:54.013000 CVE-2024-2041,0,0,7b4fc911113d944c485bed2a7f958b069e0536bf197811dc0e3dcb8018df3bd7,2024-05-06T14:15:07.747000 CVE-2024-20411,0,0,4f003e5090f28bf95bd35a4fbdae5180d9a8ba20c425549807eec3131f67ce95,2024-08-29T13:25:27.537000 CVE-2024-20413,0,0,86bcdec57862054505f9b68ddff1575eb21295556bb50a8805e2f8ad7064ffd1,2024-08-29T13:25:27.537000 @@ -243238,10 +243246,10 @@ CVE-2024-2047,0,0,65f16d2420b90c918e9e57877aac5f0440eb772d779ccbd58288e6312f3c80 CVE-2024-20478,0,0,2552b4b9bbc0a5cff57b3b8f7e9d97910094a88aceb9d33bb06e1a51f9db4e5e,2024-08-29T13:25:27.537000 CVE-2024-20479,0,0,ced5b461eb6ab05478119ddf8b399bbc19a6ff248adc19d6fde8eab586c6db76,2024-08-23T15:14:45.913000 CVE-2024-2048,0,0,3fe9d949673d5eedf190595df45c4c7d30c6a66a4722ea0631f740f815dd3cc0,2024-06-10T17:16:25.067000 -CVE-2024-20483,0,0,382c7e08932bc55d7336d4cf219f002a6fcc23f3238e2a33adfc1d894c7fc373,2024-09-11T17:15:13.213000 +CVE-2024-20483,0,1,c3aaa012ac8e934bf0fa344f4717405eb9a54f40a1dd6df07175cd5998974e08,2024-09-12T12:35:54.013000 CVE-2024-20486,0,0,1ec7a6c2a991b67e11827b3b316fed30b5b5340988b303f9088e0f10e2e894f9,2024-08-22T12:48:02.790000 CVE-2024-20488,0,0,b3c319abc05ee7d52fc498f08ba4c2d91fe7b6f1527a7957b5c4a113170ee559,2024-09-06T17:18:11.813000 -CVE-2024-20489,0,0,2a2d28f1204394aee3df442469d4f9fedc612c0cb0dcbe5bdc6ab8bd5d219374,2024-09-11T17:15:13.393000 +CVE-2024-20489,0,1,21cc73253209554f6b4b15a9223bc3f2b9ae3b7c0f2dd8d7b8823af1edcfee1e,2024-09-12T12:35:54.013000 CVE-2024-2049,0,0,398a9eaf0287296877598afba029844504bbde28a3270479d8cbbb594cc11b40,2024-03-12T16:02:33.900000 CVE-2024-20497,0,0,422eb4ecec5d7dd92ef5d49505af3bc2f0e220b53f5fa76471b6dd3d460b94cb,2024-09-05T12:53:21.110000 CVE-2024-2050,0,0,309a92deb7dc6d1c9b389273f8521ce493fa3e8c536f740883081c4cdf858e77,2024-03-18T19:40:00.173000 @@ -248182,6 +248190,8 @@ CVE-2024-27317,0,0,c4936bf6b1ea8eb440227e5af31c10ab09a9d8539bf9187002383935723d4 CVE-2024-27318,0,0,bb1e039cfeff54678be2a3d7675b064a42975817bdfb0398be1540195f1fd295,2024-03-30T02:15:08.007000 CVE-2024-27319,0,0,198bfb473ae5c4a00a4bf458aba8771a9487b41224f35d4388056e6f7ba27f15,2024-03-30T02:15:08.090000 CVE-2024-2732,0,0,59c41b28a53d51de59243e9e076d0b70e0706e7684df1ed7a61104bd5a3689d1,2024-03-26T12:55:05.010000 +CVE-2024-27320,1,1,2a7b0f2c21153f3ba9baf90c95c5fb332577b954dcf916eae94d45ededf1a44c,2024-09-12T13:15:11.987000 +CVE-2024-27321,1,1,9066b29d47490e2527102ea2c6e7141b9dd14f25801131f64029670903aa0714,2024-09-12T13:15:12.267000 CVE-2024-27322,0,0,b770b9d962cb08865ef72f437565bd0d77dc69db533af805410b12f466305679,2024-06-10T18:15:28.103000 CVE-2024-27323,0,0,69807669535ca94b03be7000671f196786b1f00fd0db4b0142b97dcabe39642e,2024-04-02T12:50:42.233000 CVE-2024-27324,0,0,bd68fc610631d765b504e2eb0f9c966837d653f843cbd0dbbbd7151aba723966,2024-04-02T12:50:42.233000 @@ -249271,7 +249281,7 @@ CVE-2024-28977,0,0,595331eb11b0123839e916f01746f57387cac5ac57ba95b8bd9b5a83f3c74 CVE-2024-28978,0,0,4f3d3e4cd04d1637d7e0c8567c10bca3a3eac8362091f1c3bdfba2d85e114338,2024-05-23T19:05:13.353000 CVE-2024-28979,0,0,94e9b6c95a24be8b1cdd5a15709ed8083c2893ee5b5273129b8771382be39a15,2024-08-20T17:15:18.597000 CVE-2024-2898,0,0,7dabbc345008f13b8373a1a2d71ee4344db041576d9ae3f0290950d4a3a3f396,2024-05-17T02:38:36.130000 -CVE-2024-28981,0,0,9653dc34d12aa2b44f0cafc6ae261b4e723559262fe0a212192dbc61916dace6,2024-09-12T00:15:02.127000 +CVE-2024-28981,0,1,cd4c5692c9a70928a3c82dd2dfe70b15e0b1849d79bf5c6ce297f02b6b1c1728,2024-09-12T12:35:54.013000 CVE-2024-28982,0,0,4cfbf3591cf96f37013314412d2a968313b4953b63ec28142d546cf8f6808f7e,2024-06-27T12:47:19.847000 CVE-2024-28983,0,0,57b7369f9816fa1a55923b116dcbb27a793b7aad06b7761c68b9fcd8c194e8f4,2024-06-27T12:47:19.847000 CVE-2024-28984,0,0,276bc8c54cf8ee7419930c3e9177a9acf5146d6167c989ef6d1387fafadac995,2024-06-27T12:47:19.847000 @@ -249787,7 +249797,7 @@ CVE-2024-29842,0,0,77cf514c0b32e2065b42a210e85de1b3dd1fcfd9ce78ade0fcde1fe2e668b CVE-2024-29843,0,0,41804c6878fff306ad535908f3d209167ac225d5623d60cea113e3286e770f48,2024-04-15T13:15:31.997000 CVE-2024-29844,0,0,3495725dc250eb1949854b406c5dfcbd5242a9c1587751d7036922a17379ddc0,2024-04-15T13:15:31.997000 CVE-2024-29846,0,0,ecf705f8a3f3d5200a5c3119a1c5f5c4508879a9b659519aff9f7061bee1cc64,2024-07-03T01:52:46.270000 -CVE-2024-29847,0,0,d0b693b795a37e3d730effa145272655aded576c72c5fad65edffc40b74a3715,2024-09-12T02:15:02.077000 +CVE-2024-29847,0,1,b26a8341cd380578fcf157a96533b4f6eef0d5b2064430632ceabcfe942193d3,2024-09-12T12:35:54.013000 CVE-2024-29848,0,0,572f203a18b60b1fdf8b35785afb572e4ba27bc9b1677d0760a64742aa875c84,2024-07-03T01:52:46.980000 CVE-2024-29849,0,0,072b0476443be0a966db74d66f638a80778dd162866abb6662b51c636fbdf995,2024-07-11T15:05:34.760000 CVE-2024-2985,0,0,eccd7e0304328f19c740fa6917e6be8e07842d176de854a8967fc91747386345,2024-05-17T02:38:40.683000 @@ -251168,7 +251178,7 @@ CVE-2024-31626,0,0,6d48ca244a7fb039538d6e9b26f71170e207ffafb08843b89ee3ec2f370dd CVE-2024-31627,0,0,5c857ff477019105381749492d85a34695636b9db0c5f4e905fef7028afdac5f,2024-06-05T17:15:12.817000 CVE-2024-31628,0,0,d1e1002cfeaa20bb2521d6174b8a95169d4f2c09dd222e852d091ee789ef0ab3,2024-06-05T17:15:12.890000 CVE-2024-31629,0,0,553c81e4d5a1720d369cb037cd3d3fdc00a0ab2d6da0b4add50845296fba4630,2024-06-05T17:15:12.960000 -CVE-2024-3163,0,0,174abdcc9978344f04f1da65a7753af1ea6cffa4df2b8fac0f8361f34430be11,2024-09-12T06:15:23.607000 +CVE-2024-3163,0,1,43c8667f435158152c29c7936fb6d57a493be990a83d53d2cba112f793a62768,2024-09-12T12:35:54.013000 CVE-2024-31630,0,0,2bd16e3fcef7bda0b7ed937f45148dde60c59ea9d09224ef4dc76dc8aeb1eb7a,2024-06-05T17:15:13.040000 CVE-2024-31631,0,0,189299e833a9bdec5625f34c9b7af7b60646f6c7b2cd4586dea999ec400d5e00,2024-06-05T17:15:13.130000 CVE-2024-31634,0,0,cd6336332928e139372eaeb7f2fa7bd12555d147721492304ddeef71595ef37a,2024-04-16T13:24:07.103000 @@ -252030,12 +252040,12 @@ CVE-2024-32833,0,0,b251b4f8fe4dba495c950e90dbb25a178e9b5789b8f999b1d382e6170a624 CVE-2024-32834,0,0,97599c5c014b164caaac46faf02e3adeddddd6e841bed406870b8707da4aa493,2024-04-24T13:39:42.883000 CVE-2024-32835,0,0,fc292842100527900bf0d1c703a8349fdd7fc48d6ac327e0d92cfb86815d727a,2024-04-24T13:39:42.883000 CVE-2024-32836,0,0,c5fcecde1d31672603e6b98cee8f2b00770cad10996bf26cae90650302e2a97a,2024-04-24T13:39:42.883000 -CVE-2024-32840,0,0,37cb042ab4ff19e2edaf2ede92cf81d43d6b00f6260067eabeb72131d0c06536,2024-09-12T02:15:02.257000 -CVE-2024-32842,0,0,022736960c8fd9514adbf434cf6302e4ec53fe6dd92f31fabede9f3169550938,2024-09-12T02:15:02.417000 -CVE-2024-32843,0,0,519d286633e1fa57d04a38a468e1507b9466399577f27991373bef0845d35fab,2024-09-12T02:15:02.567000 -CVE-2024-32845,0,0,8b98fff66f2844546ffb369912143f7f1fe21947c08ff6a107b487538aac4fa6,2024-09-12T02:15:02.730000 -CVE-2024-32846,0,0,7f5b0ec23e6e7ed20ac09b9052b25c73fa5f8ae6ad9479986ca9866589ddcb5b,2024-09-12T02:15:02.883000 -CVE-2024-32848,0,0,7376102a8540c0dc27b30618a228258f98e7acc18368346eb11d77f8efe9bbb0,2024-09-12T02:15:03.043000 +CVE-2024-32840,0,1,06e06b5eb4239c6256f752393f68eb215d7842c6527561707491f00e8bcb47fb,2024-09-12T12:35:54.013000 +CVE-2024-32842,0,1,d62ce5902036537eb9ba13c23c85e05959ce2df74ebf34d9f2f2b26504e11f85,2024-09-12T12:35:54.013000 +CVE-2024-32843,0,1,b642c45981eded474f58c0faa20cba13174975e30a184c078b7cb92ac92ff990,2024-09-12T12:35:54.013000 +CVE-2024-32845,0,1,869193be8a9fccf9dd4a6dbd3e23db9648b8356d85633e8da0c92b88d43dbd51,2024-09-12T12:35:54.013000 +CVE-2024-32846,0,1,9c7a8d4212a6040e6df3a3ebad285ddc1aa99dcc7a216bf9700a7967c5a957b7,2024-09-12T12:35:54.013000 +CVE-2024-32848,0,1,07a091e11d71d1790d91f6d72bb19d29e49c2d3c63220062e559dc1998fe60b5,2024-09-12T12:35:54.013000 CVE-2024-32849,0,0,2dff3f0f8458f9bc03b8b89ff3ed496d4d9a414f0ec65647eae66f330eefae8c,2024-07-03T01:57:09.160000 CVE-2024-3285,0,0,1ef5c367ccecf316e1895071bcc508779dcf2b19a0822ab0b89afcd5bbef04ef,2024-04-11T12:47:44.137000 CVE-2024-32850,0,0,4f078b72cb56eb731f7f52f47246fffeecf7a87d9cac03b2c1a5c91db75a028f,2024-07-03T01:57:09.843000 @@ -252224,11 +252234,13 @@ CVE-2024-33043,0,0,e440b5c9b2a1727157025810ce1b92ddb45351842873f98e286f1378d612b CVE-2024-33045,0,0,c750be85f91783e59cd18e60c65725c2f8e2b0f2771fc29ca9f691ba1ec0dcfe,2024-09-04T17:20:55.297000 CVE-2024-33047,0,0,cb0eb88ac7f41a9c98cf0d3c8ebd2b1f66d8a5c56732d8ae21823446d39c74ab,2024-09-04T17:07:31.877000 CVE-2024-33048,0,0,f9f67875b847da24eb9cf137e9f097d769cd7f8f3d65d24eb4619818f972d900,2024-09-04T17:20:01.083000 +CVE-2024-3305,1,1,251398717ae2254a59cbeead3f799008299adeaca2d285c27ac98c93b3ee0c17,2024-09-12T13:15:12.540000 CVE-2024-33050,0,0,90923f1d1865d88057676c94e2b893aea7270f8731add142aed38ad6597070db,2024-09-04T17:07:13.930000 CVE-2024-33051,0,0,1fd409b2ba830a4d68baa6f497a6e4704a55e16bd6f855473d9753382be831b5,2024-09-04T17:18:10.950000 CVE-2024-33052,0,0,13554474bfa747d124854139f3134a9830507865a3c50c094520491b9689b9b9,2024-09-04T17:18:07.783000 CVE-2024-33054,0,0,67fa57bf4b27f2520026aaaf6b13807e21cefd1307528e92c6c6a61d930ac6dc,2024-09-04T17:06:47.337000 CVE-2024-33057,0,0,fc38afeaa7486b0a5aebc4f1315319ab783e3abf0a4193027aaf853eaf32aed0,2024-09-04T17:06:24.843000 +CVE-2024-3306,1,1,6f9a634d3680e97b20d52c7ae28c2763cd7c78646c333eb5459268e42750dfbf,2024-09-12T13:15:12.767000 CVE-2024-33060,0,0,8e20f230158ec785e72e303f04a05aee62188eb8b143d335c7e1363dc54b78e7,2024-09-04T17:06:08.407000 CVE-2024-3307,0,0,de2078d32c9fd66ca1e329712579640346be35f0240807faa106038aa71fb05f,2024-05-02T18:00:37.360000 CVE-2024-33078,0,0,32899b4391f10b7cbfcaee5abff907eff95c8894218149b7342d82053a7e337b,2024-08-01T13:51:41.723000 @@ -253389,10 +253401,10 @@ CVE-2024-34771,0,0,452ec502adbdf587176d97ed478a2d6f8beb3a64c98f7d59c911ddec3954d CVE-2024-34772,0,0,bf5aa55974c4947b2a40ae851f7aa83dde7195e97317e1244709204543c5bdfb,2024-05-14T19:17:55.627000 CVE-2024-34773,0,0,100b1cb449b7ae251f86bd995ac4446f704b2d5bcbff0a59ab0bc97995491271,2024-05-14T19:17:55.627000 CVE-2024-34777,0,0,47369db5c522c34e9489779523e2c10406821ae54d821b2c269278d042fde193,2024-06-21T15:58:51.410000 -CVE-2024-34779,0,0,82abb7621f16163a571fabb10b05c82d1809735242ea9af057a53e053b4d5357,2024-09-12T02:15:03.207000 +CVE-2024-34779,0,1,e7ed8d9f6ffbdd69994127868693950e3b4ab2284b442fbebdc86425e83522ff,2024-09-12T12:35:54.013000 CVE-2024-3478,0,0,d6058a0e6db67f9fedb470e62fc4a04776cf84b327b4bd61639e707b408d963f,2024-05-02T13:27:25.103000 -CVE-2024-34783,0,0,6ae0d592d02d28b348c164612bdb7b68922ada43207a547c303446d710180f73,2024-09-12T02:15:03.380000 -CVE-2024-34785,0,0,7e3201031b181eb39e3316c33987ab862810ddd686b9c8426c16e6621005c6a5,2024-09-12T02:15:03.540000 +CVE-2024-34783,0,1,5596401a4dd61b9640d2c040ab1cac99f80b42a12698bd7241863e95b0a5e2b0,2024-09-12T12:35:54.013000 +CVE-2024-34785,0,1,225564c41a11639bea93cc57e5af6c8fad2e4ca2e4f56ffecff04de3b011ffcf,2024-09-12T12:35:54.013000 CVE-2024-34786,0,0,7e8cb80185704202113f9da64eeb79cd413e4b998d966b2b2f4137b8800de467,2024-07-09T18:19:14.047000 CVE-2024-34788,0,0,d3400f02a32ab882f9673e171c113d7d87e605c008eb11cc936f5027941a3e18,2024-08-12T18:52:25.127000 CVE-2024-34789,0,0,4f72636ebbc4b0b39015d14b70eb26533195de09d45d80202a2d9d74dbf95795,2024-06-03T14:46:24.250000 @@ -255187,7 +255199,7 @@ CVE-2024-3739,0,0,ba8b07349fdcbf4927f1d53be7924c0ba58d0f09900d65fe34757229d7b34b CVE-2024-37391,0,0,e99f92be626b4b841a6b299b2728912f45fefbd409010bfee05135471d62af01,2024-07-31T18:33:47.383000 CVE-2024-37392,0,0,0ae8929f71fb71c8f43226023298d80c9dbf69da2ed93f7866d1e406015cec5e,2024-08-26T12:47:20.187000 CVE-2024-37393,0,0,b93d796f3c4283b87dfd22c20f36a8116f582a381c44650f39c5ea43e6b806f2,2024-07-03T02:04:18.707000 -CVE-2024-37397,0,0,04ffa70ca79eeae4eac9efbb835a89631b9eb3e73a0be46d757fde789af6a64c,2024-09-12T02:15:03.700000 +CVE-2024-37397,0,1,e28ecf750b1a64b152fab72c441f5ab495b59012251cdcf0bc040b79f6ddc55f,2024-09-12T12:35:54.013000 CVE-2024-37399,0,0,308e730bcc199d112d6cfe8bdbdbf7120fa96451bfff020b7962dbf1afddf5e4,2024-08-15T17:31:49.067000 CVE-2024-3740,0,0,cf4cd6bcfe639a4f771a19ddc36f820864da86f0d9d9f91c68694d8633fab251,2024-05-17T02:40:06.170000 CVE-2024-37403,0,0,82a2fe28b07e6e9fe5e86dff02fa8c242d19ac626eea029ca875aeaf76338b4d,2024-08-12T18:55:15.890000 @@ -255737,7 +255749,7 @@ CVE-2024-38218,0,0,d8154113c709876f61605539852c344572b202f6d86619699565b8c3f572b CVE-2024-38219,0,0,34502e067fd7412232e3cff9d01123fa667f329fff13204df696956cac257c32,2024-08-29T14:45:17.383000 CVE-2024-3822,0,0,51b0f82a9028abb2f3a6ab312236a4c8392000a211092257ada320c541b18cc9,2024-05-15T16:40:19.330000 CVE-2024-38220,0,0,75d1d2b4a4c084fa7a781cee5622397ece32cf08d890075be7f73458ef7b79aa,2024-09-10T17:43:14.410000 -CVE-2024-38222,0,0,01a659a7a746e1c47c2e017141da23edec35ae72231ad2739f22985bd179cd5f,2024-09-12T03:15:02.983000 +CVE-2024-38222,0,1,aec7e2fad4827207c36069caf1f8b3f6a2b5c3bdd7b1b16fb24debea97181ddd,2024-09-12T12:35:54.013000 CVE-2024-38223,0,0,bc14ce3f021016f5d7fdf26984192d7afd912fddeb21523c067e8db2fe7a06a5,2024-08-15T20:18:28.240000 CVE-2024-38225,0,0,9fef32ff53f02aa8c1358c50b31033ff2c3e33337edda025b0788ca47e24a0a2,2024-09-10T17:43:14.410000 CVE-2024-38226,0,0,4bf5fa6111be97c9b6ca9705aef4b23890b24164017bf51690e04459d4fe4310,2024-09-12T01:00:01.133000 @@ -256010,7 +256022,7 @@ CVE-2024-38573,0,0,ca8898dfb11b5dd535a57345209c5053ecbd565ef57ea10dbb17683dd19ec CVE-2024-38574,0,0,6afdc30adbe5999044de1cc76d2cc76289f74910e8879e6f74197c6ff1a2b954,2024-06-20T12:44:01.637000 CVE-2024-38575,0,0,2bb1d17f38c40f1a364165b77b7ca5fceadcc7cb4b05f83746adb6eb31d29aa9,2024-06-20T12:44:01.637000 CVE-2024-38576,0,0,2236920d60064e661a944c733eb2e7966e7c6fdf3b15109d7e99a4086a362b36,2024-07-03T02:05:14.340000 -CVE-2024-38577,0,0,4c84519c5a14d83bf1e1afda58945cc2b4924597691a0e5a8782c751132e779f,2024-08-01T20:13:24.763000 +CVE-2024-38577,0,1,1efc1e7397f24359bd6439871f08b63ff432bc413f747234aacf9ee77a51c8fb,2024-09-12T12:15:47.620000 CVE-2024-38578,0,0,59aca8de5dbd59caa444dd7e2a1cba02589d14b7e716ca8b1544730c92701d84,2024-07-15T07:15:10.620000 CVE-2024-38579,0,0,b473c1338d077f4b1eb5b907c1fe49edff8282b40b79f122f252878eded18e82,2024-07-15T07:15:10.703000 CVE-2024-3858,0,0,dd053838f3e277a81d969816e65a4f781c68054bd6d54d527d61add36147e05e,2024-08-22T15:35:08.807000 @@ -256633,7 +256645,7 @@ CVE-2024-39583,0,0,2595854d2609ec80581d5c8e20bd16c50016792474e66d9b02fb6dca96d25 CVE-2024-39584,0,0,1d0a6aff0073f4836d9654764326ceeb368acd09f92344e463ab3214871c70e5,2024-08-28T12:57:27.610000 