admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-11T18:00:19.361133+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-11 18:03:15 +00:00
parent 73ee09a34a
commit df8d4c7653
91 changed files with 8121 additions and 391 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2021/CVE-2021-44xx/CVE-2021-4440.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-4440",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-25T15:15:11.137",
"lastModified": "2024-07-03T01:38:13.980",
"lastModified": "2024-07-11T17:15:09.830",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -55,6 +55,10 @@
{
"url": "https://git.kernel.org/stable/c/1424ab4bb386df9cc590c73afa55f13e9b00dea2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://grsecurity.net/cve-2021-4440_linux_cna_case_study",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

79
CVE-2023/CVE-2023-344xx/CVE-2023-34435.json
View File

@ -2,19 +2,23 @@
"id": "CVE-2023-34435",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:02.847",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:03:12.003",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de actualizaci\u00f3n de firmware en la funcionalidad boa formUpload de Realtek rtl819x Jungle SDK v3.4.11. Unos paquetes de red especialmente manipulados pueden provocar una actualizaci\u00f3n arbitraria del firmware. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -32,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -47,10 +71,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1874",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-412xx/CVE-2023-41251.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2023-41251",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:03.203",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:02:49.597",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad boa formRoute de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -47,10 +81,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1894",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-452xx/CVE-2023-45215.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-45215",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:03.423",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:02:41.077",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad boa setRepeaterSsid de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes de red especialmente manipuladas pueden provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1891",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-457xx/CVE-2023-45742.json
View File

@ -2,19 +2,23 @@
"id": "CVE-2023-45742",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:03.643",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:02:30.337",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad boa updateConfigIntoFlash de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -32,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -47,10 +71,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1877",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

54
CVE-2023/CVE-2023-466xx/CVE-2023-46685.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-46685",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:03.870",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:01:31.077",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de contrase\u00f1a codificada en la funcionalidad telnetd de LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. Un conjunto de paquetes de red especialmente manipulados puede provocar la ejecuci\u00f3n de comandos arbitrarios."
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1871",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-476xx/CVE-2023-47677.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2023-47677",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:04.120",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:01:17.057",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site request forgery (csrf) en la funcionalidad de protecci\u00f3n boa CSRF de Realtek rtl819x Jungle SDK v3.4.11. Una solicitud de red especialmente manipulada puede generar CSRF. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -47,10 +71,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-478xx/CVE-2023-47856.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-47856",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:04.337",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:03:27.903",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad boa set_RadvdPrefixParam de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes de red especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1892",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-482xx/CVE-2023-48270.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-48270",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:04.573",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:01:06.603",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad boa formDnsv6 de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes de red especialmente manipuladas pueden provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1876",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-490xx/CVE-2023-49073.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-49073",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:04.803",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:00:30.427",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad boa formFilter de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1875",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2023/CVE-2023-495xx/CVE-2023-49593.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-49593",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:05.090",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:00:08.623",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution."
},
{
"lang": "es",
"value": "Existe c\u00f3digo de depuraci\u00f3n sobrante en la funcionalidad boa formSysCmd de LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. Una solicitud de red especialmente manipulada puede provocar la ejecuci\u00f3n de un comando arbitrario."
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-502xx/CVE-2023-50240.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50240",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:05.987",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:05:06.447",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request's parameter."
},
{
"lang": "es",
"value": "Existen dos vulnerabilidades de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad boa set_RadvdInterfaceParam de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes de red especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar una secuencia de solicitudes para activar estas vulnerabilidades. Este desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria est\u00e1 relacionado con el par\u00e1metro de solicitud `AdvDefaultPreference`."
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-502xx/CVE-2023-50243.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50243",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:06.207",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:05:12.113",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` request's parameter."
},
{
"lang": "es",
"value": "Existen dos vulnerabilidades de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad boa formIpQoS de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar una serie de solicitudes HTTP para desencadenar estas vulnerabilidades. Este desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria est\u00e1 relacionado con el par\u00e1metro de solicitud \"comment\"."
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1895",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-502xx/CVE-2023-50244.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50244",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:06.437",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:05:17.420",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request's parameter."
},
{
"lang": "es",
"value": "Existen dos vulnerabilidades de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad boa formIpQoS de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar una serie de solicitudes HTTP para activar estas vulnerabilidades. Este desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria est\u00e1 relacionado con el par\u00e1metro de solicitud `entry_name`."
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1895",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-503xx/CVE-2023-50330.json
View File

@ -2,19 +2,23 @@
"id": "CVE-2023-50330",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:06.657",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:05:39.800",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad boa getInfo de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar una serie de solicitudes HTTP para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -32,13 +36,43 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +81,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1903",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-503xx/CVE-2023-50381.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50381",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:06.873",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:05:51.633",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `targetAPSsid` request's parameter."
},
{
"lang": "es",
"value": "Existen tres vulnerabilidades de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad boa formWsc de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n de comandos arbitrarios. Un atacante puede enviar una serie de solicitudes HTTP para activar estas vulnerabilidades. Esta inyecci\u00f3n de comando est\u00e1 relacionada con el par\u00e1metro de solicitud `targetAPSsid`."
}
],
"metrics": {
@ -47,10 +51,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-503xx/CVE-2023-50382.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50382",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:07.093",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:05:58.387",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `peerPin` request's parameter."
},
{
"lang": "es",
"value": "Existen tres vulnerabilidades de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad boa formWsc de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n de comandos arbitrarios. Un atacante puede enviar una serie de solicitudes HTTP para activar estas vulnerabilidades. Esta inyecci\u00f3n de comando est\u00e1 relacionada con el par\u00e1metro de solicitud `peerPin`."
}
],
"metrics": {
@ -47,10 +51,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-503xx/CVE-2023-50383.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50383",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:07.327",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:06:04.837",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `localPin` request's parameter."
},
{
"lang": "es",
"value": "Existen tres vulnerabilidades de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad boa formWsc de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n de comandos arbitrarios. Un atacante puede enviar una serie de solicitudes HTTP para activar estas vulnerabilidades. Esta inyecci\u00f3n de comando est\u00e1 relacionada con el par\u00e1metro de solicitud \"localPin\"."
}
],
"metrics": {
@ -47,10 +51,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

91
CVE-2024/CVE-2024-217xx/CVE-2024-21778.json
View File

@ -2,19 +2,23 @@
"id": "CVE-2024-21778",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:07.580",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:06:17.240",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en la funcionalidad del archivo de configuraci\u00f3n mib_init_value_array de Realtek rtl819x Jungle SDK v3.4.11. Un archivo .dat especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede cargar un archivo malicioso para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -32,13 +36,43 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +81,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1911",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-235xx/CVE-2024-23562.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23562",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-07-08T16:15:07.797",
"lastModified": "2024-07-10T15:15:10.893",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T16:08:35.477",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09FF8200-5500-420F-93DF-7F7708E76300"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:domino:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CA3E60-DC49-4AF6-91D2-507FDE6E0F19"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-315xx/CVE-2024-31504.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31504",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-08T16:15:08.260",
"lastModified": "2024-07-09T16:22:31.613",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T16:23:42.943",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -55,10 +85,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:embedded-solutions:freemodbus:2018-09-12:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA4287A-84E7-4D26-BB8D-3DCC89B6AC1A"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/CAPCOMIN/a0361511068dce21a557cf9fa01d0a02",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-327xx/CVE-2024-32753.json Normal file
View File

@ -0,0 +1,70 @@
{
"id": "CVE-2024-32753",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2024-07-11T16:15:02.350",
"lastModified": "2024-07-11T16:15:02.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productsecurity@jci.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH"
}
}
]
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03",
"source": "productsecurity@jci.com"
},
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories",
"source": "productsecurity@jci.com"
}
]
}

118
CVE-2024/CVE-2024-380xx/CVE-2024-38013.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38013",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:27.060",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:17:38.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Windows Server Backup Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en la copia de seguridad de Microsoft Windows Server"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,108 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38013",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-380xx/CVE-2024-38015.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38015",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:27.290",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:18:10.113",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de Windows Remote Desktop Gateway (RD Gateway)"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38015",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

128
CVE-2024/CVE-2024-380xx/CVE-2024-38017.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38017",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:27.533",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:20:51.827",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Message Queue Server"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,118 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38017",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

128
CVE-2024/CVE-2024-380xx/CVE-2024-38019.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38019",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:27.750",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:21:19.367",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de la lihbrer\u00eda Microsoft Windows Performance Data Helper"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,118 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38019",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-380xx/CVE-2024-38020.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38020",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:28.110",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:49:29.490",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de Microsoft Outlook"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*",
"matchCriteriaId": "C5282C83-86B8-442D-851D-B54E88E8B1F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38020",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-380xx/CVE-2024-38021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38021",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:28.323",
"lastModified": "2024-07-10T22:15:04.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:49:16.537",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -51,10 +61,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38021",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

118
CVE-2024/CVE-2024-380xx/CVE-2024-38022.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38022",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:28.537",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:48:59.647",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Image Acquisition Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Image Acquisition"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,108 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38022",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-380xx/CVE-2024-38023.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38023",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:28.760",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:47:34.203",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft SharePoint Server"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*",
"matchCriteriaId": "AC8BB33F-44C4-41FE-8B17-68E3C4B38142"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38023",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-380xx/CVE-2024-38024.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38024",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:28.967",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:46:07.437",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft SharePoint Server"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*",
"matchCriteriaId": "AC8BB33F-44C4-41FE-8B17-68E3C4B38142"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "B850873B-E635-439C-9720-8BBE59120EE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38024",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

128
CVE-2024/CVE-2024-380xx/CVE-2024-38025.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38025",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:29.177",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:43:28.747",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de la librer\u00eda Microsoft Windows Performance Data Helper"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,118 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38025",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

128
CVE-2024/CVE-2024-380xx/CVE-2024-38027.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38027",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:29.400",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:42:49.083",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Line Printer Daemon Service Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del servicio daemon de Windows Line Printer"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,118 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38027",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

128
CVE-2024/CVE-2024-380xx/CVE-2024-38028.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38028",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:29.627",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:42:20.313",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de la librer\u00eda Microsoft Windows Performance Data Helper"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,118 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38028",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

112
CVE-2024/CVE-2024-380xx/CVE-2024-38030.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38030",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:29.893",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:35:21.450",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Themes Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de Windows Themes"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,102 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38030",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-380xx/CVE-2024-38031.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38031",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:30.123",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:32:33.517",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del servidor de Windows Online Certificate Status Protocol (OCSP) "
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38031",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-380xx/CVE-2024-38032.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38032",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:30.613",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:31:16.480",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Xbox Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft Xbox"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38032",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

118
CVE-2024/CVE-2024-380xx/CVE-2024-38033.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38033",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:31.093",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:27:21.303",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerShell Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de PowerShell"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,108 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38033",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

123
CVE-2024/CVE-2024-380xx/CVE-2024-38034.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38034",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:31.423",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:26:19.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Filtering Platform Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Filtering Platform"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,113 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38034",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-380xx/CVE-2024-38041.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38041",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:31.807",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:25:14.153",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del kernel de Windows"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,92 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38041",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-380xx/CVE-2024-38043.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38043",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:32.167",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:25:00.517",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerShell Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de PowerShell"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,92 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38043",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

123
CVE-2024/CVE-2024-380xx/CVE-2024-38060.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38060",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:37.440",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T17:09:20.017",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Imaging Component Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Windows Imaging Component"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,113 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38060",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

123
CVE-2024/CVE-2024-380xx/CVE-2024-38061.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38061",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:37.770",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T17:08:40.157",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de activaci\u00f3n remota entre sesiones de DCOM"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,113 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38061",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-380xx/CVE-2024-38062.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38062",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:38.087",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T17:08:22.053",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del controlador en modo kernel de Windows"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,92 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38062",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

128
CVE-2024/CVE-2024-380xx/CVE-2024-38064.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38064",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:38.427",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T17:07:36.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows TCP/IP Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n TCP/IP de Windows"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,118 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38064",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

113
CVE-2024/CVE-2024-380xx/CVE-2024-38065.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38065",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:38.757",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T17:06:56.247",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de arranque seguro"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,103 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38065",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

116
CVE-2024/CVE-2024-380xx/CVE-2024-38066.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38066",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:39.067",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:59:19.463",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Win32k Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Win32k"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,106 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38066",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-380xx/CVE-2024-38067.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38067",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:39.367",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:53:35.477",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del servidor de Windows Online Certificate Status Protocol (OCSP)"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38067",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

128
CVE-2024/CVE-2024-380xx/CVE-2024-38068.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38068",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:39.690",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:53:21.910",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del servidor de Windows Online Certificate Status Protocol (OCSP)"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,118 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38068",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

108
CVE-2024/CVE-2024-380xx/CVE-2024-38069.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38069",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:39.990",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:52:57.883",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Enroll Engine Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad Windows Enroll Engine"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,98 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38069",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

108
CVE-2024/CVE-2024-380xx/CVE-2024-38070.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38070",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:40.340",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:50:59.957",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de caracter\u00edstica de seguridad de Windows LockDown Policy (WLDP)"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,98 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4651",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4651",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3079",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38070",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-392xx/CVE-2024-39202.json
View File

@ -2,20 +2,92 @@
"id": "CVE-2024-39202",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-08T16:15:08.490",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T16:13:13.487",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el firmware D-Link DIR-823X - 240126 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) a trav\u00e9s del par\u00e1metro dhcpd_startip en /goform/set_lan_settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-823x_ax3000_firmware:240126:*:*:*:*:*:*:*",
"matchCriteriaId": "0E544AB6-2318-4123-BE72-B24D3FD46F61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-823x_ax3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "335234A0-8010-4DE9-A579-90C1E7E07C3C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-393xx/CVE-2024-39317.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-39317",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-11T16:15:02.477",
"lastModified": "2024-07-11T16:15:02.477",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. If your Wagtail site has a custom search implementation which uses `parse_query_string`, it may be exploitable by other users (e.g. unauthenticated users). Patched versions have been released as Wagtail 5.2.6, 6.0.6 and 6.1.3.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"references": [
{
"url": "https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8",
"source": "security-advisories@github.com"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39519.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39519",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:02.717",
"lastModified": "2024-07-11T16:15:02.717",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\nOn all ACX 7000 Series platforms running \n\nJunos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic.\n\n\nThis issue affects Junos OS Evolved:\u00a0\n\nAll versions from 22.2R1-EVO and later versions before 22.4R2-EVO,\n\nThis issue does not affect Junos OS Evolved versions before 22.1R1-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82983",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39520.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39520",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:02.963",
"lastModified": "2024-07-11T16:15:02.963",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.\n\nThe Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\nThis issue affects Junos OS Evolved:\n\n * All version before 20.4R3-S6-EVO,\u00a0\n * 21.2-EVO versions before 21.2R3-S4-EVO,\n * 21.4-EVO versions before 21.4R3-S6-EVO,\u00a0\n * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,\u00a0\n * 22.3-EVO versions before 22.3R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82975",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39521.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39521",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:03.210",
"lastModified": "2024-07-11T16:15:03.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.\n\nThe Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO,\u00a0\n * 21.4-EVO versions before 21.4R3-S7-EVO,\n * 22.1-EVO versions before 22.1R3-S6-EVO,\u00a0\n * 22.2-EVO versions before 22.2R3-EVO,\n * 22.3-EVO versions before 22.3R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82975",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39522.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39522",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:03.443",
"lastModified": "2024-07-11T16:15:03.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.\n\nThe Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\n\nThis issue affects Junos OS Evolved:\n\n\n\n * 22.3-EVO versions before 22.3R2-EVO,\n * 22.4-EVO versions before 22.4R1-S1-EVO, 22.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82975",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39523.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39523",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:03.667",
"lastModified": "2024-07-11T16:15:03.667",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.\n\nThe Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\nThis issue affects Junos OS Evolved:\u00a0\n\n * All versions before 20.4R3-S7-EVO,\n * 21.2-EVO versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S7-EVO,\n * 22.1-EVO versions before 22.1R3-S6-EVO,\u00a0\n * 22.2-EVO versions before 22.2R3-EVO,\n * 22.3-EVO versions before 22.3R2-EVO,\n * 22.4-EVO versions before 22.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82975",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39524.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39524",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:03.890",
"lastModified": "2024-07-11T16:15:03.890",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.\n\nThe Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\nThis issue affects Junos OS Evolved:\n\nAll versions before 20.4R3-S7-EVO,\n\n21.2-EVO versions before 21.2R3-S8-EVO,\n\n21.4-EVO versions before 21.4R3-S7-EVO,\u00a0\n\n22.2-EVO versions before 22.2R3-EVO,\n\n22.3-EVO versions before 22.3R2-EVO,\n\n22.4-EVO versions before 22.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82975",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39528.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39528",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:04.113",
"lastModified": "2024-07-11T16:15:04.113",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.\n\n\n\n\nThis issue affects:\n\n\u00a0 \u00a0Junos OS:\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * 21.4 versions before 21.4R3-S5,\n * 22.2 versions before 22.2R3-S3,\n * 22.3 versions before 22.3R3-S2,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2.\n\n\n\n\n \u00a0 Junos OS Evolved:\n\n\n\n * All versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S5-EVO,\n * 22.2-EVO versions before 22.2R3-S3-EVO,\u00a0\n * 22.3-EVO versions before 22.3R3-S2-EVO,\n * 22.4-EVO versions before 22.4R3-EVO,\n * 23.2-EVO versions before 23.2R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82987",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39529.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39529",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:04.343",
"lastModified": "2024-07-11T16:15:04.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a\u00a0Denial-of-Service (DoS).\n\n\n\nIf DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes\u00a0a PFE crash and restart, leading to a Denial of Service.\n\nThis issue affects Junos OS: \n * All versions before 21.4R3-S6,\n * 22.2 versions before 22.2R3-S3,\n * 22.3 versions before 22.3R3-S3,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82988",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39530.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39530",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:04.613",
"lastModified": "2024-07-11T16:15:04.613",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a \n\nDenial-of-Service (DoS).\n\nIf an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage.\n\nThis issue affects Junos OS:\n\n\n\n * 21.4 versions from 21.4R3 before 21.4R3-S5,\n * 22.1 versions from 22.1R3 before 22.1R3-S4,\n * 22.2 versions from 22.2R2 before 22.2R3,\n * 22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3,\n * 22.4 versions from 22.4R1 before 22.4R2.\n\n\nThis issue does not affect Junos OS versions earlier than 21.4."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82989",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39531.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39531",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:10.150",
"lastModified": "2024-07-11T17:15:10.150",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS).\n\nIf a value is configured for DDoS bandwidth or burst parameters for any protocol in\na queue, all protocols which share the same queue will have\ntheir bandwidth or burst value changed to the new value. If, for example, OSPF was configured with a certain bandwidth value, ISIS would also be limited to this value. So inadvertently either the control plane is open for a high level of specific traffic which was supposed to be limited to a lower value, or the limit for a certain protocol is so low that chances to succeed with a volumetric DoS attack are significantly increased.\u00a0\n\n\n\n\nThis issue affects Junos OS Evolved on ACX 7000 Series:\n\n\n\n * All versions before 21.4R3-S7-EVO,\n * 22.1 versions before 22.1R3-S6-EVO,\u00a0\n * 22.2 versions before 22.2R3-S3-EVO,\n * 22.3 versions before 22.3R3-S3-EVO,\u00a0\n * 22.4 versions before 22.4R3-S2-EVO,\n * 23.2 versions before 23.2R2-EVO,\n * 23.4 \n\nversions \n\nbefore 23.4R1-S1-EVO, 23.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-229"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82991",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39532.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39532",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:10.403",
"lastModified": "2024-07-11T17:15:10.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.\n\nWhen another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.\nThis issue affects:\n\nJunos OS:\n\n\n\n * All versions before 22.1R2-S2,\n * 22.1R3 and later versions,\n * 22.2 versions before 22.2R2-S1, 22.2R3,\n * 22.3 versions before 22.3R1-S2, 22.3R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions before before 22.1R3-EVO,\n * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,\n * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82992",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39533.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39533",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:10.650",
"lastModified": "2024-07-11T17:15:10.650",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions\n\nip-source-address\nip-destination-address\narp-type\n\nwhich are not supported for this type of filter, are used in an ethernet switching filter,\u00a0and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect.\n\n\n\n\nThis issue affects Junos OS on QFX5000 Series and EX4600 Series:\n\n * All version before 21.2R3-S7,\u00a0\n * 21.4 versions before 21.4R3-S6,\n * 22.1 versions before 22.1R3-S5,\n * 22.2 versions before 22.2R3-S3,\n * 22.3 versions before 22.3R3-S2,\u00a0\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2.\n\n\n\nPlease note that the implemented fix ensures these unsupported match conditions cannot be committed anymore."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-447"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82993",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39535.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39535",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:10.900",
"lastModified": "2024-07-11T17:15:10.900",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nWhen a device has a Layer 3 or an IRB interface configured in a VPLS instance and specific traffic is received, the evo-pfemand processes crashes which causes a service outage for the respective FPC until the system is recovered manually.\n\nThis issue only affects Junos OS Evolved 22.4R2-S1 and 22.4R2-S2 releases and is fixed in 22.4R3. No other releases are affected."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82995",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39536.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39536",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:11.190",
"lastModified": "2024-07-11T17:15:11.190",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\n\nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\n\n\n\nWhether the leak occurs can be monitored with the following CLI command:\n\n> show ppm request-queue\n\n\nFPC \u00a0 \u00a0 Pending-request\nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02\nrequest-total-pending: 2\n\n\nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n * All versions before 21.2R3-S8,\n * 21.4 versions before 21.4R3-S7,\n * 22.1 versions before 22.1R3-S4,\n * 22.2 versions before 22.2R3-S4,\u00a0\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R2-S2, 22.4R3,\n * 23.1 versions before 23.1R2.\n\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S7-EVO,\n * 22.2-EVO versions before 22.2R3-S4-EVO,\n * 22.3-EVO versions before 22.3R3-EVO,\n * 22.4-EVO versions before 22.4R3-EVO,\n * 23.2-EVO versions before 23.2R1-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82996",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39537.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39537",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:11.843",
"lastModified": "2024-07-11T17:15:11.843",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device.\n\n\n\nDue to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports.\n\n\n\n\nThis issue affects\u00a0Junos OS Evolved on ACX 7000 Series:\n\n\n\n * All versions before 21.4R3-S7-EVO,\n * 22.2-EVO \n\nversions \n\nbefore 22.2R3-S4-EVO,\n * 22.3-EVO versions before 22.3R3-S3-EVO,\n * 22.4-EVO versions before 22.4R3-S2-EVO,\n * 23.2-EVO versions before 23.2R2-EVO,\n * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-923"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82997",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39538.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39538",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:12.413",
"lastModified": "2024-07-11T17:15:12.413",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a\u00a0\n\nDenial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered.\n\n\nThis issue affects Junos OS Evolved on ACX7000 Series:\n\n\n * All versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S7-EVO,\n * 22.2-EVO versions before 22.2R3-S4-EVO,\n * 22.3-EVO versions before 22.3R3-S3-EVO,\u00a0\n * 22.4-EVO versions before 22.4R3-S2-EVO,\u00a0\n * 23.2-EVO versions before 23.2R2-EVO,\u00a0\n * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82998",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39539.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39539",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:12.633",
"lastModified": "2024-07-11T17:15:12.633",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a\u00a0Denial-of-Service (DoS).\n\nIn a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.\n\nThis issue affects Junos OS on MX Series:\n\n\n\n * All version before 21.2R3-S6,\n * 21.4 versions before 21.4R3-S6,\n * 22.1 versions before 22.1R3-S5,\n * 22.2 versions before 22.2R3-S3,\u00a0\n * 22.3 versions before 22.3R3-S2,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82999",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39540.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39540",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:12.883",
"lastModified": "2024-07-11T17:15:12.883",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen an affected device receives specific valid TCP traffic, the pfe crashes and restarts leading to a momentary but complete service outage.\n\nThis issue affects Junos OS:\n\n21.2 releases from 21.2R3-S5 before 21.2R3-S6.\n\nThis issue does not affect earlier or later releases."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83000",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39541.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39541",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:13.127",
"lastModified": "2024-07-11T17:15:13.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nWhen conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart.\n\nThis issue affects:\n\nJunos OS:\n\n\n\n * 22.4 versions before 22.4R3-S1,\n * 23.2 versions before 23.2R2,\u00a0\n * 23.4 versions before 23.4R1-S1, 23.4R2,\u00a0\n\n\n\n\nThis issue does not affect Junos OS versions earlier than 22.4R1.\n\nJunos OS Evolved:\n\n\n\n * 22.4-EVO versions before 22.4R3-S2-EVO,\n * 23.2-EVO versions before 23.2R2-EVO,\n * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO,\n\n\n\n\n\n\nThis issue does not affect Junos OS Evolved versions earlier than \n\nbefore 22.4R1."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83001",
"source": "sirt@juniper.net"
}
]
}

88
CVE-2024/CVE-2024-395xx/CVE-2024-39542.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-39542",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:13.367",
"lastModified": "2024-07-11T17:15:13.367",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS).\n\nThis issue can occur in two scenarios:\n\n1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.)\n\n2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted.\u00a0Please note that the CVSS score is for the formally more severe issue 1.\n\nThe CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n\n\n\nThis issue affects Junos OS:\n\n\n\n * All versions before\u00a021.2R3-S4,\n * 21.4 versions before 21.4R2,\n * 22.2 versions before 22.2R3-S2;\u00a0\n\n\n\n\nJunos OS Evolved:\n\n\n\n\n * All versions before\u00a021.2R3-S8-EVO,\n * 21.4 versions before 21.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA83002",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39543.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39543",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:13.583",
"lastModified": "2024-07-11T17:15:13.583",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Copy without Checking Size of Input\u00a0vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash,\u00a0creating a Denial of Service (DoS) condition.\u00a0Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects\u00a0\n\nJunos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S8,\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.3 before 22.3R3-S3,\u00a0\n * from 22.4 before 22.4R3-S2,\u00a0\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R2.\n\n\n\nJunos OS Evolved: * All versions before 21.2R3-S8-EVO,\n * from 21.4 before 21.4R3-S8-EVO,\n * from 22.2 before 22.2R3-S4-EVO,\u00a0\n * from 22.3 before 22.3R3-S3-EVO,\n * from 22.4 before 22.4R3-S2-EVO,\u00a0\n * from 23.2 before 23.2R2-S1-EVO,\n * from 23.4 before 23.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "AUTOMATIC",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83004",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39545.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39545",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:13.823",
"lastModified": "2024-07-11T17:15:13.823",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS).\n\nThis issue is applicable to all platforms that run iked.\u00a0This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350:\u00a0\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\u00a0\n * from 22.1 before 22.1R3-S2,\u00a0\n * from 22.2 before 22.2R3-S1,\u00a0\n * from 22.3 before 22.3R2-S1, 22.3R3,\u00a0\n * from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83007",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39546.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39546",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:14.163",
"lastModified": "2024-07-11T17:15:14.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system.\u00a0\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * All versions prior to 21.2R3-S8-EVO,\u00a0\n * 21.4 versions prior to\u00a0 21.4R3-S6-EVO,\u00a0\n * 22.1 versions prior to 22.1R3-S5-EVO,\u00a0\n * 22.2 versions prior to 22.2R3-S3-EVO,\u00a0\n * 22.3 versions prior to 22.3R3-S3-EVO,\u00a0\n * 22.4 versions prior to 22.4R3-EVO,\u00a0\n * 23.2 versions prior to 23.2R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83008",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39548.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39548",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:14.730",
"lastModified": "2024-07-11T17:15:14.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their own and must be manually restarted.\n\nThis issue affects both IPv4 and IPv6.\u00a0\n\nChanges in memory usage can be monitored using the following CLI command:\nuser@device> show system memory node <fpc slot> | grep evo-aftmann\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * All versions before 21.2R3-S8-EVO,\u00a0\n * 21.3 versions before 21.3R3-S5-EVO,\u00a0\n * 21.4 versions before 21.4R3-S5-EVO,\u00a0\n * 22.1 versions before 22.1R3-S4-EVO,\u00a0\n * 22.2 versions before 22.2R3-S4-EVO,\n * 22.3 versions before 22.3R3-S3-EVO,\n * 22.4 versions before 22.4R2-S2-EVO, 22.4R3-EVO,\u00a0\n * 23.2 versions before 23.2R1-S1-EVO, 23.2R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "USER",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83010",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39549.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39549",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:15.433",
"lastModified": "2024-07-11T17:15:15.433",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).\n\nConsumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).\n\nMemory utilization could be monitored by:\u00a0\nuser@host> show system memory or show system monitor memory status\n\nThis issue affects:\n\nJunos OS:\u00a0 * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S8,\n\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.3 before 22.3R3-S3,\u00a0\n * from 22.4 before 22.4R3-S3,\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R1-S2, 23.4R2,\n * from 24.2 before\u00a024.2R2-EVO.\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO, \n * from 21.4 before 21.4R3-S8-EVO,\n * from 22.2 before 22.2R3-S4-EVO, \n * from 22.3 before 22.3R3-S3-EVO, \n * from 22.4 before 22.4R3-S3-EVO,\n\n * from 23.2 before 23.2R2-S1-EVO, \n * from 23.4 before 23.4R1-S2, 23.4R2,\n * from 24.2 before 24.2R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "USER",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83011",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39550.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39550",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:15.900",
"lastModified": "2024-07-11T17:15:15.900",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process\u00a0of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps)\u00a0to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). \n\nMemory can only be recovered by manually restarting rtlogd process.\u00a0\nThe memory usage can be monitored using the below command.\n\n\u2003\u2003\u2003\u2003user@host> show system processes extensive | match rtlog\u00a0\n\n\n\nThis issue affects Junos OS on MX Series with SPC3 line card:\u00a0\n\n\n\n * from 21.2R3 before 21.2R3-S8,\u00a0\n * from 21.4R2 before 21.4R3-S6,\u00a0\n * from 22.1 before 22.1R3-S5,\u00a0\n * from 22.2 before 22.2R3-S3,\u00a0\n * from 22.3 before 22.3R3-S2,\u00a0\n * from 22.4 before 22.4R3-S1,\u00a0\n * from 23.2 before 23.2R2,\u00a0\n * from 23.4 before 23.4R2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "USER",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83012",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39551.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39551",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:16.140",
"lastModified": "2024-07-11T17:15:16.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of\u00a0 Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an\u00a0unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).\u00a0\n\nContinued receipt and processing of these specific packets will sustain the Denial of Service condition.\n\nThe memory usage can be monitored using the below command.\n\n\u2003\u2003user@host> show usp memory segment sha data objcache jsf\u00a0\nThis issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:\u00a0\n\n * \u200320.4 before 20.4R3-S10,\u00a0\n * \u200321.2 before 21.2R3-S6,\u00a0\n * \u200321.3 before 21.3R3-S5,\u00a0\n * \u200321.4 before 21.4R3-S6,\u00a0\n * \u200322.1 before 22.1R3-S4,\u00a0\n * \u200322.2 before 22.2R3-S2,\u00a0\n * \u200322.3 before 22.3R3-S1,\u00a0\n * \u200322.4 before 22.4R3,\u00a0\n * \u200323.2 before 23.2R2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83013",
"source": "sirt@juniper.net"
}
]
}

104
CVE-2024/CVE-2024-395xx/CVE-2024-39552.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-39552",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:16.370",
"lastModified": "2024-07-11T17:15:16.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS).\n\nWhen a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts.\n\nContinuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.\n\nThis issue affects:\n \nJuniper Networks Junos OS:\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R2.\n\n\n\nJuniper Networks Junos OS Evolved:\n * All versions earlier than 21.2R3-S7;\n * 21.3-EVO versions earlier than 21.3R3-S5;\n * 21.4-EVO versions earlier than 21.4R3-S8;\n * 22.1-EVO versions earlier than 22.1R3-S4;\n * 22.2-EVO versions earlier than 22.2R3-S3;\n * 22.3-EVO versions earlier than 22.3R3-S2;\n * 22.4-EVO versions earlier than 22.4R3;\n * 23.2-EVO versions earlier than 23.2R2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "AUTOMATIC",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA75726",
"source": "sirt@juniper.net"
},
{
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39553.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39553",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T17:15:16.620",
"lastModified": "2024-07-11T17:15:16.620",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Exposure of Resource to Wrong Sphere vulnerability in the sampling service\u00a0of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity.\n\nThis issue only happens when inline jflow is configured.\n\nThis does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself.\u00a0\n\nThis issue affects Juniper Networks Junos OS Evolved:\u00a0\n * 21.4 versions earlier than 21.4R3-S7-EVO;\u00a0\n * 22.2 versions earlier than\u00a022.2R3-S3-EVO;\n * 22.3 versions earlier than 22.3R3-S2-EVO;\n * 22.4 versions earlier than 22.4R3-EVO;\n * 23.2 versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "AUTOMATIC",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA79101",
"source": "sirt@juniper.net"
}
]
}

4
CVE-2024/CVE-2024-395xx/CVE-2024-39560.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-39560",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:13.140",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T17:15:16.867",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS).\n\nThe kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected.\n\nSystem kernel memory can be monitored through the use of the 'show system statistics kernel memory' command as shown below:\n\nuser@router> show system statistics kernel memory\nMemory \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Size (kB) Percentage When\n\u00a0 Active \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 753092 \u00a0 \u00a0 18.4% Now\n\u00a0 Inactive \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 574300 \u00a0 \u00a0 14.0% Now\n\u00a0 Wired\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 443236 \u00a0 \u00a0 10.8% Now\n\u00a0 Cached\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1911204 \u00a0 \u00a0 46.6% Now\n\u00a0 Buf \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 32768\u00a0 \u00a0 \u00a0 0.8% Now\n\u00a0 Free \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 385072\u00a0 \u00a0 \u00a0 9.4% