admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-29T07:57:46.852458+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-29 08:00:49 +00:00
parent a49a4b4523
commit df369cfd3e
319 changed files with 12262 additions and 1045 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2021/CVE-2021-459xx/CVE-2021-45956.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-45956",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-01-01T00:15:08.720",
"lastModified": "2024-08-04T05:15:56.930",
"lastModified": "2024-10-28T21:35:00.957",
"vulnStatus": "Modified",
"cveTags": [
{
@ -108,7 +108,7 @@
"description": [
{
"lang": "en",
"value": "CWE-122"
"value": "CWE-787"
}
]
}

39
CVE-2022/CVE-2022-230xx/CVE-2022-23091.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-23091",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:45.147",
"lastModified": "2024-05-14T10:18:04.417",
"lastModified": "2024-10-28T20:35:01.030",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un caso particular de compartir memoria se maneja mal en el sistema de memoria virtual. Esto es muy similar a SA-21:08.vm, pero con una causa ra\u00edz diferente. Un proceso de usuario local sin privilegios puede mantener un mapeo de una p\u00e1gina despu\u00e9s de que se libera, lo que permite que ese proceso lea datos privados que pertenecen a otros procesos o al kernel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc",

39
CVE-2022/CVE-2022-230xx/CVE-2022-23093.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-23093",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:45.240",
"lastModified": "2024-02-15T06:23:39.303",
"lastModified": "2024-10-28T19:35:01.337",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "ping lee paquetes IP sin procesar de la red para procesar las respuestas en la funci\u00f3n pr_pack(). Como parte del procesamiento de una respuesta de ping, se debe reconstruir el encabezado IP, el encabezado ICMP y, si est\u00e1 presente, un \"paquete citado\", que representa el paquete que gener\u00f3 un error ICMP. El paquete citado nuevamente tiene un encabezado IP y un encabezado ICMP. pr_pack() copia los encabezados IP e ICMP recibidos en b\u00faferes de pila para su posterior procesamiento. Al hacerlo, no tiene en cuenta la posible presencia de encabezados de opciones de IP despu\u00e9s del encabezado de IP, ya sea en la respuesta o en el paquete citado. Cuando las opciones de IP est\u00e1n presentes, pr_pack() desborda el b\u00fafer de destino hasta en 40 bytes. Los errores de seguridad de la memoria descritos anteriormente pueden ser desencadenados por un host remoto, lo que provoca que el programa ping falle. El proceso de ping se ejecuta en un modo sandbox de capacidad en todas las versiones afectadas de FreeBSD y, por lo tanto, est\u00e1 muy limitado en cuanto a c\u00f3mo puede interactuar con el resto del sistema en el punto donde puede ocurrir el error."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.asc",

32
CVE-2022/CVE-2022-254xx/CVE-2022-25479.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25479",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-02T19:15:11.957",
"lastModified": "2024-10-24T17:15:13.717",
"lastModified": "2024-10-28T19:35:02.130",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-401"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-265xx/CVE-2022-26580.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-26580",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-16T22:15:08.873",
"lastModified": "2024-07-03T01:38:21.617",
"lastModified": "2024-10-28T20:35:02.053",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,26 +36,6 @@
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4
}
]
},
@ -69,16 +49,6 @@
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [

4
CVE-2022/CVE-2022-297xx/CVE-2022-29778.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29778",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-06-03T21:15:08.007",
"lastModified": "2024-08-03T07:15:36.650",
"lastModified": "2024-10-28T21:35:01.973",
"vulnStatus": "Modified",
"cveTags": [
{
@ -108,7 +108,7 @@
"description": [
{
"lang": "en",
"value": "CWE-1052"
"value": "CWE-798"
}
]
}

22
CVE-2022/CVE-2022-34xx/CVE-2022-3437.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3437",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-01-12T15:15:10.083",
"lastModified": "2024-04-22T16:15:12.370",
"lastModified": "2024-10-28T19:35:03.960",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},

39
CVE-2022/CVE-2022-370xx/CVE-2022-37020.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-37020",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-06-10T23:15:49.503",
"lastModified": "2024-06-11T13:54:12.057",
"lastModified": "2024-10-28T19:35:03.187",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se han identificado posibles vulnerabilidades en el BIOS del sistema para ciertos productos de PC HP, que podr\u00edan permitir la escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo. HP est\u00e1 lanzando actualizaciones de firmware para mitigar las posibles vulnerabilidades."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_10737430-10737454-16/hpsbhf03943",

