admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-29T19:00:19.928735+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-29 19:03:20 +00:00
parent dcc1b3f26d
commit d3461e83b3
68 changed files with 5162 additions and 431 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CVE-2019/CVE-2019-252xx/CVE-2019-25219.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2019-25219",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-29T17:15:03.567",
"lastModified": "2024-10-29T17:15:03.567",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asio C++ Library before 1.13.0 lacks a fallback error code in the case of SSL_ERROR_SYSCALL with no associated error information from the SSL library being used."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/chriskohlhoff/asio/commit/93337cba7b013150f5aa6194393e1d94be2853ec",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/chriskohlhoff/asio/compare/asio-1-12-2...asio-1-13-0",
"source": "cve@mitre.org"
},
{
"url": "https://think-async.com/Asio/",
"source": "cve@mitre.org"
}
]
}

27
CVE-2022/CVE-2022-486xx/CVE-2022-48669.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48669", "id": "CVE-2022-48669",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T13:15:48.220", "published": "2024-05-01T13:15:48.220",
"lastModified": "2024-05-01T19:50:25.633", "lastModified": "2024-10-29T18:35:00.757",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: powerpc/pseries: corrija una posible fuga de mem en papr_get_attr() `buf` est\u00e1 asignado en papr_get_attr(), y krealloc() de `buf` podr\u00eda fallar. Necesitamos liberar el \"buf\" original en caso de falla." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: powerpc/pseries: corrija una posible fuga de mem en papr_get_attr() `buf` est\u00e1 asignado en papr_get_attr(), y krealloc() de `buf` podr\u00eda fallar. Necesitamos liberar el \"buf\" original en caso de falla."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/1699fb915b9f61794d559b55114c09a390aaf234", "url": "https://git.kernel.org/stable/c/1699fb915b9f61794d559b55114c09a390aaf234",

14
CVE-2023/CVE-2023-33xx/CVE-2023-3329.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3329", "id": "CVE-2023-3329",
"sourceIdentifier": "ics-cert@hq.dhs.gov", "sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-08-02T23:15:10.547", "published": "2023-08-02T23:15:10.547",
"lastModified": "2023-11-07T04:18:31.170", "lastModified": "2024-10-29T18:35:02.750",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -35,6 +35,18 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [ "configurations": [
{ {
"nodes": [ "nodes": [

14
CVE-2023/CVE-2023-356xx/CVE-2023-35677.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35677", "id": "CVE-2023-35677",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.367", "published": "2023-09-11T21:15:42.367",
"lastModified": "2023-09-13T17:39:58.473", "lastModified": "2024-10-29T18:35:00.990",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
} }
], ],
"configurations": [ "configurations": [

14
CVE-2023/CVE-2023-356xx/CVE-2023-35680.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35680", "id": "CVE-2023-35680",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.490", "published": "2023-09-11T21:15:42.490",
"lastModified": "2023-09-13T17:39:23.453", "lastModified": "2024-10-29T18:35:01.837",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -49,6 +49,16 @@
"value": "NVD-CWE-Other" "value": "NVD-CWE-Other"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-470"
}
]
} }
], ],
"configurations": [ "configurations": [

44
CVE-2023/CVE-2023-64xx/CVE-2023-6491.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6491", "id": "CVE-2023-6491",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T06:15:09.320", "published": "2024-06-07T06:15:09.320",
"lastModified": "2024-06-07T14:56:05.647", "lastModified": "2024-10-29T17:59:12.477",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,14 +39,50 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpchill:strong_testimonials:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.13",
"matchCriteriaId": "7A7E2DE8-5E8F-47D8-8973-6270FCD253B3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3097409/strong-testimonials/tags/3.1.13/admin/views.php", "url": "https://plugins.trac.wordpress.org/changeset/3097409/strong-testimonials/tags/3.1.13/admin/views.php",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3277d93-4f47-445b-a193-ff990b55d054?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3277d93-4f47-445b-a193-ff990b55d054?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

14
CVE-2023/CVE-2023-70xx/CVE-2023-7047.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7047", "id": "CVE-2023-7047",
"sourceIdentifier": "security@devolutions.net", "sourceIdentifier": "security@devolutions.net",
"published": "2023-12-21T15:15:14.427", "published": "2023-12-21T15:15:14.427",
"lastModified": "2024-01-04T18:37:04.157", "lastModified": "2024-10-29T17:35:02.770",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
} }
], ],
"configurations": [ "configurations": [

66
CVE-2024/CVE-2024-100xx/CVE-2024-10073.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10073", "id": "CVE-2024-10073",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-17T17:15:11.253", "published": "2024-10-17T17:15:11.253",
"lastModified": "2024-10-18T12:52:33.507", "lastModified": "2024-10-29T17:18:17.690",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -61,6 +61,26 @@
} }
], ],
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Secondary", "type": "Secondary",
@ -120,26 +140,58 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:informatik.hu-berlin:flair:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACC9C94-1387-4C95-A667-7C2DB83BACEF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/bayuncao/vul-cve-20", "url": "https://github.com/bayuncao/vul-cve-20",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py", "url": "https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.280722", "url": "https://vuldb.com/?ctiid.280722",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?id.280722", "url": "https://vuldb.com/?id.280722",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?submit.420055", "url": "https://vuldb.com/?submit.420055",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

6
CVE-2024/CVE-2024-102xx/CVE-2024-10276.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-10276", "id": "CVE-2024-10276",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-23T11:15:13.137", "published": "2024-10-23T11:15:13.137",
"lastModified": "2024-10-23T15:12:34.673", "lastModified": "2024-10-29T18:15:05.140",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability has been found in Tektronix Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." "value": "A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}, },
{ {
"lang": "es", "lang": "es",

56
CVE-2024/CVE-2024-104xx/CVE-2024-10491.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-10491",
"sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"published": "2024-10-29T17:15:03.853",
"lastModified": "2024-10-29T17:15:03.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the Express response.links\u00a0function, allowing for arbitrary resource injection in the Link\u00a0header when unsanitized data is used.\n\nThe issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.\n\nThis vulnerability is especially relevant for dynamic parameters."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2024-10491",
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c"
}
]
}

1506
CVE-2024/CVE-2024-204xx/CVE-2024-20481.json
View File

File diff suppressed because it is too large Load Diff

63
CVE-2024/CVE-2024-241xx/CVE-2024-24192.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24192", "id": "CVE-2024-24192",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.213", "published": "2024-06-06T22:15:10.213",
"lastModified": "2024-06-07T14:56:05.647", "lastModified": "2024-10-29T18:25:10.853",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,11 +15,66 @@
"value": "Se descubri\u00f3 que robdns commit d76d2e6 conten\u00eda un desbordamiento de mont\u00f3n a trav\u00e9s del bloque de componentes-&gt;nombre de archivo en /src/zonefile-insertion.c." "value": "Se descubri\u00f3 que robdns commit d76d2e6 conten\u00eda un desbordamiento de mont\u00f3n a trav\u00e9s del bloque de componentes-&gt;nombre de archivo en /src/zonefile-insertion.c."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:robertdavidgraham:robdns:2015-12-09:*:*:*:*:*:*:*",
"matchCriteriaId": "468F3841-3FFD-4B95-A5AB-5BE25DB6066D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/robertdavidgraham/robdns/issues/8", "url": "https://github.com/robertdavidgraham/robdns/issues/8",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
} }
] ]
} }

63
CVE-2024/CVE-2024-241xx/CVE-2024-24195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24195", "id": "CVE-2024-24195",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.390", "published": "2024-06-06T22:15:10.390",
"lastModified": "2024-06-07T14:56:05.647", "lastModified": "2024-10-29T18:24:07.370",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,11 +15,66 @@
"value": "Se descubri\u00f3 que el commit de robdns d76d2e6 conten\u00eda una direcci\u00f3n desalineada en /src/zonefile-insertion.c." "value": "Se descubri\u00f3 que el commit de robdns d76d2e6 conten\u00eda una direcci\u00f3n desalineada en /src/zonefile-insertion.c."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:robertdavidgraham:robdns:2015-12-09:*:*:*:*:*:*:*",
"matchCriteriaId": "468F3841-3FFD-4B95-A5AB-5BE25DB6066D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/robertdavidgraham/robdns/issues/9", "url": "https://github.com/robertdavidgraham/robdns/issues/9",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
} }
] ]
} }

