admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-29T17:00:30.149051+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-29 17:03:29 +00:00
parent 7ce508a856
commit dcc1b3f26d
118 changed files with 6079 additions and 854 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-1999/CVE-1999-00xx/CVE-1999-0029.json
View File

@ -2,7 +2,7 @@
"id": "CVE-1999-0029",
"sourceIdentifier": "cve@mitre.org",
"published": "1997-07-16T04:00:00.000",
"lastModified": "2024-08-01T20:35:04.517",
"lastModified": "2024-10-29T15:35:01.487",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -77,7 +77,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

24
CVE-2013/CVE-2013-70xx/CVE-2013-7030.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2013-7030",
"sourceIdentifier": "cve@mitre.org",
"published": "2013-12-12T17:55:03.783",
"lastModified": "2024-08-06T18:15:44.737",
"lastModified": "2024-10-29T15:35:02.647",
"vulnStatus": "Modified",
"cveTags": [
{
@ -23,6 +23,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 4.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",

24
CVE-2014/CVE-2014-94xx/CVE-2014-9426.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2014-9426",
"sourceIdentifier": "cve@mitre.org",
"published": "2014-12-31T02:59:01.217",
"lastModified": "2024-08-06T14:15:49.283",
"lastModified": "2024-10-29T15:35:02.883",
"vulnStatus": "Modified",
"cveTags": [
{
@ -23,6 +23,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",

4
CVE-2022/CVE-2022-243xx/CVE-2022-24329.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24329",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-25T15:15:09.897",
"lastModified": "2023-02-22T17:50:02.030",
"lastModified": "2024-10-29T15:36:31.610",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -71,7 +71,7 @@
"description": [
{
"lang": "en",
"value": "CWE-667"
"value": "CWE-829"
}
]
}

32
CVE-2022/CVE-2022-254xx/CVE-2022-25477.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25477",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-02T19:15:11.757",
"lastModified": "2024-10-24T17:15:13.463",
"lastModified": "2024-10-29T15:35:03.380",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-532"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-261xx/CVE-2022-26135.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-26135",
"sourceIdentifier": "security@atlassian.com",
"published": "2022-06-30T06:15:07.693",
"lastModified": "2022-08-04T15:31:35.393",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T16:35:01.013",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-918"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [

24
CVE-2022/CVE-2022-266xx/CVE-2022-26699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-26699",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.020",
"lastModified": "2023-08-18T20:12:40.500",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T15:35:04.353",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},

32
CVE-2022/CVE-2022-316xx/CVE-2022-31629.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-31629",
"sourceIdentifier": "security@php.net",
"published": "2022-09-28T23:15:10.540",
"lastModified": "2024-05-01T17:15:24.897",
"lastModified": "2024-10-29T15:35:04.630",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -59,6 +79,16 @@
"value": "CWE-20"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
]
}
],
"configurations": [

4
CVE-2022/CVE-2022-325xx/CVE-2022-32503.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-32503",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T10:43:41.040",
"lastModified": "2024-07-03T01:38:31.060",
"lastModified": "2024-10-29T15:35:05.717",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-288"
"value": "CWE-306"
}
]
}

32
CVE-2022/CVE-2022-34xx/CVE-2022-3447.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3447",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2022-11-09T19:15:10.673",
"lastModified": "2023-05-03T12:16:24.360",
"lastModified": "2024-10-29T15:35:07.713",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-352xx/CVE-2022-35205.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-35205",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:23.060",
"lastModified": "2023-10-06T15:15:13.000",
"lastModified": "2024-10-29T15:35:06.720",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-617"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-368xx/CVE-2022-36800.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36800",
"sourceIdentifier": "security@atlassian.com",
"published": "2022-08-03T03:15:08.460",
"lastModified": "2023-08-08T14:22:24.967",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T16:35:02.460",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-368xx/CVE-2022-36801.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36801",
"sourceIdentifier": "security@atlassian.com",
"published": "2022-08-10T03:15:08.187",
"lastModified": "2022-08-12T17:38:37.907",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T16:35:03.280",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-368xx/CVE-2022-36802.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36802",
"sourceIdentifier": "security@atlassian.com",
"published": "2022-10-14T04:15:13.703",
"lastModified": "2022-10-17T15:08:01.323",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T16:35:04.083",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-918"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-38xx/CVE-2022-3863.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3863",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-01-02T23:15:10.730",
"lastModified": "2023-01-09T19:14:44.877",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T15:35:08.557",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 4.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-408xx/CVE-2022-40897.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-40897",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-23T00:15:13.987",
"lastModified": "2024-06-21T19:15:23.877",
"lastModified": "2024-10-29T15:35:09.530",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-1333"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-40xx/CVE-2022-4025.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4025",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-01-02T23:15:10.783",
"lastModified": "2023-08-08T14:22:24.967",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T16:35:06.953",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [

39
CVE-2022/CVE-2022-460xx/CVE-2022-46088.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46088",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T16:15:49.190",
"lastModified": "2024-03-05T18:50:18.333",
"lastModified": "2024-10-29T16:35:04.890",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que Online Flight Booking Management System v1.0 contiene una vulnerabilidad de cross-site scripting (XSS) a trav\u00e9s del formulario de comentarios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/ASR511-OO7/CVE-2022-46088/blob/main/CVE-36",

27
CVE-2022/CVE-2022-486xx/CVE-2022-48627.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48627",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-02T22:15:46.930",
"lastModified": "2024-06-27T12:15:13.380",
"lastModified": "2024-10-29T16:35:05.710",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vt: corrige la superposici\u00f3n de memoria al eliminar caracteres en el b\u00fafer. Se produce una copia de memoria superpuesta al eliminar una l\u00ednea larga. Esta copia superpuesta de memoria puede causar corrupci\u00f3n de datos cuando scr_memcpyw est\u00e1 optimizado para memcpy porque memcpy no garantiza su comportamiento si el b\u00fafer de destino se superpone con el b\u00fafer de origen. El b\u00fafer de l\u00ednea no siempre est\u00e1 roto, porque memcpy utiliza la aceleraci\u00f3n de hardware, cuyo resultado no es determinista. Solucione este problema reemplazando scr_memcpyw con scr_memmoew."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265",

39
CVE-2022/CVE-2022-486xx/CVE-2022-48636.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48636",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-28T13:15:06.710",
"lastModified": "2024-04-29T12:42:03.667",
"lastModified": "2024-10-29T16:35:05.977",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: s390/dasd: corrige Ups en dasd_alias_get_start_dev debido a la falta de pavgroup. Corrige Ups en la funci\u00f3n dasd_alias_get_start_dev() causada porque el puntero pavgroup es NULL. El puntero pavgroup se verifica en la entrada de la funci\u00f3n pero sin que se mantenga presionado el bloqueo lcu->. Por lo tanto, existe una ventana de ejecuci\u00f3n entre dasd_alias_get_start_dev() y _lcu_update() que establece pavgroup en NULL con el bloqueo lcu->retenido. Para solucionarlo, compruebe el puntero de pavgroup con lcu->lock retenido."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2e473351400e3dd66f0b71eddcef82ee45a584c1",

27
CVE-2022/CVE-2022-486xx/CVE-2022-48650.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48650",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-28T13:15:07.380",
"lastModified": "2024-04-29T12:42:03.667",
"lastModified": "2024-10-29T16:35:06.770",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: qla2xxx: Reparar p\u00e9rdida de memoria en __qlt_24xx_handle_abts() el commit 8f394da36a36 (\"scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG\") hizo que la funci\u00f3n __qlt_24xx_handle_abts() regresara antes si tcm_qla2xxx_find_cmd_by_tag() no lo hizo encontr\u00f3 un comando, pero no pudo limpiar la memoria asignada para el comando de administraci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/601be20fc6a1b762044d2398befffd6bf236cebf",

152
CVE-2022/CVE-2022-489xx/CVE-2022-48948.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48948",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.230",
"lastModified": "2024-10-23T15:13:25.583",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:34:03.013",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,43 +15,171 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: uvc: Evitar desbordamiento de b\u00fafer en el controlador de configuraci\u00f3n La funci\u00f3n de configuraci\u00f3n uvc_function_setup permite solicitudes de transferencia de control con hasta 64 bytes de payload (UVC_MAX_REQUEST_SIZE), el controlador de etapa de datos para transferencia OUT usa memcpy para copiar req->actual bytes a la matriz uvc_event->data.data de tama\u00f1o 60. Esto puede resultar en un desbordamiento de 4 bytes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.35",
"versionEndExcluding": "4.9.337",
"matchCriteriaId": "8118BB3A-5FED-4BA6-8788-DE9274F8319B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.303",
"matchCriteriaId": "1E7450AD-4739-46F0-B81B-C02E7B35A97B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.270",
"matchCriteriaId": "AE8904A3-99BE-4E49-9682-1F90A6373F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.229",
"matchCriteriaId": "A0C0D95E-414A-445E-941B-3EF6A4D3A093"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.161",
"matchCriteriaId": "6CD83369-DB79-46EF-B731-E327A63A4E1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.85",
"matchCriteriaId": "E0D49B1E-E996-4A13-9C5C-23C64BBD0E0F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.0.15",
"matchCriteriaId": "3E66ABBB-C60E-481F-88C6-ED81661DFC31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB047947-8B25-46FD-8AEA-A916F4A3DC71"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4c92670b16727365699fe4b19ed32013bab2c107",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6b41a35b41f77821db24f2d8f66794b390a585c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7b1f773277a72f9756d47a41b94e43506cce1954",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bc8380fe5768c564f921f7b4eaba932e330b9e4b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c79538f32df12887f110dcd6b9c825b482905f24",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d1a92bb8d697f170d93fe922da763d7d156b8841",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

185
CVE-2022/CVE-2022-489xx/CVE-2022-48949.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48949",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.337",
"lastModified": "2024-10-23T15:13:25.583",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:32:41.797",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,202 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igb: inicializar mensaje de buz\u00f3n para restablecer VF Cuando no se asigna una direcci\u00f3n MAC a la VF, esa parte del mensaje enviado a la VF no se configura. Sin embargo, la memoria se asigna desde la pila, lo que significa que la informaci\u00f3n puede filtrarse a la VM. Inicialice el b\u00fafer de mensajes a 0 para que no se pase informaci\u00f3n a la VM en este caso."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.14.303",
"matchCriteriaId": "F1238C2D-F818-46F1-9B91-5BC55D9D2FEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.270",
"matchCriteriaId": "AE8904A3-99BE-4E49-9682-1F90A6373F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.229",
"matchCriteriaId": "A0C0D95E-414A-445E-941B-3EF6A4D3A093"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.161",
"matchCriteriaId": "6CD83369-DB79-46EF-B731-E327A63A4E1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.85",
"matchCriteriaId": "E0D49B1E-E996-4A13-9C5C-23C64BBD0E0F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.0.15",
"matchCriteriaId": "3E66ABBB-C60E-481F-88C6-ED81661DFC31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB047947-8B25-46FD-8AEA-A916F4A3DC71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "3FFFB0B3-930D-408A-91E2-BAE0C2715D80"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8535320E-A0DB-4277-800E-D0CE5BBA59E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "21718AA4-4056-40F2-968E-BDAA465A7872"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFB454D-4F85-4BE2-8CC9-70245EAE4D31"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/367e1e3399dbc56fc669740c4ab60e35da632b0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/51fd5ede7ed42f272682a0c33d6f0767b3484a3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c383c7c35c7bc15e07a04eefa060a8a80cbeae29",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c581439a977545d61849a72e8ed631cfc8a2a3c1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/de5dc44370fbd6b46bd7f1a1e00369be54a041c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ef1d739dd1f362aec081278ff92f943c31eb177a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f2479c3daaabccbac6c343a737615d0c595c6dc4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