CVE-2024-39585,0,0,d477ac70d70122b93a30d70fba939fc56092d9a6275e57b99e3a0b2a412cd216,2024-09-06T12:08:04.550000 CVE-2024-3959,0,0,1ce1302f5c536ae0ba1596a30e53c3274b88d91eb780326b1103788329e8cf86,2024-06-28T13:21:52.223000 -CVE-2024-39591,0,0,6df5bfa73938e4812212735bad6342100faddf79ce461f960eaa31dba3eab077,2024-08-13T12:58:25.437000 +CVE-2024-39591,0,1,7234f5f72639a034d956dd5df541035bcac3a09d36d7ba9ed10f23ab4dd7d7f9,2024-09-12T13:29:47.207000 CVE-2024-39592,0,0,541b14c1914f7693bac69344218050bd21bf7511f9226d6471041f73dd5bbff5,2024-08-29T19:25:41.740000 CVE-2024-39593,0,0,f64d4a9107e758157cf94d8020a15d87354768c39cc9030a607faa8c819f82ce,2024-08-29T19:08:19.200000 CVE-2024-39594,0,0,637cf3efe25f76e3f7049bdd8fb7c900c50753635b8417f794e35a21a4031116,2024-07-09T18:19:14.047000 @@ -257730,14 +257742,14 @@ CVE-2024-41727,0,0,f64de623c1f3cae418235db50af8da33c1315446224a7b8505bd8fc5343d1 CVE-2024-41728,0,0,a44236b8b8381750bb6b36d92fffe5b7b52d9e26a485ce4cee57ecc37824df44,2024-09-10T12:09:50.377000 CVE-2024-41729,0,0,d9349e4b0c516aa096dba9dc989576fef69f0da894dceaf82929700fdd5be9c4,2024-09-10T12:09:50.377000 CVE-2024-4173,0,0,47f39f3e8e603eac743ed4815cd724decf015716a2f0d9c17daf4d8fa3affc2d,2024-04-25T23:15:47.240000 -CVE-2024-41730,0,0,c3a91737f2e086c1acf47dd27a2418a435b72c75c0ef95092d81c10a62890c2b,2024-08-13T12:58:25.437000 +CVE-2024-41730,0,1,296c1e90a2febb31a4577a14bd16083e2ebbad70f0cade6d819cb4026c6b3f0e,2024-09-12T13:56:51.237000 CVE-2024-41731,0,0,4126cd0c30302e9c7380ccee1e7323dc125073bee521b0d7988e30a845f2e7bb,2024-09-11T17:48:18.073000 CVE-2024-41732,0,0,e2dca567214be5568571959773e28599e7cbcbeb041ed41e27c6a914c5581a4b,2024-09-11T17:52:39.477000 -CVE-2024-41733,0,0,2e82423ecd8cb4f19fe185c00259d9cd1bce193133bcb8ac21493cc978360656,2024-08-13T12:58:25.437000 -CVE-2024-41734,0,0,224d2e0a7bbc404b129603d7c555b8e66b4f04376b8e767df63ae5e4860b78d2,2024-08-13T12:58:25.437000 -CVE-2024-41735,0,0,080743ae5a1f74ca45d978f62e415018367343d9c85ec16e323a0b3ff4c5e068,2024-08-13T12:58:25.437000 -CVE-2024-41736,0,0,f2a823ad05b0f6cd0c553d4ba2de9dbd6c2814d1af726d26ab7273e76db32934,2024-08-13T12:58:25.437000 -CVE-2024-41737,0,0,cf13d3fbe78019377baf4b50243ed7d84e2b4c1551cf97f367c466ec2bbe8bca,2024-08-13T12:58:25.437000 +CVE-2024-41733,0,1,580e8b247709efe1a8ff885341c8c65c8c2e5300f32e52fc4252f7a3d8a36a32,2024-09-12T13:55:49.880000 +CVE-2024-41734,0,1,ee1445b5a6c50fe46a456bea41ccb696f4523dbb75f2650033b52fcf021a5cf7,2024-09-12T13:28:03.450000 +CVE-2024-41735,0,1,9b1bcbea87f6f37440d1c449d6340c711ae945b18c9cda4029f4e601f348537e,2024-09-12T13:53:32.993000 +CVE-2024-41736,0,1,f12f0374fcc58eb9fac9e1d169220d47e16a0e5ad6c2e28256d8df041476b834,2024-09-12T13:51:42.727000 +CVE-2024-41737,0,1,bcc2c31b9f08a899ad8c6d2953a09d2c0889e7eb08f1011b3147192ea690de38,2024-09-12T13:49:41.953000 CVE-2024-4174,0,0,e168dfb28a2573f66b3120de326c0954bda564c12e3831aed75de7f1338d3089,2024-04-25T13:18:02.660000 CVE-2024-4175,0,0,2f40401bb337bcc37138495e1928fb4d762f69fc829f768d707a278e8a423e1a,2024-04-25T13:18:02.660000 CVE-2024-4176,0,0,2a1e283cc95c7d3d47b09f457f96512613ab4fb1878e9b333c02ce78f75d8385,2024-07-15T16:43:04.163000 @@ -258080,7 +258092,7 @@ CVE-2024-42242,0,0,76feb11ff1b64882ae98cb05d8fee01154bb93b05ad0f7b74505099ce9d0f CVE-2024-42243,0,0,a100e682d084e1c9afe0b29d6e1ddb97769c71cbec41adefbc9f2f46e71c060a,2024-08-08T14:53:35.073000 CVE-2024-42244,0,0,8350951c1f121df7fc6c6b2a03b5a60ecd4b9bb8d83190ea911de7a8506e77e9,2024-08-08T14:53:27.147000 CVE-2024-42245,0,0,fcb264c29551cd3e5d6115618e13535ac0249a42a696c4e8493e8f7d1f5c12ef,2024-08-08T14:53:19.530000 -CVE-2024-42246,0,0,da0158313668d0853864dbfeb7b41dd897a00dbf2d1500f2de975e9a95c1bed0,2024-08-08T14:52:35.353000 +CVE-2024-42246,0,1,e8948480e21000a4ac46c6a85c452caaee9ab5f09793bf14eab70cafb762313f,2024-09-12T12:15:48.497000 CVE-2024-42247,0,0,3e8b3f558d251c3978924ee255c30e74df6492b1da5085ab4e636b80775e9831,2024-08-08T14:52:25.213000 CVE-2024-42248,0,0,a4c871a843ec4ebaf7266331bbf45bb853808d9d58017b146752d4bde19f2c1f,2024-08-08T20:55:35.180000 CVE-2024-42249,0,0,273d2e61a1b49951ffbd8c20389c9c76559ac159ab90b5fda4da3c7651f4a6a8,2024-08-08T20:55:25.943000 @@ -258202,11 +258214,11 @@ CVE-2024-42369,0,0,2db0203d9e1c9ed86d7e5fe91c7527c5d07f66504aa58aae16d195697c2be CVE-2024-4237,0,0,c38818d0c288b1eec57a9be9e655b05254cb3f3487787a1ecd91e69d9c20b38c,2024-05-17T02:40:19.580000 CVE-2024-42370,0,0,62e839a91edcd64bb21dabf32c60522dd52dc9540883662a6d8c03c0ecbecadd,2024-08-12T13:41:36.517000 CVE-2024-42371,0,0,f8671ba77e17492262f6b6323bd0f75755bc55999a70f1247a3b42a51bbd5e7a,2024-09-10T12:09:50.377000 -CVE-2024-42373,0,0,295f57d389a740d58ca7f1197ba4847ae8998d712f5bf5435ce1e4024bfbdcde,2024-08-13T12:58:25.437000 +CVE-2024-42373,0,1,0a911f8c7b65a5ac6f64a8e43f34010f8e931ac83329dff9f7884c56f10ce33a,2024-09-12T13:26:37.753000 CVE-2024-42374,0,0,fbac271476e1e2a5530eb62b051d58c9133aff05c9b2fa9d3a5620c40d2acb9c,2024-08-13T12:58:25.437000 -CVE-2024-42375,0,0,e9725b5004889e50f9a6ac1c59e56febb5ad276cb9a721fc0c08aaaf3ebec84e,2024-08-13T12:58:25.437000 -CVE-2024-42376,0,0,c4f07b2c8269cb92583efc852c36ba8aba70348295a5eb2d011adc15b060ded0,2024-08-13T12:58:25.437000 -CVE-2024-42377,0,0,4524d9cd87be67a4dc2034064ca6271f613fad79df3daac39c5631e6926975fc,2024-08-13T12:58:25.437000 +CVE-2024-42375,0,1,f88914f78c046f57acc08161978ed742ad9df5262df6fb06ce5cd75ac24c71ad,2024-09-12T13:46:39.527000 +CVE-2024-42376,0,1,49cb2579969fc5a25e219c672f04f97a28e04aea98eaeb1b3b8fc881f46ce0bc,2024-09-12T13:43:27.507000 +CVE-2024-42377,0,1,9face528ce5b147140c71d88d734a9d4c3870323279e5a3837b9bee3a938b5ae,2024-09-12T13:42:11.890000 CVE-2024-42378,0,0,ed3c29cd04dad91d13a86cdbb0dce43700fdc4ea711c91735e1103cb6c6b554c,2024-09-10T12:09:50.377000 CVE-2024-42379,0,0,3df4e462d3527273fa2a98871af6d02d089a425040231b6521435b06449dcc55,2024-08-30T20:15:07.623000 CVE-2024-4238,0,0,188cceccdce16b8df034bef32fee010a6dd0f801c6690e1589421c7cadfb521c,2024-06-04T19:20:33.063000 @@ -258416,7 +258428,7 @@ CVE-2024-42756,0,0,ce5af71546f0263f395c227c3cfac6fe59ce60f8865d3d0ed46c37703f4af CVE-2024-42757,0,0,7f6ba25a82908bfc7acb20e761fdbba6f23f597232f39843fc1cc43949e3074d,2024-08-20T15:35:25.190000 CVE-2024-42758,0,0,78591070e9343c09b0ea814d5b331b967691862f9b02d6e8c624fb011530a86d,2024-08-19T18:35:14.237000 CVE-2024-42759,0,0,83ca77ff674de3e3917aa205efaf61575c9c366960c9df81199b2455f1152daa,2024-09-10T16:35:05.400000 -CVE-2024-42760,0,0,33d41bdde29c8d9b002d41c6d9cacf82ccb9d113c6d7e123a8e66c253c93f1bb,2024-09-11T19:15:14.983000 +CVE-2024-42760,0,1,85ab4e0edf9f9f4f30f7c0bbfa280d9fb232762dd5bc9865dc15792ebefac07f,2024-09-12T12:35:54.013000 CVE-2024-42761,0,0,33c8e57e29c80d5ab961692c95c32ec38cca8789d3650f2c188fd350c643ff13,2024-08-23T16:18:28.547000 CVE-2024-42762,0,0,72ec602fc53ee57aef43714af8d33108807c25cff9ab4122dccfb6373af1e78c,2024-08-23T16:18:28.547000 CVE-2024-42763,0,0,a111402090b60e50fe4bee869a5fbabeff40957f7ec249ab20f07b5214e58d6c,2024-08-23T17:35:06.477000 @@ -258912,7 +258924,7 @@ CVE-2024-43831,0,0,d2d2b5793f8c890b4b992408f65959bbc46269161bd855b4336fdc8262090 CVE-2024-43832,0,0,15442ca051ab0155fadf84dac6604a0024bcf8cf7f43b8779d15dbd2c77cba17,2024-08-19T12:59:59.177000 