39
CVE-2022/CVE-2022-432xx/CVE-2022-43216.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43216",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T12:15:08.017",
"lastModified": "2024-04-08T18:48:40.217",
"lastModified": "2024-10-28T20:35:02.447",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que el portal del empleado de AbrhilSoft anterior a v5.6.2 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL en la p\u00e1gina de inicio de sesi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://abrhil.com/",

14
CVE-2022/CVE-2022-481xx/CVE-2022-48193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48193",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-06T20:15:07.723",
"lastModified": "2023-11-14T19:29:35.100",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T19:35:04.320",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "CWE-326"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [

4
CVE-2022/CVE-2022-49xx/CVE-2022-4920.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4920",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:11.573",
"lastModified": "2024-10-03T14:35:03.307",
"lastModified": "2024-10-28T20:35:03.313",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -72,7 +72,7 @@
"description": [
{
"lang": "en",
"value": "CWE-122"
"value": "CWE-787"
}
]
}

4
CVE-2023/CVE-2023-21xx/CVE-2023-2137.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2137",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-19T04:15:31.667",
"lastModified": "2024-10-03T19:35:10.177",
"lastModified": "2024-10-28T21:35:03.843",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -72,7 +72,7 @@
"description": [
{
"lang": "en",
"value": "CWE-122"
"value": "CWE-787"
}
]
}

4
CVE-2023/CVE-2023-261xx/CVE-2023-26130.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26130",
"sourceIdentifier": "report@snyk.io",
"published": "2023-05-30T05:15:10.640",
"lastModified": "2024-07-03T01:39:37.680",
"lastModified": "2024-10-28T20:35:04.220",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -82,7 +82,7 @@
"description": [
{
"lang": "en",
"value": "CWE-93"
"value": "CWE-77"
}
]
}

34
CVE-2023/CVE-2023-265xx/CVE-2023-26562.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26562",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T16:15:08.187",
"lastModified": "2024-10-21T20:35:24.773",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T15:35:02.000",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-286xx/CVE-2023-28604.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28604",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.817",
"lastModified": "2023-12-18T14:28:09.443",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T21:35:02.993",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

4
CVE-2023/CVE-2023-309xx/CVE-2023-30909.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30909",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-09-14T15:15:08.637",
"lastModified": "2024-09-25T19:35:05.093",
"lastModified": "2024-10-28T19:35:05.820",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -76,7 +76,7 @@
"description": [
{
"lang": "en",
"value": "CWE-288"
"value": "CWE-294"
}
]
}

61
CVE-2023/CVE-2023-312xx/CVE-2023-31271.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31271",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:50.503",
"lastModified": "2024-02-14T15:01:51.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-28T17:55:13.573",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00953.html",
"source": "secure@intel.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:virtual_raid_on_cpu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.8.1001",
"matchCriteriaId": "EA2BC3F6-D484-4297-933F-C63A72D84CAC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00953.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-314xx/CVE-2023-31462.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31462",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T18:15:11.970",
"lastModified": "2023-07-31T18:43:04.300",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T18:35:01.280",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-32xx/CVE-2023-3252.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3252",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-08-29T19:15:27.467",
"lastModified": "2023-09-01T14:34:15.777",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T19:35:09.020",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -65,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-32xx/CVE-2023-3253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3253",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-08-29T20:15:10.213",
"lastModified": "2023-09-01T14:34:21.617",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T19:35:09.797",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -65,6 +65,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

12
CVE-2023/CVE-2023-340xx/CVE-2023-34034.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34034",
"sourceIdentifier": "security@vmware.com",
"published": "2023-07-19T15:15:11.127",
"lastModified": "2023-08-14T19:15:11.930",
"lastModified": "2024-10-28T15:35:03.527",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -65,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"configurations": [

61
CVE-2023/CVE-2023-343xx/CVE-2023-34315.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34315",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:56.517",
"lastModified": "2024-02-14T15:01:51.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-28T17:55:29.337",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00953.html",
"source": "secure@intel.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:virtual_raid_on_cpu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.8.1001",
"matchCriteriaId": "EA2BC3F6-D484-4297-933F-C63A72D84CAC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00953.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-350xx/CVE-2023-35003.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35003",
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:58.203",
"lastModified": "2024-02-14T15:01:51.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-28T17:55:47.483",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00953.html",
"source": "secure@intel.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:virtual_raid_on_cpu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.8.1001",
"matchCriteriaId": "EA2BC3F6-D484-4297-933F-C63A72D84CAC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00953.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-358xx/CVE-2023-35836.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35836",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T23:15:08.000",
"lastModified": "2024-01-31T18:38:16.887",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T19:35:06.850",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

4
CVE-2023/CVE-2023-360xx/CVE-2023-36091.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36091",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T14:15:10.583",
"lastModified": "2024-08-02T17:15:57.320",
"lastModified": "2024-10-28T19:35:07.903",
"vulnStatus": "Modified",
"cveTags": [
{
@ -79,7 +79,7 @@
"description": [
{
"lang": "en",
"value": "CWE-288"
"value": "CWE-863"
}
]
}

4
CVE-2023/CVE-2023-402xx/CVE-2023-40290.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40290",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:10.387",
"lastModified": "2024-08-06T16:35:01.287",
"lastModified": "2024-10-28T16:35:04.067",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-80"
"value": "CWE-79"
}
]
}

14
CVE-2023/CVE-2023-403xx/CVE-2023-40315.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40315",
"sourceIdentifier": "security@opennms.com",
"published": "2023-08-17T20:15:11.287",
"lastModified": "2023-08-23T21:06:43.453",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T20:35:05.740",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

4
CVE-2023/CVE-2023-411xx/CVE-2023-41137.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41137",
"sourceIdentifier": "info@appcheck-ng.com",
"published": "2023-11-09T15:15:08.333",
"lastModified": "2024-09-04T14:35:04.010",
"lastModified": "2024-10-28T21:35:05.057",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -86,7 +86,7 @@
"description": [
{
"lang": "en",
"value": "CWE-321"
"value": "CWE-798"
}
]
}

14
CVE-2023/CVE-2023-428xx/CVE-2023-42860.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42860",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.827",
"lastModified": "2024-08-29T20:35:22.773",
"lastModified": "2024-10-28T20:35:06.520",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213983",

4
CVE-2023/CVE-2023-43xx/CVE-2023-4353.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4353",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-15T18:15:11.613",
"lastModified": "2024-10-01T19:35:06.040",
"lastModified": "2024-10-28T19:35:14.530",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -72,7 +72,7 @@
"description": [
{
"lang": "en",
"value": "CWE-122"
"value": "CWE-787"
}
]
}

17
CVE-2023/CVE-2023-459xx/CVE-2023-45918.json
View File

@ -2,13 +2,20 @@
"id": "CVE-2023-45918",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T22:15:07.880",
"lastModified": "2024-03-15T11:15:08.510",
"lastModified": "2024-10-28T21:15:03.937",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c."
"value": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. NOTE: Multiple third parties have disputed this indicating upstream does not regard it as a security issue."
},
{
"lang": "es",
@ -17,6 +24,10 @@
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300290#c1",
"source": "cve@mitre.org"
},
{
"url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html",
"source": "cve@mitre.org"

4
CVE-2023/CVE-2023-467xx/CVE-2023-46765.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46765",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-11-08T10:15:09.680",
"lastModified": "2024-09-04T20:35:08.937",
"lastModified": "2024-10-28T21:35:06.010",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -76,7 +76,7 @@
"description": [
{
"lang": "en",
"value": "CWE-248"
"value": "CWE-754"
}
]
}

4
CVE-2023/CVE-2023-469xx/CVE-2023-46992.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46992",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T15:15:09.787",
"lastModified": "2024-09-06T20:35:14.107",
"lastModified": "2024-10-28T19:35:10.917",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -76,7 +76,7 @@
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-863"
}
]
}

4
CVE-2023/CVE-2023-474xx/CVE-2023-47455.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47455",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-07T15:15:10.870",
"lastModified": "2024-09-05T14:35:12.283",
"lastModified": "2024-10-28T20:35:07.563",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -76,7 +76,7 @@
"description": [
{
"lang": "en",
"value": "CWE-122"
"value": "CWE-787"
}
]
}

4
CVE-2023/CVE-2023-474xx/CVE-2023-47456.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47456",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-07T15:15:10.920",
"lastModified": "2024-09-05T14:35:17.953",
"lastModified": "2024-10-28T19:35:12.137",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -76,7 +76,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

6
CVE-2023/CVE-2023-480xx/CVE-2023-48022.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-48022",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T08:15:06.910",
"lastModified": "2024-08-02T22:15:27.193",
"lastModified": "2024-10-28T17:15:04.350",
"vulnStatus": "Modified",
"cveTags": [
{
@ -111,6 +111,10 @@
}
],
"references": [
{
"url": "https://atlas.mitre.org/studies/AML.CS0023",
"source": "cve@mitre.org"
},
{
"url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0",
"source": "cve@mitre.org",

4
CVE-2023/CVE-2023-492xx/CVE-2023-49231.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49231",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-29T16:15:07.970",
"lastModified": "2024-08-27T19:35:08.170",
"lastModified": "2024-10-28T16:35:04.887",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-288"
"value": "CWE-294"
}
]
}

4
CVE-2023/CVE-2023-499xx/CVE-2023-49982.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49982",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-21T02:49:38.723",
"lastModified": "2024-08-05T16:35:02.447",
"lastModified": "2024-10-28T19:35:13.560",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-863"
}
]
}

14
CVE-2023/CVE-2023-503xx/CVE-2023-50347.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50347",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-04-10T02:15:08.497",
"lastModified": "2024-04-10T13:23:38.787",
"lastModified": "2024-10-28T19:35:15.643",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112318",

18
CVE-2023/CVE-2023-508xx/CVE-2023-50811.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50811",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-19T22:15:06.840",
"lastModified": "2024-04-29T19:52:21.503",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T19:35:16.633",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,20 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-444"
},
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

4
CVE-2023/CVE-2023-523xx/CVE-2023-52362.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52362",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-02-18T03:15:08.770",
"lastModified": "2024-08-29T20:35:47.270",
"lastModified": "2024-10-28T21:35:06.843",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-276"
}
]
}

4
CVE-2023/CVE-2023-523xx/CVE-2023-52376.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52376",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-02-18T06:15:08.290",
"lastModified": "2024-08-22T14:35:03.367",
"lastModified": "2024-10-28T21:35:07.687",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-225"
"value": "CWE-212"
}
]
}

14
CVE-2023/CVE-2023-65xx/CVE-2023-6573.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6573",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-01-23T18:15:18.113",
"lastModified": "2024-01-29T22:50:00.030",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T19:35:17.403",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [

4
CVE-2024/CVE-2024-07xx/CVE-2024-0794.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0794",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-02-20T18:15:50.840",
"lastModified": "2024-10-14T06:15:03.837",
"lastModified": "2024-10-28T20:35:08.940",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

60
CVE-2024/CVE-2024-100xx/CVE-2024-10000.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-10000",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-29T06:15:13.333",
"lastModified": "2024-10-29T06:15:13.333",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Masteriyo LMS \u2013 eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with student-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/1.13.3",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/575f103e-cfc7-4efd-a592-658a3e919671?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-100xx/CVE-2024-10008.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-10008",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-29T06:15:13.743",
"lastModified": "2024-10-29T06:15:13.743",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Masteriyo LMS \u2013 eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes it possible for authenticated attackers, with student-level access and above, to modify the roles of arbitrary users. As a result, attackers can escalate their privileges to the Administrator and demote existing administrators to students."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/1.13.3//includes/RestApi/Controllers/Version1/UsersController.php#L1726",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c54166e-2af2-409d-8c67-9c07f2028543?source=cve",
"source": "security@wordfence.com"
}
]
}

101
CVE-2024/CVE-2024-101xx/CVE-2024-10123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10123",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-18T20:15:02.960",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-28T16:06:53.747",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,71 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/compare_parentcontrol_time_vul.md",
"source": "cna@vuldb.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1D64DC-1EDC-4F62-8D22-E1890B71843C"
}
]
},
{
"url": "https://vuldb.com/?ctiid.280915",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.280915",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.421340",
"source": "cna@vuldb.com"
},
{
"url": "https://www.tenda.com.cn/",
"source": "cna@vuldb.com"
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "655619B2-6E8B-4D2E-98E7-028E69597E80"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/compare_parentcontrol_time_vul.md",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.280915",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.280915",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?submit.421340",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.tenda.com.cn/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

101
CVE-2024/CVE-2024-101xx/CVE-2024-10130.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10130",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-18T22:15:04.683",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-28T16:08:57.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,71 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/FUN_004a8838.md",
"source": "cna@vuldb.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1D64DC-1EDC-4F62-8D22-E1890B71843C"
}
]
},
{
"url": "https://vuldb.com/?ctiid.280918",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.280918",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.422141",
"source": "cna@vuldb.com"
},
{
"url": "https://www.tenda.com.cn/",
"source": "cna@vuldb.com"
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "655619B2-6E8B-4D2E-98E7-028E69597E80"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/FUN_004a8838.md",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.280918",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.280918",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?submit.422141",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.tenda.com.cn/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

56
CVE-2024/CVE-2024-102xx/CVE-2024-10214.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-10214",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-10-28T15:15:04.020",
"lastModified": "2024-10-28T15:15:04.020",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-303"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

95
CVE-2024/CVE-2024-103xx/CVE-2024-10335.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10335",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-24T17:15:14.823",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-28T15:58:13.240",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,63 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/tang-0717/VUL/blob/main/Garbage-Collection-Management-System-01.md",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://vuldb.com/?ctiid.281680",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.281680",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.427439",
"source": "cna@vuldb.com"
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:sadat:garbage_collection_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCD1257-5058-4A83-A5BD-85D922AABBBE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/tang-0717/VUL/blob/main/Garbage-Collection-Management-System-01.md",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281680",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281680",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.427439",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

72
CVE-2024/CVE-2024-103xx/CVE-2024-10336.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10336",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-24T17:15:15.143",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-28T16:01:58.393",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,18 +140,48 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://vuldb.com/?ctiid.281681",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://vuldb.com/?id.281681",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?submit.427442",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:clothes_recommendation_system_project:clothes_recommendation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95B73160-959A-4C2B-ACDF-8111EE47162D"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.281681",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281681",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.427442",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

95
CVE-2024/CVE-2024-104xx/CVE-2024-10418.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10418",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T14:15:02.873",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-29T00:38:29.063",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,63 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://gist.github.com/higordiego/25a103a1fe84c4db4530e68d2f998d11",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?ctiid.281959",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.281959",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.431782",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074BD804-92B2-445A-9A77-DE019D9E8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/higordiego/25a103a1fe84c4db4530e68d2f998d11",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281959",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281959",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431782",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

95
CVE-2024/CVE-2024-104xx/CVE-2024-10419.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10419",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T15:15:02.690",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-29T00:28:59.117",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,63 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://gist.github.com/higordiego/62ad5208270c67834d02818d6ba44126",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?ctiid.281960",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.281960",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.431784",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074BD804-92B2-445A-9A77-DE019D9E8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/higordiego/62ad5208270c67834d02818d6ba44126",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281960",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281960",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431784",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

93
CVE-2024/CVE-2024-104xx/CVE-2024-10420.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10420",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T16:15:02.533",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-29T00:21:35.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,61 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/K1nako0/tmp_vuln12/blob/main/README.md",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://vuldb.com/?ctiid.281961",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.281961",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.431949",
"source": "cna@vuldb.com"
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:nurhodelta17:attendance_and_payroll_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB10B17B-6F78-40A0-8B85-9BCF2DAC209B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/K1nako0/tmp_vuln12/blob/main/README.md",
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.281961",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281961",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431949",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

93
CVE-2024/CVE-2024-104xx/CVE-2024-10421.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10421",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T17:15:02.440",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-29T00:19:35.110",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,61 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/K1nako0/tmp_vuln13/blob/main/README.md",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://vuldb.com/?ctiid.281962",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.281962",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.431979",
"source": "cna@vuldb.com"
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:nurhodelta17:attendance_and_payroll_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB10B17B-6F78-40A0-8B85-9BCF2DAC209B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/K1nako0/tmp_vuln13/blob/main/README.md",
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.281962",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281962",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431979",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

92
CVE-2024/CVE-2024-104xx/CVE-2024-10422.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10422",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T18:15:03.017",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-29T00:16:35.510",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,60 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/K1nako0/tmp_vuln14/blob/main/README.md",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://vuldb.com/?ctiid.281963",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.281963",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.431980",
"source": "cna@vuldb.com"
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:nurhodelta17:attendance_and_payroll_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB10B17B-6F78-40A0-8B85-9BCF2DAC209B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/K1nako0/tmp_vuln14/blob/main/README.md",
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.281963",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281963",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.431980",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

80
CVE-2024/CVE-2024-104xx/CVE-2024-10423.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10423",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T18:15:03.323",
"lastModified": "2024-10-28T13:58:09.230",
"lastModified": "2024-10-29T00:08:57.757",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,54 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_add_project_sqli.md",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://vuldb.com/?ctiid.281964",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.281964",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.431981",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:yugeshverma:student_project_allocation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "308E559F-7023-4284-9154-DC8EA6930349"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_add_project_sqli.md",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281964",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281964",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?submit.431981",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

81
CVE-2024/CVE-2024-104xx/CVE-2024-10424.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10424",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T19:15:04.273",
"lastModified": "2024-10-28T13:58:09.230",
"lastModified": "2024-10-29T00:45:01.377",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,55 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_remove_project_sqli.md",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://vuldb.com/?ctiid.281965",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.281965",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.431983",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:yugeshverma:student_project_allocation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "308E559F-7023-4284-9154-DC8EA6930349"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_remove_project_sqli.md",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281965",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281965",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431983",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

94
CVE-2024/CVE-2024-104xx/CVE-2024-10425.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10425",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T19:15:04.537",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-29T00:57:33.760",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -109,6 +129,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +150,56 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_move_up_project_sqli.md",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://vuldb.com/?ctiid.281966",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.281966",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.431984",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:student_project_allocation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B00C5204-6D74-4935-8F56-F043D6701BE6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_move_up_project_sqli.md",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281966",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281966",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431984",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

137
CVE-2024/CVE-2024-104xx/CVE-2024-10449.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-10449",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-28T15:15:04.303",
"lastModified": "2024-10-28T15:15:04.303",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/ppp-src/CVE/issues/25",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.282009",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.282009",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.432564",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-104xx/CVE-2024-10450.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-10450",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-28T15:15:04.560",
"lastModified": "2024-10-28T15:15:04.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /kortex_lite/control/edit_profile.php of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/Advocate-office-management-system.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.282010",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.282010",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.432614",
"source": "cna@vuldb.com"
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
}
]
}

33
CVE-2024/CVE-2024-104xx/CVE-2024-10469.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-10469",
"sourceIdentifier": "cret@cert.org",
"published": "2024-10-28T16:15:03.667",
"lastModified": "2024-10-28T16:15:03.667",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users."
}
],
"metrics": {},
"weaknesses": [
{
"source": "cret@cert.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://github.com/CERTCC/VINCE/",
"source": "cret@cert.org"
}
]
}

133
CVE-2024/CVE-2024-104xx/CVE-2024-10477.json Normal file
View File

@ -0,0 +1,133 @@
{
"id": "CVE-2024-10477",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-29T01:15:02.843",
"lastModified": "2024-10-29T01:15:02.843",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in LinZhaoguan pb-cms up to 2.0.1. This vulnerability affects unknown code of the file /admin#permissions of the component Permission Management Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gitee.com/LinZhaoguan/pb-cms/issues/IAYIB9",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.282088",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.282088",
"source": "cna@vuldb.com"
}
]
}

133
CVE-2024/CVE-2024-104xx/CVE-2024-10478.json Normal file
View File

@ -0,0 +1,133 @@
{
"id": "CVE-2024-10478",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-29T01:15:03.160",
"lastModified": "2024-10-29T01:15:03.160",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms up to 2.0.1. This issue affects some unknown processing of the file /admin#article/edit?id=2 of the component Edit Article Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gitee.com/LinZhaoguan/pb-cms/issues/IAYIAO",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.282089",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.282089",
"source": "cna@vuldb.com"
}
]
}

133
CVE-2024/CVE-2024-104xx/CVE-2024-10479.json Normal file
View File

@ -0,0 +1,133 @@
{
"id": "CVE-2024-10479",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-29T02:15:06.433",
"lastModified": "2024-10-29T02:15:06.433",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in LinZhaoguan pb-cms up to 2.0.1. Affected is an unknown function of the file /admin#themes of the component Theme Management Module. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gitee.com/LinZhaoguan/pb-cms/issues/IAYHUP",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.282090",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.282090",
"source": "cna@vuldb.com"
}
]
}

56
CVE-2024/CVE-2024-220xx/CVE-2024-22065.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-22065",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-10-29T02:15:06.933",
"lastModified": "2024-10-29T02:15:06.933",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225572",
"source": "psirt@zte.com.cn"
}
]
}

4
CVE-2024/CVE-2024-220xx/CVE-2024-22081.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22081",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-20T05:15:45.710",
"lastModified": "2024-08-05T20:35:03.437",
"lastModified": "2024-10-28T19:35:18.730",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-644"
"value": "CWE-444"
}
]
}

4
CVE-2024/CVE-2024-257xx/CVE-2024-25735.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25735",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T03:15:12.150",
"lastModified": "2024-08-06T16:35:06.527",
"lastModified": "2024-10-28T19:35:19.527",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-319"
}
]
}

21
CVE-2024/CVE-2024-278xx/CVE-2024-27849.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-27849",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:04.093",
"lastModified": "2024-10-28T21:15:04.093",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

13
CVE-2024/CVE-2024-280xx/CVE-2024-28093.json
View File

@ -2,13 +2,20 @@
"id": "CVE-2024-28093",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-26T12:15:50.293",
"lastModified": "2024-09-04T17:35:04.910",
"lastModified": "2024-10-28T21:15:04.167",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "**UNSUPPORTED WHEN ASSIGNED** The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account."
"value": "The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-283xx/CVE-2024-28394.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28394",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-19T20:15:07.210",
"lastModified": "2024-08-05T17:35:09.203",
"lastModified": "2024-10-28T19:35:20.373",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-73"
"value": "CWE-863"
}
]
}

4
CVE-2024/CVE-2024-285xx/CVE-2024-28537.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28537",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-18T14:15:09.960",
"lastModified": "2024-08-28T16:35:20.337",
"lastModified": "2024-10-28T19:35:21.183",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

4
CVE-2024/CVE-2024-285xx/CVE-2024-28562.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28562",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-20T06:15:08.127",
"lastModified": "2024-07-03T01:51:42.723",
"lastModified": "2024-10-28T19:35:22.063",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-787"
}
]
}

4
CVE-2024/CVE-2024-285xx/CVE-2024-28578.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28578",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-20T06:15:11.277",
"lastModified": "2024-08-05T20:35:08.080",
"lastModified": "2024-10-28T19:35:22.893",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

4
CVE-2024/CVE-2024-286xx/CVE-2024-28640.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28640",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-16T06:15:14.613",
"lastModified": "2024-08-28T16:35:21.193",
"lastModified": "2024-10-28T19:35:23.820",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

4
CVE-2024/CVE-2024-29xx/CVE-2024-2915.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-2915",
"sourceIdentifier": "security@devolutions.net",
"published": "2024-03-26T16:15:14.117",
"lastModified": "2024-08-06T16:35:11.173",
"lastModified": "2024-10-28T19:35:24.793",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-863"
}
]
}

56
CVE-2024/CVE-2024-301xx/CVE-2024-30106.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-30106",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-10-28T22:15:02.583",
"lastModified": "2024-10-28T22:15:02.583",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116967",
"source": "psirt@hcl.com"
}
]
}

4
CVE-2024/CVE-2024-305xx/CVE-2024-30587.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30587",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T14:15:15.183",
"lastModified": "2024-08-27T20:35:30.073",
"lastModified": "2024-10-28T16:35:05.917",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

4
CVE-2024/CVE-2024-305xx/CVE-2024-30596.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30596",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T13:15:48.063",
"lastModified": "2024-08-27T21:35:21.827",
"lastModified": "2024-10-28T16:35:06.740",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

4
CVE-2024/CVE-2024-306xx/CVE-2024-30604.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30604",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T15:15:46.850",
"lastModified": "2024-08-27T20:35:30.857",
"lastModified": "2024-10-28T16:35:07.717",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

4
CVE-2024/CVE-2024-306xx/CVE-2024-30630.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30630",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-29T13:15:16.273",
"lastModified": "2024-08-27T19:35:25.577",
"lastModified": "2024-10-28T16:35:08.503",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
}
]
}

14
CVE-2024/CVE-2024-30xx/CVE-2024-3059.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3059",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-26T05:15:50.360",
"lastModified": "2024-07-03T02:05:57.660",
"lastModified": "2024-10-28T20:35:12.480",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/e154096d-e9b7-43ba-9a34-81a6c431025c/",

13
CVE-2024/CVE-2024-319xx/CVE-2024-31971.json
View File

@ -2,13 +2,20 @@
"id": "CVE-2024-31971",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-24T15:15:11.800",
"lastModified": "2024-07-26T21:15:12.610",
"lastModified": "2024-10-28T21:15:04.253",
"vulnStatus": "Modified",
"cveTags": [],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "**UNSUPPORTED WHEN ASSIGNED** Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html."
"value": "Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html."
},
{
"lang": "es",

27
CVE-2024/CVE-2024-345xx/CVE-2024-34537.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34537",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-28T14:15:04.740",
"lastModified": "2024-10-28T14:15:04.740",
"lastModified": "2024-10-28T17:35:05.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,30 @@
"value": "TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, and 13.3.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp",

39
CVE-2024/CVE-2024-352xx/CVE-2024-35291.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35291",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-05-27T05:15:08.750",
"lastModified": "2024-05-28T12:39:28.377",
"lastModified": "2024-10-28T20:35:11.700",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de cross site scripting existe en las versiones de Splunk Config Explorer anteriores a la 1.7.16. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que utiliza el producto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN56781258/",

70
CVE-2024/CVE-2024-368xx/CVE-2024-36811.json
View File

@ -2,75 +2,15 @@
"id": "CVE-2024-36811",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T19:15:23.920",
"lastModified": "2024-08-22T18:35:13.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-28T21:15:04.357",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en la funci\u00f3n de carga de im\u00e1genes de aimeos-core v2024.04 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo PHP manipulado."
"value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-37295. Reason: This candidate is a reservation duplicate of CVE-2024-37295. Notes: All CVE users should reference CVE-2024-37295 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1QJWwaDB6smLCuNp10yZKWgpELTQJax31/view?usp=sharing",
"source": "cve@mitre.org"
},
{
"url": "https://drive.google.com/file/d/1n5_t-zmKHbx3H47xdhR5kuHTDc0Gxur3/view?usp=sharing",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/aimeos/aimeos-core/commit/13e163126adff48f987b3b6faca28551effe0205",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/aimeos/aimeos-core/commit/5eea7aa933ac7402044bc6d282f96fba44475ee2",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ssshah2131/CVE/blob/main/Aimeos_RCE",
"source": "cve@mitre.org"
}
]
"metrics": {},
"references": []
}

34
CVE-2024/CVE-2024-378xx/CVE-2024-37865.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37865",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T21:15:14.860",
"lastModified": "2024-08-19T14:04:02.713",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T21:35:08.833",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-295"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-384xx/CVE-2024-38428.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38428",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-16T03:15:08.430",
"lastModified": "2024-08-08T15:05:30.617",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T21:35:09.643",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-436"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-436"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-389xx/CVE-2024-38951.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38951",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-25T14:15:12.403",
"lastModified": "2024-06-25T18:50:42.040",
"lastModified": "2024-10-28T21:35:10.480",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un desbordamiento de b\u00fafer en PX4-Autopilot v1.12.3 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un mensaje MavLink manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/PX4/PX4-Autopilot/issues/23251",

29
CVE-2024/CVE-2024-392xx/CVE-2024-39205.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-39205",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-28T20:15:05.517",
"lastModified": "2024-10-28T20:15:05.517",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Marven11/CVE-2024-39205-Pyload-RCE/tree/main",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/pyload/pyload",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-r9pp-r4xf-597r",
"source": "cve@mitre.org"
}
]
}

34
CVE-2024/CVE-2024-397xx/CVE-2024-39771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39771",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-08-28T06:15:06.233",
"lastModified": "2024-09-12T21:34:24.920",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T21:35:11.267",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-295"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-39xx/CVE-2024-3966.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3966",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-14T06:15:12.170",
"lastModified": "2024-07-29T16:52:33.533",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T21:35:12.253",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-400xx/CVE-2024-40096.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40096",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-05T10:15:33.197",
"lastModified": "2024-08-30T16:14:41.957",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T21:35:13.063",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-532"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [

13
CVE-2024/CVE-2024-405xx/CVE-2024-40505.json
View File

@ -2,13 +2,20 @@
"id": "CVE-2024-40505",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-16T20:15:03.777",
"lastModified": "2024-08-01T13:57:32.800",
"lastModified": "2024-10-28T21:15:04.563",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "**UNSUPPORTED WHEN ASSIGNED** Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component."
"value": "Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component."
},
{
"lang": "es",

24
CVE-2024/CVE-2024-407xx/CVE-2024-40774.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40774",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:11.250",
"lastModified": "2024-08-20T15:16:40.210",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-28T21:35:14.033",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},

21
CVE-2024/CVE-2024-407xx/CVE-2024-40792.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40792",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:04.670",
"lastModified": "2024-10-28T21:15:04.670",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40851.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40851",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:04.740",
"lastModified": "2024-10-28T21:15:04.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121563",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40853.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40853",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:04.810",
"lastModified": "2024-10-28T21:15:04.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to use Siri to enable Auto-Answer Calls."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-408xx/CVE-2024-40855.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-40855",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:04.870",
"lastModified": "2024-10-28T21:15:04.870",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. A sandboxed app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40867.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40867",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:04.937",
"lastModified": "2024-10-28T21:15:04.937",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121563",
"source": "product-security@apple.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More