32
CVE-2022/CVE-2022-49xx/CVE-2022-4917.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4917",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:11.410",
"lastModified": "2023-08-19T03:15:19.503",
"lastModified": "2024-10-29T16:35:07.910",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-49xx/CVE-2022-4926.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4926",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:11.893",
"lastModified": "2023-08-15T16:05:07.137",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T16:35:09.090",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [

57
CVE-2023/CVE-2023-245xx/CVE-2023-24591.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24591",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:40.920",
"lastModified": "2024-02-14T15:02:01.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:15:54.250",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:binary_configuration_tool:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.4",
"matchCriteriaId": "12449AF8-2836-4B59-912F-1C260F5DAE87"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00973.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-250xx/CVE-2023-25073.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25073",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:41.693",
"lastModified": "2024-02-14T15:02:01.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:15:44.283",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:driver_\\&_support_assistant:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.4.33",
"matchCriteriaId": "A293EC22-0192-4D4A-BF13-BCFDA04A3D04"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00969.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-259xx/CVE-2023-25945.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25945",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:43.823",
"lastModified": "2024-02-14T15:02:01.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:15:35.037",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:one_boot_flash_update:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.1.31",
"matchCriteriaId": "55797FBC-C56B-4CBD-BA31-E2157C30E82A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00927.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-259xx/CVE-2023-25951.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25951",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:44.040",
"lastModified": "2024-02-14T15:01:55.963",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:52:44.830",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1423.712",
"matchCriteriaId": "9627ABBA-1C01-4319-8EC9-E2C7D9A1A378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:proset\\/wireless:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.240",
"matchCriteriaId": "E61C3056-FB8D-422F-8FCE-94607192C18D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35F09C95-25BD-440A-AD79-8510E54F8DD9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1690:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95537444-5F18-49E1-91D4-AB24B29DF4FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:proset_wi-fi_6e_ax210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77EADB2D-F10B-40A9-A938-A89EE0FEFF60"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C90E6127-7D01-49CE-96EF-9F4CB5891373"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax411:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FD4-8B08-430E-976A-068DBF47F5F7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-265xx/CVE-2023-26586.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26586",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:44.547",
"lastModified": "2024-02-14T15:01:55.963",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:58:04.433",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1423.712",
"matchCriteriaId": "9627ABBA-1C01-4319-8EC9-E2C7D9A1A378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:proset\\/wireless:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.240",
"matchCriteriaId": "E61C3056-FB8D-422F-8FCE-94607192C18D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35F09C95-25BD-440A-AD79-8510E54F8DD9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1690:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95537444-5F18-49E1-91D4-AB24B29DF4FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:proset_wi-fi_6e_ax210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77EADB2D-F10B-40A9-A938-A89EE0FEFF60"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C90E6127-7D01-49CE-96EF-9F4CB5891373"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax411:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FD4-8B08-430E-976A-068DBF47F5F7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-283xx/CVE-2023-28374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28374",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:47.507",
"lastModified": "2024-02-14T15:01:55.963",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:39:02.053",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1423.712",
"matchCriteriaId": "9627ABBA-1C01-4319-8EC9-E2C7D9A1A378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:proset\\/wireless:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.240",
"matchCriteriaId": "E61C3056-FB8D-422F-8FCE-94607192C18D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35F09C95-25BD-440A-AD79-8510E54F8DD9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1690:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95537444-5F18-49E1-91D4-AB24B29DF4FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:proset_wi-fi_6e_ax210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77EADB2D-F10B-40A9-A938-A89EE0FEFF60"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C90E6127-7D01-49CE-96EF-9F4CB5891373"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax411:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FD4-8B08-430E-976A-068DBF47F5F7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-284xx/CVE-2023-28407.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28407",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:47.893",
"lastModified": "2024-02-14T15:01:55.963",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:27:09.650",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:extreme_tuning_utility:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.12.0.29",
"matchCriteriaId": "F68E64E6-DBCF-431D-B5D8-8A4AFF38143E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00955.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-287xx/CVE-2023-28715.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28715",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:48.080",
"lastModified": "2024-02-14T15:01:55.963",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:16:01.973",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:oneapi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.2",
"matchCriteriaId": "9F911E33-C893-409E-923C-0B1FB4DF8823"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00956.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

110
CVE-2023/CVE-2023-287xx/CVE-2023-28720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28720",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:48.273",
"lastModified": "2024-02-14T15:01:55.963",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:06:24.940",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-665"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,84 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1423.712",
"matchCriteriaId": "9627ABBA-1C01-4319-8EC9-E2C7D9A1A378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:proset\\/wireless:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.240",
"matchCriteriaId": "E61C3056-FB8D-422F-8FCE-94607192C18D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6_ax1650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E239C04-1D6B-4305-9340-BFEC3E54E19A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35F09C95-25BD-440A-AD79-8510E54F8DD9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1690:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95537444-5F18-49E1-91D4-AB24B29DF4FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6_ax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D653F9C-5B2E-400F-8F50-BFE466F08F0E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6_ax201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0433774-9479-4A01-B697-1379AEA223C9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54323008-43E6-4A85-BB92-F2EF6ED8E57C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C90E6127-7D01-49CE-96EF-9F4CB5891373"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax411:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FD4-8B08-430E-976A-068DBF47F5F7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-319xx/CVE-2023-31998.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31998",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-07-18T03:15:55.163",
"lastModified": "2023-07-27T17:09:55.033",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T16:35:10.213",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -67,6 +67,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [

57
CVE-2023/CVE-2023-326xx/CVE-2023-32618.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32618",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:51.317",
"lastModified": "2024-02-14T15:01:51.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:15:14.280",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:oneapi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.2",
"matchCriteriaId": "9F911E33-C893-409E-923C-0B1FB4DF8823"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00956.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

110
CVE-2023/CVE-2023-326xx/CVE-2023-32642.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32642",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:52.350",
"lastModified": "2024-02-14T15:01:51.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:06:08.280",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,84 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1423.712",
"matchCriteriaId": "9627ABBA-1C01-4319-8EC9-E2C7D9A1A378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:proset\\/wireless:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.240",
"matchCriteriaId": "E61C3056-FB8D-422F-8FCE-94607192C18D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6_ax1650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E239C04-1D6B-4305-9340-BFEC3E54E19A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35F09C95-25BD-440A-AD79-8510E54F8DD9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1690:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95537444-5F18-49E1-91D4-AB24B29DF4FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6_ax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D653F9C-5B2E-400F-8F50-BFE466F08F0E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6_ax201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0433774-9479-4A01-B697-1379AEA223C9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54323008-43E6-4A85-BB92-F2EF6ED8E57C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C90E6127-7D01-49CE-96EF-9F4CB5891373"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax411:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FD4-8B08-430E-976A-068DBF47F5F7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

110
CVE-2023/CVE-2023-326xx/CVE-2023-32644.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32644",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:53.043",
"lastModified": "2024-02-14T15:01:51.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:07:20.577",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,84 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1423.712",
"matchCriteriaId": "9627ABBA-1C01-4319-8EC9-E2C7D9A1A378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:proset\\/wireless:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.240",
"matchCriteriaId": "E61C3056-FB8D-422F-8FCE-94607192C18D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6_ax1650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E239C04-1D6B-4305-9340-BFEC3E54E19A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35F09C95-25BD-440A-AD79-8510E54F8DD9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1690:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95537444-5F18-49E1-91D4-AB24B29DF4FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6_ax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D653F9C-5B2E-400F-8F50-BFE466F08F0E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6_ax201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0433774-9479-4A01-B697-1379AEA223C9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54323008-43E6-4A85-BB92-F2EF6ED8E57C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C90E6127-7D01-49CE-96EF-9F4CB5891373"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax411:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FD4-8B08-430E-976A-068DBF47F5F7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-326xx/CVE-2023-32651.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32651",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:54.883",
"lastModified": "2024-02-14T15:01:51.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:58:52.823",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1423.712",
"matchCriteriaId": "9627ABBA-1C01-4319-8EC9-E2C7D9A1A378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:proset\\/wireless:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.240",
"matchCriteriaId": "E61C3056-FB8D-422F-8FCE-94607192C18D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35F09C95-25BD-440A-AD79-8510E54F8DD9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1690:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95537444-5F18-49E1-91D4-AB24B29DF4FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:proset_wi-fi_6e_ax210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77EADB2D-F10B-40A9-A938-A89EE0FEFF60"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C90E6127-7D01-49CE-96EF-9F4CB5891373"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax411:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FD4-8B08-430E-976A-068DBF47F5F7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

110
CVE-2023/CVE-2023-338xx/CVE-2023-33875.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33875",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:56.020",
"lastModified": "2024-02-14T15:01:51.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:07:31.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,84 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1423.712",
"matchCriteriaId": "9627ABBA-1C01-4319-8EC9-E2C7D9A1A378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:proset\\/wireless:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.240",
"matchCriteriaId": "E61C3056-FB8D-422F-8FCE-94607192C18D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6_ax1650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E239C04-1D6B-4305-9340-BFEC3E54E19A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35F09C95-25BD-440A-AD79-8510E54F8DD9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1690:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95537444-5F18-49E1-91D4-AB24B29DF4FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6_ax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D653F9C-5B2E-400F-8F50-BFE466F08F0E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6_ax201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0433774-9479-4A01-B697-1379AEA223C9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54323008-43E6-4A85-BB92-F2EF6ED8E57C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C90E6127-7D01-49CE-96EF-9F4CB5891373"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax411:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FD4-8B08-430E-976A-068DBF47F5F7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-343xx/CVE-2023-34351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34351",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:57.070",
"lastModified": "2024-02-14T15:01:51.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:14:22.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:performance_counter_monitor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "202307",
"matchCriteriaId": "8C0EC3DA-1CB6-4BD7-9238-9577DCF901C7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00954.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

110
CVE-2023/CVE-2023-349xx/CVE-2023-34983.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34983",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:57.663",
"lastModified": "2024-02-14T15:01:51.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:02:23.737",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,84 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1423.712",
"matchCriteriaId": "9627ABBA-1C01-4319-8EC9-E2C7D9A1A378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:proset\\/wireless:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.240",
"matchCriteriaId": "E61C3056-FB8D-422F-8FCE-94607192C18D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6_ax1650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E239C04-1D6B-4305-9340-BFEC3E54E19A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35F09C95-25BD-440A-AD79-8510E54F8DD9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1690:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95537444-5F18-49E1-91D4-AB24B29DF4FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6_ax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D653F9C-5B2E-400F-8F50-BFE466F08F0E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6_ax201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0433774-9479-4A01-B697-1379AEA223C9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54323008-43E6-4A85-BB92-F2EF6ED8E57C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C90E6127-7D01-49CE-96EF-9F4CB5891373"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax411:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FD4-8B08-430E-976A-068DBF47F5F7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-350xx/CVE-2023-35060.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35060",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:58.773",
"lastModified": "2024-02-14T15:01:51.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:14:35.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:battery_life_diagnostic_tool:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.1",
"matchCriteriaId": "27E04494-CD21-4A70-BDBC-24EE2FA59D8A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00987.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-350xx/CVE-2023-35062.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35062",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:59.780",
"lastModified": "2024-02-14T15:01:51.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:14:45.247",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:driver_\\&_support_assistant:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.4.33",
"matchCriteriaId": "A293EC22-0192-4D4A-BF13-BCFDA04A3D04"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00969.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-357xx/CVE-2023-35769.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35769",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:16:00.460",
"lastModified": "2024-02-14T15:01:46.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:14:53.857",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:computing_improvement_program:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.10577",
"matchCriteriaId": "C1E4DC53-B27B-4E77-8EEF-E3A02B767618"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00959.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-364xx/CVE-2023-36493.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36493",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:16:00.873",
"lastModified": "2024-02-14T15:01:46.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:15:03.767",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:software_development_kit_for_opencl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E30C361-9C2F-40F9-A650-BFF1217C02A1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00992.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-100xx/CVE-2024-10014.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-10014",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-18T05:15:03.713",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:58:48.127",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Flat UI Button para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto flatbtn del complemento en la versi\u00f3n 1.0 debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -47,14 +71,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tiandiyoyo:flat_ui_button:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A95CF1DB-0CDE-43BD-AE7E-EC77B1D9F3E6"
}
]
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/flat-ui-button/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ec5474ac-62d7-4431-b789-51c831dd1c20?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-101xx/CVE-2024-10189.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10189",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-22T10:15:03.610",
"lastModified": "2024-10-23T15:12:34.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:27:55.550",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -51,18 +71,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jesweb:anchor_episodes_index:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.11",
"matchCriteriaId": "F3EE4466-6B8C-4D64-91BC-AE305887C4F4"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3171752/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/anchor-episodes-index/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product",
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c8e37f8-708e-41d5-a6b8-3ba587437532?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-104xx/CVE-2024-10452.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-10452",
"sourceIdentifier": "security@grafana.com",
"published": "2024-10-29T16:15:04.593",
"lastModified": "2024-10-29T16:15:04.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Organization admins can delete pending invites created in an organization they are not part of."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@grafana.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@grafana.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2024-10452",
"source": "security@grafana.com"
}
]
}

39
CVE-2024/CVE-2024-104xx/CVE-2024-10462.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10462",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-10-29T13:15:03.963",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T15:35:12.370",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920423",

39
CVE-2024/CVE-2024-104xx/CVE-2024-10463.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10463",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-10-29T13:15:04.040",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T15:35:13.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920800",

39
CVE-2024/CVE-2024-104xx/CVE-2024-10464.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10464",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-10-29T13:15:04.120",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T15:35:14.420",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1913000",

39
CVE-2024/CVE-2024-104xx/CVE-2024-10465.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10465",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-10-29T13:15:04.197",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T15:35:15.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "A clipboard \"paste\" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1918853",

39
CVE-2024/CVE-2024-104xx/CVE-2024-10466.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10466",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-10-29T13:15:04.273",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T15:35:16.103",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924154",

43
CVE-2024/CVE-2024-104xx/CVE-2024-10467.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10467",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-10-29T13:15:04.350",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T15:35:17.013",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,46 @@
"value": "Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706",

39
CVE-2024/CVE-2024-104xx/CVE-2024-10468.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10468",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-10-29T13:15:04.447",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T15:35:17.917",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1914982",

14
CVE-2024/CVE-2024-20xx/CVE-2024-2004.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-2004",
"sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
"published": "2024-03-27T08:15:41.173",
"lastModified": "2024-07-30T02:15:05.320",
"lastModified": "2024-10-29T16:35:12.027",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-436"
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/18",

39
CVE-2024/CVE-2024-21xx/CVE-2024-2193.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-2193",
"sourceIdentifier": "cret@cert.org",
"published": "2024-03-15T18:15:08.530",
"lastModified": "2024-05-01T17:15:32.313",
"lastModified": "2024-10-29T16:35:13.023",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se ha revelado una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n especulativa (SRC) que afecta a las arquitecturas de CPU modernas que admiten la ejecuci\u00f3n especulativa (relacionada con Spectre V1). Un atacante no autenticado puede aprovechar esta vulnerabilidad para revelar datos arbitrarios de la CPU utilizando condiciones de ejecuci\u00f3n para acceder a las rutas de c\u00f3digo ejecutable especulativas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/14",

39
CVE-2024/CVE-2024-225xx/CVE-2024-22526.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22526",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-12T07:15:08.480",
"lastModified": "2024-04-12T12:43:46.210",
"lastModified": "2024-10-29T15:35:19.067",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en bandisoft bandiview v7.0, permite a atacantes locales provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo de imagen exr."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/GAP-dev/c33276a151c824300d68aecc317082a3",

4
CVE-2024/CVE-2024-250xx/CVE-2024-25079.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25079",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-15T15:15:07.930",
"lastModified": "2024-07-03T01:48:40.830",
"lastModified": "2024-10-29T15:35:19.873",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-822"
"value": "CWE-763"
}
]
}

82
CVE-2024/CVE-2024-255xx/CVE-2024-25566.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2024-25566",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2024-10-29T16:15:04.947",
"lastModified": "2024-10-29T16:15:04.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
]
},
"weaknesses": [
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://backstage.forgerock.com/downloads/browse/am/featured",
"source": "responsible-disclosure@pingidentity.com"
},
{
"url": "https://backstage.forgerock.com/knowledge/advisories/article/a63463303",
"source": "responsible-disclosure@pingidentity.com"
}
]
}

14
CVE-2024/CVE-2024-278xx/CVE-2024-27839.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27839",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-05-14T15:13:07.730",
"lastModified": "2024-09-06T18:35:11.870",
"lastModified": "2024-10-29T15:35:20.747",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/May/10",

6
CVE-2024/CVE-2024-280xx/CVE-2024-28020.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-28020",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-06-11T19:16:05.787",
"lastModified": "2024-10-09T17:08:57.697",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T15:15:09.207",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM\u00a0 application and server management. If exploited a malicious user \ncould use the passwords and login information to extend access on \nthe server and other services."
"value": "A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application\nand server management. If exploited a malicious high-privileged\nuser could use the passwords and login information through complex routines to extend access on the server and other services."
},
{
"lang": "es",

16
CVE-2024/CVE-2024-280xx/CVE-2024-28021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28021",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-06-11T14:15:10.587",
"lastModified": "2024-08-15T21:29:46.697",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T15:15:09.347",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -42,20 +42,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.8
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},

6
CVE-2024/CVE-2024-280xx/CVE-2024-28022.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-28022",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-06-11T19:16:06.017",
"lastModified": "2024-08-15T21:44:20.677",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T15:15:09.573",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that \nif exploited allows a malicious user to perform an arbitrary number \nof authentication attempts using different passwords, and \neventually gain access to the targeted account."
"value": "A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of\nauthentication attempts using different passwords, and eventually\ngain access to other components in the same security realm using\nthe targeted account."
},
{
"lang": "es",

14
CVE-2024/CVE-2024-280xx/CVE-2024-28024.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28024",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-06-11T19:16:06.243",
"lastModified": "2024-08-15T21:46:11.737",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T15:15:09.697",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -42,20 +42,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"baseSeverity": "LOW"
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 1.4
"impactScore": 3.6
}
]
},

14
CVE-2024/CVE-2024-301xx/CVE-2024-30124.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30124",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-10-23T16:15:05.667",
"lastModified": "2024-10-25T12:56:36.827",
"lastModified": "2024-10-29T15:35:22.230",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
]
}
],
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627",

4
CVE-2024/CVE-2024-317xx/CVE-2024-31714.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31714",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-20T18:15:10.330",
"lastModified": "2024-07-03T01:55:18.240",
"lastModified": "2024-10-29T15:35:23.120",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

4
CVE-2024/CVE-2024-326xx/CVE-2024-32615.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-32615",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:36:46.620",
"lastModified": "2024-07-03T01:56:48.017",
"lastModified": "2024-10-29T15:35:24.107",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-122"
"value": "CWE-787"
}
]
}

39
CVE-2024/CVE-2024-329xx/CVE-2024-32944.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-32944",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-05-28T03:15:08.563",
"lastModified": "2024-05-28T12:39:28.377",
"lastModified": "2024-10-29T15:35:25.073",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de Path traversal existe en versiones de UTAU anteriores a la v0.4.19. Si un usuario del producto instala un instalador de banco de voz UTAU manipulado (archivo .uar, archivo .zip) en UTAU, se puede colocar un archivo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN71404925/",

14
CVE-2024/CVE-2024-332xx/CVE-2024-33220.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33220",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-22T15:15:28.780",
"lastModified": "2024-08-15T17:35:06.067",
"lastModified": "2024-10-29T15:35:25.910",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,18 +39,6 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-782"
}
]
}
],
"references": [
{
"url": "https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33220",

14
CVE-2024/CVE-2024-332xx/CVE-2024-33222.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33222",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-22T16:15:09.960",
"lastModified": "2024-08-01T13:51:48.023",
"lastModified": "2024-10-29T15:35:26.137",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,18 +39,6 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-782"
}
]
}
],
"references": [
{
"url": "https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33222",

4
CVE-2024/CVE-2024-341xx/CVE-2024-34199.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34199",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:38:32.970",
"lastModified": "2024-07-03T01:59:29.647",
"lastModified": "2024-10-29T15:35:26.360",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-122"
"value": "CWE-787"
}
]
}

4
CVE-2024/CVE-2024-342xx/CVE-2024-34200.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34200",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:38:33.103",
"lastModified": "2024-07-03T01:59:30.427",
"lastModified": "2024-10-29T15:35:27.197",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

4
CVE-2024/CVE-2024-342xx/CVE-2024-34221.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34221",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:38:36.090",
"lastModified": "2024-07-03T01:59:41.290",
"lastModified": "2024-10-29T15:35:28.087",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-276"
}
]
}

4
CVE-2024/CVE-2024-349xx/CVE-2024-34950.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34950",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T16:17:30.633",
"lastModified": "2024-07-03T02:01:01.753",
"lastModified": "2024-10-29T15:35:28.890",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

4
CVE-2024/CVE-2024-349xx/CVE-2024-34974.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34974",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:39:38.873",
"lastModified": "2024-07-03T02:01:06.613",
"lastModified": "2024-10-29T15:35:29.703",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

62
CVE-2024/CVE-2024-407xx/CVE-2024-40746.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40746",
"sourceIdentifier": "security@joomla.org",
"published": "2024-10-21T17:15:03.330",
"lastModified": "2024-10-23T15:13:58.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:34:22.100",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,8 +15,41 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en el componente HikaShop Joomla anterior a la versi\u00f3n 5.1.1 permite a atacantes remotos ejecutar c\u00f3digo JavaScript arbitrario en el navegador web de un usuario, mediante la inclusi\u00f3n de una carga maliciosa en el par\u00e1metro `description` de cualquier producto. El par\u00e1metro `description` no se desinfecta en el backend."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@joomla.org",
"type": "Secondary",
@ -28,10 +61,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hikashop:hikashop:*:*:*:*:*:joomla\\!:*:*",
"versionEndExcluding": "5.1.1",
"matchCriteriaId": "749123A7-480B-4982-89D0-B8E5D49AE5B3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hikashop.com/",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Product"
]
}
]
}

65
CVE-2024/CVE-2024-408xx/CVE-2024-40810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40810",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-24T17:15:16.263",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:21:56.947",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,68 @@
"value": "Se solucion\u00f3 un problema de escritura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.6. Una aplicaci\u00f3n puede provocar un bloqueo del coprocesador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.6",
"matchCriteriaId": "687902EF-637F-4537-B419-15A1695370B9"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/120911",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

14
CVE-2024/CVE-2024-420xx/CVE-2024-42017.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-42017",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-30T18:15:05.827",
"lastModified": "2024-10-04T13:51:25.567",
"lastModified": "2024-10-29T15:35:30.713",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://eviden.com",

77
CVE-2024/CVE-2024-438xx/CVE-2024-43838.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43838",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:09.390",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:24:43.273",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,82 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: corrigi\u00f3 la verificaci\u00f3n de desbordamiento en ajustar_jmp_off() ajuste_jmp_off() us\u00f3 incorrectamente el campo insn-&gt;imm para toda la verificaci\u00f3n de desbordamiento, lo cual es incorrecto ya que eso solo debe hacerse o el BPF_JMP32 | Caso BPF_JA, no el caso de instrucci\u00f3n de salto general. Solucionelo usando insn-&gt;off para verificar el desbordamiento en el caso general."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9.8",
"versionEndExcluding": "6.10",
"matchCriteriaId": "7CD11465-AFC4-428F-A933-C8F6486DDC2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "21DC7A88-E88C-4C44-9AFB-CBB30134097C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/345652866a8869825a2a582ee5a28d75141f184a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4a04b4f0de59dd5c621e78f15803ee0b0544eeb8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

70
CVE-2024/CVE-2024-438xx/CVE-2024-43840.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43840",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:09.517",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:25:29.913",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, arm64: Reparar trampol\u00edn para BPF_TRAMP_F_CALL_ORIG Cuando BPF_TRAMP_F_CALL_ORIG est\u00e1 configurado, el trampol\u00edn llama a las funciones __bpf_tramp_enter() y __bpf_tramp_exit(), pas\u00e1ndoles el puntero struct bpf_tramp_image *im como argumento en R0 . El c\u00f3digo de generaci\u00f3n de trampol\u00edn usa emit_addr_mov_i64() para emitir instrucciones para mover la direcci\u00f3n bpf_tramp_image a R0, pero emit_addr_mov_i64() asume que la direcci\u00f3n est\u00e1 en el espacio vmalloc() y usa solo 48 bits. Debido a que bpf_tramp_image se asigna usando kzalloc(), su direcci\u00f3n puede usar m\u00e1s de 48 bits, en este caso el trampol\u00edn pasar\u00e1 una direcci\u00f3n no v\u00e1lida a __bpf_tramp_enter/exit() provocando un bloqueo del kernel. Solucione este problema utilizando emit_a64_mov_i64() en lugar de emit_addr_mov_i64(), ya que puede funcionar con direcciones superiores a 48 bits."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "10A3C375-FFAF-4092-9FFF-0DE81E7DCE63"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

109
CVE-2024/CVE-2024-438xx/CVE-2024-43841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43841",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:09.580",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:27:14.167",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,124 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: virt_wifi: evita informar el \u00e9xito de la conexi\u00f3n con un SSID incorrecto Cuando el usuario emite una conexi\u00f3n con un SSID diferente al que virt_wifi ha anunciado, __cfg80211_connect_result() activar\u00e1 la advertencia: WARN_ON( bss_not_found). El problema se debe a que el c\u00f3digo de conexi\u00f3n en virt_wifi no verifica el SSID desde el espacio del usuario (solo verifica el BSSID), y virt_wifi llamar\u00e1 a cfg80211_connect_result() con WLAN_STATUS_SUCCESS incluso si el SSID es diferente del que virt_wifi ha anunciado. Eventualmente, cfg80211 no podr\u00e1 encontrar cfg80211_bss y generar la advertencia. Se solucion\u00f3 verificando el SSID (del espacio de usuario) en el c\u00f3digo de conexi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "6.1.103",
"matchCriteriaId": "46AEA0CE-4C1D-4091-BB9A-5C62C862EF39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

70
CVE-2024/CVE-2024-438xx/CVE-2024-43843.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43843",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:09.707",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:29:16.960",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: riscv, bpf: soluciona el problema de fuera de los l\u00edmites al preparar la imagen del trampol\u00edn. Obtenemos el tama\u00f1o de la imagen del trampol\u00edn durante la fase de ejecuci\u00f3n en seco y asignamos memoria en funci\u00f3n de ese tama\u00f1o. La imagen asignada se completar\u00e1 con instrucciones durante la fase de parche real. Pero despu\u00e9s del commit 26ef208c209a (\"bpf: Use arch_bpf_trampoline_size\"), el argumento `im` es inconsistente en la fase de prueba y de parche real. Esto puede hacer que emit_imm en RV64 genere una cantidad diferente de instrucciones al generar la direcci\u00f3n 'im', lo que podr\u00eda causar problemas fuera de los l\u00edmites. Emitamos la cantidad m\u00e1xima de instrucciones para la direcci\u00f3n \"im\" durante el ensayo para solucionar este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-131"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "38E515B9-DAD5-4A5A-9C4C-1B6873D3185A"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

131
CVE-2024/CVE-2024-441xx/CVE-2024-44185.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44185",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-24T17:15:16.470",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:22:45.677",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,144 @@
"value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 y iPadOS 17.6, macOS Sonoma 14.6. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un bloqueo inesperado del proceso."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "A8A1B228-89B1-470E-9B6E-8553E561E062"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.6",
"matchCriteriaId": "687902EF-637F-4537-B419-15A1695370B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3",
"matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6",
"matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/120909",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120911",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120913",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120914",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120915",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120916",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

129
CVE-2024/CVE-2024-442xx/CVE-2024-44205.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44205",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-24T17:15:16.543",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:27:08.630",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,140 @@
"value": "Se solucion\u00f3 un problema de privacidad con una mejor redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 y iPadOS 16.7.9, iOS 17.6 y iPadOS 17.6, macOS Sonoma 14.6. Una aplicaci\u00f3n aislada puede tener acceso a datos confidenciales del usuario en los registros del sistema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.7.6",
"matchCriteriaId": "3556C7C3-14B6-4846-B3E8-FE07A503155F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.8",
"matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.6",
"matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/120908",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120909",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120910",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120911",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120912",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

125
CVE-2024/CVE-2024-442xx/CVE-2024-44206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44206",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-24T17:15:16.620",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:31:02.493",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,138 @@
"value": "Se solucion\u00f3 un problema en el manejo de protocolos URL con una l\u00f3gica mejorada. Este problema se solucion\u00f3 en tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 y iPadOS 17.6, macOS Sonoma 14.6. Es posible que los usuarios puedan eludir algunas restricciones de contenido web."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "A8A1B228-89B1-470E-9B6E-8553E561E062"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.6",
"matchCriteriaId": "687902EF-637F-4537-B419-15A1695370B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3",
"matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/120909",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120911",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120913",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120914",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120915",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/120916",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-446xx/CVE-2024-44667.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-44667",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-10T17:15:37.030",
"lastModified": "2024-09-10T20:35:11.007",
"lastModified": "2024-10-29T16:35:13.953",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-863"
}
]
}

6
CVE-2024/CVE-2024-470xx/CVE-2024-47068.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-47068",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-23T16:15:06.947",
"lastModified": "2024-09-30T17:39:45.350",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T16:15:05.583",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 3.29.5 and 4.22.4 contain a patch for the vulnerability."
"value": "Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability."
},
{
"lang": "es",

34
CVE-2024/CVE-2024-474xx/CVE-2024-47486.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47486",
"sourceIdentifier": "hsrc@hikvision.com",
"published": "2024-10-18T09:15:03.217",
"lastModified": "2024-10-22T16:11:07.547",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T15:35:31.557",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
@ -93,6 +113,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

65
CVE-2024/CVE-2024-478xx/CVE-2024-47883.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47883",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-24T21:15:13.430",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:38:11.573",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -55,14 +85,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openrefine:butterfly:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.2.6",
"matchCriteriaId": "11B5F36B-35D1-4FAA-AA42-E0E498458672"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OpenRefine/simile-butterfly/commit/537f64bfa72746f8b21d4bda461fad843435319c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-3p8v-w8mr-m3x8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

78
CVE-2024/CVE-2024-489xx/CVE-2024-48921.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-48921",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-29T15:15:10.593",
"lastModified": "2024-10-29T15:15:10.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. \"disallow-privileged-containers,\" can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to non-kyverno namespaces to create exceptions. This vulnerability is fixed in 1.13.0."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-qjvc-p88j-j9rm",
"source": "security-advisories@github.com"
}
]
}

14
CVE-2024/CVE-2024-492xx/CVE-2024-49214.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-49214",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T04:15:05.853",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-29T16:35:14.877",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://github.com/haproxy/haproxy/commit/f627b9272bd8ffca6f2f898bfafc6bf0b84b7d46",

61
CVE-2024/CVE-2024-492xx/CVE-2024-49273.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-49273",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-21T12:15:08.450",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:48:10.617",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid.This issue affects ProfileGrid: from n/a through 5.9.3."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en los perfiles de usuario de ProfileGrid ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.9.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -47,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.9.3",
"matchCriteriaId": "E4BBAE72-33CD-4ECA-AD92-7417B8B8B0D3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-9-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-492xx/CVE-2024-49288.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49288",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-17T20:15:12.343",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T16:59:05.867",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:villatheme:woocommerce_email_template_customizer:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.5",
"matchCriteriaId": "8D5AEE50-A466-4CF2-A609-85A0F1885E4D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/email-template-customizer-for-woo/wordpress-email-template-customizer-for-woocommerce-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-492xx/CVE-2024-49293.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-49293",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-21T12:15:08.683",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:07:39.407",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n faltante en Rextheme WP VR permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP VR: desde n/a hasta 8.5.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -47,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rextheme:wp_vr:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "8.5.4",
"matchCriteriaId": "0313CA61-EBD8-43DA-BE57-006A0967451B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpvr/wordpress-wp-vr-plugin-8-5-4-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-493xx/CVE-2024-49321.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-49321",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-21T12:15:08.893",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:20:12.503",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through 2.5.7."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n faltante en Simple Custom Post Order de Colorlib permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Simple Custom Post Order: desde n/a hasta 2.5.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -47,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:colorlib:simple_custom_post_order:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.7",
"matchCriteriaId": "698E7E0E-9A6B-4026-A0CE-E43084AC4EEA"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-custom-post-order/wordpress-simple-custom-post-order-plugin-2-5-7-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-497xx/CVE-2024-49768.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-49768",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-29T15:15:11.440",
"lastModified": "2024-10-29T15:15:11.440",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed. Waitress 3.0.1 fixes the race condition. As a workaround, disable channel_request_lookahead, this is set to 0 by default disabling this feature."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-367"
},
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://github.com/Pylons/waitress/commit/e4359018537af376cf24bd13616d861e2fb76f65",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj",
"source": "security-advisories@github.com"
}
]
}

68
CVE-2024/CVE-2024-497xx/CVE-2024-49769.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-49769",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-29T15:15:12.030",
"lastModified": "2024-10-29T15:15:12.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-772"
}
]
}
],
"references": [
{
"url": "https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Pylons/waitress/issues/418",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Pylons/waitress/pull/435",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6",
"source": "security-advisories@github.com"
}
]
}

69
CVE-2024/CVE-2024-499xx/CVE-2024-49970.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49970",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T18:15:17.973",
"lastModified": "2024-10-23T15:13:25.583",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T15:57:41.000",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,74 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Implementar comprobaci\u00f3n de los l\u00edmites para la creaci\u00f3n de codificadores de flujo en DCN401 La matriz 'stream_enc_regs' es una matriz de estructuras dcn10_stream_enc_registers. La matriz se inicializa con cuatro elementos, que corresponden a las cuatro llamadas a stream_enc_regs() en el inicializador de la matriz. Esto significa que los \u00edndices v\u00e1lidos para esta matriz son 0, 1, 2 y 3. El mensaje de error 'stream_enc_regs' 4 &lt;= 5 a continuaci\u00f3n indica que hay un intento de acceder a esta matriz con un \u00edndice de 5, que est\u00e1 fuera de los l\u00edmites. Esto podr\u00eda provocar un comportamiento indefinido Aqu\u00ed, eng_id se utiliza como \u00edndice para acceder a la matriz stream_enc_regs. Si eng_id es 5, esto dar\u00eda como resultado un acceso fuera de los l\u00edmites en la matriz stream_enc_regs. De esta forma se soluciona el error de desbordamiento de b\u00fafer en dcn401_stream_encoder_create. Encontrado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn401/dcn401_resource.c:1209 Error en dcn401_stream_encoder_create(): desbordamiento de b\u00fafer 'stream_enc_regs' 4 &lt;= 5"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"matchCriteriaId": "6D5FF9C2-A011-4A64-B614-F9244ED2EA0D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/b219b46ad42df1dea9258788bcfea37181f3ccb2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bdf606810210e8e07a0cdf1af3c467291363b295",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More