CVE-2024-43833,0,0,b30b83d76397439bef43f76504d35264f0368821411284c2b15462cf53f03404,2024-08-22T15:42:46.827000 CVE-2024-43834,0,0,76e2d6369e7d6ad23c4c79e5f16adb028cca8d18769694b501fae11b3f998575,2024-08-19T12:59:59.177000 -CVE-2024-43835,0,0,f7207f2568eff71ac42ae4cac012535525bcc9661cd039201d62360f915ce602,2024-09-08T08:15:12.870000 +CVE-2024-43835,0,1,a46066252489ca07ac33084bac581d7b6db1ff03c684ec702a7865c83c61bd6f,2024-09-12T12:15:48.653000 CVE-2024-43836,0,0,e20113b16d82c5c2e4bb122ce52a725f5444590d487c2fb8daa577de32ce154c,2024-08-22T15:43:26.303000 CVE-2024-43837,0,0,2029cea2c86194c36b6c131e1ea74e1961ace80d0c79989b0fb86fab2b65d1ae,2024-08-22T15:44:03.417000 CVE-2024-43838,0,0,aea18ddc95b4597b8fcc9d42c5f12cf2294cab2381941209a829361028b9d783,2024-08-19T12:59:59.177000 @@ -258933,7 +258945,7 @@ CVE-2024-43850,0,0,af5a8e5c81d2d7083cc2063dd97b917fab8a477ad546922bdeb0b7cb165eb CVE-2024-43851,0,0,6b377a11182d300738f6cb3fcaa1aa4d6b0f57bbe7852e35522a14ee29006899,2024-08-19T12:59:59.177000 CVE-2024-43852,0,0,e16a39e3485e6268d56a06e4f3ecc24b277dfc853c8871fb0e21f6f409c0a86d,2024-08-20T19:32:55.747000 CVE-2024-43853,0,0,3a6c96c14ae012eaed5b1ef682d62a9cbd9b79ece1f1039255ad0f2a7b3d5c29,2024-09-04T12:15:04.827000 -CVE-2024-43854,0,0,72b23f2522211646b59fb2af8abb234e4c5bc99d8683607813e7cc7231678efc,2024-08-22T18:12:28.620000 +CVE-2024-43854,0,1,943f3c79d7b420a0653deb8f71d3689984fa9a81ab761b689f2a54c06fa320af,2024-09-12T12:15:49.423000 CVE-2024-43855,0,0,b20a91fb4977616b14c0349af9fe6fdf38deab2ab7796fadba2ea00dab4f6345,2024-08-22T17:48:09.100000 CVE-2024-43856,0,0,91d346c264b1a27e13a95a79650da4390a2d02a7cc5798231b8314954af3044d,2024-08-22T17:57:08.640000 CVE-2024-43857,0,0,1770874efc8d117e3bd251f738e88729b0ef15b20bed1182b733a19e974e06d4,2024-08-22T17:38:21.003000 @@ -258975,12 +258987,12 @@ CVE-2024-43889,0,0,5465d7ffa5fc173afac72302c5033ac280f7187ac42839effc5a469d05fb8 CVE-2024-4389,0,0,ea54671e2f1f297a2bfa11e14d812b86fa7a7f36f3487a0625bc52be81ee66b3,2024-08-14T13:00:37.107000 CVE-2024-43890,0,0,822d0066e26c4794d884984a8e03a3a06f467a55da908fa8402229c4f6b6fd95,2024-09-05T18:48:30.320000 CVE-2024-43891,0,0,1c23f1bf42b54dadc6cc9129673e1e978162326fb473b5b49bcbd4f88fba9477,2024-09-05T18:46:18.440000 -CVE-2024-43892,0,0,86ff0a9f1a6222f84cf421b01facfc2f5b5a62d0de62a7fbabb393baebbfccda,2024-09-05T18:41:38.723000 +CVE-2024-43892,0,1,812cea58111e66bfe7a639c7b3451759707a135ffec31209bf0fc6dafba8a03b,2024-09-12T12:15:49.593000 CVE-2024-43893,0,0,03380463385702f0b845516f8bceb11262b313ed31f3974a8fadd31a5948d88b,2024-09-10T18:13:21.920000 CVE-2024-43894,0,0,6a944d0f551c2b10307e4d0aa1c5b1c1d9cef2ca832a7a9679c07a82b1c23326,2024-09-10T18:09:41.230000 CVE-2024-43895,0,0,79a9bdf0ce4aa3b39e8f96120c9bea0eceaefee25a6e31f739fb6d05e4c3cb57,2024-09-10T18:08:57.550000 CVE-2024-43896,0,0,9e528459b2e50d1f7ce6be809e552e51735f0b29caed43fdd44f11c615a94e16,2024-09-05T18:37:16.483000 -CVE-2024-43897,0,0,2b25f81c1149d4543feb64d1945cd77374bca366086287d738b75eb1fb250919,2024-09-05T18:36:30.347000 +CVE-2024-43897,0,1,a3720581779f061f902fffa02faf7be461be206432a41a755d03dce9fe694b90,2024-09-12T12:15:50.297000 CVE-2024-43898,0,0,b70a0322f8294223b16267a9061a592097cc320e64347a35bbaee6def942a528,2024-09-10T08:15:02.960000 CVE-2024-43899,0,0,1953a8ac8e9197ec884f1f7ed08130ca2ce11e7bc600d6d066b299186890c781,2024-08-27T14:38:19.740000 CVE-2024-4390,0,0,e7e7976abdd60c38776b1ca6e6489a541123a6d22aaefce9d02ee1d97e2bf9c9,2024-07-17T14:10:55.550000 @@ -258989,7 +259001,7 @@ CVE-2024-43901,0,0,7be8f7dc4bf09de426f00d5d02023b84d29a03cabc8ff89591749666578d8 CVE-2024-43902,0,0,c37472b064b345fa8fe25985d1bf76a11413a9f498d9f5b152ce2e7578168faa,2024-08-27T14:38:51.730000 CVE-2024-43903,0,0,c889729c6b4c992efb6382be5e0515b66e86fe6570936e30b472ad7500810adb,2024-08-27T13:39:48.683000 CVE-2024-43904,0,0,b989d9f9c68082637dc63029425b18b22bdee2eb24851a91094888ca00d2fb77,2024-08-27T13:40:50.577000 -CVE-2024-43905,0,0,1039cf98bca6901940f88fd388d94fc219523a686f334453246ad30627bed7dd,2024-08-27T13:41:03.730000 +CVE-2024-43905,0,1,2991c5e81cb34c3859947b3efc34af1928caab546b01a8090fc3ab2e2d3b4377,2024-09-12T12:15:51.260000 CVE-2024-43906,0,0,779aa474267695b99fe2e67309386add980c332f20c4c315c9ddf6fefbf535a7,2024-08-27T13:41:30.093000 CVE-2024-43907,0,0,73e780d9fe01ae8cc5a4e065d7a6d0780649fed471971eb378d0bc9554d2f7ff,2024-08-27T13:41:40.497000 CVE-2024-43908,0,0,37f71e1240c38f7f5d5430994391502a308fcc5874d7b6b8d1d03bb0a35a093a,2024-08-27T13:41:55.260000 @@ -259134,7 +259146,7 @@ CVE-2024-4451,0,0,7d9df0a3b011ad00943a7e8af468a8b44c5ed08f6530b7317d9be30e3e418e CVE-2024-4452,0,0,8393f4e948f53b2fbde25aaf7f55c55c1f0989c48fbd4a40cb4c1f768b7a8d7d,2024-05-21T16:54:26.047000 CVE-2024-4453,0,0,bc1bfc8908fbb505485206b11e5cc2278d2416192493c6c78b1ac2e39a46d4c3,2024-06-10T17:16:33.460000 CVE-2024-4454,0,0,ef12942a51bdcd592bf2170096c1c09a451df07ea3cdb4fb15fcced864f88fa2,2024-05-24T01:15:30.977000 -CVE-2024-44541,0,0,4ea35de7f6be7e319087f7feffa9f37842f666da2e7e47af5d3e408d4c95f10e,2024-09-11T21:35:09.840000 +CVE-2024-44541,0,1,3a1e561d6510cb46fc3025d4e567327c4a8fc313204436661e66190b9e443f5d,2024-09-12T12:35:54.013000 CVE-2024-44549,0,0,95d002d4c0f2cba16cd184ab62e810c42d47abc2b51570dfaaedb60ad257bca3,2024-08-27T14:28:55.157000 CVE-2024-4455,0,0,266cd4e6dd8917294ad9c9f8fba8b2f0acb52688c86d3ca408cceaa482353b44,2024-05-24T13:03:05.093000 CVE-2024-44550,0,0,9f267ccbfa739b7dd965bc2964320acade2cb81782d1bf956b8f3a920e81fa22,2024-08-27T14:29:02.370000 @@ -259148,13 +259160,13 @@ CVE-2024-44558,0,0,6d87f392eda09922944831aa9fc2790f469b514dece92bfccefe48ebd558f CVE-2024-4456,0,0,4944908816b0dabd168db28a33c87155bafc589f1ccdd7f87c25aad569cea442,2024-05-08T13:15:00.690000 CVE-2024-44563,0,0,6dbd76e0f089d60e056938eea08be0958b9b4b0e2739be9b2567dba585143e70,2024-08-27T13:43:26.300000 CVE-2024-44565,0,0,e25f465e010d5d48f951ee0faaea27800251f5ba71d3aee72b61ca7f81604b74,2024-08-27T13:43:46.897000 -CVE-2024-44570,0,0,96e39526f665906c5a8b155e40d0b40907aba9c93891e2eb90902fb1b07e421f,2024-09-11T21:35:10.697000 -CVE-2024-44571,0,0,41a9174c79b8a2e7d4c644e0c91047a2c93725fd5689a6a694bb9b9d3cb47705,2024-09-11T21:35:11.500000 -CVE-2024-44572,0,0,2ab0cf297dbe79249b929f72918a04a68bdf78f2988cf49b88462aa31d6cd8f9,2024-09-11T21:35:12.387000 -CVE-2024-44573,0,0,7242faf05c4f1c037d39722f3b4914401fdedb1c9e7c42f6531ce97c4400dbe3,2024-09-11T17:15:13.727000 -CVE-2024-44574,0,0,d808f1c26c3e5c2f6fe9c452e8934d9dbc76eeedcaff344a9da560ed38cd106b,2024-09-11T20:35:12.833000 -CVE-2024-44575,0,0,a8140e390cb9941c799794b1f49a931df6d1065cf22c54dbf069792986bb04a6,2024-09-11T17:15:13.820000 -CVE-2024-44577,0,0,497d0ad720d53a7a9099b7c616b78b4db3deaf780f45baa97c2b8841f0a4332a,2024-09-11T20:35:13.697000 +CVE-2024-44570,0,1,f31dd0f16dce6578a9c7f72b7c19d2bcd61b4bcd828f5dded7771736a6590860,2024-09-12T12:35:54.013000 +CVE-2024-44571,0,1,6ef20a14725bae57f9a567f27cd564fd830fef7d5d8219a7373f1812eb1e3a7d,2024-09-12T12:35:54.013000 +CVE-2024-44572,0,1,1fb641294c45b891575d0c3a1b41047f1bbad864be426defb5572f6f38bcfd4a,2024-09-12T12:35:54.013000 +CVE-2024-44573,0,1,41e92f6cfccd021915284e1af0565e7ec29897019f610246c12a825f59a10382,2024-09-12T12:35:54.013000 +CVE-2024-44574,0,1,cfb193c0fdfb56729a274c91dd51261fc44a3306d91c3856efba426d2348d691,2024-09-12T12:35:54.013000 +CVE-2024-44575,0,1,201a6ca7c7ab73c1cf72eb94fa46c058ee5fb2f214506723411e1243ae73df24,2024-09-12T12:35:54.013000 +CVE-2024-44577,0,1,f23b5398825615b1e4c9cdd4a9ee17debd24c87e40c16b163c6e9227921995f9,2024-09-12T12:35:54.013000 CVE-2024-4458,0,0,0a429f9bf96fae3ee6bbb1cf09933ff34e8fcd6340740204bd4095a557c4fb2e,2024-07-24T20:23:12.307000 CVE-2024-44587,0,0,df65b03ef618d179da9d66b0f4fc4c4e495ab75863a2207f1a4d99901686f98d,2024-09-05T17:44:56.007000 CVE-2024-4459,0,0,b17743adc54c2996e578e7c399fafb8182f2604175c352726fa92e67f639f3de,2024-07-24T18:00:21.097000 @@ -259292,7 +259304,7 @@ CVE-2024-44970,0,0,70414797c7f1420a60b48e34277f5530ec1aa67aed6a07d8d2aaeded9223b CVE-2024-44971,0,0,44403d9889954211cee528d64ed0dc86351f6fa04277308e5630c2d58c6cab86,2024-09-05T17:54:36.607000 CVE-2024-44972,0,0,0b967112ef26e3fe5b0935b427f88208867173c88daf36aa5bd2c336c4f07e64,2024-09-05T12:53:21.110000 CVE-2024-44973,0,0,add414a58e878f3aee3366f7678bfde348bdae69c48419c508ba030f370d1ae1,2024-09-05T12:53:21.110000 -CVE-2024-44974,0,0,5c4270f642e1cb2246484442a2de410ef76345d072e18d07ef27612e1784eb31,2024-09-08T08:15:13.053000 +CVE-2024-44974,0,1,fd141e065f0472f9c20f0e926fb616aa814fa8f29c09362dbf81fd47c4c1b225,2024-09-12T12:15:51.397000 CVE-2024-44975,0,0,012dcb6db335aa97afa1ef9268f931ab68a445b973fc3f10a7843af27070943c,2024-09-05T12:53:21.110000 CVE-2024-44976,0,0,8c7b930f69a8eac68da6855eedc8b3a97b1051cdf631749b93c2aaf1d2a28ef8,2024-09-05T12:53:21.110000 CVE-2024-44977,0,0,8267c668040f19c89ab2180e788476dee75d30c69bd18b77721b380cd5039fc4,2024-09-05T12:53:21.110000 @@ -259330,7 +259342,7 @@ CVE-2024-45005,0,0,e451b7c2f4add710887224d994f9dffc8ac56adf3dcc9794335f8f3deeed4 CVE-2024-45006,0,0,5452c1a79742ccdebb367ec30c38e9d482e8d0678948443e98ba439908eac48e,2024-09-06T16:26:52.640000 CVE-2024-45007,0,0,9c51cc66379cf576bcd17f9e957329cedbd34ee23634a31bf340e6e230dd369f,2024-09-05T12:53:21.110000 CVE-2024-45008,0,0,37dc0718d2dd8ba9fb7eca159ff733be9b954368896d4dc7e665604ee4c36c7c,2024-09-05T12:53:21.110000 -CVE-2024-45009,0,0,adb49a5b34388a2f7b501c0b9e616f97e567ff9f5df6c5a95d04c50bfbe529fb,2024-09-11T16:26:11.920000 +CVE-2024-45009,0,1,86b4004a8edfe7c22e58929d5f204ac65dd45123e7cd56200f54e8e14b1cbc3d,2024-09-12T12:15:52.183000 CVE-2024-4501,0,0,3baebe0a469dd4bf55eae5f370777b6e334d89a3883f98b03d03b2205353433a,2024-06-04T19:20:39.640000 CVE-2024-45010,0,0,81e9c53dd98ff1a6581f42969addac0a00a7463ca8cf095121d947f59bf76847,2024-09-11T16:26:11.920000 CVE-2024-45011,0,0,6df01d5595f2a917dea63248c824a1961c33db696ee158376265b5fce4633397,2024-09-11T16:26:11.920000 @@ -259583,7 +259595,7 @@ CVE-2024-45620,0,0,79d0fcf4ffd9e5c58086135dfac2f9737c74cc4ac6ac6ca9de004adbc8816 CVE-2024-45621,0,0,14a519a8f510b3c3b7a6df78c35235d4501d8bcffdb6cf42158adb38aa1e44bd,2024-09-03T12:59:02.453000 CVE-2024-45622,0,0,a33339926b8b20e966e52f22a13007f367a7fdd9b0655040e29ed073b9b76629,2024-09-03T16:35:09.647000 CVE-2024-45623,0,0,6e76d49f362c221a481237923ca3f07ce122524ae0700d93b755e69d33328599,2024-09-03T15:35:15.360000 -CVE-2024-45624,0,0,6deb1f743ecbf0a05af80b5d695a67815e1f56e9cc1ab1eb300aa1d9ef9be977,2024-09-12T05:15:05.053000 +CVE-2024-45624,0,1,036c533fdb0de059ed058142700bedf9cefae5b5eb2341c759b752dac70cdd67,2024-09-12T12:35:54.013000 CVE-2024-45625,0,0,3e5f2d639aef0e82608d7bd80d0e32d86a25b4046e30921cb8739a9c3be44b6a,2024-09-10T11:19:40.113000 CVE-2024-4563,0,0,a90af34c00297497a78ff72a2c306ea2262a49c5811c3b8bcaed5ddcefc9b6fb,2024-05-23T16:15:08.867000 CVE-2024-4564,0,0,045273651cbda7642192b25b1ce14ee6220cb16969b1d2c569252c03c480a950,2024-06-13T18:36:09.013000 @@ -259617,7 +259629,19 @@ CVE-2024-4582,0,0,44a298c10fdfe0ab8acf9c943d89720dd7bed9fa14549ad9833d5c0a75c147 CVE-2024-4583,0,0,80422ff6020fca1720c5a88e28ab76aaa9a918b3afa6700e13782e64857c6739,2024-06-04T19:20:42.857000 CVE-2024-4584,0,0,4d639afeee5354fec0a7cf3023bb849f2437d78f7cd875e4a49ac03b46b9ec82,2024-06-17T19:15:58.903000 CVE-2024-45845,0,0,4d1151a3b662098d77e53a9c7dae2a157920328f9101b07db6113969fbede812,2024-09-10T14:35:08.550000 +CVE-2024-45846,1,1,b883bbedf716a99559e0615d95d6004e437e627e930e0f87dc77090da1778daa,2024-09-12T13:15:12.920000 +CVE-2024-45847,1,1,f931cc85108fd00d77b46761dd38e026692023d7c82f3ee5fc309cefbfbc1da1,2024-09-12T13:15:13.177000 +CVE-2024-45848,1,1,2d418eb4c2402a8cbae56aeb3c28ddb7aa0b79a243464add7b6f176785afd0f5,2024-09-12T13:15:13.437000 +CVE-2024-45849,1,1,a188cd6fb87cd68990d59de7b8c5a7b8813e0f8a024e3814c978ea080c8ca774,2024-09-12T13:15:13.700000 CVE-2024-4585,0,0,de8aae2cc9125c3a9e288fcbd9e609876eec68062d1a138bbd8e80f3513a89cb,2024-06-20T20:15:19.110000 +CVE-2024-45850,1,1,1ad5dc5fd39498621f35547e686025f6ea82f44bde315e6e6c293a6729be8568,2024-09-12T13:15:13.933000 +CVE-2024-45851,1,1,5e2ef28d9cd1b8efdd5a7d42c9a77d9b56280bfe8d2ea16139d136973a031f83,2024-09-12T13:15:14.170000 +CVE-2024-45852,1,1,2e119762c6becd689ab6aa18ffb831d33f9eef1d581c0c322e941bae93cd9c9f,2024-09-12T13:15:14.403000 +CVE-2024-45853,1,1,e82dc2520b5b7f648c11a96de9192da6915517766bea0c110a5ecfbe07bbb390,2024-09-12T13:15:14.643000 +CVE-2024-45854,1,1,1f91acc4c1ad62387ce5b1fec0196218ec3892acd56493a10434bbaec5f6046c,2024-09-12T13:15:14.900000 +CVE-2024-45855,1,1,24d3e8ddaa4be43c095d31f319dbfa1fee1c512408e3c421b02d59df94b79c45,2024-09-12T13:15:15.143000 +CVE-2024-45856,1,1,081e1608c0f05e37926e7d027b3562523c475d95c2895b12caac70912a29e556,2024-09-12T13:15:15.373000 +CVE-2024-45857,1,1,933afbb159f3587327b54ad2382efbb49cf03b5b0d4ff1db3f8b1e8b718e382e,2024-09-12T13:15:16.227000 CVE-2024-4586,0,0,308ac0f257920a7bf6e50f46839419870b7e733c7917681ea48f64312191a5cb,2024-06-04T19:20:42.953000 CVE-2024-4587,0,0,ccb551f2bab92e34c98709c8a5231b1e8778dd90f0d16bd4ac4c665438d47b6c,2024-06-04T19:20:43.057000 CVE-2024-4588,0,0,9198a141cbfd67d79271a90e0ce19e828dccb043a1ec84b18e696744e0f31db8,2024-06-04T19:20:43.163000 @@ -260679,7 +260703,7 @@ CVE-2024-5793,0,0,4f7c09f8feed484d3c3bfde7191aecbd9210e86e918c2f39cfc1ec374b1fc0 CVE-2024-5795,0,0,f96bd55511ad8d513f3ec0decf8876ed6554642b2cf81135dc3a93534acc202d,2024-07-17T13:34:20.520000 CVE-2024-5796,0,0,e179556883d33099fab8768b9c3d50a47b2a022b7b46e47f95f4ba7640cc26df,2024-06-28T10:27:00.920000 CVE-2024-5798,0,0,8c4fc55b5a68256010d6e6bfcfe06ef9f209d5a592c838664e8662bbc4a3d762,2024-06-13T18:36:09.010000 -CVE-2024-5799,0,0,8203dcf95c26df33ce0a7053fb4405bc34019c927ff1c57f9f4a7a75ea4d9ce3,2024-09-12T06:15:23.777000 +CVE-2024-5799,0,1,e3001040c964b454efdd2f91b1d90a1422c21167246bb877f33ac0cdb2682e40,2024-09-12T12:35:54.013000 CVE-2024-5800,0,0,a1cb578d92a5ce21abf5c6c3a9df30d0f15dec959b83eaaecf5cab603de30571,2024-08-12T13:41:36.517000 CVE-2024-5801,0,0,668584c28d68f34806b15aa23a003fb18ba18cb7fb2d24326345f03f0e3dd0a3,2024-08-12T13:41:36.517000 CVE-2024-5802,0,0,71daebe4bec626c1d71de5756a51cb35bdbb0ec81769b121e428d7e1cc0f8395,2024-07-12T15:20:14.610000 @@ -260855,9 +260879,9 @@ CVE-2024-6013,0,0,dd5aadcad9485c7b63e2c76668a62eba788e1248615fab9fd06bf5aaf41af2 CVE-2024-6014,0,0,6f9e64ff8fbf43e19b3d7e24c13ad8adc071c58e85b8bf9a829322ea55abcf8f,2024-07-19T14:18:17.607000 CVE-2024-6015,0,0,c2460029f18cca819988d11dbd49466b5328ee3d26de8c6ec6e0519debb7ea98,2024-07-19T14:13:10.463000 