admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-05T17:00:21.906678+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-05 17:03:22 +00:00
parent be1f9d3771
commit df63f187ae
229 changed files with 10419 additions and 623 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2021/CVE-2021-473xx/CVE-2021-47312.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47312",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:18.660",
"lastModified": "2024-05-21T16:54:26.047",
"lastModified": "2024-11-05T15:35:00.803",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: corrige la desreferencia del flujo de puntero null. En el caso de que chain->flags & NFT_CHAIN_HW_OFFLOAD sea falso, no se llama a nft_flow_rule_create y el flujo es NULL. La ejecuci\u00f3n posterior del manejo de errores a trav\u00e9s de la etiqueta err_destroy_flow_rule dar\u00e1 lugar a una desreferencia del puntero null en el flujo al llamar a nft_flow_rule_destroy. Dado que la ruta de error a err_destroy_flow_rule tiene que atender flujos nulos y no nulos, solo llame a nft_flow_rule_destroy si el flujo no es nulo para solucionar este problema. Direcciones-Cobertura: (\"Desreferencia nula expl\u00edcita\")"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/4ca041f919f13783b0b03894783deee00dbca19a",

27
CVE-2021/CVE-2021-474xx/CVE-2021-47467.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47467",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-22T07:15:11.533",
"lastModified": "2024-05-22T12:46:53.887",
"lastModified": "2024-11-05T16:35:02.863",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: kunit: corrige la fuga del recuento de referencias en kfree_at_end El problema del recuento de referencias ocurre en la ruta normal de kfree_at_end(). Cuando se invoca kunit_alloc_and_get_resource(), la funci\u00f3n se olvida de manejar el objeto de recurso devuelto, cuyo recuento aument\u00f3 en el interior, lo que provoca una fuga de recuento. Solucione este problema llamando a kunit_alloc_resource() en lugar de kunit_alloc_and_get_resource(). Se corrigi\u00f3 lo siguiente al aplicar: Shuah Khan VERIFICAR: La alineaci\u00f3n debe coincidir con el par\u00e9ntesis abierto + kunit_alloc_resource(test, NULL, kfree_res_free, GFP_KERNEL, (void *)to_free);"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bbdd158b40b66a9403391a517f24ef6613573446",

29
CVE-2021/CVE-2021-475xx/CVE-2021-47580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47580",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:52.537",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T15:35:02.187",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: scsi_debug: corrige el tipo min_t para evitar la pila OOB. Cambie min_t() para usar el tipo \"u32\" en lugar de \"int\" para evitar la pila fuera de los l\u00edmites. Con min_t() escriba \"int\", los valores se extienden y el valor mayor se usa provocando que la pila est\u00e9 fuera de los l\u00edmites. ERROR: KASAN: pila fuera de los l\u00edmites en memcpy include/linux/fortify-string.h:191 [en l\u00ednea] ERROR: KASAN: pila fuera de los l\u00edmites en sg_copy_buffer+0x1de/0x240 lib/scatterlist.c: 976 Lectura del tama\u00f1o 127 en la direcci\u00f3n ffff888072607128 mediante la tarea syz-executor.7/18707 CPU: 1 PID: 18707 Comm: syz-executor.7 No contaminado 5.15.0-syzk #1 Nombre del hardware: Red Hat KVM, BIOS 1.13.0 -2 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106 print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:256 __kasan_report mm/kasan /report.c:442 [en l\u00ednea] kasan_report.cold.14+0x7d/0x117 mm/kasan/report.c:459 check_region_inline mm/kasan/generic.c:183 [en l\u00ednea] kasan_check_range+0x1a3/0x210 mm/kasan/generic .c:189 memcpy+0x23/0x60 mm/kasan/shadow.c:65 memcpy include/linux/fortify-string.h:191 [en l\u00ednea] sg_copy_buffer+0x1de/0x240 lib/scatterlist.c:976 sg_copy_from_buffer+0x33/0x40 lib/scatterlist.c:1000 fill_from_dev_buffer.part.34+0x82/0x130 controladores/scsi/scsi_debug.c:1162 fill_from_dev_buffer controladores/scsi/scsi_debug.c:1888 [en l\u00ednea] resp_readcap16+0x365/0x3b0 controladores/scsi/scsi_debug.c :1887 Schedule_resp+0x4d8/0x1a70 controladores/scsi/scsi_debug.c:5478 scsi_debug_queuecommand+0x8c9/0x1ec0 controladores/scsi/scsi_debug.c:7533 controladores scsi_dispatch_cmd/scsi/scsi_lib.c:1520 [en l\u00ednea] Controladores 0x16b0/0x2d40/ scsi/scsi_lib.c:1699 blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1639 __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325 blk_mq_sched_dispatch_requests+0x10 5/0x190 cuadra/blk-mq-programado. c:358 __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1761 __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1838 blk_mq_run_hw_queue+0x18d/0x350 :1891 blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474 blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:62 sg_common_write.isra.18+0xeb3/0x2000 drivers/scsi/sg.c:836 sg_new_write.isra.19+0x570 /0x8c0 controladores/scsi/sg.c:774 sg_ioctl_common+0x14d6/0x2710 controladores/scsi/sg.c:939 sg_ioctl+0xa2/0x180 controladores/scsi/sg.c:1165 vfs_ioctl fs/ioctl.c:51 [en l\u00ednea] __do_sys_ioctl fs/ioctl.c:874 [en l\u00ednea] __se_sys_ioctl fs/ioctl.c:860 [en l\u00ednea] __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] llamada al sistema_64 +0x3a/0x80 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3085147645938eb41f0bc0e25ef9791e71f5ee4b",

14
CVE-2023/CVE-2023-212xx/CVE-2023-21254.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21254",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.007",
"lastModified": "2023-07-25T15:29:19.453",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-05T16:35:03.223",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

39
CVE-2023/CVE-2023-253xx/CVE-2023-25364.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25364",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T07:15:47.340",
"lastModified": "2024-03-27T12:29:30.307",
"lastModified": "2024-11-05T15:35:02.460",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Opswat Metadefender Core anterior a 5.2.1 no defiende adecuadamente contra posibles inyecciones de HTML y ataques XSS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://docs.opswat.com/mdcore/release-notes/archived-release-notes#version-v521",

56
CVE-2023/CVE-2023-291xx/CVE-2023-29114.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-29114",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T15:15:21.443",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "System logs could be accessed through web management application due to a lack of access control.\n\n\nAn attacker can obtain the following sensitive information:\n\n\u2022?????Wi-Fi access point credentials to which the EV charger can connect.\n\n\u2022?????APN web address and credentials.\n\n\u2022?????IPSEC credentials.\n\n\u2022?????Web interface access credentials for user and admin accounts.\n\n\u2022?????JuiceBox system components (software installed, model, firmware version, etc.).\n\n\u2022?????C2G configuration details.\n\n\u2022?????Internal IP addresses.\n\n\u2022?????OTA firmware update configurations (DNS servers).\n\nAll the credentials are stored in logs in an unencrypted plaintext format."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
}
]
}

56
CVE-2023/CVE-2023-291xx/CVE-2023-29115.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-29115",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T15:15:21.667",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
}
]
}

56
CVE-2023/CVE-2023-291xx/CVE-2023-29116.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-29116",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:15.307",
"lastModified": "2024-11-05T16:15:15.307",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
}
]
}

56
CVE-2023/CVE-2023-291xx/CVE-2023-29117.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-29117",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:15.543",
"lastModified": "2024-11-05T16:15:15.543",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Waybox Enel X web management API authentication could be bypassed and provide administrator\u2019s privileges over the Waybox system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
}
]
}

56
CVE-2023/CVE-2023-291xx/CVE-2023-29118.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-29118",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:15.760",
"lastModified": "2024-11-05T16:15:15.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Waybox Enel X web management application could execute arbitrary requests on the internal database via\u00a0/admin/versions.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
}
]
}

56
CVE-2023/CVE-2023-291xx/CVE-2023-29119.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-29119",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:15.983",
"lastModified": "2024-11-05T16:15:15.983",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Waybox Enel X web management application could execute arbitrary requests on the internal database via\u00a0/admin/dbstore.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
}
]
}

56
CVE-2023/CVE-2023-291xx/CVE-2023-29120.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-29120",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:16.190",
"lastModified": "2024-11-05T16:15:16.190",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator\u2019s privileges over the Waybox system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
}
]
}

56
CVE-2023/CVE-2023-291xx/CVE-2023-29121.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-29121",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:16.377",
"lastModified": "2024-11-05T16:15:16.377",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Waybox Enel TCF Agent service could be used to get administrator\u2019s privileges over the Waybox system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
}
]
}

56
CVE-2023/CVE-2023-291xx/CVE-2023-29122.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-29122",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:16.577",
"lastModified": "2024-11-05T16:15:16.577",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions, access to service libraries is granted to account they should not have access to."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-708"
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
}
]
}

56
CVE-2023/CVE-2023-291xx/CVE-2023-29125.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-29125",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:16.770",
"lastModified": "2024-11-05T16:15:16.770",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
}
]
}

56
CVE-2023/CVE-2023-291xx/CVE-2023-29126.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-29126",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:16.950",
"lastModified": "2024-11-05T16:15:16.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1287"
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
}
]
}

8
CVE-2023/CVE-2023-344xx/CVE-2023-34443.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-34443",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T00:15:03.103",
"lastModified": "2024-11-05T00:15:03.103",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": " Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI sencilla y basada en la web. Al mostrar una p\u00e1gina, se pueden ejecutar consultas en sitios cruzados (XSS) para scripts fuera de las etiquetas de script. Esto se ha solucionado en las versiones 2.7.9, 3.0.4 y 3.1.0. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-344xx/CVE-2023-34444.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-34444",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T00:15:03.350",
"lastModified": "2024-11-05T00:15:03.350",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": " Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI sencilla y basada en la web. Al mostrar p\u00e1ginas/ajax.searchform.php, es posible que se produzcan XSS para scripts fuera de las etiquetas de script. Este problema se ha solucionado en las versiones 2.7.9, 3.0.4 y 3.1.0. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-344xx/CVE-2023-34445.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-34445",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T00:15:03.630",
"lastModified": "2024-11-05T00:15:03.630",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": " Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI sencilla y basada en la web. Al mostrar p\u00e1ginas/ajax.render.php, es posible que se produzcan XSS para scripts fuera de las etiquetas de script. Este problema se ha solucionado en las versiones 2.7.9, 3.0.4 y 3.1.0. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

39
CVE-2023/CVE-2023-440xx/CVE-2023-44040.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44040",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T17:15:47.273",
"lastModified": "2024-04-03T17:24:18.150",
"lastModified": "2024-11-05T15:35:03.610",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En VeridiumID anterior a 3.5.0, la p\u00e1gina del proveedor de identidad es susceptible a una vulnerabilidad de Cross Site Scripting (XSS) que puede ser explotada por un atacante interno no autenticado para la ejecuci\u00f3n de JavaScript en el contexto del usuario que intenta autenticarse."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement",

27
CVE-2023/CVE-2023-458xx/CVE-2023-45873.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45873",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T22:15:26.107",
"lastModified": "2024-02-29T13:49:47.277",
"lastModified": "2024-11-05T15:35:04.463",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se descubri\u00f3 un problema en Couchbase Server hasta 7.2.2. Un lector de datos puede provocar una denegaci\u00f3n de servicio (la aplicaci\u00f3n existe) debido al asesino de OOM."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",

39
CVE-2023/CVE-2023-460xx/CVE-2023-46046.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46046",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T05:15:47.440",
"lastModified": "2024-08-02T21:15:48.963",
"lastModified": "2024-11-05T16:35:04.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -22,7 +22,42 @@
"value": "Un problema en MiniZinc anterior a 2.8.0 permite una desreferencia de puntero NULL a trav\u00e9s de ti_expr en un archivo .mzn manipulado. NOTA: esto est\u00e1 en disputa porque no existe un caso de uso com\u00fan de libminizinc en el que se suponga que un proceso desatendido debe ejecutarse indefinidamente para procesar una serie de archivos .mzn controlados por atacantes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/63",

53
CVE-2023/CVE-2023-503xx/CVE-2023-50310.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50310",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-10-23T11:15:12.600",
"lastModified": "2024-10-23T15:12:34.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:40:57.533",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
@ -51,10 +71,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_transaction_gateway:9.2:*:*:*:*:multiplatforms:*:*",
"matchCriteriaId": "B6D13B6F-9265-459A-A654-4B5872C81CAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_transaction_gateway:9.3:*:*:*:*:multiplatforms:*:*",
"matchCriteriaId": "7E9F94E4-76EC-4324-A98F-61BFAD7CFE4C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7145418",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-514xx/CVE-2023-51494.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51494",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-09T09:15:08.793",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:01:35.450",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce:product_vendors:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.2",
"matchCriteriaId": "0735CE01-9E1F-4D95-8A7E-2CBB2A780C19"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-2-1-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-524xx/CVE-2023-52462.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52462",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:08.540",
"lastModified": "2024-11-04T13:16:31.850",
"lastModified": "2024-11-05T16:35:05.700",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [

27
CVE-2023/CVE-2023-524xx/CVE-2023-52479.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52479",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T06:15:45.973",
"lastModified": "2024-02-29T13:49:29.390",
"lastModified": "2024-11-05T16:35:06.427",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: corrige uaf en smb20_oplock_break_ack elimina la referencia despu\u00e9s de usar opinfo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/694e13732e830cbbfedb562e57f28644927c33fd",

27
CVE-2023/CVE-2023-525xx/CVE-2023-52502.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52502",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-02T22:15:47.203",
"lastModified": "2024-03-04T13:58:23.447",
"lastModified": "2024-11-05T15:35:04.707",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: nfc: corrige ejecuci\u00f3ns en nfc_llcp_sock_get() y nfc_llcp_sock_get_sn() Sili Luo inform\u00f3 una ejecuci\u00f3n en nfc_llcp_sock_get(), lo que llev\u00f3 a UAF. Obtener una referencia en el enchufe encontrado en una b\u00fasqueda mientras se mantiene un candado debe ocurrir antes de liberar el candado. nfc_llcp_sock_get_sn() tiene un problema similar. Finalmente, nfc_llcp_recv_snl() necesita asegurarse de que el socket encontrado por nfc_llcp_sock_from_sn() no desaparezca."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93",

37
CVE-2023/CVE-2023-525xx/CVE-2023-52553.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52553",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-04-08T09:15:09.287",
"lastModified": "2024-04-08T18:48:40.217",
"lastModified": "2024-11-05T16:35:06.793",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en el m\u00f3dulo Wi-Fi. Impacto: La explotaci\u00f3n exitosa de esta vulnerabilidad afectar\u00e1 la disponibilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@huawei.com",
@ -26,6 +49,16 @@
"value": "CWE-362"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [

27
CVE-2023/CVE-2023-528xx/CVE-2023-52828.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52828",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T16:15:20.533",
"lastModified": "2024-05-21T16:53:56.550",
"lastModified": "2024-11-05T16:35:07.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Detectar IP == ksym.end como parte del programa BPF. Ahora que bpf_throw kfunc es la primera instrucci\u00f3n de llamada que no tiene sem\u00e1ntica de retorno dentro del verificador, esto tambi\u00e9n activa el c\u00f3digo muerto eliminaci\u00f3n de formas sin precedentes. Por un lado, cualquier instrucci\u00f3n que siga a una llamada a bpf_throw nunca se marcar\u00e1 como vista. Adem\u00e1s, si una cadena de llamadas termina lanz\u00e1ndose, cualquier instrucci\u00f3n posterior a la instrucci\u00f3n de llamada al subprog que finalmente se lance en las personas que llaman tampoco se marcar\u00e1 como vista. La forma tentadora de solucionar este problema ser\u00eda emitir instrucciones 'int3' adicionales que superen el jited_len de un programa y garantizar que, durante el tiempo de ejecuci\u00f3n, cuando se inicia un programa, podamos descubrir sus l\u00edmites incluso si la instrucci\u00f3n de llamada a bpf_throw (o a subprogs que siempre tirar) se emite como instrucci\u00f3n final en el programa. Un ejemplo de un programa de este tipo ser\u00eda este: do_something(): ... r0 = 0 salir foo(): r1 = 0 llamar a bpf_throw r0 = 0 salir de la barra (cond): si r1 != 0 ir a pc+2 llamar a hacer_algo exit call foo r0 = 0 // Nunca visto por el verificador exit // main(ctx): r1 = ... call bar r0 = 0 exit Aqu\u00ed, si terminamos lanzando, el seguimiento de pila ser\u00eda el siguiente: bpf_throw foo bar main En bar, la instrucci\u00f3n final emitida ser\u00e1 la llamada a foo, como tal, la direcci\u00f3n de retorno ser\u00e1 la instrucci\u00f3n posterior (que el JIT emite como int3 en x86). Esto terminar\u00e1 quedando fuera del jited_len del programa, por lo tanto, al desenrollarlo, no podremos descubrir que la direcci\u00f3n del remitente pertenece a ning\u00fan programa y terminaremos en p\u00e1nico debido al desenrollado poco confiable de la pila de programas BPF que nunca esperamos. Para remediar este caso, haga que bpf_prog_ksym_find trate IP == ksym.end como parte del programa BPF, de modo que is_bpf_text_address devuelva verdadero cuando ocurra tal caso, y podamos desenredarlo de manera confiable cuando la instrucci\u00f3n final termine siendo una instrucci\u00f3n de llamada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/327b92e8cb527ae097961ffd1610c720481947f5",

39
CVE-2023/CVE-2023-528xx/CVE-2023-52855.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52855",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T16:15:22.453",
"lastModified": "2024-05-21T16:53:56.550",
"lastModified": "2024-11-05T15:35:04.893",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc2: corrige posible desreferencia de puntero NULL causada por concurrencia de controladores. En _dwc2_hcd_urb_enqueue(), \"urb->hcpriv = NULL\" se ejecuta sin mantener presionado el bloqueo \"hsotg->lock\" . En _dwc2_hcd_urb_dequeue(): spin_lock_irqsave(&hsotg->lock, flags); ... if (!urb->hcpriv) { dev_dbg(hsotg->dev, \"## urb->hcpriv es NULL ##\\n\"); salir; } rc = dwc2_hcd_urb_dequeue(hsotg, urb->hcpriv); // Usa urb->hcpriv ... out: spin_unlock_irqrestore(&hsotg->lock, flags); Cuando _dwc2_hcd_urb_enqueue() y _dwc2_hcd_urb_dequeue() se ejecutan simult\u00e1neamente, la verificaci\u00f3n NULL de \"urb->hcpriv\" se puede ejecutar antes de \"urb->hcpriv = NULL\". Despu\u00e9s de que urb->hcpriv sea NULL, se puede usar en la llamada de funci\u00f3n a dwc2_hcd_urb_dequeue(), lo que puede provocar una desreferencia del puntero NULL. Este posible error se encuentra mediante una herramienta experimental de an\u00e1lisis est\u00e1tico desarrollada por m\u00ed. Esta herramienta analiza las API de bloqueo para extraer pares de funciones que se pueden ejecutar simult\u00e1neamente y luego analiza las instrucciones en las funciones emparejadas para identificar posibles errores de concurrencia, incluidas ejecuci\u00f3ns de datos y violaciones de atomicidad. El posible error anterior se informa cuando mi herramienta analiza el c\u00f3digo fuente de Linux 6.5. Para corregir este posible error, se debe ejecutar \"urb->hcpriv = NULL\" manteniendo presionado el bloqueo \"hsotg->lock\". Despu\u00e9s de usar este parche, mi herramienta nunca informa el posible error, con la configuraci\u00f3n del kernel allyesconfig para x86_64. Como no tengo hardware asociado, no puedo probar el parche en tiempo de ejecuci\u00f3n y simplemente verificarlo de acuerdo con la l\u00f3gica del c\u00f3digo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/14c9ec34e8118fbffd7f5431814d767726323e72",

8
CVE-2023/CVE-2023-529xx/CVE-2023-52920.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52920",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-05T10:15:24.580",
"lastModified": "2024-11-05T10:15:24.580",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: support non-r10 register spill/fill to/from stack in precision tracking\n\nUse instruction (jump) history to record instructions that performed\nregister spill/fill to/from stack, regardless if this was done through\nread-only r10 register, or any other register after copying r10 into it\n*and* potentially adjusting offset.\n\nTo make this work reliably, we push extra per-instruction flags into\ninstruction history, encoding stack slot index (spi) and stack frame\nnumber in extra 10 bit flags we take away from prev_idx in instruction\nhistory. We don't touch idx field for maximum performance, as it's\nchecked most frequently during backtracking.\n\nThis change removes basically the last remaining practical limitation of\nprecision backtracking logic in BPF verifier. It fixes known\ndeficiencies, but also opens up new opportunities to reduce number of\nverified states, explored in the subsequent patches.\n\nThere are only three differences in selftests' BPF object files\naccording to veristat, all in the positive direction (less states).\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n-------------------------------------- ------------- --------- --------- ------------- ---------- ---------- -------------\ntest_cls_redirect_dynptr.bpf.linked3.o cls_redirect 2987 2864 -123 (-4.12%) 240 231 -9 (-3.75%)\nxdp_synproxy_kern.bpf.linked3.o syncookie_tc 82848 82661 -187 (-0.23%) 5107 5073 -34 (-0.67%)\nxdp_synproxy_kern.bpf.linked3.o syncookie_xdp 85116 84964 -152 (-0.18%) 5162 5130 -32 (-0.62%)\n\nNote, I avoided renaming jmp_history to more generic insn_hist to\nminimize number of lines changed and potential merge conflicts between\nbpf and bpf-next trees.\n\nNotice also cur_hist_entry pointer reset to NULL at the beginning of\ninstruction verification loop. This pointer avoids the problem of\nrelying on last jump history entry's insn_idx to determine whether we\nalready have entry for current instruction or not. It can happen that we\nadded jump history entry because current instruction is_jmp_point(), but\nalso we need to add instruction flags for stack access. In this case, we\ndon't want to entries, so we need to reuse last added entry, if it is\npresent.\n\nRelying on insn_idx comparison has the same ambiguity problem as the one\nthat was fixed recently in [0], so we avoid that.\n\n [0] https://patchwork.kernel.org/project/netdevbpf/patch/20231110002638.4168352-3-andrii@kernel.org/"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: soporte para derrame/relleno de registros que no sean r10 hacia/desde la pila en seguimiento de precisi\u00f3n. Use el historial de instrucciones (saltos) para registrar instrucciones que realizaron derrame/relleno de registros hacia/desde la pila, independientemente de si esto se hizo a trav\u00e9s de un registro r10 de solo lectura, o cualquier otro registro despu\u00e9s de copiar r10 en \u00e9l *y* potencialmente ajustar el desplazamiento. Para que esto funcione de manera confiable, insertamos indicadores adicionales por instrucci\u00f3n en el historial de instrucciones, codificando el \u00edndice de ranura de pila (spi) y el n\u00famero de marco de pila en indicadores adicionales de 10 bits que quitamos de prev_idx en el historial de instrucciones. No tocamos el campo idx para obtener el m\u00e1ximo rendimiento, ya que se verifica con mayor frecuencia durante el seguimiento hacia atr\u00e1s. Este cambio elimina b\u00e1sicamente la \u00faltima limitaci\u00f3n pr\u00e1ctica restante de la l\u00f3gica de seguimiento hacia atr\u00e1s de precisi\u00f3n en el verificador BPF. Corrige deficiencias conocidas, pero tambi\u00e9n abre nuevas oportunidades para reducir la cantidad de estados verificados, exploradas en los parches posteriores. Solo hay tres diferencias en los archivos de objetos BPF de las autopruebas seg\u00fan veristat, todas en la direcci\u00f3n positiva (menos estados). Archivo Programa Insns (A) Insns (B) Insns (DIFF) Estados (A) Estados (B) Estados (DIFF) -------------------------------------- ------------- --------- --------- ------------- ---------- ---------- ------------- test_cls_redirect_dynptr.bpf.linked3.o cls_redirect 2987 2864 -123 (-4,12%) 240 231 -9 (-3,75%) xdp_synproxy_kern.bpf.linked3.o syncookie_tc 82848 82661 -187 (-0,23%) 5107 5073 -34 (-0,67%) xdp_synproxy_kern.bpf.linked3.o syncookie_xdp 85116 84964 -152 (-0,18%) 5162 5130 -32 (-0,62%) Nota: evit\u00e9 cambiar el nombre de jmp_history al m\u00e1s gen\u00e9rico insn_hist para minimizar la cantidad de l\u00edneas cambiadas y los posibles conflictos de fusi\u00f3n entre los \u00e1rboles bpf y bpf-next. Observe tambi\u00e9n que el puntero cur_hist_entry se restablece a NULL al comienzo del bucle de verificaci\u00f3n de instrucciones. Este puntero evita el problema de confiar en el insn_idx de la \u00faltima entrada del historial de saltos para determinar si ya tenemos una entrada para la instrucci\u00f3n actual o no. Puede suceder que agreguemos una entrada del historial de saltos porque la instrucci\u00f3n actual es_jmp_point(), pero tambi\u00e9n necesitamos agregar indicadores de instrucci\u00f3n para el acceso a la pila. En este caso, no queremos entradas, por lo que necesitamos reutilizar la \u00faltima entrada agregada, si est\u00e1 presente. Confiar en la comparaci\u00f3n insn_idx tiene el mismo problema de ambig\u00fcedad que el que se solucion\u00f3 recientemente en [0], por lo que lo evitamos. [0] https://patchwork.kernel.org/project/netdevbpf/patch/20231110002638.4168352-3-andrii@kernel.org/"
}
],
"metrics": {},