63
CVE-2024/CVE-2024-241xx/CVE-2024-24198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24198", "id": "CVE-2024-24198",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.480", "published": "2024-06-06T22:15:10.480",
"lastModified": "2024-06-07T14:56:05.647", "lastModified": "2024-10-29T18:45:47.057",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,11 +15,66 @@
"value": "Se descubri\u00f3 que el commit de smartdns 54b4dc conten\u00eda una direcci\u00f3n desalineada en smartdns/src/util.c." "value": "Se descubri\u00f3 que el commit de smartdns 54b4dc conten\u00eda una direcci\u00f3n desalineada en smartdns/src/util.c."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pymumu:smartdns:45:*:*:*:*:*:*:*",
"matchCriteriaId": "F7567279-7406-4D75-A9BA-4723E6C33110"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/pymumu/smartdns/issues/1629", "url": "https://github.com/pymumu/smartdns/issues/1629",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
} }
] ]
} }

39
CVE-2024/CVE-2024-24xx/CVE-2024-2402.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-2402", "id": "CVE-2024-2402",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-24T05:15:47.070", "published": "2024-04-24T05:15:47.070",
"lastModified": "2024-04-24T13:39:42.883", "lastModified": "2024-10-29T17:35:05.720",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento Better Comments de WordPress anterior a 1.5.6 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." "value": "El complemento Better Comments de WordPress anterior a 1.5.6 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/98e050cf-5686-4216-bad1-575decf3eaa7/", "url": "https://wpscan.com/vulnerability/98e050cf-5686-4216-bad1-575decf3eaa7/",

39
CVE-2024/CVE-2024-256xx/CVE-2024-25676.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25676", "id": "CVE-2024-25676",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-01T20:15:12.733", "published": "2024-05-01T20:15:12.733",
"lastModified": "2024-05-02T13:27:25.103", "lastModified": "2024-10-29T18:35:03.590",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en ViewerJS 0.5.8. Un script del componente carga contenido a trav\u00e9s de ETIQUETAS URL sin sanitizarlo adecuadamente. Esto conduce tanto a la redirecci\u00f3n abierta como a la carga de recursos fuera de banda." "value": "Se descubri\u00f3 un problema en ViewerJS 0.5.8. Un script del componente carga contenido a trav\u00e9s de ETIQUETAS URL sin sanitizarlo adecuadamente. Esto conduce tanto a la redirecci\u00f3n abierta como a la carga de recursos fuera de banda."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://excellium-services.com/cert-xlm-advisory/cve-2024-25676", "url": "https://excellium-services.com/cert-xlm-advisory/cve-2024-25676",

64
CVE-2024/CVE-2024-32xx/CVE-2024-3288.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3288", "id": "CVE-2024-3288",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-07T06:15:10.837", "published": "2024-06-07T06:15:10.837",
"lastModified": "2024-06-07T14:56:05.647", "lastModified": "2024-10-29T17:52:30.007",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,11 +15,67 @@
"value": "El complemento Logo Slider de WordPress anterior a 4.0.0 no valida ni escapa algunas de sus configuraciones del control deslizante antes de devolverlas en atributos, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superiores realizar ataques de Cross-Site Scripting Almacenado." "value": "El complemento Logo Slider de WordPress anterior a 4.0.0 no valida ni escapa algunas de sus configuraciones del control deslizante antes de devolverlas en atributos, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superiores realizar ataques de Cross-Site Scripting Almacenado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:logichunt:logo_slider:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.0.0",
"matchCriteriaId": "1E676EDD-A336-42BE-B662-29D43DD8B5D2"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba/", "url": "https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba/",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

27
CVE-2024/CVE-2024-36xx/CVE-2024-3652.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3652", "id": "CVE-2024-3652",
"sourceIdentifier": "d42dc95b-23f1-4e06-9076-20753a0fb0df", "sourceIdentifier": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
"published": "2024-04-11T02:15:47.790", "published": "2024-04-11T02:15:47.790",
"lastModified": "2024-05-01T17:15:37.793", "lastModified": "2024-10-29T18:35:08.263",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "Se notific\u00f3 a Libreswan Project sobre un problema que provocaba que libreswan se reiniciara al usar IKEv1 sin especificar una l\u00ednea esp=. Cuando el par solicita AES-GMAC, el controlador de propuestas predeterminado de libreswan provoca un error de aserci\u00f3n, falla y se reinicia. Las conexiones IKEv2 no se ven afectadas." "value": "Se notific\u00f3 a Libreswan Project sobre un problema que provocaba que libreswan se reiniciara al usar IKEv1 sin especificar una l\u00ednea esp=. Cuando el par solicita AES-GMAC, el controlador de propuestas predeterminado de libreswan provoca un error de aserci\u00f3n, falla y se reinicia. Las conexiones IKEv2 no se ven afectadas."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2024/04/18/2", "url": "http://www.openwall.com/lists/oss-security/2024/04/18/2",

41
CVE-2024/CVE-2024-378xx/CVE-2024-37845.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37845", "id": "CVE-2024-37845",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T19:15:03.973", "published": "2024-10-25T19:15:03.973",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T18:35:04.397",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que MangoOS anterior a 5.2.0 conten\u00eda una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) autenticada a trav\u00e9s de la funci\u00f3n Comando de proceso activo." "value": "Se descubri\u00f3 que MangoOS anterior a 5.2.0 conten\u00eda una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) autenticada a trav\u00e9s de la funci\u00f3n Comando de proceso activo."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/herombey/Disclosures/blob/main/CVE-2024-37845%20RCE.pdf", "url": "https://github.com/herombey/Disclosures/blob/main/CVE-2024-37845%20RCE.pdf",

41
CVE-2024/CVE-2024-378xx/CVE-2024-37846.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37846", "id": "CVE-2024-37846",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T19:15:04.027", "published": "2024-10-25T19:15:04.027",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T18:35:05.693",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que MangoOS anterior a 5.2.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n de plantilla del lado del cliente (CSTI) a trav\u00e9s de la p\u00e1gina Editar administraci\u00f3n de la plataforma." "value": "Se descubri\u00f3 que MangoOS anterior a 5.2.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n de plantilla del lado del cliente (CSTI) a trav\u00e9s de la p\u00e1gina Editar administraci\u00f3n de la plataforma."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/herombey/Disclosures/blob/main/CVE-2024-37846-CSTI.pdf", "url": "https://github.com/herombey/Disclosures/blob/main/CVE-2024-37846-CSTI.pdf",

45
CVE-2024/CVE-2024-378xx/CVE-2024-37847.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37847", "id": "CVE-2024-37847",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T19:15:04.087", "published": "2024-10-25T19:15:04.087",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T18:35:06.983",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,7 +15,46 @@
"value": "Una vulnerabilidad de carga de archivos arbitrarios en MangoOS anterior a 5.1.4 y Mango API anterior a 4.5.5 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado." "value": "Una vulnerabilidad de carga de archivos arbitrarios en MangoOS anterior a 5.1.4 y Mango API anterior a 4.5.5 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/herombey/Disclosures/blob/main/CVE-2024-37847%20File%20Upload%20Path%20Traversal.pdf", "url": "https://github.com/herombey/Disclosures/blob/main/CVE-2024-37847%20File%20Upload%20Path%20Traversal.pdf",

24
CVE-2024/CVE-2024-384xx/CVE-2024-38476.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38476", "id": "CVE-2024-38476",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2024-07-01T19:15:04.977", "published": "2024-07-01T19:15:04.977",
"lastModified": "2024-08-21T15:08:56.040", "lastModified": "2024-10-29T17:35:06.547",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },

44
CVE-2024/CVE-2024-39xx/CVE-2024-3987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3987", "id": "CVE-2024-3987",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T03:15:09.440", "published": "2024-06-07T03:15:09.440",
"lastModified": "2024-06-07T14:56:05.647", "lastModified": "2024-10-29T18:39:09.830",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,14 +39,50 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freshlightlab:wp_mobile_menu:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.8.4.3",
"matchCriteriaId": "00711E9D-D22A-44D8-A246-87E2F225A39C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3097563/mobile-menu/trunk/includes/class-wp-mobile-menu-core.php", "url": "https://plugins.trac.wordpress.org/changeset/3097563/mobile-menu/trunk/includes/class-wp-mobile-menu-core.php",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7bcbc6b6-ed05-4709-bf05-214418798339?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7bcbc6b6-ed05-4709-bf05-214418798339?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

65
CVE-2024/CVE-2024-407xx/CVE-2024-40792.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40792", "id": "CVE-2024-40792",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:04.670", "published": "2024-10-28T21:15:04.670",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:28:34.383",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,11 +15,68 @@
"value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n maliciosa podr\u00eda cambiar la configuraci\u00f3n de red." "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n maliciosa podr\u00eda cambiar la configuraci\u00f3n de red."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0",
"matchCriteriaId": "E8017C16-A17E-4AE7-9A0B-1295200A3A45"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

71
CVE-2024/CVE-2024-408xx/CVE-2024-40851.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40851", "id": "CVE-2024-40851",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:04.740", "published": "2024-10-28T21:15:04.740",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:42:35.217",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,11 +15,74 @@
"value": "Este problema se solucion\u00f3 restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema se solucion\u00f3 en iOS 18.1 y iPadOS 18.1. Un atacante con acceso f\u00edsico podr\u00eda acceder a las fotos de los contactos desde la pantalla de bloqueo." "value": "Este problema se solucion\u00f3 restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema se solucion\u00f3 en iOS 18.1 y iPadOS 18.1. Un atacante con acceso f\u00edsico podr\u00eda acceder a las fotos de los contactos desde la pantalla de bloqueo."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.1",
"matchCriteriaId": "1F64554D-9F90-4871-9A0B-FB28BD52F4B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.1",
"matchCriteriaId": "B9A26654-0DDB-4D4D-BB1E-C65C3339148E"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121563", "url": "https://support.apple.com/en-us/121563",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

84
CVE-2024/CVE-2024-408xx/CVE-2024-40855.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40855", "id": "CVE-2024-40855",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:04.870", "published": "2024-10-28T21:15:04.870",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:42:18.573",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,91 @@
"value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.7.1, macOS Sequoia 15 y macOS Sonoma 14.7.1. Una aplicaci\u00f3n aislada puede tener acceso a datos confidenciales del usuario." "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.7.1, macOS Sequoia 15 y macOS Sonoma 14.7.1. Una aplicaci\u00f3n aislada puede tener acceso a datos confidenciales del usuario."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FA438ABE-99D4-49D3-A90A-959B8FDD4012"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121568", "url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121570", "url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

71
CVE-2024/CVE-2024-408xx/CVE-2024-40867.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40867", "id": "CVE-2024-40867",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:04.937", "published": "2024-10-28T21:15:04.937",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:41:59.300",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,11 +15,74 @@
"value": "Se solucion\u00f3 un problema de manejo de esquemas de URL personalizados con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en iOS 18.1 y iPadOS 18.1. Un atacante remoto podr\u00eda evadir el entorno limitado de contenido web." "value": "Se solucion\u00f3 un problema de manejo de esquemas de URL personalizados con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en iOS 18.1 y iPadOS 18.1. Un atacante remoto podr\u00eda evadir el entorno limitado de contenido web."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.1",
"matchCriteriaId": "1F64554D-9F90-4871-9A0B-FB28BD52F4B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.1",
"matchCriteriaId": "B9A26654-0DDB-4D4D-BB1E-C65C3339148E"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121563", "url": "https://support.apple.com/en-us/121563",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

39
CVE-2024/CVE-2024-416xx/CVE-2024-41617.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41617", "id": "CVE-2024-41617",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-10-24T22:15:03.687", "published": "2024-10-24T22:15:03.687",
"lastModified": "2024-10-25T12:56:07.750", "lastModified": "2024-10-29T17:35:07.133",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Money Manager EX WebApp (web-money-manager-ex) 1.2.2 es vulnerable a un control de acceso incorrecto. La funci\u00f3n `redirect_if_not_loggedin` en `functions_security.php` no puede finalizar la ejecuci\u00f3n del script despu\u00e9s de redirigir a usuarios no autenticados. Esta falla permite que un atacante no autenticado cargue archivos arbitrarios, lo que puede provocar una ejecuci\u00f3n remota de c\u00f3digo." "value": "Money Manager EX WebApp (web-money-manager-ex) 1.2.2 es vulnerable a un control de acceso incorrecto. La funci\u00f3n `redirect_if_not_loggedin` en `functions_security.php` no puede finalizar la ejecuci\u00f3n del script despu\u00e9s de redirigir a usuarios no autenticados. Esta falla permite que un atacante no autenticado cargue archivos arbitrarios, lo que puede provocar una ejecuci\u00f3n remota de c\u00f3digo."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/moneymanagerex/web-money-manager-ex/commit/f2850b295ee21bc299799343a3bc4d004d05651d", "url": "https://github.com/moneymanagerex/web-money-manager-ex/commit/f2850b295ee21bc299799343a3bc4d004d05651d",

39
CVE-2024/CVE-2024-416xx/CVE-2024-41618.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41618", "id": "CVE-2024-41618",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-10-24T22:15:03.787", "published": "2024-10-24T22:15:03.787",
"lastModified": "2024-10-25T12:56:07.750", "lastModified": "2024-10-29T17:35:08.150",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Money Manager EX WebApp (web-money-manager-ex) 1.2.2 es vulnerable a la inyecci\u00f3n SQL en la funci\u00f3n `transaction_delete_group`. La vulnerabilidad se debe a una desinfecci\u00f3n incorrecta de la entrada del usuario en el par\u00e1metro `TrDeleteArr`, que se incorpora directamente a una consulta SQL." "value": "Money Manager EX WebApp (web-money-manager-ex) 1.2.2 es vulnerable a la inyecci\u00f3n SQL en la funci\u00f3n `transaction_delete_group`. La vulnerabilidad se debe a una desinfecci\u00f3n incorrecta de la entrada del usuario en el par\u00e1metro `TrDeleteArr`, que se incorpora directamente a una consulta SQL."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/moneymanagerex/web-money-manager-ex/commit/f2850b295ee21bc299799343a3bc4d004d05651d", "url": "https://github.com/moneymanagerex/web-money-manager-ex/commit/f2850b295ee21bc299799343a3bc4d004d05651d",

62
CVE-2024/CVE-2024-425xx/CVE-2024-42508.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42508", "id": "CVE-2024-42508",
"sourceIdentifier": "security-alert@hpe.com", "sourceIdentifier": "security-alert@hpe.com",
"published": "2024-10-18T16:15:04.710", "published": "2024-10-18T16:15:04.710",
"lastModified": "2024-10-21T17:10:22.857", "lastModified": "2024-10-29T17:38:49.330",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,8 +15,41 @@
"value": "Esta vulnerabilidad podr\u00eda ser explotada para provocar la divulgaci\u00f3n no autorizada de informaci\u00f3n a usuarios autenticados." "value": "Esta vulnerabilidad podr\u00eda ser explotada para provocar la divulgaci\u00f3n no autorizada de informaci\u00f3n a usuarios autenticados."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{ {
"source": "security-alert@hpe.com", "source": "security-alert@hpe.com",
"type": "Secondary", "type": "Secondary",
@ -28,10 +61,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.20.00",
"matchCriteriaId": "B081F48C-BFCB-4BAB-A774-226EEDD28608"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04721en_us&docLocale=en_US", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04721en_us&docLocale=en_US",
"source": "security-alert@hpe.com" "source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

84
CVE-2024/CVE-2024-441xx/CVE-2024-44122.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44122", "id": "CVE-2024-44122",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:05.123", "published": "2024-10-28T21:15:05.123",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:38:18.457",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,91 @@
"value": "Se solucion\u00f3 un problema de l\u00f3gica con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.7.1, macOS Sequoia 15 y macOS Sonoma 14.7.1. Es posible que una aplicaci\u00f3n pueda salir de su entorno limitado." "value": "Se solucion\u00f3 un problema de l\u00f3gica con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.7.1, macOS Sequoia 15 y macOS Sonoma 14.7.1. Es posible que una aplicaci\u00f3n pueda salir de su entorno limitado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FA438ABE-99D4-49D3-A90A-959B8FDD4012"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121568", "url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121570", "url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

83
CVE-2024/CVE-2024-441xx/CVE-2024-44123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44123", "id": "CVE-2024-44123",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:05.190", "published": "2024-10-28T21:15:05.190",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:37:15.990",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,88 @@
"value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15, iOS 18 y iPadOS 18. Una aplicaci\u00f3n maliciosa con privilegios de superusuario podr\u00eda acceder a la informaci\u00f3n de ubicaci\u00f3n y a la entrada del teclado sin el consentimiento del usuario." "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15, iOS 18 y iPadOS 18. Una aplicaci\u00f3n maliciosa con privilegios de superusuario podr\u00eda acceder a la informaci\u00f3n de ubicaci\u00f3n y a la entrada del teclado sin el consentimiento del usuario."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "ACD3B3B0-329C-413B-BDF7-6B1C6298846E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "2222A2EE-00FA-4019-8779-13B82A4F9DD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0",
"matchCriteriaId": "E8017C16-A17E-4AE7-9A0B-1295200A3A45"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121250", "url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

120
CVE-2024/CVE-2024-441xx/CVE-2024-44126.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44126", "id": "CVE-2024-44126",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:05.263", "published": "2024-10-28T21:15:05.263",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:35:48.850",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,133 @@
"value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 y iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 y iPadOS 18. El procesamiento de un archivo manipulado con fines malintencionados puede provocar da\u00f1os en el mont\u00f3n." "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 y iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 y iPadOS 18. El procesamiento de un archivo manipulado con fines malintencionados puede provocar da\u00f1os en el mont\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.7",
"matchCriteriaId": "064488F4-456F-4C5D-B325-4F1FCDF2D432"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.7",
"matchCriteriaId": "B8542FD9-368A-4A38-965E-47AE279208F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FA438ABE-99D4-49D3-A90A-959B8FDD4012"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7",
"matchCriteriaId": "06F1EED8-2BB5-4768-908B-83AF76DE7B5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "A6AE7B0F-C356-4601-9636-617CDD09F009"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121246", "url": "https://support.apple.com/en-us/121246",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121247", "url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121249", "url": "https://support.apple.com/en-us/121249",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121250", "url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121568", "url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

84
CVE-2024/CVE-2024-441xx/CVE-2024-44137.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44137", "id": "CVE-2024-44137",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:05.330", "published": "2024-10-28T21:15:05.330",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:35:23.423",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,91 @@
"value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.7.1, macOS Sequoia 15 y macOS Sonoma 14.7.1. Un atacante con acceso f\u00edsico podr\u00eda compartir elementos desde la pantalla de bloqueo." "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.7.1, macOS Sequoia 15 y macOS Sonoma 14.7.1. Un atacante con acceso f\u00edsico podr\u00eda compartir elementos desde la pantalla de bloqueo."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FA438ABE-99D4-49D3-A90A-959B8FDD4012"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121568", "url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121570", "url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

125
CVE-2024/CVE-2024-441xx/CVE-2024-44144.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44144", "id": "CVE-2024-44144",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:05.397", "published": "2024-10-28T21:15:05.397",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:34:55.923",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,35 +15,140 @@
"value": "Se solucion\u00f3 un desbordamiento de b\u00fafer mejorando la validaci\u00f3n de tama\u00f1o. Este problema se solucion\u00f3 en iOS 17.7.1 y iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 y iPadOS 18. El procesamiento de un archivo manipulado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n." "value": "Se solucion\u00f3 un desbordamiento de b\u00fafer mejorando la validaci\u00f3n de tama\u00f1o. Este problema se solucion\u00f3 en iOS 17.7.1 y iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 y iPadOS 18. El procesamiento de un archivo manipulado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.7.1",
"matchCriteriaId": "F42291CA-6AC4-4F11-AC23-B3FE25139483"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.7.1",
"matchCriteriaId": "468FFF6F-879C-4AF4-BC42-6A1AA30441C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "20977171-B964-4F89-AF53-6136003EDDB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "F34BD4C1-5C6A-4C6D-BD96-8CC3F3CBFF74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.0",
"matchCriteriaId": "05C212C2-3E65-47DB-A0AE-417A8178ADC6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121240", "url": "https://support.apple.com/en-us/121240",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121248", "url": "https://support.apple.com/en-us/121248",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121249", "url": "https://support.apple.com/en-us/121249",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121250", "url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121567", "url": "https://support.apple.com/en-us/121567",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121570", "url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

113
CVE-2024/CVE-2024-441xx/CVE-2024-44155.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44155", "id": "CVE-2024-44155",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:05.460", "published": "2024-10-28T21:15:05.460",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:34:16.487",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,27 +15,124 @@
"value": "Se solucion\u00f3 un problema de manejo de esquemas de URL personalizados con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en Safari 18, iOS 17.7.1 y iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 y iPadOS 18. El contenido web manipulado con fines malintencionados puede infringir la pol\u00edtica de la sandbox de iframe." "value": "Se solucion\u00f3 un problema de manejo de esquemas de URL personalizados con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en Safari 18, iOS 17.7.1 y iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 y iPadOS 18. El contenido web manipulado con fines malintencionados puede infringir la pol\u00edtica de la sandbox de iframe."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "0DCB4657-8F40-418E-8E98-743C271E4CDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.7.1",
"matchCriteriaId": "F42291CA-6AC4-4F11-AC23-B3FE25139483"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.7.1",
"matchCriteriaId": "468FFF6F-879C-4AF4-BC42-6A1AA30441C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0",
"matchCriteriaId": "E8017C16-A17E-4AE7-9A0B-1295200A3A45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.0",
"matchCriteriaId": "05C212C2-3E65-47DB-A0AE-417A8178ADC6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121240", "url": "https://support.apple.com/en-us/121240",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121241", "url": "https://support.apple.com/en-us/121241",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121250", "url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121567", "url": "https://support.apple.com/en-us/121567",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

78
CVE-2024/CVE-2024-441xx/CVE-2024-44156.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44156", "id": "CVE-2024-44156",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:05.543", "published": "2024-10-28T21:15:05.543",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:33:51.597",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,83 @@
"value": "Se solucion\u00f3 una vulnerabilidad de eliminaci\u00f3n de ruta al evitar que el c\u00f3digo vulnerable se ejecutara con privilegios. Este problema se solucion\u00f3 en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. Es posible que una aplicaci\u00f3n pueda eludir las preferencias de privacidad." "value": "Se solucion\u00f3 una vulnerabilidad de eliminaci\u00f3n de ruta al evitar que el c\u00f3digo vulnerable se ejecutara con privilegios. Este problema se solucion\u00f3 en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. Es posible que una aplicaci\u00f3n pueda eludir las preferencias de privacidad."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FA438ABE-99D4-49D3-A90A-959B8FDD4012"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121568", "url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121570", "url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

78
CVE-2024/CVE-2024-441xx/CVE-2024-44159.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44159", "id": "CVE-2024-44159",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:05.603", "published": "2024-10-28T21:15:05.603",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:33:37.147",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,83 @@
"value": "Se solucion\u00f3 una vulnerabilidad de eliminaci\u00f3n de ruta al evitar que el c\u00f3digo vulnerable se ejecutara con privilegios. Este problema se solucion\u00f3 en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. Es posible que una aplicaci\u00f3n pueda eludir las preferencias de privacidad." "value": "Se solucion\u00f3 una vulnerabilidad de eliminaci\u00f3n de ruta al evitar que el c\u00f3digo vulnerable se ejecutara con privilegios. Este problema se solucion\u00f3 en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. Es posible que una aplicaci\u00f3n pueda eludir las preferencias de privacidad."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FA438ABE-99D4-49D3-A90A-959B8FDD4012"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121568", "url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/121570", "url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

65
CVE-2024/CVE-2024-441xx/CVE-2024-44174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44174", "id": "CVE-2024-44174",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:05.667", "published": "2024-10-28T21:15:05.667",
"lastModified": "2024-10-29T14:34:50.257", "lastModified": "2024-10-29T17:33:16.540",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,11 +15,68 @@
"value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Sequoia 15. Un atacante podr\u00eda ver contenido restringido desde la pantalla de bloqueo." "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Sequoia 15. Un atacante podr\u00eda ver contenido restringido desde la pantalla de bloqueo."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0",
"matchCriteriaId": "E8017C16-A17E-4AE7-9A0B-1295200A3A45"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

41
CVE-2024/CVE-2024-482xx/CVE-2024-48218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48218", "id": "CVE-2024-48218",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T21:15:03.603", "published": "2024-10-25T21:15:03.603",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T18:35:08.783",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,7 +15,42 @@
"value": "Funadmin v5.0.2 tiene una vulnerabilidad de inyecci\u00f3n SQL en /curd/table/list." "value": "Funadmin v5.0.2 tiene una vulnerabilidad de inyecci\u00f3n SQL en /curd/table/list."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/funadmin/funadmin/issues/21", "url": "https://github.com/funadmin/funadmin/issues/21",

41
CVE-2024/CVE-2024-482xx/CVE-2024-48222.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48222", "id": "CVE-2024-48222",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T21:15:03.680", "published": "2024-10-25T21:15:03.680",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T18:35:10.053",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,7 +15,42 @@
"value": "Funadmin v5.0.2 tiene una vulnerabilidad de inyecci\u00f3n SQL en /curd/table/edit." "value": "Funadmin v5.0.2 tiene una vulnerabilidad de inyecci\u00f3n SQL en /curd/table/edit."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/funadmin/funadmin/issues/22", "url": "https://github.com/funadmin/funadmin/issues/22",

41
CVE-2024/CVE-2024-482xx/CVE-2024-48223.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48223", "id": "CVE-2024-48223",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T21:15:03.740", "published": "2024-10-25T21:15:03.740",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T18:35:11.373",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,7 +15,42 @@
"value": "Funadmin v5.0.2 tiene una vulnerabilidad de inyecci\u00f3n SQL en /curd/table/fieldlist." "value": "Funadmin v5.0.2 tiene una vulnerabilidad de inyecci\u00f3n SQL en /curd/table/fieldlist."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/funadmin/funadmin/issues/23", "url": "https://github.com/funadmin/funadmin/issues/23",

41
CVE-2024/CVE-2024-482xx/CVE-2024-48224.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48224", "id": "CVE-2024-48224",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T21:15:03.793", "published": "2024-10-25T21:15:03.793",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T18:35:12.697",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,7 +15,42 @@
"value": "Funadmin v5.0.2 tiene una vulnerabilidad de lectura de archivos arbitrarios en /curd/index/editfile." "value": "Funadmin v5.0.2 tiene una vulnerabilidad de lectura de archivos arbitrarios en /curd/index/editfile."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/funadmin/funadmin/issues/24", "url": "https://github.com/funadmin/funadmin/issues/24",

29
CVE-2024/CVE-2024-489xx/CVE-2024-48955.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-48955",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-29T18:15:05.690",
"lastModified": "2024-10-29T18:15:05.690",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another device, granting unauthorized access. This type of attack is commonly referred to as session hijacking."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BrotherOfJhonny/CVE-2024-48955_Overview",
"source": "cve@mitre.org"
},
{
"url": "https://netadmin.software/gestao-de-identidade-e-acesso/",
"source": "cve@mitre.org"
},
{
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-48955&sortby=bydate",
"source": "cve@mitre.org"
}
]
}

111
CVE-2024/CVE-2024-499xx/CVE-2024-49978.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49978", "id": "CVE-2024-49978",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T18:15:18.483", "published": "2024-10-21T18:15:18.483",
"lastModified": "2024-10-23T15:13:25.583", "lastModified": "2024-10-29T18:01:43.080",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,27 +15,122 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gso: arregla la segmentaci\u00f3n de fraglist gso udp despu\u00e9s de extraer de frag_list Detecta skbs de fraglist gso con geometr\u00eda corrupta (ver abajo) y p\u00e1salos a skb_segment en lugar de a skb_segment_list, ya que el primero puede segmentarlos correctamente. Skbs SKB_GSO_FRAGLIST v\u00e1lidos: consisten en dos o m\u00e1s segmentos: el head_skb contiene los encabezados de protocolo m\u00e1s el primero gso_size: uno o m\u00e1s skbs de frag_list contienen exactamente un segmento: todos menos el \u00faltimo deben ser gso_size Los ganchos de ruta de datos opcionales como NAT y BPF (bpf_skb_pull_data) pueden modificar estos skbs, rompiendo estos invariantes. En casos extremos, extraen todos los datos en skb lineal. Para UDP, esto provoca un desreferenciado de ptr NULL en __udpv4_gso_segment_list_csum en udp_hdr(seg-&gt;next)-&gt;dest. Detecta geometr\u00eda no v\u00e1lida debido a la extracci\u00f3n, verificando el tama\u00f1o de head_skb. No la elimines, ya que esto puede convertir un destino en un agujero negro. Convierte para poder pasar a skb_segment normal." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gso: arregla la segmentaci\u00f3n de fraglist gso udp despu\u00e9s de extraer de frag_list Detecta skbs de fraglist gso con geometr\u00eda corrupta (ver abajo) y p\u00e1salos a skb_segment en lugar de a skb_segment_list, ya que el primero puede segmentarlos correctamente. Skbs SKB_GSO_FRAGLIST v\u00e1lidos: consisten en dos o m\u00e1s segmentos: el head_skb contiene los encabezados de protocolo m\u00e1s el primero gso_size: uno o m\u00e1s skbs de frag_list contienen exactamente un segmento: todos menos el \u00faltimo deben ser gso_size Los ganchos de ruta de datos opcionales como NAT y BPF (bpf_skb_pull_data) pueden modificar estos skbs, rompiendo estos invariantes. En casos extremos, extraen todos los datos en skb lineal. Para UDP, esto provoca un desreferenciado de ptr NULL en __udpv4_gso_segment_list_csum en udp_hdr(seg-&gt;next)-&gt;dest. Detecta geometr\u00eda no v\u00e1lida debido a la extracci\u00f3n, verificando el tama\u00f1o de head_skb. No la elimines, ya que esto puede convertir un destino en un agujero negro. Convierte para poder pasar a skb_segment normal."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D22D5882-BF74-46ED-9D50-1924ECF3C786"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.55",
"matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.14",
"matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.3",
"matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/080e6c9a3908de193a48f646c5ce1bfb15676ffc", "url": "https://git.kernel.org/stable/c/080e6c9a3908de193a48f646c5ce1bfb15676ffc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/33e28acf42ee863f332a958bfc2f1a284a3659df", "url": "https://git.kernel.org/stable/c/33e28acf42ee863f332a958bfc2f1a284a3659df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3cd00d2e3655fad3bda96dc1ebf17b6495f86fea", "url": "https://git.kernel.org/stable/c/3cd00d2e3655fad3bda96dc1ebf17b6495f86fea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab", "url": "https://git.kernel.org/stable/c/a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/af3122f5fdc0d00581d6e598a668df6bf54c9daa", "url": "https://git.kernel.org/stable/c/af3122f5fdc0d00581d6e598a668df6bf54c9daa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

87
CVE-2024/CVE-2024-499xx/CVE-2024-49979.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49979", "id": "CVE-2024-49979",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T18:15:18.550", "published": "2024-10-21T18:15:18.550",
"lastModified": "2024-10-23T15:13:25.583", "lastModified": "2024-10-29T18:02:14.197",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,94 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: gso: arregla la segmentaci\u00f3n de tcp fraglist despu\u00e9s de extraer de frag_list Detecta skbs tcp gso fraglist con geometr\u00eda corrupta (ver abajo) y p\u00e1salos a skb_segment en lugar de a skb_segment_list, ya que el primero puede segmentarlos correctamente. Skbs SKB_GSO_FRAGLIST v\u00e1lidos: consisten en dos o m\u00e1s segmentos: el head_skb contiene los encabezados de protocolo m\u00e1s el primer gso_size: uno o m\u00e1s skbs frag_list contienen exactamente un segmento: todos menos el \u00faltimo deben ser gso_size Los ganchos de ruta de datos opcionales como NAT y BPF (bpf_skb_pull_data) pueden modificar estos skbs, rompiendo estos invariantes. En casos extremos, extraen todos los datos en skb lineal. Para TCP, esto provoca un desreferenciado de ptr NULL en __tcpv4_gso_segment_list_csum en tcp_hdr(seg-&gt;next). Detecta geometr\u00eda no v\u00e1lida debido a la extracci\u00f3n, verificando el tama\u00f1o de head_skb. No lo descartes, ya que esto puede convertir un destino en un agujero negro. Convierte para poder pasar a skb_segment normal. Enfoque y descripci\u00f3n basados en un parche de Willem de Bruijn." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: gso: arregla la segmentaci\u00f3n de tcp fraglist despu\u00e9s de extraer de frag_list Detecta skbs tcp gso fraglist con geometr\u00eda corrupta (ver abajo) y p\u00e1salos a skb_segment en lugar de a skb_segment_list, ya que el primero puede segmentarlos correctamente. Skbs SKB_GSO_FRAGLIST v\u00e1lidos: consisten en dos o m\u00e1s segmentos: el head_skb contiene los encabezados de protocolo m\u00e1s el primer gso_size: uno o m\u00e1s skbs frag_list contienen exactamente un segmento: todos menos el \u00faltimo deben ser gso_size Los ganchos de ruta de datos opcionales como NAT y BPF (bpf_skb_pull_data) pueden modificar estos skbs, rompiendo estos invariantes. En casos extremos, extraen todos los datos en skb lineal. Para TCP, esto provoca un desreferenciado de ptr NULL en __tcpv4_gso_segment_list_csum en tcp_hdr(seg-&gt;next). Detecta geometr\u00eda no v\u00e1lida debido a la extracci\u00f3n, verificando el tama\u00f1o de head_skb. No lo descartes, ya que esto puede convertir un destino en un agujero negro. Convierte para poder pasar a skb_segment normal. Enfoque y descripci\u00f3n basados en un parche de Willem de Bruijn."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.10.14",
"matchCriteriaId": "20A9A1A8-B921-4FB1-BC2B-00E240DE3643"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.3",
"matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/17bd3bd82f9f79f3feba15476c2b2c95a9b11ff8", "url": "https://git.kernel.org/stable/c/17bd3bd82f9f79f3feba15476c2b2c95a9b11ff8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/2d4a83a44428de45bfe9dccb0192a3711d1097e0", "url": "https://git.kernel.org/stable/c/2d4a83a44428de45bfe9dccb0192a3711d1097e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3fdd8c83e83fa5e82f1b5585245c51e0355c9f46", "url": "https://git.kernel.org/stable/c/3fdd8c83e83fa5e82f1b5585245c51e0355c9f46",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

87
CVE-2024/CVE-2024-499xx/CVE-2024-49999.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49999", "id": "CVE-2024-49999",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T18:15:19.973", "published": "2024-10-21T18:15:19.973",
"lastModified": "2024-10-23T15:13:25.583", "lastModified": "2024-10-29T18:03:40.857",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,94 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: afs: Arreglar la configuraci\u00f3n del indicador de respuesta del servidor En afs_wait_for_operation(), configuramos la transcripci\u00f3n del indicador de respuesta de llamada en el registro del servidor que usamos despu\u00e9s de realizar el bucle de iteraci\u00f3n del servidor de archivos, pero es posible salir del bucle despu\u00e9s de haber recibido una respuesta del servidor que descartamos (por ejemplo, devolvi\u00f3 un aborto o comenzamos a recibir datos, pero la llamada no se complet\u00f3). Esto significa que op-&gt;server podr\u00eda ser NULL, pero no lo verificamos antes de intentar configurar el indicador del servidor." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: afs: Arreglar la configuraci\u00f3n del indicador de respuesta del servidor En afs_wait_for_operation(), configuramos la transcripci\u00f3n del indicador de respuesta de llamada en el registro del servidor que usamos despu\u00e9s de realizar el bucle de iteraci\u00f3n del servidor de archivos, pero es posible salir del bucle despu\u00e9s de haber recibido una respuesta del servidor que descartamos (por ejemplo, devolvi\u00f3 un aborto o comenzamos a recibir datos, pero la llamada no se complet\u00f3). Esto significa que op-&gt;server podr\u00eda ser NULL, pero no lo verificamos antes de intentar configurar el indicador del servidor."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.10.14",
"matchCriteriaId": "0E3AE738-A62B-4806-9D9C-933998214C6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.3",
"matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/3d51ab44123f35dd1d646d99a15ebef10f55e263", "url": "https://git.kernel.org/stable/c/3d51ab44123f35dd1d646d99a15ebef10f55e263",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/97c953572d98080c5f1486155350bb688041747a", "url": "https://git.kernel.org/stable/c/97c953572d98080c5f1486155350bb688041747a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ff98751bae40faed1ba9c6a7287e84430f7dec64", "url": "https://git.kernel.org/stable/c/ff98751bae40faed1ba9c6a7287e84430f7dec64",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

69
CVE-2024/CVE-2024-49xx/CVE-2024-4902.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4902", "id": "CVE-2024-4902",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T05:15:49.740", "published": "2024-06-07T05:15:49.740",
"lastModified": "2024-06-07T14:56:05.647", "lastModified": "2024-10-29T18:07:23.897",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{ {
"source": "security@wordfence.com", "source": "security@wordfence.com",
"type": "Secondary", "type": "Secondary",
@ -39,18 +59,57 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.7.2",
"matchCriteriaId": "6F84873F-FB6C-4354-B70A-1E2B7CA481CC"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L1936", "url": "https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L1936",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3098465%40tutor%2Ftrunk&old=3086489%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file8", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3098465%40tutor%2Ftrunk&old=3086489%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file8",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-504xx/CVE-2024-50459.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50459",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T17:15:04.423",
"lastModified": "2024-10-29T17:15:04.423",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-stripe-donation/wordpress-aidwp-plugin-3-2-3-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50466.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50466",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T17:15:04.640",
"lastModified": "2024-10-29T17:15:04.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite \u2013 Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite \u2013 Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/darkmysite/wordpress-darkmysite-advanced-dark-mode-plugin-for-wordpress-plugin-1-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

63
CVE-2024/CVE-2024-505xx/CVE-2024-50573.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50573", "id": "CVE-2024-50573",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-10-28T13:15:08.040", "published": "2024-10-28T13:15:08.040",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T17:12:14.760",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services" "value": "In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services"
},
{
"lang": "es",
"value": "En JetBrains Hub antes de 2024.3.47707, un control de acceso inadecuado permit\u00eda a los usuarios generar tokens permanentes para servicios no autorizados"
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -37,7 +61,7 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "cve@jetbrains.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -45,12 +69,43 @@
"value": "CWE-862" "value": "CWE-862"
} }
] ]
},
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.3.47707",
"matchCriteriaId": "F0C96330-C723-4B53-B678-2400CDB81854"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com" "source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-505xx/CVE-2024-50574.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50574", "id": "CVE-2024-50574",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-10-28T13:15:08.310", "published": "2024-10-28T13:15:08.310",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T17:16:11.277",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality" "value": "In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2024.3.47707 era posible una posible explotaci\u00f3n ReDoS a trav\u00e9s del an\u00e1lisis del encabezado del correo electr\u00f3nico en la funcionalidad del Helpdesk"
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.3.47707",
"matchCriteriaId": "CB12320F-E3AC-4F21-BB60-B56B2091966B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com" "source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-505xx/CVE-2024-50575.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50575", "id": "CVE-2024-50575",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-10-28T13:15:08.583", "published": "2024-10-28T13:15:08.583",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T17:18:26.957",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API" "value": "In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2024.3.47707, el XSS reflejado era posible en la API del widget"
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.3.47707",
"matchCriteriaId": "CB12320F-E3AC-4F21-BB60-B56B2091966B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com" "source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-505xx/CVE-2024-50576.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50576", "id": "CVE-2024-50576",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-10-28T13:15:08.787", "published": "2024-10-28T13:15:08.787",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T17:18:08.373",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest" "value": "In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2024.3.47707, el XSS almacenado era posible a trav\u00e9s de la URL del proveedor en el manifiesto de la aplicaci\u00f3n"
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.3.47707",
"matchCriteriaId": "CB12320F-E3AC-4F21-BB60-B56B2091966B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com" "source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-505xx/CVE-2024-50577.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50577", "id": "CVE-2024-50577",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-10-28T13:15:08.987", "published": "2024-10-28T13:15:08.987",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T17:18:02.127",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings" "value": "In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2024.3.47707, el XSS almacenado era posible a trav\u00e9s de la inyecci\u00f3n de plantilla angular en la configuraci\u00f3n del Hub"
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.3.47707",
"matchCriteriaId": "CB12320F-E3AC-4F21-BB60-B56B2091966B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com" "source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-505xx/CVE-2024-50578.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50578", "id": "CVE-2024-50578",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-10-28T13:15:09.190", "published": "2024-10-28T13:15:09.190",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T17:17:53.960",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page" "value": "In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2024.3.47707, el XSS almacenado era posible a trav\u00e9s del valor del sprint en la p\u00e1gina de tableros \u00e1giles"
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.3.47707",
"matchCriteriaId": "CB12320F-E3AC-4F21-BB60-B56B2091966B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com" "source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

61
CVE-2024/CVE-2024-505xx/CVE-2024-50579.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50579", "id": "CVE-2024-50579",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-10-28T13:15:09.390", "published": "2024-10-28T13:15:09.390",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T17:17:46.297",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible" "value": "In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2024.3.47707 era posible que se XSS reflejado debido a la desinfecci\u00f3n de enlaces inseguros"
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -36,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +81,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.3.47707",
"matchCriteriaId": "CB12320F-E3AC-4F21-BB60-B56B2091966B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com" "source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-505xx/CVE-2024-50580.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50580", "id": "CVE-2024-50580",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-10-28T13:15:09.597", "published": "2024-10-28T13:15:09.597",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T17:17:29.440",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule" "value": "In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2024.3.47707, eran posibles varios XSS debido al an\u00e1lisis de Markdown inseguro y a una regla de representaci\u00f3n personalizada"
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.3.47707",
"matchCriteriaId": "CB12320F-E3AC-4F21-BB60-B56B2091966B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com" "source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-505xx/CVE-2024-50581.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50581", "id": "CVE-2024-50581",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-10-28T13:15:09.797", "published": "2024-10-28T13:15:09.797",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T17:17:20.747",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag" "value": "In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2024.3.47707, la desinfecci\u00f3n incorrecta del HTML podr\u00eda provocar un ataque XSS a trav\u00e9s de la etiqueta de comentario"
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.3.47707",
"matchCriteriaId": "CB12320F-E3AC-4F21-BB60-B56B2091966B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com" "source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-505xx/CVE-2024-50582.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50582", "id": "CVE-2024-50582",
"sourceIdentifier": "cve@jetbrains.com", "sourceIdentifier": "cve@jetbrains.com",
"published": "2024-10-28T13:15:09.997", "published": "2024-10-28T13:15:09.997",
"lastModified": "2024-10-28T13:58:09.230", "lastModified": "2024-10-29T17:16:46.007",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements" "value": "In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2024.3.47707, el XSS almacenado era posible debido a una desinfecci\u00f3n HTML incorrecta en elementos Markdown"
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cve@jetbrains.com", "source": "cve@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.3.47707",
"matchCriteriaId": "CB12320F-E3AC-4F21-BB60-B56B2091966B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com" "source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

66
CVE-2024/CVE-2024-56xx/CVE-2024-5612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5612", "id": "CVE-2024-5612",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T05:15:50.523", "published": "2024-06-07T05:15:50.523",
"lastModified": "2024-06-07T14:56:05.647", "lastModified": "2024-10-29T18:05:42.823",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -18,8 +18,28 @@
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "security@wordfence.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -39,14 +59,50 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "5.8.16",
"matchCriteriaId": "E1EA971E-7A1A-49DF-84DF-319DA0CBEFDA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://essential-addons.com/changelog/", "url": "https://essential-addons.com/changelog/",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8dbe4104-b7d1-484f-a843-a3d1fc02999d?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8dbe4104-b7d1-484f-a843-a3d1fc02999d?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

14
CVE-2024/CVE-2024-89xx/CVE-2024-8923.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8923", "id": "CVE-2024-8923",
"sourceIdentifier": "psirt@servicenow.com", "sourceIdentifier": "psirt@servicenow.com",
"published": "2024-10-29T16:15:06.417", "published": "2024-10-29T16:15:06.417",
"lastModified": "2024-10-29T16:15:06.417", "lastModified": "2024-10-29T17:15:04.870",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -79,6 +79,18 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "psirt@servicenow.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070", "url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070",

100
CVE-2024/CVE-2024-89xx/CVE-2024-8924.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-8924",
"sourceIdentifier": "psirt@servicenow.com",
"published": "2024-10-29T17:15:04.983",
"lastModified": "2024-10-29T17:15:04.983",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information.\u00a0ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers.\u00a0Further, the vulnerability is addressed in the listed patches and hot fixes."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "psirt@servicenow.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "psirt@servicenow.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@servicenow.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706072",
"source": "psirt@servicenow.com"
}
]
}

60
CVE-2024/CVE-2024-99xx/CVE-2024-9988.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-9988",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-29T17:15:05.227",
"lastModified": "2024-10-29T17:15:05.227",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_process::register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L91",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7bfe87cf-9883-4f8f-a0f5-23bbc7bb9b7c?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-99xx/CVE-2024-9989.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-9989",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-29T17:15:05.463",
"lastModified": "2024-10-29T17:15:05.463",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L138",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L33",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e21bd924-1d96-4371-972a-5c99d67261cc?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-99xx/CVE-2024-9990.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-9990",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-29T17:15:05.707",
"lastModified": "2024-10-29T17:15:05.707",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L31",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L65",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cea39157-94aa-4982-983e-9c3e4b1af86d?source=cve",
"source": "security@wordfence.com"
}
]
}

77
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-10-29T17:00:30.149051+00:00 2024-10-29T19:00:19.928735+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-10-29T16:59:05.867000+00:00 2024-10-29T18:45:47.057000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -33,52 +33,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
267551 267560
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `8` Recently added CVEs: `9`
- [CVE-2024-10452](CVE-2024/CVE-2024-104xx/CVE-2024-10452.json) (`2024-10-29T16:15:04.593`) - [CVE-2019-25219](CVE-2019/CVE-2019-252xx/CVE-2019-25219.json) (`2024-10-29T17:15:03.567`)
- [CVE-2024-25566](CVE-2024/CVE-2024-255xx/CVE-2024-25566.json) (`2024-10-29T16:15:04.947`) - [CVE-2024-10491](CVE-2024/CVE-2024-104xx/CVE-2024-10491.json) (`2024-10-29T17:15:03.853`)
- [CVE-2024-48921](CVE-2024/CVE-2024-489xx/CVE-2024-48921.json) (`2024-10-29T15:15:10.593`) - [CVE-2024-48955](CVE-2024/CVE-2024-489xx/CVE-2024-48955.json) (`2024-10-29T18:15:05.690`)
- [CVE-2024-49768](CVE-2024/CVE-2024-497xx/CVE-2024-49768.json) (`2024-10-29T15:15:11.440`) - [CVE-2024-50459](CVE-2024/CVE-2024-504xx/CVE-2024-50459.json) (`2024-10-29T17:15:04.423`)
- [CVE-2024-49769](CVE-2024/CVE-2024-497xx/CVE-2024-49769.json) (`2024-10-29T15:15:12.030`) - [CVE-2024-50466](CVE-2024/CVE-2024-504xx/CVE-2024-50466.json) (`2024-10-29T17:15:04.640`)
- [CVE-2024-50334](CVE-2024/CVE-2024-503xx/CVE-2024-50334.json) (`2024-10-29T15:15:12.560`) - [CVE-2024-8924](CVE-2024/CVE-2024-89xx/CVE-2024-8924.json) (`2024-10-29T17:15:04.983`)
- [CVE-2024-7985](CVE-2024/CVE-2024-79xx/CVE-2024-7985.json) (`2024-10-29T16:15:06.180`) - [CVE-2024-9988](CVE-2024/CVE-2024-99xx/CVE-2024-9988.json) (`2024-10-29T17:15:05.227`)
- [CVE-2024-8923](CVE-2024/CVE-2024-89xx/CVE-2024-8923.json) (`2024-10-29T16:15:06.417`) - [CVE-2024-9989](CVE-2024/CVE-2024-99xx/CVE-2024-9989.json) (`2024-10-29T17:15:05.463`)
- [CVE-2024-9990](CVE-2024/CVE-2024-99xx/CVE-2024-9990.json) (`2024-10-29T17:15:05.707`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `108` Recently modified CVEs: `57`
- [CVE-2024-44205](CVE-2024/CVE-2024-442xx/CVE-2024-44205.json) (`2024-10-29T15:27:08.630`) - [CVE-2024-44144](CVE-2024/CVE-2024-441xx/CVE-2024-44144.json) (`2024-10-29T17:34:55.923`)
- [CVE-2024-44206](CVE-2024/CVE-2024-442xx/CVE-2024-44206.json) (`2024-10-29T15:31:02.493`) - [CVE-2024-44155](CVE-2024/CVE-2024-441xx/CVE-2024-44155.json) (`2024-10-29T17:34:16.487`)
- [CVE-2024-44667](CVE-2024/CVE-2024-446xx/CVE-2024-44667.json) (`2024-10-29T16:35:13.953`) - [CVE-2024-44156](CVE-2024/CVE-2024-441xx/CVE-2024-44156.json) (`2024-10-29T17:33:51.597`)
- [CVE-2024-47068](CVE-2024/CVE-2024-470xx/CVE-2024-47068.json) (`2024-10-29T16:15:05.583`) - [CVE-2024-44159](CVE-2024/CVE-2024-441xx/CVE-2024-44159.json) (`2024-10-29T17:33:37.147`)
- [CVE-2024-47486](CVE-2024/CVE-2024-474xx/CVE-2024-47486.json) (`2024-10-29T15:35:31.557`) - [CVE-2024-44174](CVE-2024/CVE-2024-441xx/CVE-2024-44174.json) (`2024-10-29T17:33:16.540`)
- [CVE-2024-47883](CVE-2024/CVE-2024-478xx/CVE-2024-47883.json) (`2024-10-29T15:38:11.573`) - [CVE-2024-48218](CVE-2024/CVE-2024-482xx/CVE-2024-48218.json) (`2024-10-29T18:35:08.783`)
- [CVE-2024-49214](CVE-2024/CVE-2024-492xx/CVE-2024-49214.json) (`2024-10-29T16:35:14.877`) - [CVE-2024-48222](CVE-2024/CVE-2024-482xx/CVE-2024-48222.json) (`2024-10-29T18:35:10.053`)
- [CVE-2024-49273](CVE-2024/CVE-2024-492xx/CVE-2024-49273.json) (`2024-10-29T15:48:10.617`) - [CVE-2024-48223](CVE-2024/CVE-2024-482xx/CVE-2024-48223.json) (`2024-10-29T18:35:11.373`)
- [CVE-2024-49288](CVE-2024/CVE-2024-492xx/CVE-2024-49288.json) (`2024-10-29T16:59:05.867`) - [CVE-2024-48224](CVE-2024/CVE-2024-482xx/CVE-2024-48224.json) (`2024-10-29T18:35:12.697`)
- [CVE-2024-49293](CVE-2024/CVE-2024-492xx/CVE-2024-49293.json) (`2024-10-29T15:07:39.407`) - [CVE-2024-4902](CVE-2024/CVE-2024-49xx/CVE-2024-4902.json) (`2024-10-29T18:07:23.897`)
- [CVE-2024-49321](CVE-2024/CVE-2024-493xx/CVE-2024-49321.json) (`2024-10-29T15:20:12.503`) - [CVE-2024-49978](CVE-2024/CVE-2024-499xx/CVE-2024-49978.json) (`2024-10-29T18:01:43.080`)
- [CVE-2024-49970](CVE-2024/CVE-2024-499xx/CVE-2024-49970.json) (`2024-10-29T15:57:41.000`) - [CVE-2024-49979](CVE-2024/CVE-2024-499xx/CVE-2024-49979.json) (`2024-10-29T18:02:14.197`)
- [CVE-2024-49983](CVE-2024/CVE-2024-499xx/CVE-2024-49983.json) (`2024-10-29T16:23:31.943`) - [CVE-2024-49999](CVE-2024/CVE-2024-499xx/CVE-2024-49999.json) (`2024-10-29T18:03:40.857`)
- [CVE-2024-49984](CVE-2024/CVE-2024-499xx/CVE-2024-49984.json) (`2024-10-29T16:22:25.833`) - [CVE-2024-50573](CVE-2024/CVE-2024-505xx/CVE-2024-50573.json) (`2024-10-29T17:12:14.760`)
- [CVE-2024-49997](CVE-2024/CVE-2024-499xx/CVE-2024-49997.json) (`2024-10-29T16:20:49.107`) - [CVE-2024-50574](CVE-2024/CVE-2024-505xx/CVE-2024-50574.json) (`2024-10-29T17:16:11.277`)
- [CVE-2024-50067](CVE-2024/CVE-2024-500xx/CVE-2024-50067.json) (`2024-10-29T16:30:44.217`) - [CVE-2024-50575](CVE-2024/CVE-2024-505xx/CVE-2024-50575.json) (`2024-10-29T17:18:26.957`)
- [CVE-2024-50408](CVE-2024/CVE-2024-504xx/CVE-2024-50408.json) (`2024-10-29T16:01:08.447`) - [CVE-2024-50576](CVE-2024/CVE-2024-505xx/CVE-2024-50576.json) (`2024-10-29T17:18:08.373`)
- [CVE-2024-50416](CVE-2024/CVE-2024-504xx/CVE-2024-50416.json) (`2024-10-29T16:02:10.660`) - [CVE-2024-50577](CVE-2024/CVE-2024-505xx/CVE-2024-50577.json) (`2024-10-29T17:18:02.127`)
- [CVE-2024-50442](CVE-2024/CVE-2024-504xx/CVE-2024-50442.json) (`2024-10-29T16:04:29.950`) - [CVE-2024-50578](CVE-2024/CVE-2024-505xx/CVE-2024-50578.json) (`2024-10-29T17:17:53.960`)
- [CVE-2024-50450](CVE-2024/CVE-2024-504xx/CVE-2024-50450.json) (`2024-10-29T16:05:40.250`) - [CVE-2024-50579](CVE-2024/CVE-2024-505xx/CVE-2024-50579.json) (`2024-10-29T17:17:46.297`)
- [CVE-2024-50463](CVE-2024/CVE-2024-504xx/CVE-2024-50463.json) (`2024-10-29T16:25:01.827`) - [CVE-2024-50580](CVE-2024/CVE-2024-505xx/CVE-2024-50580.json) (`2024-10-29T17:17:29.440`)
- [CVE-2024-50486](CVE-2024/CVE-2024-504xx/CVE-2024-50486.json) (`2024-10-29T16:07:03.833`) - [CVE-2024-50581](CVE-2024/CVE-2024-505xx/CVE-2024-50581.json) (`2024-10-29T17:17:20.747`)
- [CVE-2024-9589](CVE-2024/CVE-2024-95xx/CVE-2024-9589.json) (`2024-10-29T16:07:54.387`) - [CVE-2024-50582](CVE-2024/CVE-2024-505xx/CVE-2024-50582.json) (`2024-10-29T17:16:46.007`)
- [CVE-2024-9590](CVE-2024/CVE-2024-95xx/CVE-2024-9590.json) (`2024-10-29T16:07:43.737`) - [CVE-2024-5612](CVE-2024/CVE-2024-56xx/CVE-2024-5612.json) (`2024-10-29T18:05:42.823`)
- [CVE-2024-9591](CVE-2024/CVE-2024-95xx/CVE-2024-9591.json) (`2024-10-29T16:04:23.463`) - [CVE-2024-8923](CVE-2024/CVE-2024-89xx/CVE-2024-8923.json) (`2024-10-29T17:15:04.870`)
## Download and Usage ## Download and Usage

353
_state.csv
View File

File diff suppressed because it is too large Load Diff