CVE-2024-6016,0,0,db11fa4e2db5dca1bf67cd82c1ae54777d6d6de86c83abed9806f80a5c1a5385,2024-07-19T14:02:04.600000 -CVE-2024-6017,0,0,cdae3d38b0c467da2c075691c4b358410a7e16f809914fef470e291d3e5b5e14,2024-09-12T06:15:23.850000 -CVE-2024-6018,0,0,cf01cbe3f3d6a0df81330790733d4b0397ca9aee602c9cfe3f77e38a69acc639,2024-09-12T06:15:23.920000 -CVE-2024-6019,0,0,0a7a3a8b629034b06ca029439b922d1910cebce56fbe2fdc65d3d0c7d6157ae8,2024-09-12T06:15:24 +CVE-2024-6017,0,1,8f6c3d25da5f49da32f4c02f57faf473758ab0cf7948f15a03a435ce01047071,2024-09-12T12:35:54.013000 +CVE-2024-6018,0,1,3348e4d67046736f0089f6568ff315546ee690a1d99c47714da86734078d6ed7,2024-09-12T12:35:54.013000 +CVE-2024-6019,0,1,e15dc925f6efdbbda56fc018b84b9b9acb6201366cf8e73779977ca86457c067,2024-09-12T12:35:54.013000 CVE-2024-6020,0,0,074b02a1424aae1978150f09e7d5889851f8afbaedf8d5213fe33ca18fe17c85,2024-09-04T15:35:25.307000 CVE-2024-6021,0,0,89bc3fbda68691de22c48372ad0a77a2b4849fdf02c26c23812a34a3700d835a,2024-08-01T14:00:08.097000 CVE-2024-6022,0,0,55d2fd1c662113ade487c32b8dfaf0e98bea6d5629f505bd14ff7aba829d2368,2024-08-02T19:46:23.360000 @@ -261125,7 +261149,7 @@ CVE-2024-6328,0,0,1dc9c3c4a448080717651ebabfb2fc281b4a1c036cabba31a96124b6cb4e8c CVE-2024-6329,0,0,86251ab842ffcb900239f67c839645a87676821122e9a881854a92c1e2f082f5,2024-08-23T17:01:34.227000 CVE-2024-6330,0,0,e1243e86845c9ad8bb8e14e862db7cae433088225de72050fd359fe249b90cd8,2024-08-19T16:35:30.907000 CVE-2024-6331,0,0,52c1c6ef5119330812f0b8f9d4c8f908510020273352e90ad354980012c782b6,2024-08-30T16:15:10.710000 -CVE-2024-6332,0,0,ebdfc169d4e7903a2b8fe1661852bccbe51916d4639aaeff4392e1f1edcd8a31,2024-09-05T12:53:21.110000 +CVE-2024-6332,0,1,6a11035168ec675eca4317d3a76c369854aee1404a3dbc4eab434b7b1210d36b,2024-09-12T12:45:37.917000 CVE-2024-6334,0,0,3daf0dfe09252e7765ca30c739cfcc033a43a657c17c0275e173ac670504522a,2024-07-09T18:19:14.047000 CVE-2024-6336,0,0,1df5fc72f07b093cfd11ea9b65ef147e8130715026fca7ff47fd924988f45532,2024-07-17T13:34:20.520000 CVE-2024-6337,0,0,2e78350836fa8817ff4aec79c82f6f0f98d78739985b39708ec542654e5f48f4,2024-08-21T12:30:33.697000 @@ -261518,7 +261542,7 @@ CVE-2024-6883,0,0,17af31f8537d0ebfdcc29735e63f85da6d525c783f08d8df80e6d71ccea2f1 CVE-2024-6884,0,0,02f1ddb5da314dd396e2205aa21249cb1d9497ae10f450ff628522b4f22bdeac,2024-08-08T19:35:22.760000 CVE-2024-6885,0,0,820342a8aad3354940c223afe57157bbf13eee743fbe19265a63d35dde973086,2024-07-24T12:55:13.223000 CVE-2024-6886,0,0,fbca102ce434786c03a8469f687e67e8b7739ad3b6f0519e88d819189fb30d7c,2024-08-06T16:30:24.547000 -CVE-2024-6887,0,0,b74418a21ac170123f343f7cafcc0acceeb78365e36de71c876b563a063b85d1,2024-09-12T06:15:24.293000 +CVE-2024-6887,0,1,2902a22022074db25f0b48e8426b606585b735c68b9c3d35db14a3ae7b5475c4,2024-09-12T12:35:54.013000 CVE-2024-6888,0,0,7821f6ad756a40ba9974e9367cfa80ba14bf6ad061fb58534103c07dbd9c83c7,2024-09-04T15:35:25.820000 CVE-2024-6889,0,0,0d71ba8db5d6e12f2200830434e214b33ddf0e478787afb192cd93b07991608f,2024-09-04T15:35:26.040000 CVE-2024-6890,0,0,a4b61d6d84db517405e5620d04c7a39034adaee98aaff7a0c1a327ff7affb43d,2024-08-08T20:53:15.917000 @@ -261856,7 +261880,7 @@ CVE-2024-7345,0,0,c89352b78a1b7efddda76024ace56eb1677600f94378ef8d33d34c3c91ac18 CVE-2024-7346,0,0,cef11b112b151333dc0322cebc750df5acd76278a7b270f016213e5f5d953fa0,2024-09-05T14:03:24.040000 CVE-2024-7347,0,0,bf8562cb670939d7931c5691727a53bfc7fe78942e30ee3ed14dd0e17a8cc5f7,2024-08-20T19:25:17.513000 CVE-2024-7348,0,0,3d1228f3ad08ea7cfe68d4df8a31a5ae3b9df9b86e858b3756b13b4b2c220a8e,2024-08-12T15:54:52.320000 -CVE-2024-7349,0,0,c0f6b57771ba8916c1a972b9722d966521ad6be44f6b402b994c07bc1fc94248,2024-09-06T12:08:04.550000 +CVE-2024-7349,0,1,1654fb20b3d5b8111af7165700d7dd7fc184ee1783ff4e6ae92268a2f53d23f5,2024-09-12T12:43:32.957000 CVE-2024-7350,0,0,d4174556ac92d5e9a2a8dc8d5eec461477866543996df72c5d41b5df846ab0dc,2024-08-08T13:04:18.753000 CVE-2024-7351,0,0,46112fbe28a33af24a9aafee0e565b5b19cc9895d9dd5029b9f8903f830d37b0,2024-08-26T12:47:20.187000 CVE-2024-7353,0,0,41679b571aeb0f65d12733ad6909f06c490b83d168f3a79e42cd0098d7b4bdde,2024-08-07T15:17:46.717000 @@ -262160,7 +262184,7 @@ CVE-2024-7752,0,0,a2329e23410b1feec53d6ea38469016e280edd824b17c574fc21bf18179470 CVE-2024-7753,0,0,8d87f0b2095698ec5201c016f27ad170e6b85d6a83cdb1acca64ef97e59384ac,2024-08-19T17:47:49.083000 CVE-2024-7754,0,0,aa642088260d14c06ef027c5ebe72633a842f86ac8e6448a2c0c42d526be8fa5,2024-08-19T17:48:15.203000 CVE-2024-7757,0,0,ca7d079474a8e4f4b2f55e1721105da3a15a9e1d63f2bd4356eaaa03e8d55f39,2024-08-21T09:15:04.973000 -CVE-2024-7766,0,0,53a5e5cb949337b78b8cdbafd205ab4bd6b1c20f5b939ecdbc32d7ea2f41cf9d,2024-09-12T06:15:24.363000 +CVE-2024-7766,0,1,3af547d42cb8a27ce57aba08e78a0c65441accdbcc20c0743127f4e29afe7fc4,2024-09-12T12:35:54.013000 CVE-2024-7770,0,0,050ca25dc9f9b4d1ecb0313871198cecedaeb8fddc305a81bf31aa56f8757cc5,2024-09-10T12:09:50.377000 CVE-2024-7775,0,0,e75f99322bf942cd40c2d94981e16e48a8ebca7abec8ba8da6e02adea2112f97,2024-08-26T18:18:22.887000 CVE-2024-7777,0,0,4a2d78b8605a3d4db2907c7fe28bc447e2c0379246d7b81936de12aa55ddf523,2024-08-26T18:19:19.507000 @@ -262188,12 +262212,12 @@ CVE-2024-7812,0,0,7d23c7651a18766135526d086e05755f7342e9775f0f39e533e1590484eb2e CVE-2024-7813,0,0,660725c7439a0ec1a8a527e4f36d939d7005bd8e1713b07e4bd27cf3728c3f7f,2024-08-19T18:16:48.327000 CVE-2024-7814,0,0,77d672b90a1329b486901cf23b6e584004769dc821cc49b3c03fcd61d7b51c38,2024-08-19T18:31:16.473000 CVE-2024-7815,0,0,414a9ddc4da9ca2a40da2f6f1d9c0348a16eb40238a0ca5a655b1ae9bc8cc665,2024-08-19T18:32:00.617000 -CVE-2024-7816,0,0,71567a8548aa0b4ba3428813fd34ea55dc41eb1e8298a4f5d17fc118fcb0e25e,2024-09-12T06:15:24.440000 -CVE-2024-7817,0,0,4e48edbd983324e46f2ca0024d95d7f1c27a62d87b22216983ff17fb3a1be732,2024-09-12T06:15:24.503000 -CVE-2024-7818,0,0,06e7ffe97669191eaaf93f8063137006b239f8338d4e93bc4bebf912b2a78224,2024-09-12T06:15:24.570000 -CVE-2024-7820,0,0,2a905d25663382d9fbfd72f00ae0e06bcb758ec53467c32718a642fb0cb2bcf3,2024-09-12T06:15:24.633000 +CVE-2024-7816,0,1,f3a2f0da9ea057f90571f04d56c9bd3246fc6e5117e8b50039b214ab2df1b797,2024-09-12T12:35:54.013000 +CVE-2024-7817,0,1,c064504630f563e0e2b1287bd60ed27f3e652f99efc490ca30fe1e4d6d24bfcc,2024-09-12T12:35:54.013000 +CVE-2024-7818,0,1,00719acc68e1341396382176c388371c4a5019b1eef4519a282cad5638ee8950,2024-09-12T12:35:54.013000 +CVE-2024-7820,0,1,9d0bc9ccd06741f10ffc91551224f2e44e9275cd3c9bce0eb0afdc6e00f568ef,2024-09-12T12:35:54.013000 CVE-2024-7821,0,0,a6cbf4229b3ac9caad2c13358d94e9d25b2f946f0353199ff2ed2717953ff2a4,2024-09-04T10:15:03.553000 -CVE-2024-7822,0,0,4a46b5d6e899586d6f08272f4ca2a4dd204611bee9951f2a9995f6a23a87c1e0,2024-09-12T06:15:24.713000 +CVE-2024-7822,0,1,51d602c0f95d98d3009340198af1ac746870274dbb69c6bb7c3fc736cbfe4364,2024-09-12T12:35:54.013000 CVE-2024-7827,0,0,20afe3aa4a313fb97b1d97a1cbf5257a0701f273bd3d99d4148b86bfbef51981,2024-08-20T15:44:20.567000 CVE-2024-7828,0,0,e3115575bb7dae7cb27cdf5edd1f5d03fa0744cba105509a33368f4e132d9ca7,2024-08-19T18:33:17.583000 CVE-2024-7829,0,0,3634da4931045efa2221e4dd20ed9805c5f347e47423b6602d3467d4b2db62e9,2024-08-19T18:34:00.040000 @@ -262220,10 +262244,10 @@ CVE-2024-7854,0,0,c7d42abb2b322c04201a8af34648ccfdb0ede7da24776e4c0b3ca238a25bf3 CVE-2024-7856,0,0,4c18a2db12636b3d9ab7f571b553f307088acfa3032a3727cdd03791c5b56b45,2024-08-29T13:25:27.537000 CVE-2024-7857,0,0,b74961afa7dd10dda782bf64e146bf5117eb37327cdce5dd6f430c037eea52b1,2024-08-29T13:25:27.537000 CVE-2024-7858,0,0,dbe22e1f02da632a108fdb9c096b7008488e7f6cd1024c2ca6a33d2456cc067c,2024-09-03T14:34:09.017000 -CVE-2024-7859,0,0,bb158d243c4e77ad9b877528c002d596635f207533557374024a2da96bb5e675,2024-09-12T06:15:24.783000 -CVE-2024-7860,0,0,a3dec7b6938312490ed8a81feba4cd5ba0b698f0531b811ef425dfbefb338207,2024-09-12T06:15:24.853000 -CVE-2024-7861,0,0,d61291e5302628ac9ba53ef63fb8b27c818b684d7b73d77600074f886700d514,2024-09-12T06:15:24.933000 -CVE-2024-7862,0,0,8a99e75c762af17d821e9f71c18c6734a2ed5ec5a727951457e39e9e6e55ad9a,2024-09-12T06:15:25.003000 +CVE-2024-7859,0,1,1c867fced67de8fed0485cd9b7b6e7b933a2105ee5541a1547408f447e010e3d,2024-09-12T12:35:54.013000 +CVE-2024-7860,0,1,1e30355b789569ad082dff1a604deb8d5b7095edb85139f6a62419ca334d2bc2,2024-09-12T12:35:54.013000 +CVE-2024-7861,0,1,938a9941277226c2b1637ea23f0e73c2f737e3c74aeedd4967b0b1574b9079ca,2024-09-12T12:35:54.013000 +CVE-2024-7862,0,1,f010c4214ce8f4c2d746d16d746a721d57fa72cbfc2ee7786acfe1f97058706c,2024-09-12T12:35:54.013000 CVE-2024-7866,0,0,4c0cb0c858c0ff2de3d3bc9c6187348080bb51d5934bb16167513e626d441be5,2024-08-20T19:23:02.780000 CVE-2024-7867,0,0,cc4e8e2cbae6cc9c2393332b56b3dc1a7160836d4b3b7919e8d1234e73599a3b,2024-08-28T21:59:33.973000 CVE-2024-7868,0,0,c4ea1bb97a13baa8d231995b3d29c0db15f328b428d9b25a1a7a0b4c8b9c1d1a,2024-09-11T12:40:01.817000 @@ -262233,8 +262257,8 @@ CVE-2024-7884,0,0,d8621415c0cf625afb3ac55046a75308d0baca8fd0aad75f2a11bb7d29e7d0 CVE-2024-7885,0,0,8ccead187965a5f1c2abb39b48c133d9f576a21859dc9731309caf892f9de5e4,2024-09-09T23:15:10.350000 CVE-2024-7886,0,0,b8c1f856b8479c6982faa8a2fc4a6d8b2480e045b8b096d9bd3b8640a06eb6f3,2024-08-19T13:00:23.117000 CVE-2024-7887,0,0,ba2ac28c88e5c856e9fa78c00b11f37e0df98a3508bf609dc9edbaa04a8fdb8e,2024-08-19T12:59:59.177000 -CVE-2024-7889,0,0,3c0210f8a3f2e935f3698fcce3d7548e0b1974c356ab1a3785a53b0758c4990d,2024-09-11T23:15:10.023000 -CVE-2024-7890,0,0,9f9c91da858954fd1e46c7a26c63831654ab497d6bd6e339965d727fd5fdbffe,2024-09-11T23:15:10.133000 +CVE-2024-7889,0,1,0c7c33437bec0235d44235714053c0dff80cc4be025d2065fb73eaf578af8760,2024-09-12T12:35:54.013000 +CVE-2024-7890,0,1,5fc68443350e0746efaf8c3dba6c4db079dc957ebe4b2494b265529339aeb537,2024-09-12T12:35:54.013000 CVE-2024-7891,0,0,b35e39542ebc28a16519078ca6c1d7a0075a682efbdea597aee8b4a4f1fa51d3,2024-09-10T12:09:50.377000 CVE-2024-7895,0,0,dcdb1275a611703d85517bf5428cb1020917dec1da8e46a89dfea7f9bd6d1daa,2024-08-29T13:25:27.537000 CVE-2024-7896,0,0,d80047a3d1d6cdcff2bc1adb680d3fdbda8db4b01c807c4a42d25c13d72803dc,2024-08-19T17:15:11.543000 @@ -262335,8 +262359,8 @@ CVE-2024-8041,0,0,d1a08eb64fa9104259a4b82950c39baccb3cd8ac76a0f9fe28938628a68983 CVE-2024-8042,0,0,fe11fe06852bd8872b8038bbdb1b59f9abf17559f4fd0139db22bc4b00f3a1bd,2024-09-09T18:30:12.050000 CVE-2024-8045,0,0,05d36d75d042c2c9517546223100d3f67299fb6baf521e764ed39ac43e964a74,2024-09-11T16:26:11.920000 CVE-2024-8046,0,0,b737fce0801d82db74076beb4b2a2085f8323b47e71780060f37f6f5c3050f1a,2024-08-27T13:01:37.913000 -CVE-2024-8054,0,0,08b1e4f87847347caa710795ae6a42732fd3301317bfd45db6e3189d44a00cea,2024-09-12T06:15:25.077000 -CVE-2024-8056,0,0,58036ddcf23c771164dc6db525a837e1db2332a820f1b22a2f1a301e1c3569f7,2024-09-12T06:15:25.140000 +CVE-2024-8054,0,1,af4e4cf28fb1d8b32e9814351f501557f20cad7e8215836b974ca1512101e91d,2024-09-12T12:35:54.013000 +CVE-2024-8056,0,1,5fb88a6ca250e6ff67f8a1ef0c841abbb4c8f2529c05613c2143403e703e96cb,2024-09-12T13:35:23.340000 CVE-2024-8064,0,0,9afbec42e91ccdf5ae5f9527bb691367cd47bbf3ee2caa0cb5423b43e5fdd860,2024-08-30T16:15:11.120000 CVE-2024-8071,0,0,ac7c2c7e7df896f6bfe7f17a6e74f8de236e5ec843865384cdf53fde1e533098,2024-08-23T15:34:53.913000 CVE-2024-8072,0,0,08fafb0bed7b0568fefcb8938e0e01cf4acf3cb153d4b847bc3e1d9427344a62,2024-08-22T14:35:18.797000 @@ -262355,7 +262379,7 @@ CVE-2024-8087,0,0,9e47ad2dfed1c8a4045274b6d757cb5a75d1e05917b45ee6f1489b72f67b87 CVE-2024-8088,0,0,8ddda94d9e5d462484d35576871f82a931bed67f85a71db29ea75a996b1d19a4,2024-09-04T23:15:13.100000 CVE-2024-8089,0,0,e6e12db9d845890df3284b8f9ed104fa7a1183d91532c3c72d090f8235aedb4e,2024-08-27T13:21:22.927000 CVE-2024-8096,0,0,33268897f7f8b2273839db6d4e75fbc8fdf5f760a220b507e80b08e690a9edf4,2024-09-11T16:26:11.920000 -CVE-2024-8097,0,0,3eb184d8b5fd365a76bbb6de2d790e1c1ccf799a2e4afcf060bd8a283884aead,2024-09-11T17:15:13.917000 +CVE-2024-8097,0,1,9eb75255abcd069d744af59bd7e8120e62794401b3e1be4e7c495de1066a7b41,2024-09-12T12:35:54.013000 CVE-2024-8102,0,0,59b268e27a6763219f51e9e55e73ae4276fd3b992bf79726ec1ccd845c10f5f9,2024-09-05T13:28:54.747000 CVE-2024-8104,0,0,e0dd7af2b8170ad0cb122178cc67d0512cc1eb1562d671a3c4e0173a78c8b550,2024-09-05T13:28:06.817000 CVE-2024-8105,0,0,fdab1a8bdde46d997c9a9800b483d676df23e449425d94531660960b3c42e376,2024-09-09T21:35:17.320000 @@ -262393,7 +262417,7 @@ CVE-2024-8151,0,0,26d8e3379a0c527fc4fb8a6574b59e528f30af25daf5368f41a4697b5bf405 CVE-2024-8152,0,0,350ecc2662ea6e2f0a0b8c353a724e0be97d6a7cef572290d778d858183d515b,2024-08-26T19:06:30.997000 CVE-2024-8153,0,0,69cd0592bf629221292de38c6438be13b3b81f232de24197a8eaf71ccdf025f1,2024-08-26T19:04:44.310000 CVE-2024-8154,0,0,fbb17f9dd590ac994870ad751b395ff693888a574100db6420d6e8a3b3d34acf,2024-08-26T19:06:34.983000 -CVE-2024-8155,0,0,adb8df9d950454116187164d02a500888fc7598a36d4b8442a5439115d4f502c,2024-08-26T12:47:20.187000 +CVE-2024-8155,0,1,104526467feb0428b2a45114df171b7d6e09efac9bca1bd2f2048b3b33875369,2024-09-12T13:53:23.827000 CVE-2024-8158,0,0,8ac397614ea8bcd3bd2bf49698f88ba96c85aeae3c3edb7c31f4b63e73c01d66,2024-08-26T12:47:20.187000 CVE-2024-8161,0,0,b695c0171728397a80eb00146225c0169779aabf8de6c566aa00c71a077959b1,2024-08-26T12:47:20.187000 CVE-2024-8162,0,0,2f15be70d7b9e402b643053e8cc2849077cf4472f134c84060c0898ffb295f28,2024-08-27T14:28:46.927000 @@ -262463,7 +262487,7 @@ CVE-2024-8276,0,0,33cf21b53b41316bc2e568f752afa4e96bbe73b4ee966f9832ffdb8137ffcc CVE-2024-8277,0,0,927cb844bbeb99202846ea688baa5f560a39fb495f1767a0a934290c2ae10e58,2024-09-11T16:26:11.920000 CVE-2024-8285,0,0,44d06284adb5d71c65e8f3277866d5d546f57dcd495152060c7216923cd6bd07,2024-09-03T12:59:02.453000 CVE-2024-8289,0,0,900bfbd861154484ed59254bdbec992d28a9742381ab830cf631e50b7fa985ab,2024-09-05T17:41:58.350000 -CVE-2024-8292,0,0,27ea852dc3661b1a76e4e5c3ea5100bde241ea5a5c464db16708c938d4cf0c30,2024-09-06T12:08:04.550000 +CVE-2024-8292,0,1,ddba0ea03a741b8e444eb2158f82b5461df4d19adfc58fb2639bbcaaaadf6349,2024-09-12T12:37:18.380000 CVE-2024-8294,0,0,76cafe7a1838d9cd0244706a299f12cd4ba69ef653952654db2fa070ca07bd0d,2024-08-30T15:38:13.437000 CVE-2024-8295,0,0,907331a3a97a6618443e3aff92f4e758c3135b25ca0d9fb01d74d067e9cd6716,2024-08-30T15:37:41.510000 CVE-2024-8296,0,0,e31c225486c181d770097ee2f86386b9a5d776a033c8c4a5860d3ba550c9de51,2024-08-30T15:36:36.383000 @@ -262569,9 +262593,9 @@ CVE-2024-8504,0,0,e3d0352d19d0c9df25b7281c4df070771b7e9095eb887ab8e1eb94f72060aa CVE-2024-8509,0,0,72b678ade46a23d1db65e1dfb65526568e7875d83752ef0a47b4a7edfeaf5ddf,2024-09-09T19:15:14.837000 CVE-2024-8517,0,0,3800f6b128aab40f688c971c9a9e47c0b6a42cbdd5c8d94b7cf3eaf620f48fad,2024-09-09T16:15:03.053000 CVE-2024-8521,0,0,65485edaf907369f60ded6330bfa86fc3cb4b0554a8f781a990c000b1998cccb,2024-09-09T13:03:38.303000 -CVE-2024-8522,0,0,e4e18c805fa56920a4d514ee5520ff88229a771f1036ccd9a22d2f8dde2dc71d,2024-09-12T09:15:05.480000 +CVE-2024-8522,0,1,a02eddcbfb56d3eca8dc20e4829cc3624dd6425770f1480bf7bc7f40e3b417d6,2024-09-12T12:35:54.013000 CVE-2024-8523,0,0,97cab60ebb5ec07bfc3fbe69bde3146d8e6846c5d869fc10534b5a2c3c29806e,2024-09-09T13:03:38.303000 -CVE-2024-8529,0,0,4d4aa5adacc0146a208a310446e50ffa215b5afc7798e9b13d4a8b8569d0207a,2024-09-12T09:15:05.720000 +CVE-2024-8529,0,1,84b9e8f726248c5d8d3d385d0fa5af871c598cb8728f8d246222a151dca0946d,2024-09-12T12:35:54.013000 CVE-2024-8538,0,0,cdc95bc68a4038527ba5cf51b0a8358b05e3a1650fc8124f586021fbca5ad9b3,2024-09-09T13:03:38.303000 CVE-2024-8543,0,0,e190cfdf6def9f928d16ce7c20119d5fac7745c9206ec7d9500145321b367e4b,2024-09-10T12:09:50.377000 CVE-2024-8554,0,0,46c32adbe15332664cfc930fe8c32bff96db8190902ab789492b593fa03348f1,2024-09-10T13:52:23.250000 @@ -262610,29 +262634,31 @@ CVE-2024-8604,0,0,011a82fa33d28627d93910a4b1b240e8b61f649834230335b18a4a93ce8a99 CVE-2024-8605,0,0,05de9fb886966e208a1d4ea135c5ccec7205233c650e87f0027c612a99575815,2024-09-09T18:30:12.050000 CVE-2024-8610,0,0,473e0782947d4bb5808f93b8ea2243b42a4e82997b690a69a9a95368e1eef9c1,2024-09-10T12:09:50.377000 CVE-2024-8611,0,0,a2b44027b2072954b313d2459899e49857f8f44440a8eb23f45a13a7d9867cef,2024-09-10T12:09:50.377000 -CVE-2024-8622,0,0,1805d0bf632f80e3659814ccf81a6b34c8cd507cd6f046c11338a6f4fac51dbc,2024-09-12T09:15:06.077000 -CVE-2024-8636,0,0,23f70499434b57456041aa391eb7cc6603534210128847805cb5db4da618bb8e,2024-09-11T16:26:11.920000 -CVE-2024-8637,0,0,53816211fb44c2b9a228b7f5de1a2345e05c81ac2d065af97294bf55b710ee26,2024-09-11T16:26:11.920000 -CVE-2024-8638,0,0,314a9e7775d91ca843659445b7937519b197feaea5ae0e102bfcc7cdf8b7bf50,2024-09-11T16:26:11.920000 -CVE-2024-8639,0,0,d94a19bedeeb060b600ed0b2e427bb16c80b783a49fcb7f9eafb63123f220870,2024-09-11T16:26:11.920000 +CVE-2024-8622,0,1,8c0d8566c114d14578f376fb46a83dd09ecfc9aef59b4f73eead49a6f9d03ae6,2024-09-12T12:35:54.013000 +CVE-2024-8636,0,1,1fce08eacd28ea201b49c51bbbe6640d913856ecc862b2d4d147e1ce65553f9b,2024-09-12T13:35:12.283000 +CVE-2024-8637,0,1,ac92961bb4ed2faff9b7ef10f0821d9ddbc9ee1668c3f32d4b8d09b16b66238f,2024-09-12T13:35:17.667000 +CVE-2024-8638,0,1,6660ce0c8303b28e97b2338846b62bf9e59e68569fb97659fa18a1f737cc3bbe,2024-09-12T13:35:04.660000 +CVE-2024-8639,0,1,627e02193a00a5e3c929cb67718006d1c4138ffc299ed37a7b4aab2c7edb9fd8,2024-09-12T13:35:02.863000 CVE-2024-8642,0,0,0d7698e3a321d872dd4620edf9b803daeb8e08e2d186a2da501f5948a83a77e6,2024-09-11T16:26:11.920000 CVE-2024-8645,0,0,a9ec59eb761dcf7b03b051641e3314ff9102e8e55de30e4e3a512e1bddcece61,2024-09-10T12:09:50.377000 CVE-2024-8646,0,0,19fa9f650168d587e83426e12fdaf58fb8d99e18fbbdb4568c4c398d745e4ed2,2024-09-11T16:26:11.920000 CVE-2024-8654,0,0,9ff4197fc4fa3acdeeaabf5d042cf9151def7011df3ee9c1e3c9b932ce455541,2024-09-10T15:50:57.713000 CVE-2024-8655,0,0,ae8f7bc5241b7c169a5dccbcccc728c3b8a01d5ae62a1e846fce72d64496b2eb,2024-09-11T16:26:11.920000 -CVE-2024-8686,0,0,169e0b30175740baf021783dff48097d1c9e56fb0654aae344af4eeb8333feab,2024-09-11T17:15:14.033000 -CVE-2024-8687,0,0,5975a6c972f0bf6584f64f0f75319f6d6e3b00efd7ab6a35100b8e0c4e5906ba,2024-09-11T17:15:14.157000 -CVE-2024-8688,0,0,ac013fc23bdb49879a5736db21cb1609969404edd3e461ab0e86a4da6dff8ade,2024-09-11T17:15:14.273000 -CVE-2024-8689,0,0,66f164a181d51f390ea0050c4ae9ed7e8f3c06b559ba3f8f0a5d26e32fd6bf32,2024-09-11T17:15:14.380000 -CVE-2024-8690,0,0,c55a40e2e4ec0235c309cd5c94133cc30a0aff4514187551a68ad26aa808ddbf,2024-09-11T17:15:14.487000 -CVE-2024-8691,0,0,fb234e47a852558c19316948d1a8e47632a6d1658c0ca3efa4c2187af0effe1f,2024-09-11T17:15:14.587000 -CVE-2024-8692,0,0,aa9f71b26b8411de63ed9c969358a6e48de1969bfd725cc8a722898d298479ca,2024-09-11T19:15:15.410000 -CVE-2024-8693,0,0,ddd800df749e65bc051c42f09796f30ef8c087d34bb7e81f1cd06b459514977a,2024-09-11T20:15:03.503000 -CVE-2024-8694,0,0,d349be067e4434723ccffe577d43c86fb2d4512a55426775525da046ca0bc520,2024-09-11T21:15:10.863000 -CVE-2024-8705,0,0,4d4f4af4ccd7cd92aeb88f678eb2a8a31c5f4ca9fad4fd3e7064968b0a7be5d8,2024-09-11T23:15:10.230000 -CVE-2024-8706,0,0,b1483d5581623ab804b4c8d82a38888a4545fa4a5d29f09d86c27c10790ab78f,2024-09-12T00:15:02.363000 -CVE-2024-8707,0,0,0f47c6cb8b3cd13658d17328f28325f74fd88df2879e75773f22b4cffaad3fde,2024-09-12T01:15:10.110000 -CVE-2024-8708,0,0,82aa7a5283dd9f45ec1aa85b535e39867cc211396bc3ddc0e2c29db8a9e21d28,2024-09-12T02:15:03.870000 -CVE-2024-8709,0,0,8f15724da598ddc8c772382f4f03a3697f4d3bcafa5648272971f284535ed18f,2024-09-12T03:15:04.837000 -CVE-2024-8710,0,0,df8f5fdc126fcb3fc9c19cd45f93e49981064c1874b64e6d7d735998b9f49c37,2024-09-12T03:15:05.103000 -CVE-2024-8711,0,0,c26c789d0c6236a55cb7489d0e79a82b32089142661c9113c84c06edfe1c6f65,2024-09-12T04:15:07.283000 +CVE-2024-8686,0,1,ede88dcdbc0e792bd803e1f16895e5a739a1631453b49ef7e6a4fb82c32bd0dd,2024-09-12T12:35:54.013000 +CVE-2024-8687,0,1,113cfff3abfee2dabf4872656a1085a998928e6c5f0a4785deb63af7b2621db8,2024-09-12T12:35:54.013000 +CVE-2024-8688,0,1,622feee60e16c8839b74efa94c0181d710fda4c1e7dbcb6de36b0dc3a1f1b61b,2024-09-12T12:35:54.013000 +CVE-2024-8689,0,1,311be2bcbec5a47aa4a45b9bafa6c2540f9b63e228c7b676dc3b423a0ce88bb8,2024-09-12T12:35:54.013000 +CVE-2024-8690,0,1,022b7ea05a808ad29fd8fdcc9b7bd5a433e6ed83d980c7e85b26d897eef446a5,2024-09-12T12:35:54.013000 +CVE-2024-8691,0,1,f96faf45862018fb84a309de389ab9aa82dfec00eb8b1dbabab5ce1078a13abe,2024-09-12T12:35:54.013000 +CVE-2024-8692,0,1,fc7230ea52522c1382cd2778bd035ebb51a5f5590d81f2d6091d7cfcb1f83b3f,2024-09-12T12:35:54.013000 +CVE-2024-8693,0,1,0bf9bf9fae22897a2e08c32b35e067d4cd5332929319ef0efd3cac78490daee3,2024-09-12T12:35:54.013000 +CVE-2024-8694,0,1,2e1993ee271c7157fceb04bc71a63e2f464fbf1cced51f76c6346163fc12348e,2024-09-12T12:35:54.013000 +CVE-2024-8705,0,1,cb97dc5a896b102e020f4c6f7ce9db0475b1546a38609fc8cb74768e11db5694,2024-09-12T12:35:54.013000 +CVE-2024-8706,0,1,6f71e5876a7dec7ae56fc457ee5142cb7cf0075ec2e95d2e16cb7162a3c7da96,2024-09-12T12:35:54.013000 +CVE-2024-8707,0,1,fc669ae1fa6a0db8efe4caf5b18b876c49de472c52ca05ee52f992c36e2b2140,2024-09-12T12:35:54.013000 +CVE-2024-8708,0,1,5ef2b50614a0df8bc885350592e6748544bb35fd26cfadc248f257341a211827,2024-09-12T12:35:54.013000 +CVE-2024-8709,0,1,002b3fdc4504e3a8e90cfb73cfd92235f00c2180db683f0a52dbc2dfe0eff62b,2024-09-12T12:35:54.013000 +CVE-2024-8710,0,1,5201612712a005197694d95d57304261dfb33fc9c18e66babb635a0037176679,2024-09-12T12:35:54.013000 +CVE-2024-8711,0,1,b7bac1cd180aad7dc32fae997a12eb16b0ac91bf4702c25ed2514ca60e9a05c4,2024-09-12T12:35:54.013000 +CVE-2024-8749,1,1,6c300bdfd0775f414e5e2003c3bfef67fe867038e6f1a0c3495f0a7e6012e1de,2024-09-12T12:35:54.013000 +CVE-2024-8750,1,1,418fabeb18e7b297a31252c3e8fef09ccda76bf14212f7478abfd99c5bae6ae6,2024-09-12T12:35:54.013000