70
CVE-2023/CVE-2023-70xx/CVE-2023-7013.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7013",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:11.340",
"lastModified": "2024-07-17T13:34:20.520",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T15:57:00.397",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "La implementaci\u00f3n inadecuada en Compositing en Google Chrome anterior a 119.0.6045.105 permit\u00eda a un atacante remoto falsificar potencialmente la interfaz de usuario de seguridad a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://issues.chromium.org/issues/40071326",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

4
CVE-2024/CVE-2024-100xx/CVE-2024-10097.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10097",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T07:15:13.327",
"lastModified": "2024-11-05T07:15:13.327",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-101xx/CVE-2024-10114.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10114",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T09:15:03.333",
"lastModified": "2024-11-05T09:15:03.333",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token."
},
{
"lang": "es",
"value": " El complemento WooCommerce - Social Login para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en todas las versiones hasta la 2.7.7 incluida. Esto se debe a una verificaci\u00f3n insuficiente del usuario que devuelve el token de inicio de sesi\u00f3n social. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador, si tienen acceso al correo electr\u00f3nico y el usuario no tiene una cuenta ya existente para el servicio que devuelve el token."
}
],
"metrics": {

4
CVE-2024/CVE-2024-102xx/CVE-2024-10263.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10263",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T13:15:03.203",
"lastModified": "2024-11-05T13:15:03.203",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-103xx/CVE-2024-10319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10319",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T11:15:03.180",
"lastModified": "2024-11-05T11:15:03.180",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-103xx/CVE-2024-10329.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10329",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T14:15:13.917",
"lastModified": "2024-11-05T14:15:13.917",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-103xx/CVE-2024-10340.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10340",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T02:15:03.177",
"lastModified": "2024-11-05T02:15:03.177",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Shortcodes Blocks Creator Ultimate para WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del c\u00f3digo corto 'scu' en versiones hasta la 2.1.3 incluida, debido a una desinfecci\u00f3n de entrada y al escape de salida insuficiente en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

62
CVE-2024/CVE-2024-104xx/CVE-2024-10469.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10469",
"sourceIdentifier": "cret@cert.org",
"published": "2024-10-28T16:15:03.667",
"lastModified": "2024-10-29T14:34:50.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:51:35.450",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,8 +15,41 @@
"value": "Las versiones de VINCE anteriores a 3.0.9 son vulnerables a la exposici\u00f3n de informaci\u00f3n del usuario a usuarios autenticados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "cret@cert.org",
"type": "Secondary",
@ -28,10 +61,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cert:vince:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.9",
"matchCriteriaId": "2518DB5A-BCCA-42BD-9E24-D283F33423B1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/CERTCC/VINCE/",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

71
CVE-2024/CVE-2024-105xx/CVE-2024-10506.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10506",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T03:15:03.490",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:22:39.830",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074BD804-92B2-445A-9A77-DE019D9E8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/xxx-www/cve/blob/main/sql8.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282447",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282447",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.432688",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

66
CVE-2024/CVE-2024-105xx/CVE-2024-10507.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10507",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T03:15:03.777",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:23:56.073",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codezips:free_exam_hall_seating_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99C348E9-6BBF-4FC8-A2B8-3ED70BA03131"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ppp-src/CVE/issues/26",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282448",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282448",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.432719",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2024/CVE-2024-105xx/CVE-2024-10596.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10596",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T21:15:15.647",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:20:13.623",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en ESAFENET CDG 5. Se ha calificado como cr\u00edtica. Este problema afecta a la funci\u00f3n delEntryptPolicySort del archivo /com/esafenet/servlet/system/EncryptPolicyTypeService.java. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*",
"matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74"
}
]
}
]
}
],
"references": [
{
"url": "https://flowus.cn/share/0c59c0ea-9624-42b5-9e06-66fab39b773c?code=G8A6P3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.282608",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282608",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431307",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2024/CVE-2024-106xx/CVE-2024-10605.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10605",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T00:15:03.243",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:22:08.017",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /file/request.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en code-projects Blood Bank Management System 1.0. Se ha clasificado como problem\u00e1tica. Afecta a una parte desconocida del archivo /file/request.php. La manipulaci\u00f3n conduce a cross-site request forgery. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074BD804-92B2-445A-9A77-DE019D9E8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/bevennyamande/receiver_request_sample_csrf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282615",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282615",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.434756",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

85
CVE-2024/CVE-2024-106xx/CVE-2024-10607.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10607",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T01:15:12.153",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:21:46.193",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects Courier Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /track-result.php. La manipulaci\u00f3n del argumento Consignment conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -105,6 +129,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +150,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carmelogarcia:courier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A68C07-333F-4BBA-84AE-DB7B0FE774EC"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/yanhuoshanjin/cve/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282616",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282616",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.434773",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2024/CVE-2024-106xx/CVE-2024-10608.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10608",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T01:15:12.430",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:21:34.407",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects Courier Management System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /login.php. La manipulaci\u00f3n del argumento txtusername provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carmelogarcia:courier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A68C07-333F-4BBA-84AE-DB7B0FE774EC"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/AXUyaku/cve/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282617",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282617",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.434785",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2024/CVE-2024-106xx/CVE-2024-10609.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10609",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T01:15:12.690",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:22:22.030",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System Project 1.0. This affects an unknown part of the file typeadd.php. The manipulation of the argument sex leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en itsourcecode Tailoring Management System Project 1.0. Afecta a una parte desconocida del archivo typeadd.php. La manipulaci\u00f3n del argumento sex provoca inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:angeljudesuarez:tailoring_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D27827-5554-4FAB-8460-52599930F4FF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Lanxiy7th/lx_CVE_report-/issues/17",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://itsourcecode.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282621",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282621",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.434841",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2024/CVE-2024-106xx/CVE-2024-10610.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10610",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T02:15:03.180",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:21:09.913",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en ESAFENET CDG 5 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n delProtocol del archivo /com/esafenet/servlet/system/ProtocolService.java. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*",
"matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74"
}
]
}
]
}
],
"references": [
{
"url": "https://flowus.cn/share/0099e10a-5242-4651-a85a-5e8f98abc533?code=G8A6P3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.282622",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282622",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431326",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2024/CVE-2024-106xx/CVE-2024-10611.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10611",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T02:15:03.533",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:20:27.870",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ESAFENET CDG 5 and classified as critical. This issue affects the function delProtocol of the file /com/esafenet/servlet/system/PrintScreenListService.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en ESAFENET CDG 5 y se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n delProtocol del archivo /com/esafenet/servlet/system/PrintScreenListService.java. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*",
"matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74"
}
]
}
]
}
],
"references": [
{
"url": "https://flowus.cn/share/9967b626-9a33-42f9-b8d2-d001b2a0b24a?code=G8A6P3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.282623",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282623",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431327",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2024/CVE-2024-106xx/CVE-2024-10612.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10612",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T03:15:02.617",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:20:43.557",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function removeHookInvalidCourse of the file /com/esafenet/servlet/system/HookInvalidCourseService.java. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en ESAFENET CDG 5. Se ha clasificado como cr\u00edtica. La funci\u00f3n removeHookInvalidCourse del archivo /com/esafenet/servlet/system/HookInvalidCourseService.java est\u00e1 afectada. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*",
"matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74"
}
]
}
]
}
],
"references": [
{
"url": "https://flowus.cn/share/ba7e7981-c66b-4d04-8fed-6d26b6765fe7?code=G8A6P3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.282624",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282624",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431328",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2024/CVE-2024-106xx/CVE-2024-10613.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10613",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T03:15:02.903",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:20:53.430",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/system/SystemEncryptPolicyService.java. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en ESAFENET CDG 5. Se ha declarado como cr\u00edtica. La funci\u00f3n delSystemEncryptPolicy del archivo /com/esafenet/servlet/system/SystemEncryptPolicyService.java se ve afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*",
"matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74"
}
]
}
]
}
],
"references": [
{
"url": "https://flowus.cn/share/b73c3e0f-21ff-4026-84ec-be60bcbd5bfc?code=G8A6P3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.282625",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282625",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431329",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

8
CVE-2024/CVE-2024-106xx/CVE-2024-10687.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10687",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T10:15:24.760",
"lastModified": "2024-11-05T10:15:24.760",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": " El complemento Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons para WordPress es vulnerable a la inyecci\u00f3n SQL basada en tiempo a trav\u00e9s del par\u00e1metro $collectedIds en todas las versiones hasta la 24.0.3 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

74
CVE-2024/CVE-2024-107xx/CVE-2024-10701.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10701",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-02T18:15:03.057",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:52:44.937",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en PHPGurukul Car Rental Portal 1.0. Se ha calificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del archivo /search.php. La manipulaci\u00f3n del argumento searchdata provoca cross site scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:car_rental_portal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93DD93F-20B4-4C19-AD78-14359061EB19"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Car%20Rental%20Portal%203.0%20-%20(search.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282869",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282869",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.435179",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

74
CVE-2024/CVE-2024-107xx/CVE-2024-10702.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10702",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-02T18:15:03.363",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:52:11.193",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Simple Car Rental System 1.0. Se ve afectada una funci\u00f3n desconocida del archivo /signup.php. La manipulaci\u00f3n del argumento fname provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabinros:simple_car_rental_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA148FF-0DFE-4194-B67D-37D10F6CE4F4"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/imTedCao/cve/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282870",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282870",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.435233",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

8
CVE-2024/CVE-2024-107xx/CVE-2024-10711.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10711",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T09:15:03.667",
"lastModified": "2024-11-05T09:15:03.667",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento WooCommerce Report para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.5.1 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n de actualizaci\u00f3n de configuraciones. Esto permite que atacantes no autenticados actualicen opciones arbitrarias que se pueden aprovechar para la escalada de privilegios a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2024/CVE-2024-107xx/CVE-2024-10768.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10768",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T19:15:05.743",
"lastModified": "2024-11-04T19:15:05.743",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en PHPGurukul Online Shopping Portal 2.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. La manipulaci\u00f3n del argumento scripts conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-107xx/CVE-2024-10791.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10791",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T20:15:04.580",
"lastModified": "2024-11-04T20:15:04.580",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file and parameter names to be affected."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad que se ha clasificado como cr\u00edtica en Codezips Hospital Appointment System 1.0. Este problema afecta a algunos procesos desconocidos del archivo /doctorAction.php. La manipulaci\u00f3n del argumento Name provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores menciona nombres de archivos y par\u00e1metros contradictorios que se ver\u00e1n afectados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-108xx/CVE-2024-10805.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10805",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T23:15:03.967",
"lastModified": "2024-11-04T23:15:03.967",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions a confusing product name to be affected. Other parameters might be affected as well."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en el University Event Management System 1.0. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del archivo doedit.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores menciona que el nombre del producto afectado puede resultar confuso. Tambi\u00e9n podr\u00edan verse afectados otros par\u00e1metros."
}
],
"metrics": {

8
CVE-2024/CVE-2024-108xx/CVE-2024-10806.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10806",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T01:15:03.100",
"lastModified": "2024-11-05T01:15:03.100",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en PHPGurukul Hospital Management System 4.0. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo betweendates-detailsreports.php. La manipulaci\u00f3n del argumento fromdate/todate provoca cross site scripting. El ataque se puede iniciar de forma remota. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-108xx/CVE-2024-10807.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10807",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T02:15:03.407",
"lastModified": "2024-11-05T02:15:03.407",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en PHPGurukul Hospital Management System 4.0. Se ha calificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del archivo hms/doctor/search.php. La manipulaci\u00f3n del argumento searchdata conduce a cross site scripting. El ataque puede iniciarse de forma remota. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-108xx/CVE-2024-10808.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10808",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T02:15:03.700",
"lastModified": "2024-11-05T02:15:03.700",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file Admin/req_detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects E-Health Care System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo Admin/req_detail.php. La manipulaci\u00f3n del argumento id conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-108xx/CVE-2024-10809.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10809",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T02:15:03.980",
"lastModified": "2024-11-05T02:15:03.980",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"name\" to be affected. But it must be assumed that the parameter \"message\" is affected as well."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en code-projects E-Health Care System 1.0 y se ha clasificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /Doctor/chat.php. La manipulaci\u00f3n del argumento name/message conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El aviso inicial para investigadores solo menciona el par\u00e1metro \"name\" que se ver\u00e1 afectado, pero se debe asumir que el par\u00e1metro \"message\" tambi\u00e9n se ver\u00e1 afectado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-108xx/CVE-2024-10810.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10810",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T02:15:04.250",
"lastModified": "2024-11-05T02:15:04.250",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file Doctor/app_request.php. The manipulation of the argument app_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects E-Health Care System 1.0. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo Doctor/app_request.php. La manipulaci\u00f3n del argumento app_id provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

4
CVE-2024/CVE-2024-108xx/CVE-2024-10840.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10840",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T13:15:03.443",
"lastModified": "2024-11-05T13:15:03.443",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-108xx/CVE-2024-10841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10841",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T14:15:14.220",
"lastModified": "2024-11-05T14:15:14.220",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-108xx/CVE-2024-10842.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10842",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T14:15:14.543",
"lastModified": "2024-11-05T14:15:14.543",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

145
CVE-2024/CVE-2024-108xx/CVE-2024-10844.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2024-10844",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T15:15:22.337",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file search.php. The manipulation of the argument s leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-707"
},
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/sbm-98/CVE/issues/1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.283089",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.283089",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.436969",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2024/CVE-2024-108xx/CVE-2024-10845.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2024-10845",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T15:15:22.620",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-707"
},
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/hbuzs/CVE/issues/3",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.283090",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.283090",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.436999",
"source": "cna@vuldb.com"
}
]
}

39
CVE-2024/CVE-2024-15xx/CVE-2024-1546.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1546",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.477",
"lastModified": "2024-03-04T09:15:37.650",
"lastModified": "2024-11-05T16:35:09.393",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Al almacenar y volver a acceder a datos en un canal de red, es posible que se haya confundido la longitud de los bufferse, lo que resulta en una lectura de memoria fuera de los l\u00edmites. Esta vulnerabilidad afecta a Firefox < 123, Firefox ESR < 115.8 y Thunderbird < 115.8."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843752",

39
CVE-2024/CVE-2024-16xx/CVE-2024-1676.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1676",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.580",
"lastModified": "2024-02-26T16:27:52.910",
"lastModified": "2024-11-05T16:35:10.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La implementaci\u00f3n inadecuada en la navegaci\u00f3n en Google Chrome anterior a 122.0.6261.57 permiti\u00f3 a un atacante remoto falsificar la interfaz de usuario de seguridad a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: baja)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html",

506
CVE-2024/CVE-2024-203xx/CVE-2024-20372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20372",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-23T18:15:05.863",
"lastModified": "2024-10-25T12:56:36.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:04:41.993",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -51,10 +81,480 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB01FA17-68F7-47E6-9D94-AC3C290F62AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08F0F58D-C859-400F-88D4-38C84584BACF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73D28E1C-B26F-4BD8-8F21-2AFA1E1B881D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF3D576-7922-4FB4-9C8B-2E31E29A4FEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE852669-316E-4710-A964-91B17CBA75FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D64651BA-33A1-4DD9-B23C-577543D45534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E44687A2-D460-4CD7-91E1-4535B4A71698"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4C312686-8739-4B48-9476-3D65200B3216"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "059D7FFF-94B6-400A-A939-498BDBB18FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4204464-BF24-4596-8AE2-4D98EC817234"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0B67CC-FFEA-4A22-A79F-6DB1C826CECE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "13744A3B-7F48-49B1-8263-012456E27ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0CC829-ED28-435B-9826-6CDB4BB2F0EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1732AC85-09E3-43E2-B624-87E537EB6F03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "85986C19-4819-4F02-9873-A42D4277D3A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "11BEDD8B-DB02-4E8D-B2BF-2B7BE190AF6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E13E7F-BDA9-49DF-BA43-CB812BC0D384"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "47FDAAB6-EC1B-4759-8B8A-55748C39AFFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C97C0B-509E-4AE2-9EDB-BDC0436E05A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA61E6F5-FFFD-4D4E-9AA3-94F827A79F4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80EC515D-6051-472A-92F4-ED4385FEDEC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E83830-B9CA-425D-BFD3-7F8FD1114950"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91F862F9-40FE-42E9-86B2-BD9350B118D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "857A0C11-1456-4F1A-A812-E93B829F13DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "93828989-2731-4DCE-9FBB-5ABB5A660A9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "83B99522-B80A-4998-971B-F3C45EB104F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F286FD7B-E588-4DCC-B41F-AD9E4A49B8ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3908BF04-0869-4F4D-9BC4-411F56AC8092"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "227799AC-75DF-4B3F-A7EF-063D8D8C2EC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FB72A64E-7B19-4A96-809C-287E391DFA44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4630DEB7-BEE7-4247-9536-C35887A807C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7BC07A-1C33-46FB-9ABF-C98A46BE6AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B8077-2DD6-491F-9F0E-D977E7A4AB08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD4CD3-FBF1-43BC-A14F-6375E4B784AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5662EBCF-13F5-4CE6-8E3D-B23B73AF4633"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "817E7CDB-5CDC-44A9-92D0-4364A08302BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9A95D8B6-2D90-4EA8-B468-356EB396A273"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDEF2CC-D485-4E66-9818-7C9740F37840"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30AE7CB7-86F5-4B80-9179-1C2DF4E8E7B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1931C431-3452-4FE1-870A-16700553BDAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "490C91AC-9437-43DA-99AF-0DF8A0E5EEB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22913221-9B69-451A-8442-C65091DFAFD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1488A64D-E0ED-4E88-92E9-D8E38A2CB080"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF58049-7F1B-425B-A2A7-5974080625F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA72515-66E1-4811-ADDA-B2F9B6A4B737"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "606C631F-5A30-4A07-A761-29B31D09C66A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA2A011-FAE4-4741-AA37-1F4F17471381"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B57A678-E534-472C-8B45-F6A1E027248C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D748B16-1C2A-4E00-807F-647569C271D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853866E2-1BCC-4A81-907A-ABA8648D8C57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0B5925-0336-4F56-9D9A-777687DF3B22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F406CDA3-08B9-4C13-B6F5-C83978239623"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "108BFA85-BB6B-420A-911D-B2731CB05289"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEE4092-0EAD-48DA-92EB-82DD4EB43E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8DF2E2-848A-4616-AEF0-1EFE68A900C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "387E34BD-913B-4CB7-9230-81B283E92A9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE8B3DC-9865-4845-B989-FB41D6FE085E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98B2C9-2F78-4DB5-97D7-78D584CEBE87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44CEED06-6E18-4961-BD69-8BF3E7A6D59C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D815D562-D60A-4AD1-9243-8167B244882E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA91AC4A-77D5-4C41-BD63-4E8F3BA4FF84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5808D1C-6D6E-403D-8904-147B66B50385"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9A750B-7C84-484C-94F3-FB66EF6296E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62950A6C-8467-4215-BCD1-010B8C491714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D97494F-BA89-4E95-A01F-C2CE02505A27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21D28D33-2B3C-4695-9137-7C4AC6BA2D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCA8FE8-D0BC-4B6C-8E15-0DC5D0EF515F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62213974-B025-4A76-87CD-025C84389A2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A876A2A0-0973-481C-A63A-1A5761015308"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6671431-4FE3-4D7D-9F46-445A1A6B7EEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2757987-7648-4BE1-AE91-99F1FC95C8C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "841C3C05-7289-46CC-A610-5A5BFC81FD42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91599B30-27D5-450A-A565-A65BF940C30C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "71802FFD-A173-4F21-87C8-495D8F95A176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CD6DE-EE1E-4FF4-8DF5-7F9DA36AFCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EF1B4E-3E42-4C42-9981-2BC17F22BA2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E26E7E-F6D8-4A89-85F7-42FCB0E37AD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A7E707-6CBB-42E3-BE90-72E835156DB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB537CA-0E37-471E-8DD3-7710A443224A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9022BCA-EDBF-4FD1-B427-573CA07E5134"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA0BE4-B06D-45AE-9C9D-280F1BFA7EDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B79ABCC-C95B-45AB-BE9D-454BD8174651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FD7D25-704B-47EB-AF36-DC684AD07807"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D33E431-39F5-4F73-99A1-19A05A594C90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6F69A3-E15F-43C9-8B9C-A30E057C4FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "602535DE-ED32-4805-85EF-940955459B34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17727E39-1612-4433-AC23-CBC852B392C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5894CEC-AB1C-44F2-A977-FE74897A24A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "579DC0CE-1CEA-449F-BF76-AD7087573ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3E28C0-675B-4C30-B248-BE1EB5E961C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7E7A89-A9CA-45DA-8378-A50B1F9D260E"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

506
CVE-2024/CVE-2024-203xx/CVE-2024-20386.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20386",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-23T18:15:07.257",
"lastModified": "2024-10-25T12:56:36.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:05:58.833",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -51,10 +81,480 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB01FA17-68F7-47E6-9D94-AC3C290F62AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08F0F58D-C859-400F-88D4-38C84584BACF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73D28E1C-B26F-4BD8-8F21-2AFA1E1B881D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF3D576-7922-4FB4-9C8B-2E31E29A4FEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE852669-316E-4710-A964-91B17CBA75FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D64651BA-33A1-4DD9-B23C-577543D45534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E44687A2-D460-4CD7-91E1-4535B4A71698"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4C312686-8739-4B48-9476-3D65200B3216"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "059D7FFF-94B6-400A-A939-498BDBB18FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4204464-BF24-4596-8AE2-4D98EC817234"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0B67CC-FFEA-4A22-A79F-6DB1C826CECE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "13744A3B-7F48-49B1-8263-012456E27ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0CC829-ED28-435B-9826-6CDB4BB2F0EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1732AC85-09E3-43E2-B624-87E537EB6F03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "85986C19-4819-4F02-9873-A42D4277D3A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "11BEDD8B-DB02-4E8D-B2BF-2B7BE190AF6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E13E7F-BDA9-49DF-BA43-CB812BC0D384"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "47FDAAB6-EC1B-4759-8B8A-55748C39AFFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C97C0B-509E-4AE2-9EDB-BDC0436E05A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA61E6F5-FFFD-4D4E-9AA3-94F827A79F4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80EC515D-6051-472A-92F4-ED4385FEDEC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E83830-B9CA-425D-BFD3-7F8FD1114950"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91F862F9-40FE-42E9-86B2-BD9350B118D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "857A0C11-1456-4F1A-A812-E93B829F13DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "93828989-2731-4DCE-9FBB-5ABB5A660A9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "83B99522-B80A-4998-971B-F3C45EB104F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F286FD7B-E588-4DCC-B41F-AD9E4A49B8ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3908BF04-0869-4F4D-9BC4-411F56AC8092"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "227799AC-75DF-4B3F-A7EF-063D8D8C2EC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FB72A64E-7B19-4A96-809C-287E391DFA44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4630DEB7-BEE7-4247-9536-C35887A807C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7BC07A-1C33-46FB-9ABF-C98A46BE6AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B8077-2DD6-491F-9F0E-D977E7A4AB08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD4CD3-FBF1-43BC-A14F-6375E4B784AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5662EBCF-13F5-4CE6-8E3D-B23B73AF4633"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "817E7CDB-5CDC-44A9-92D0-4364A08302BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9A95D8B6-2D90-4EA8-B468-356EB396A273"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDEF2CC-D485-4E66-9818-7C9740F37840"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30AE7CB7-86F5-4B80-9179-1C2DF4E8E7B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1931C431-3452-4FE1-870A-16700553BDAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "490C91AC-9437-43DA-99AF-0DF8A0E5EEB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22913221-9B69-451A-8442-C65091DFAFD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1488A64D-E0ED-4E88-92E9-D8E38A2CB080"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF58049-7F1B-425B-A2A7-5974080625F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA72515-66E1-4811-ADDA-B2F9B6A4B737"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "606C631F-5A30-4A07-A761-29B31D09C66A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA2A011-FAE4-4741-AA37-1F4F17471381"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B57A678-E534-472C-8B45-F6A1E027248C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D748B16-1C2A-4E00-807F-647569C271D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853866E2-1BCC-4A81-907A-ABA8648D8C57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0B5925-0336-4F56-9D9A-777687DF3B22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F406CDA3-08B9-4C13-B6F5-C83978239623"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "108BFA85-BB6B-420A-911D-B2731CB05289"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEE4092-0EAD-48DA-92EB-82DD4EB43E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8DF2E2-848A-4616-AEF0-1EFE68A900C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "387E34BD-913B-4CB7-9230-81B283E92A9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE8B3DC-9865-4845-B989-FB41D6FE085E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98B2C9-2F78-4DB5-97D7-78D584CEBE87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44CEED06-6E18-4961-BD69-8BF3E7A6D59C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D815D562-D60A-4AD1-9243-8167B244882E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA91AC4A-77D5-4C41-BD63-4E8F3BA4FF84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5808D1C-6D6E-403D-8904-147B66B50385"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9A750B-7C84-484C-94F3-FB66EF6296E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62950A6C-8467-4215-BCD1-010B8C491714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D97494F-BA89-4E95-A01F-C2CE02505A27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21D28D33-2B3C-4695-9137-7C4AC6BA2D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCA8FE8-D0BC-4B6C-8E15-0DC5D0EF515F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62213974-B025-4A76-87CD-025C84389A2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A876A2A0-0973-481C-A63A-1A5761015308"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6671431-4FE3-4D7D-9F46-445A1A6B7EEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2757987-7648-4BE1-AE91-99F1FC95C8C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "841C3C05-7289-46CC-A610-5A5BFC81FD42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91599B30-27D5-450A-A565-A65BF940C30C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "71802FFD-A173-4F21-87C8-495D8F95A176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CD6DE-EE1E-4FF4-8DF5-7F9DA36AFCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EF1B4E-3E42-4C42-9981-2BC17F22BA2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E26E7E-F6D8-4A89-85F7-42FCB0E37AD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A7E707-6CBB-42E3-BE90-72E835156DB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB537CA-0E37-471E-8DD3-7710A443224A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9022BCA-EDBF-4FD1-B427-573CA07E5134"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA0BE4-B06D-45AE-9C9D-280F1BFA7EDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B79ABCC-C95B-45AB-BE9D-454BD8174651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FD7D25-704B-47EB-AF36-DC684AD07807"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D33E431-39F5-4F73-99A1-19A05A594C90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6F69A3-E15F-43C9-8B9C-A30E057C4FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "602535DE-ED32-4805-85EF-940955459B34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17727E39-1612-4433-AC23-CBC852B392C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5894CEC-AB1C-44F2-A977-FE74897A24A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "579DC0CE-1CEA-449F-BF76-AD7087573ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3E28C0-675B-4C30-B248-BE1EB5E961C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7E7A89-A9CA-45DA-8378-A50B1F9D260E"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

241
CVE-2024/CVE-2024-203xx/CVE-2024-20387.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20387",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-23T18:15:07.480",
"lastModified": "2024-10-25T12:56:36.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:00:54.777",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -51,10 +81,215 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "47FDAAB6-EC1B-4759-8B8A-55748C39AFFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C97C0B-509E-4AE2-9EDB-BDC0436E05A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B8077-2DD6-491F-9F0E-D977E7A4AB08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD4CD3-FBF1-43BC-A14F-6375E4B784AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5662EBCF-13F5-4CE6-8E3D-B23B73AF4633"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "817E7CDB-5CDC-44A9-92D0-4364A08302BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9A95D8B6-2D90-4EA8-B468-356EB396A273"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDEF2CC-D485-4E66-9818-7C9740F37840"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30AE7CB7-86F5-4B80-9179-1C2DF4E8E7B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1931C431-3452-4FE1-870A-16700553BDAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "490C91AC-9437-43DA-99AF-0DF8A0E5EEB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22913221-9B69-451A-8442-C65091DFAFD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1488A64D-E0ED-4E88-92E9-D8E38A2CB080"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF58049-7F1B-425B-A2A7-5974080625F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA72515-66E1-4811-ADDA-B2F9B6A4B737"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "606C631F-5A30-4A07-A761-29B31D09C66A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA2A011-FAE4-4741-AA37-1F4F17471381"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B57A678-E534-472C-8B45-F6A1E027248C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D748B16-1C2A-4E00-807F-647569C271D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9A750B-7C84-484C-94F3-FB66EF6296E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62950A6C-8467-4215-BCD1-010B8C491714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D97494F-BA89-4E95-A01F-C2CE02505A27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EF1B4E-3E42-4C42-9981-2BC17F22BA2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E26E7E-F6D8-4A89-85F7-42FCB0E37AD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A7E707-6CBB-42E3-BE90-72E835156DB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB537CA-0E37-471E-8DD3-7710A443224A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9022BCA-EDBF-4FD1-B427-573CA07E5134"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA0BE4-B06D-45AE-9C9D-280F1BFA7EDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B79ABCC-C95B-45AB-BE9D-454BD8174651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FD7D25-704B-47EB-AF36-DC684AD07807"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D33E431-39F5-4F73-99A1-19A05A594C90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6F69A3-E15F-43C9-8B9C-A30E057C4FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "602535DE-ED32-4805-85EF-940955459B34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17727E39-1612-4433-AC23-CBC852B392C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5894CEC-AB1C-44F2-A977-FE74897A24A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "579DC0CE-1CEA-449F-BF76-AD7087573ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3E28C0-675B-4C30-B248-BE1EB5E961C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7E7A89-A9CA-45DA-8378-A50B1F9D260E"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

581
CVE-2024/CVE-2024-203xx/CVE-2024-20388.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20388",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-23T18:15:07.697",
"lastModified": "2024-10-25T12:56:36.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:07:36.680",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -51,10 +81,555 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB01FA17-68F7-47E6-9D94-AC3C290F62AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08F0F58D-C859-400F-88D4-38C84584BACF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73D28E1C-B26F-4BD8-8F21-2AFA1E1B881D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF3D576-7922-4FB4-9C8B-2E31E29A4FEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE852669-316E-4710-A964-91B17CBA75FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D64651BA-33A1-4DD9-B23C-577543D45534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E44687A2-D460-4CD7-91E1-4535B4A71698"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4C312686-8739-4B48-9476-3D65200B3216"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "059D7FFF-94B6-400A-A939-498BDBB18FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4204464-BF24-4596-8AE2-4D98EC817234"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0B67CC-FFEA-4A22-A79F-6DB1C826CECE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "13744A3B-7F48-49B1-8263-012456E27ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0CC829-ED28-435B-9826-6CDB4BB2F0EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1732AC85-09E3-43E2-B624-87E537EB6F03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "85986C19-4819-4F02-9873-A42D4277D3A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "11BEDD8B-DB02-4E8D-B2BF-2B7BE190AF6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E13E7F-BDA9-49DF-BA43-CB812BC0D384"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "47FDAAB6-EC1B-4759-8B8A-55748C39AFFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C97C0B-509E-4AE2-9EDB-BDC0436E05A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA61E6F5-FFFD-4D4E-9AA3-94F827A79F4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80EC515D-6051-472A-92F4-ED4385FEDEC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E83830-B9CA-425D-BFD3-7F8FD1114950"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91F862F9-40FE-42E9-86B2-BD9350B118D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "857A0C11-1456-4F1A-A812-E93B829F13DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "93828989-2731-4DCE-9FBB-5ABB5A660A9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "83B99522-B80A-4998-971B-F3C45EB104F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F286FD7B-E588-4DCC-B41F-AD9E4A49B8ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3908BF04-0869-4F4D-9BC4-411F56AC8092"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "227799AC-75DF-4B3F-A7EF-063D8D8C2EC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FB72A64E-7B19-4A96-809C-287E391DFA44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4630DEB7-BEE7-4247-9536-C35887A807C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7BC07A-1C33-46FB-9ABF-C98A46BE6AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B8077-2DD6-491F-9F0E-D977E7A4AB08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD4CD3-FBF1-43BC-A14F-6375E4B784AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5662EBCF-13F5-4CE6-8E3D-B23B73AF4633"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "817E7CDB-5CDC-44A9-92D0-4364A08302BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9A95D8B6-2D90-4EA8-B468-356EB396A273"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDEF2CC-D485-4E66-9818-7C9740F37840"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30AE7CB7-86F5-4B80-9179-1C2DF4E8E7B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1931C431-3452-4FE1-870A-16700553BDAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "490C91AC-9437-43DA-99AF-0DF8A0E5EEB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22913221-9B69-451A-8442-C65091DFAFD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1488A64D-E0ED-4E88-92E9-D8E38A2CB080"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF58049-7F1B-425B-A2A7-5974080625F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA72515-66E1-4811-ADDA-B2F9B6A4B737"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "606C631F-5A30-4A07-A761-29B31D09C66A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA2A011-FAE4-4741-AA37-1F4F17471381"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B57A678-E534-472C-8B45-F6A1E027248C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D748B16-1C2A-4E00-807F-647569C271D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853866E2-1BCC-4A81-907A-ABA8648D8C57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0B5925-0336-4F56-9D9A-777687DF3B22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F406CDA3-08B9-4C13-B6F5-C83978239623"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "108BFA85-BB6B-420A-911D-B2731CB05289"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEE4092-0EAD-48DA-92EB-82DD4EB43E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8DF2E2-848A-4616-AEF0-1EFE68A900C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "387E34BD-913B-4CB7-9230-81B283E92A9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE8B3DC-9865-4845-B989-FB41D6FE085E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98B2C9-2F78-4DB5-97D7-78D584CEBE87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44CEED06-6E18-4961-BD69-8BF3E7A6D59C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D815D562-D60A-4AD1-9243-8167B244882E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA91AC4A-77D5-4C41-BD63-4E8F3BA4FF84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5808D1C-6D6E-403D-8904-147B66B50385"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9A750B-7C84-484C-94F3-FB66EF6296E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62950A6C-8467-4215-BCD1-010B8C491714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D97494F-BA89-4E95-A01F-C2CE02505A27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21D28D33-2B3C-4695-9137-7C4AC6BA2D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCA8FE8-D0BC-4B6C-8E15-0DC5D0EF515F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62213974-B025-4A76-87CD-025C84389A2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A876A2A0-0973-481C-A63A-1A5761015308"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6671431-4FE3-4D7D-9F46-445A1A6B7EEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2757987-7648-4BE1-AE91-99F1FC95C8C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "841C3C05-7289-46CC-A610-5A5BFC81FD42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91599B30-27D5-450A-A565-A65BF940C30C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "71802FFD-A173-4F21-87C8-495D8F95A176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CD6DE-EE1E-4FF4-8DF5-7F9DA36AFCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EF1B4E-3E42-4C42-9981-2BC17F22BA2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E26E7E-F6D8-4A89-85F7-42FCB0E37AD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A7E707-6CBB-42E3-BE90-72E835156DB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB537CA-0E37-471E-8DD3-7710A443224A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9022BCA-EDBF-4FD1-B427-573CA07E5134"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA0BE4-B06D-45AE-9C9D-280F1BFA7EDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B79ABCC-C95B-45AB-BE9D-454BD8174651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FD7D25-704B-47EB-AF36-DC684AD07807"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D33E431-39F5-4F73-99A1-19A05A594C90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6F69A3-E15F-43C9-8B9C-A30E057C4FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "602535DE-ED32-4805-85EF-940955459B34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17727E39-1612-4433-AC23-CBC852B392C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5894CEC-AB1C-44F2-A977-FE74897A24A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "579DC0CE-1CEA-449F-BF76-AD7087573ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3E28C0-675B-4C30-B248-BE1EB5E961C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7E7A89-A9CA-45DA-8378-A50B1F9D260E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24CD0B0A-2B91-45DD-9522-8D1D3850CC9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A5530C-DF29-421B-9712-3454C1769446"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B05791F9-0B31-4C4C-A9BA-9268CAA45FB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D7AF29-4E08-4BFD-AFE0-994309E66F08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E3A5DC-A237-46E4-A4E5-F135482F984A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE51492-8C9B-459E-9F80-64F426009905"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FE024D-0D43-40AD-9645-8C54ECF17824"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D46E2E00-BA86-4002-B67B-2C1A6C1AAAE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "596EC5DD-D7F4-44C8-B4B5-E2DC142FC486"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A3B6F-DDAB-4A2F-8430-9E1F352D755F"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

511
CVE-2024/CVE-2024-204xx/CVE-2024-20403.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20403",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-23T18:15:08.193",
"lastModified": "2024-10-25T12:56:36.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:12:02.493",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -51,10 +81,485 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB01FA17-68F7-47E6-9D94-AC3C290F62AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08F0F58D-C859-400F-88D4-38C84584BACF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73D28E1C-B26F-4BD8-8F21-2AFA1E1B881D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF3D576-7922-4FB4-9C8B-2E31E29A4FEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE852669-316E-4710-A964-91B17CBA75FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D64651BA-33A1-4DD9-B23C-577543D45534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E44687A2-D460-4CD7-91E1-4535B4A71698"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4C312686-8739-4B48-9476-3D65200B3216"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "059D7FFF-94B6-400A-A939-498BDBB18FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4204464-BF24-4596-8AE2-4D98EC817234"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0B67CC-FFEA-4A22-A79F-6DB1C826CECE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "13744A3B-7F48-49B1-8263-012456E27ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0CC829-ED28-435B-9826-6CDB4BB2F0EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1732AC85-09E3-43E2-B624-87E537EB6F03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "85986C19-4819-4F02-9873-A42D4277D3A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "11BEDD8B-DB02-4E8D-B2BF-2B7BE190AF6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E13E7F-BDA9-49DF-BA43-CB812BC0D384"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "47FDAAB6-EC1B-4759-8B8A-55748C39AFFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C97C0B-509E-4AE2-9EDB-BDC0436E05A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA61E6F5-FFFD-4D4E-9AA3-94F827A79F4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80EC515D-6051-472A-92F4-ED4385FEDEC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E83830-B9CA-425D-BFD3-7F8FD1114950"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91F862F9-40FE-42E9-86B2-BD9350B118D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "857A0C11-1456-4F1A-A812-E93B829F13DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "93828989-2731-4DCE-9FBB-5ABB5A660A9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "83B99522-B80A-4998-971B-F3C45EB104F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F286FD7B-E588-4DCC-B41F-AD9E4A49B8ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3908BF04-0869-4F4D-9BC4-411F56AC8092"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "227799AC-75DF-4B3F-A7EF-063D8D8C2EC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FB72A64E-7B19-4A96-809C-287E391DFA44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4630DEB7-BEE7-4247-9536-C35887A807C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7BC07A-1C33-46FB-9ABF-C98A46BE6AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B8077-2DD6-491F-9F0E-D977E7A4AB08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD4CD3-FBF1-43BC-A14F-6375E4B784AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5662EBCF-13F5-4CE6-8E3D-B23B73AF4633"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "817E7CDB-5CDC-44A9-92D0-4364A08302BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9A95D8B6-2D90-4EA8-B468-356EB396A273"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDEF2CC-D485-4E66-9818-7C9740F37840"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30AE7CB7-86F5-4B80-9179-1C2DF4E8E7B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1931C431-3452-4FE1-870A-16700553BDAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "490C91AC-9437-43DA-99AF-0DF8A0E5EEB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22913221-9B69-451A-8442-C65091DFAFD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1488A64D-E0ED-4E88-92E9-D8E38A2CB080"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF58049-7F1B-425B-A2A7-5974080625F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA72515-66E1-4811-ADDA-B2F9B6A4B737"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "606C631F-5A30-4A07-A761-29B31D09C66A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA2A011-FAE4-4741-AA37-1F4F17471381"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B57A678-E534-472C-8B45-F6A1E027248C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D748B16-1C2A-4E00-807F-647569C271D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853866E2-1BCC-4A81-907A-ABA8648D8C57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0B5925-0336-4F56-9D9A-777687DF3B22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F406CDA3-08B9-4C13-B6F5-C83978239623"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "108BFA85-BB6B-420A-911D-B2731CB05289"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEE4092-0EAD-48DA-92EB-82DD4EB43E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8DF2E2-848A-4616-AEF0-1EFE68A900C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "387E34BD-913B-4CB7-9230-81B283E92A9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE8B3DC-9865-4845-B989-FB41D6FE085E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98B2C9-2F78-4DB5-97D7-78D584CEBE87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44CEED06-6E18-4961-BD69-8BF3E7A6D59C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D815D562-D60A-4AD1-9243-8167B244882E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA91AC4A-77D5-4C41-BD63-4E8F3BA4FF84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5808D1C-6D6E-403D-8904-147B66B50385"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9A750B-7C84-484C-94F3-FB66EF6296E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62950A6C-8467-4215-BCD1-010B8C491714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D97494F-BA89-4E95-A01F-C2CE02505A27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21D28D33-2B3C-4695-9137-7C4AC6BA2D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCA8FE8-D0BC-4B6C-8E15-0DC5D0EF515F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62213974-B025-4A76-87CD-025C84389A2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A876A2A0-0973-481C-A63A-1A5761015308"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6671431-4FE3-4D7D-9F46-445A1A6B7EEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2757987-7648-4BE1-AE91-99F1FC95C8C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "841C3C05-7289-46CC-A610-5A5BFC81FD42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91599B30-27D5-450A-A565-A65BF940C30C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "71802FFD-A173-4F21-87C8-495D8F95A176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CD6DE-EE1E-4FF4-8DF5-7F9DA36AFCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EF1B4E-3E42-4C42-9981-2BC17F22BA2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E26E7E-F6D8-4A89-85F7-42FCB0E37AD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A7E707-6CBB-42E3-BE90-72E835156DB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB537CA-0E37-471E-8DD3-7710A443224A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9022BCA-EDBF-4FD1-B427-573CA07E5134"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA0BE4-B06D-45AE-9C9D-280F1BFA7EDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B79ABCC-C95B-45AB-BE9D-454BD8174651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FD7D25-704B-47EB-AF36-DC684AD07807"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D33E431-39F5-4F73-99A1-19A05A594C90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6F69A3-E15F-43C9-8B9C-A30E057C4FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "602535DE-ED32-4805-85EF-940955459B34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17727E39-1612-4433-AC23-CBC852B392C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5894CEC-AB1C-44F2-A977-FE74897A24A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "579DC0CE-1CEA-449F-BF76-AD7087573ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3E28C0-675B-4C30-B248-BE1EB5E961C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7E7A89-A9CA-45DA-8378-A50B1F9D260E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C02BEA3A-9ED1-4888-B6CF-A38D846E6549"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

511
CVE-2024/CVE-2024-204xx/CVE-2024-20409.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20409",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-23T18:15:08.970",
"lastModified": "2024-10-25T12:56:36.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:11:00.677",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -51,10 +81,485 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB01FA17-68F7-47E6-9D94-AC3C290F62AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08F0F58D-C859-400F-88D4-38C84584BACF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73D28E1C-B26F-4BD8-8F21-2AFA1E1B881D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF3D576-7922-4FB4-9C8B-2E31E29A4FEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE852669-316E-4710-A964-91B17CBA75FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D64651BA-33A1-4DD9-B23C-577543D45534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E44687A2-D460-4CD7-91E1-4535B4A71698"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4C312686-8739-4B48-9476-3D65200B3216"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "059D7FFF-94B6-400A-A939-498BDBB18FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4204464-BF24-4596-8AE2-4D98EC817234"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0B67CC-FFEA-4A22-A79F-6DB1C826CECE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "13744A3B-7F48-49B1-8263-012456E27ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0CC829-ED28-435B-9826-6CDB4BB2F0EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1732AC85-09E3-43E2-B624-87E537EB6F03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "85986C19-4819-4F02-9873-A42D4277D3A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "11BEDD8B-DB02-4E8D-B2BF-2B7BE190AF6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E13E7F-BDA9-49DF-BA43-CB812BC0D384"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "47FDAAB6-EC1B-4759-8B8A-55748C39AFFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C97C0B-509E-4AE2-9EDB-BDC0436E05A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA61E6F5-FFFD-4D4E-9AA3-94F827A79F4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80EC515D-6051-472A-92F4-ED4385FEDEC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E83830-B9CA-425D-BFD3-7F8FD1114950"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91F862F9-40FE-42E9-86B2-BD9350B118D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "857A0C11-1456-4F1A-A812-E93B829F13DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "93828989-2731-4DCE-9FBB-5ABB5A660A9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "83B99522-B80A-4998-971B-F3C45EB104F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F286FD7B-E588-4DCC-B41F-AD9E4A49B8ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3908BF04-0869-4F4D-9BC4-411F56AC8092"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "227799AC-75DF-4B3F-A7EF-063D8D8C2EC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FB72A64E-7B19-4A96-809C-287E391DFA44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4630DEB7-BEE7-4247-9536-C35887A807C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7BC07A-1C33-46FB-9ABF-C98A46BE6AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B8077-2DD6-491F-9F0E-D977E7A4AB08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD4CD3-FBF1-43BC-A14F-6375E4B784AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5662EBCF-13F5-4CE6-8E3D-B23B73AF4633"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "817E7CDB-5CDC-44A9-92D0-4364A08302BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9A95D8B6-2D90-4EA8-B468-356EB396A273"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDEF2CC-D485-4E66-9818-7C9740F37840"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30AE7CB7-86F5-4B80-9179-1C2DF4E8E7B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1931C431-3452-4FE1-870A-16700553BDAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "490C91AC-9437-43DA-99AF-0DF8A0E5EEB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22913221-9B69-451A-8442-C65091DFAFD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1488A64D-E0ED-4E88-92E9-D8E38A2CB080"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF58049-7F1B-425B-A2A7-5974080625F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA72515-66E1-4811-ADDA-B2F9B6A4B737"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "606C631F-5A30-4A07-A761-29B31D09C66A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA2A011-FAE4-4741-AA37-1F4F17471381"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B57A678-E534-472C-8B45-F6A1E027248C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D748B16-1C2A-4E00-807F-647569C271D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853866E2-1BCC-4A81-907A-ABA8648D8C57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0B5925-0336-4F56-9D9A-777687DF3B22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F406CDA3-08B9-4C13-B6F5-C83978239623"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "108BFA85-BB6B-420A-911D-B2731CB05289"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEE4092-0EAD-48DA-92EB-82DD4EB43E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8DF2E2-848A-4616-AEF0-1EFE68A900C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "387E34BD-913B-4CB7-9230-81B283E92A9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE8B3DC-9865-4845-B989-FB41D6FE085E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98B2C9-2F78-4DB5-97D7-78D584CEBE87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44CEED06-6E18-4961-BD69-8BF3E7A6D59C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D815D562-D60A-4AD1-9243-8167B244882E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA91AC4A-77D5-4C41-BD63-4E8F3BA4FF84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5808D1C-6D6E-403D-8904-147B66B50385"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9A750B-7C84-484C-94F3-FB66EF6296E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62950A6C-8467-4215-BCD1-010B8C491714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D97494F-BA89-4E95-A01F-C2CE02505A27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21D28D33-2B3C-4695-9137-7C4AC6BA2D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCA8FE8-D0BC-4B6C-8E15-0DC5D0EF515F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62213974-B025-4A76-87CD-025C84389A2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A876A2A0-0973-481C-A63A-1A5761015308"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6671431-4FE3-4D7D-9F46-445A1A6B7EEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2757987-7648-4BE1-AE91-99F1FC95C8C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "841C3C05-7289-46CC-A610-5A5BFC81FD42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91599B30-27D5-450A-A565-A65BF940C30C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "71802FFD-A173-4F21-87C8-495D8F95A176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CD6DE-EE1E-4FF4-8DF5-7F9DA36AFCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EF1B4E-3E42-4C42-9981-2BC17F22BA2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E26E7E-F6D8-4A89-85F7-42FCB0E37AD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A7E707-6CBB-42E3-BE90-72E835156DB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB537CA-0E37-471E-8DD3-7710A443224A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9022BCA-EDBF-4FD1-B427-573CA07E5134"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA0BE4-B06D-45AE-9C9D-280F1BFA7EDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B79ABCC-C95B-45AB-BE9D-454BD8174651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FD7D25-704B-47EB-AF36-DC684AD07807"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D33E431-39F5-4F73-99A1-19A05A594C90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6F69A3-E15F-43C9-8B9C-A30E057C4FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "602535DE-ED32-4805-85EF-940955459B34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17727E39-1612-4433-AC23-CBC852B392C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5894CEC-AB1C-44F2-A977-FE74897A24A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "579DC0CE-1CEA-449F-BF76-AD7087573ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3E28C0-675B-4C30-B248-BE1EB5E961C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7E7A89-A9CA-45DA-8378-A50B1F9D260E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C02BEA3A-9ED1-4888-B6CF-A38D846E6549"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

506
CVE-2024/CVE-2024-204xx/CVE-2024-20410.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20410",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-23T18:15:09.197",
"lastModified": "2024-10-25T12:56:36.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T16:08:28.547",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -51,10 +81,480 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB01FA17-68F7-47E6-9D94-AC3C290F62AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08F0F58D-C859-400F-88D4-38C84584BACF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73D28E1C-B26F-4BD8-8F21-2AFA1E1B881D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF3D576-7922-4FB4-9C8B-2E31E29A4FEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE852669-316E-4710-A964-91B17CBA75FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D64651BA-33A1-4DD9-B23C-577543D45534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E44687A2-D460-4CD7-91E1-4535B4A71698"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4C312686-8739-4B48-9476-3D65200B3216"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "059D7FFF-94B6-400A-A939-498BDBB18FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4204464-BF24-4596-8AE2-4D98EC817234"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0B67CC-FFEA-4A22-A79F-6DB1C826CECE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "13744A3B-7F48-49B1-8263-012456E27ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0CC829-ED28-435B-9826-6CDB4BB2F0EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1732AC85-09E3-43E2-B624-87E537EB6F03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "85986C19-4819-4F02-9873-A42D4277D3A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "11BEDD8B-DB02-4E8D-B2BF-2B7BE190AF6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E13E7F-BDA9-49DF-BA43-CB812BC0D384"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "47FDAAB6-EC1B-4759-8B8A-55748C39AFFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C97C0B-509E-4AE2-9EDB-BDC0436E05A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA61E6F5-FFFD-4D4E-9AA3-94F827A79F4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80EC515D-6051-472A-92F4-ED4385FEDEC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E83830-B9CA-425D-BFD3-7F8FD1114950"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91F862F9-40FE-42E9-86B2-BD9350B118D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "857A0C11-1456-4F1A-A812-E93B829F13DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "93828989-2731-4DCE-9FBB-5ABB5A660A9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "83B99522-B80A-4998-971B-F3C45EB104F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F286FD7B-E588-4DCC-B41F-AD9E4A49B8ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3908BF04-0869-4F4D-9BC4-411F56AC8092"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "227799AC-75DF-4B3F-A7EF-063D8D8C2EC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FB72A64E-7B19-4A96-809C-287E391DFA44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4630DEB7-BEE7-4247-9536-C35887A807C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7BC07A-1C33-46FB-9ABF-C98A46BE6AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B8077-2DD6-491F-9F0E-D977E7A4AB08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD4CD3-FBF1-43BC-A14F-6375E4B784AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5662EBCF-13F5-4CE6-8E3D-B23B73AF4633"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "817E7CDB-5CDC-44A9-92D0-4364A08302BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9A95D8B6-2D90-4EA8-B468-356EB396A273"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDEF2CC-D485-4E66-9818-7C9740F37840"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30AE7CB7-86F5-4B80-9179-1C2DF4E8E7B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1931C431-3452-4FE1-870A-16700553BDAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "490C91AC-9437-43DA-99AF-0DF8A0E5EEB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22913221-9B69-451A-8442-C65091DFAFD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1488A64D-E0ED-4E88-92E9-D8E38A2CB080"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF58049-7F1B-425B-A2A7-5974080625F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA72515-66E1-4811-ADDA-B2F9B6A4B737"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "606C631F-5A30-4A07-A761-29B31D09C66A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA2A011-FAE4-4741-AA37-1F4F17471381"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B57A678-E534-472C-8B45-F6A1E027248C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D748B16-1C2A-4E00-807F-647569C271D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853866E2-1BCC-4A81-907A-ABA8648D8C57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0B5925-0336-4F56-9D9A-777687DF3B22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F406CDA3-08B9-4C13-B6F5-C83978239623"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "108BFA85-BB6B-420A-911D-B2731CB05289"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEE4092-0EAD-48DA-92EB-82DD4EB43E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8DF2E2-848A-4616-AEF0-1EFE68A900C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "387E34BD-913B-4CB7-9230-81B283E92A9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE8B3DC-9865-4845-B989-FB41D6FE085E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98B2C9-2F78-4DB5-97D7-78D584CEBE87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44CEED06-6E18-4961-BD69-8BF3E7A6D59C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D815D562-D60A-4AD1-9243-8167B244882E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA91AC4A-77D5-4C41-BD63-4E8F3BA4FF84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5808D1C-6D6E-403D-8904-147B66B50385"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9A750B-7C84-484C-94F3-FB66EF6296E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62950A6C-8467-4215-BCD1-010B8C491714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D97494F-BA89-4E95-A01F-C2CE02505A27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21D28D33-2B3C-4695-9137-7C4AC6BA2D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCA8FE8-D0BC-4B6C-8E15-0DC5D0EF515F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62213974-B025-4A76-87CD-025C84389A2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A876A2A0-0973-481C-A63A-1A5761015308"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6671431-4FE3-4D7D-9F46-445A1A6B7EEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2757987-7648-4BE1-AE91-99F1FC95C8C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "841C3C05-7289-46CC-A610-5A5BFC81FD42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91599B30-27D5-450A-A565-A65BF940C30C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "71802FFD-A173-4F21-87C8-495D8F95A176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CD6DE-EE1E-4FF4-8DF5-7F9DA36AFCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EF1B4E-3E42-4C42-9981-2BC17F22BA2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E26E7E-F6D8-4A89-85F7-42FCB0E37AD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A7E707-6CBB-42E3-BE90-72E835156DB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB537CA-0E37-471E-8DD3-7710A443224A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9022BCA-EDBF-4FD1-B427-573CA07E5134"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA0BE4-B06D-45AE-9C9D-280F1BFA7EDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B79ABCC-C95B-45AB-BE9D-454BD8174651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FD7D25-704B-47EB-AF36-DC684AD07807"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D33E431-39F5-4F73-99A1-19A05A594C90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6F69A3-E15F-43C9-8B9C-A30E057C4FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "602535DE-ED32-4805-85EF-940955459B34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17727E39-1612-4433-AC23-CBC852B392C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5894CEC-AB1C-44F2-A977-FE74897A24A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "579DC0CE-1CEA-449F-BF76-AD7087573ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3E28C0-675B-4C30-B248-BE1EB5E961C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7E7A89-A9CA-45DA-8378-A50B1F9D260E"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

278
CVE-2024/CVE-2024-204xx/CVE-2024-20412.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20412",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-23T18:15:09.430",
"lastModified": "2024-10-25T12:56:36.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T15:03:34.777",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -51,10 +81,252 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94F400-5A35-41F5-B37F-E9DA6F87ED8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F788D156-1F1F-4A08-848B-257BC4CCE000"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0664B8-1670-4F47-A01E-089D05A9618A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6826018-5620-4924-BE92-6A245378F610"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A49A07CF-12BA-481C-B5FF-754520080A8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F203C7D1-AA92-4367-B7A5-EBAE6B76EE6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0064C97F-1140-43AC-8229-C8CCC367DC4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9296D33-D59A-463D-9722-9D4C3F720E7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F66CCA-0982-4107-BC5B-79D727479343"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "77B80698-1E76-4B13-AB83-A03FF8C785FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC0C3DC-4761-488A-90A9-6EA45EE61526"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62EE065B-F8B6-4125-8486-B2EE0566B27A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A52991-802D-46FB-A508-5616BA1CEB78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E08AAC-9C5E-4D18-817C-C466D1D6C4DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A3B6F-DDAB-4A2F-8430-9E1F352D755F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBF14DD-0654-47F3-A698-020397A1EAA3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F79864-CA70-4192-AC2C-E174DF3F25B2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFE3880-4B85-4E23-9836-70875D5109F7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_1020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8B5AF8-6A57-482A-9442-E857EE7E207B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_1030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9929280-2AAC-4B56-A42C-1F6EDE83988E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_1040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F29B6BC3-D716-4A3D-9679-B7BE81F719C8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "727A02E8-40A1-4DFE-A3A2-91D628D3044F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19F6546E-28F4-40DC-97D6-E0E023FE939B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D23A26EF-5B43-437C-A962-4FC69D8A0FF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_3105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B65E122-8B8C-4681-9CAE-C375292A26CC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_3110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "012CCE97-B6FE-45B8-9599-D64EE0F80B2A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_3120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A73EAE-3C2E-4836-97EC-F644E219C0DD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_3130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCF7A7F-9564-4A8D-84FA-7DA25B4BF4B7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_3140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "542C19EA-0FFE-4ADC-93BB-EEB6B0A8CAA9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_4215:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2634F9A1-8CF7-4824-817A-F617DB48CFFF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_4225:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F021E6A8-FA39-40BD-B570-D5C4F408521C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_4245:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B303B6B7-B419-46F1-9291-E70AD1B863D7"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2024/CVE-2024-209xx/CVE-2024-20921.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20921",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-02-17T02:15:46.937",
"lastModified": "2024-02-20T19:51:05.510",
"lastModified": "2024-11-05T16:35:11.067",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",

14
CVE-2024/CVE-2024-210xx/CVE-2024-21046.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21046",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:21.460",
"lastModified": "2024-04-17T12:48:31.863",
"lastModified": "2024-11-05T16:35:11.803",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html",

14
CVE-2024/CVE-2024-211xx/CVE-2024-21154.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21154",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:17.767",
"lastModified": "2024-07-17T13:34:20.520",
"lastModified": "2024-11-05T16:35:12.537",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",

14
CVE-2024/CVE-2024-222xx/CVE-2024-22232.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22232",
"sourceIdentifier": "security@vmware.com",
"published": "2024-06-27T07:15:54.227",
"lastModified": "2024-06-27T12:47:19.847",
"lastModified": "2024-11-05T16:35:13.273",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://saltproject.io/security-announcements/2024-01-31-advisory/",

39
CVE-2024/CVE-2024-232xx/CVE-2024-23255.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23255",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-08T02:15:48.713",
"lastModified": "2024-03-13T21:15:56.963",
"lastModified": "2024-11-05T15:35:07.043",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se solucion\u00f3 un problema de autenticaci\u00f3n con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4. Las fotos del \u00c1lbum de fotos ocultas se pueden ver sin autenticaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/21",

31
CVE-2024/CVE-2024-235xx/CVE-2024-23590.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-23590",
"sourceIdentifier": "security@apache.org",
"published": "2024-11-04T10:15:04.990",
"lastModified": "2024-11-04T18:50:05.607",
"lastModified": "2024-11-05T15:35:08.003",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session Fixation vulnerability in Apache Kylin.\n\nThis issue affects Apache Kylin: from 2.0.0 through 4.x.\n\nUsers are recommended to upgrade to version 5.0.0 or above, which fixes the issue."
},
{
"lang": "es",
"value": " Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Apache Kylin. Este problema afecta a Apache Kylin: desde la versi\u00f3n 2.0.0 hasta la 4.x. Se recomienda a los usuarios que actualicen a la versi\u00f3n 5.0.0 o superior, que soluciona el problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

34
CVE-2024/CVE-2024-263xx/CVE-2024-26302.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26302",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-02-27T23:15:07.627",
"lastModified": "2024-02-28T14:06:45.783",
"lastModified": "2024-11-05T15:35:08.213",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -36,9 +36,41 @@
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt",

39
CVE-2024/CVE-2024-267xx/CVE-2024-26702.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26702",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.087",
"lastModified": "2024-11-05T10:15:42.637",
"lastModified": "2024-11-05T15:35:09.023",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iio: magnet\u00f3metro: rm3100: agregue verificaci\u00f3n de los l\u00edmites para el valor le\u00eddo de RM3100_REG_TMRC Recientemente, encontramos una falla del kernel en la funci\u00f3n rm3100_common_probe causada por el acceso fuera de los l\u00edmites de la matriz rm3100_samp_rates (debido al hardware subyacente fallas). Agregue verificaci\u00f3n de los l\u00edmites para evitar el acceso fuera de los l\u00edmites."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/176256ff8abff29335ecff905a09fb49e8dcf513",

27
CVE-2024/CVE-2024-267xx/CVE-2024-26712.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26712",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.590",
"lastModified": "2024-11-05T10:15:43.487",
"lastModified": "2024-11-05T16:35:14.353",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: powerpc/kasan: corrige el error de direcci\u00f3n causado por la alineaci\u00f3n de la p\u00e1gina En kasan_init_region, cuando k_start no est\u00e1 alineado con la p\u00e1gina, al comienzo del bucle for, k_cur = k_start y PAGE_MASK es menor que k_start. y luego `va = block + k_cur - k_start` es menor que block, la direcci\u00f3n va no es v\u00e1lida, porque memblock_alloc no asigna el espacio de direcciones de memoria de va al bloque, que no ser\u00e1 reservado por memblock_reserve m\u00e1s adelante, se utilizar\u00e1 por otros lugares. Como resultado, se produce una sobrescritura de la memoria. por ejemplo: int __init __weak kasan_init_region(void *start, size_t size) { [...] /* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */ block = memblock_alloc(k_end - k_start, PAGE_SIZE); [...] for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) { /* al comienzo del bucle for * block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400) * va (dcd96c00) es menor que block(dcd97000), va no es v\u00e1lido */ void *va = block + k_cur - k_start; [...] } [...] } Por lo tanto, la alineaci\u00f3n de la p\u00e1gina se realiza en k_start antes de memblock_alloc() para garantizar la validez de la direcci\u00f3n VA."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0516c06b19dc64807c10e01bb99b552bdf2d7dbe",

39
CVE-2024/CVE-2024-267xx/CVE-2024-26747.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26747",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.680",
"lastModified": "2024-11-05T10:15:46.530",
"lastModified": "2024-11-05T15:35:09.820",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: roles: soluciona el problema del puntero NULL al colocar la referencia del m\u00f3dulo. En el dise\u00f1o actual, el controlador de clase de rol usb obtendr\u00e1 la referencia del m\u00f3dulo principal usb_role_switch despu\u00e9s de que el usuario obtenga el dispositivo usb_role_switch y coloque la referencia despu\u00e9s del El usuario puso el dispositivo usb_role_switch. Sin embargo, el dispositivo principal de usb_role_switch se puede eliminar antes de que el usuario coloque usb_role_switch. Si es as\u00ed, entonces, el problema del puntero NULL se solucionar\u00e1 cuando el usuario coloque la referencia del m\u00f3dulo principal. Esto guardar\u00e1 el puntero del m\u00f3dulo en la estructura de usb_role_switch. Entonces, no necesitamos encontrar el m\u00f3dulo iterando relaciones largas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa",

39
CVE-2024/CVE-2024-268xx/CVE-2024-26890.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26890",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-17T11:15:10.423",
"lastModified": "2024-04-17T12:48:07.510",
"lastModified": "2024-11-05T16:35:14.550",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: Bluetooth: btrtl: arreglar acceso a memoria fuera de los l\u00edmites El problema es detectado por KASAN. El controlador btrtl utiliza datos privados de hci para almacenar 'struct btrealtek_data'. Si se utiliza el controlador btrtl con btusb, entonces la memoria para los datos privados de hci se asigna en btusb. Pero no se asignan datos privados despu\u00e9s de hci_dev, cuando se usa btrtl con hci_h5. Esta confirmaci\u00f3n agrega asignaci\u00f3n de memoria para el caso hci_h5. ==================================================== ================ ERROR: KASAN: losa fuera de los l\u00edmites en btrtl_initialize+0x6cc/0x958 [btrtl] Escritura de tama\u00f1o 8 en la direcci\u00f3n ffff00000f5a5748 por tarea kworker/u9:0 /76 Nombre del hardware: Pine64 PinePhone (1.2) (DT) Cola de trabajo: hci0 hci_power_on [bluetooth] Rastreo de llamadas: dump_backtrace+0x9c/0x128 show_stack+0x20/0x38 dump_stack_lvl+0x48/0x60 print_report+0xf8/0x5d8 kasan_report+0x90/0xd0 __asan_store8 + 0x9c/0xc0 [btrtl] h5_btrtl_setup+0xd0/0x2f8 [hci_uart] h5_setup+0x50/0x80 [hci_uart] hci_uart_setup+0xd4/0x260 [hci_uart] hci_dev_open_sync+0x1cc/0xf68 [bluetooth] abierto+0x34/0x90 [bluetooth] hci_power_on+0xc4/ 0x3c8 [bluetooth] Process_one_work+0x328/0x6f0 trabajador_thread+0x410/0x778 kthread+0x168/0x178 ret_from_fork+0x10/0x20 Asignado por tarea 53: kasan_save_stack+0x3c/0x68 kasan_save_track+0x20/0x40 _alloc_info+0x68/0x78 __kasan_kmalloc+0xd4/0xd8 __kmalloc +0x1b4/0x3b0 hci_alloc_dev_priv+0x28/0xa58 [bluetooth] hci_uart_register_device+0x118/0x4f8 [hci_uart] h5_serdev_probe+0xf4/0x178 [hci_uart] serdev_drv_probe+0x54/0xa0realmente_probe+0x254/ 0x588 __driver_probe_device+0xc4/0x210 driver_probe_device+0x64/0x160 __driver_attach_async_helper+ 0x88/0x158 async_run_entry_fn+0xd0/0x388 Process_one_work+0x328/0x6f0 trabajador_thread+0x410/0x778 kthread+0x168/0x178 ret_from_fork+0x10/0x20 \u00daltima creaci\u00f3n de trabajo potencialmente relacionado: kasan_save_stack+0x3c/0x68 san_record_aux_stack+0xb0/0x150 kasan_record_aux_stack_noalloc+0x14/0x20 __queue_work +0x33c/0x960 queue_work_on+0x98/0xc0 hci_recv_frame+0xc8/0x1e8 [bluetooth] h5_complete_rx_pkt+0x2c8/0x800 [hci_uart] h5_rx_payload+0x98/0xb8 [hci_uart] h5_recv+0x158/0x3d8 [ hci_uart] hci_uart_receive_buf+0xa0/0xe8 [hci_uart] ttyport_receive_buf +0xac/0x178 Flush_to_ldisc+0x130/0x2c8 Process_one_work+0x328/0x6f0 trabajador_thread+0x410/0x778 kthread+0x168/0x178 ret_from_fork+0x10/0x20 Pen\u00faltima creaci\u00f3n de trabajo potencialmente relacionado: kasan_save_stack+0x3c/0x68 _record_aux_stack+0xb0/0x150 kasan_record_aux_stack_noalloc+0x14 /0x20 __queue_work+0x788/0x960 queue_work_on+0x98/0xc0 __hci_cmd_sync_sk+0x23c/0x7a0 [bluetooth] __hci_cmd_sync+0x24/0x38 [bluetooth] btrtl_initialize+0x760/0x958 [btrtl] arriba+0xd0/0x2f8 [hci_uart] h5_setup+0x50/0x80 [ hci_uart] hci_uart_setup+0xd4/0x260 [hci_uart] hci_dev_open_sync+0x1cc/0xf68 [bluetooth] hci_dev_do_open+0x34/0x90 [bluetooth] hci_power_on+0xc4/0x3c8 [bluetooth] Process_one_work+0x328/0x6f0 trabajador_thread+0x 410/0x778 kthread+0x168/0x178 ret_from_fork +0x10/0x20 ================================================ ====================="
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0c657e641df1e77d6087688190f632cad9c0439b",

27
CVE-2024/CVE-2024-270xx/CVE-2024-27005.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27005",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T06:15:18.883",
"lastModified": "2024-05-13T08:15:11.680",
"lastModified": "2024-11-05T16:35:15.353",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: interconexi\u00f3n: no acceder a req_list mientras se est\u00e1 manipulando. El mutex icc_lock se dividi\u00f3 en mutex icc_lock e icc_bw_lock separados en [1] para evitar s\u00edmbolos de bloqueo. Sin embargo, esto no protegi\u00f3 adecuadamente el acceso a icc_node::req_list. La funci\u00f3n icc_set_bw() eventualmente iterar\u00e1 sobre req_list mientras solo mantiene icc_bw_lock, pero req_list se puede modificar mientras solo mantiene icc_lock. Esto provoca ejecuci\u00f3ns entre icc_set_bw(), of_icc_get() e icc_put(). Ejemplo A: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&icc_bw_lock); icc_put(ruta_b) mutex_lock(&icc_lock); agregado_requests() hlist_for_each_entry(r, ... hlist_del(... Ejemplo B: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&icc_bw_lock); path_b = of_icc_get() of_icc_get_by_index( ) mutex_lock(&icc_lock); path_find() path_init() agregado_requests() hlist_for_each_entry(r, ... hlist_add_head(... Solucione este problema asegur\u00e1ndose de que icc_bw_lock siempre se mantenga antes de manipular icc_node::req_list. El adicional Los lugares donde se mantiene icc_bw_lock no realizan ninguna asignaci\u00f3n de memoria, por lo que a\u00fan deber\u00edamos estar a salvo de los s\u00edmbolos de bloqueo originales que motivaron los bloqueos separados [1] commit af42269c3523 (\"interconexi\u00f3n: arreglar el bloqueo para runpm vs reclaim\")"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4c65507121ea8e0b47fae6d2049c8688390d46b6",

39
CVE-2024/CVE-2024-280xx/CVE-2024-28034.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28034",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-03-26T10:15:09.120",
"lastModified": "2024-04-11T01:25:08.517",
"lastModified": "2024-11-05T15:35:10.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una vulnerabilidad de Cross-site scripting en Mini Thread versi\u00f3n 3.33?i. Se puede ejecutar un script arbitrario en el navegador web del usuario que accede al sitio web que utiliza el producto. Tenga en cuenta que no se pudo localizar al desarrollador, por lo tanto, los usuarios deber\u00edan considerar dejar de usar Mini Thread versi\u00f3n 3.33?i."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN40523785/",

39
CVE-2024/CVE-2024-285xx/CVE-2024-28593.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28593",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-22T15:15:15.453",
"lastModified": "2024-08-02T01:15:50.050",
"lastModified": "2024-11-05T15:35:11.443",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -22,7 +22,42 @@
"value": "La actividad Chat en Moodle 4.3.3 permite a los estudiantes insertar un elemento HTML A o un elemento IMG potencialmente no deseado, o contenido HTML que conduce a una degradaci\u00f3n del rendimiento. NOTA: la p\u00e1gina Usando_Chat del proveedor dice \"Si conoce alg\u00fan c\u00f3digo HTML, puede usarlo en su texto para hacer cosas como insertar im\u00e1genes, reproducir sonidos o crear texto de diferentes colores y tama\u00f1os\". Esta p\u00e1gina tambi\u00e9n dice \"El chat debe eliminarse de Moodle est\u00e1ndar\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://docs.moodle.org/403/en/Using_Chat",

39
CVE-2024/CVE-2024-297xx/CVE-2024-29751.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29751",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-04-05T20:15:08.560",
"lastModified": "2024-04-08T18:49:25.863",
"lastModified": "2024-11-05T15:35:12.333",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En asn1_ec_pkey_parse_p384 de asn1_common.c, hay una posible lectura OOB debido a que falta una verificaci\u00f3n nula. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01",

47
CVE-2024/CVE-2024-305xx/CVE-2024-30529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30529",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-09T11:15:52.450",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T15:46:38.617",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tainacan:tainacan:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "0.20.8",
"matchCriteriaId": "8C78AFA9-894B-47DE-B9FC-E4F80AA7DFD8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/tainacan/wordpress-tainacan-plugin-0-20-7-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-305xx/CVE-2024-30544.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30544",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-09T11:15:52.677",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T15:45:08.573",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:upqode:whizzy:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.18",
"matchCriteriaId": "DA01662E-EF7B-4A74-B42C-91B32B19F045"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/whizzy/wordpress-whizzy-plugin-1-1-18-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-306xx/CVE-2024-30616.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-30616",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T19:15:06.193",
"lastModified": "2024-11-04T19:15:06.193",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity."
},
{
"lang": "es",
"value": " Chamilo LMS 1.11.26 es vulnerable a un control de acceso incorrecto a trav\u00e9s de main/auth/profile. Los usuarios que no sean administradores pueden manipular informaci\u00f3n confidencial de los perfiles, lo que representa un riesgo significativo para la integridad de los datos."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-306xx/CVE-2024-30617.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-30617",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T19:15:06.277",
"lastModified": "2024-11-04T19:15:06.277",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 \"/main/social/home.php,\" allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en Chamilo LMS 1.11.26 \"/main/social/home.php\" permite a los atacantes iniciar una solicitud que publica una publicaci\u00f3n falsa en el muro social del usuario sin su consentimiento o conocimiento."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-306xx/CVE-2024-30618.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-30618",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T19:15:06.360",
"lastModified": "2024-11-04T19:15:06.360",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'."
},
{
"lang": "es",
"value": " Una vulnerabilidad de cross site scripting almacenado (XSS) en Chamilo LMS 1.11.26 permite a un atacante remoto ejecutar JavaScript arbitrario en un navegador web al incluir un payload maliciosa en el par\u00e1metro 'content' de 'group_topics.php'."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-306xx/CVE-2024-30619.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-30619",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T19:15:06.440",
"lastModified": "2024-11-04T19:15:06.440",
"vulnStatus": "Received",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via \"/main/inc/ajax/message.ajax.php?a=get_count_message\" AND \"/main/inc/ajax/online.ajax.php?a=get_users_online.\""
},
{
"lang": "es",
"value": " Chamilo LMS versi\u00f3n 1.11.26 es vulnerable a un control de acceso incorrecto. Un atacante no autenticado puede solicitar la cantidad de mensajes y la cantidad de usuarios en l\u00ednea a trav\u00e9s de \"/main/inc/ajax/message.ajax.php?a=get_count_message\" Y \"/main/inc/ajax/online.ajax.php?a=get_users_online\"."
}
],
"metrics": {},

57
CVE-2024/CVE-2024-312xx/CVE-2024-31243.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31243",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-09T12:15:09.190",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T15:52:02.970",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bricksforge:bricksforge:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.1",
"matchCriteriaId": "F9E35B69-7946-4E88-ABA1-1232633E1CB3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bricksforge/wordpress-bricksforge-plugin-2-0-17-unauthenticated-arbitrary-wordpress-setting-deletion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-312xx/CVE-2024-31244.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31244",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-09T12:15:09.570",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T15:52:37.140",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bricksforge:bricksforge:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.1",
"matchCriteriaId": "F9E35B69-7946-4E88-ABA1-1232633E1CB3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bricksforge/wordpress-bricksforge-plugin-2-0-17-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More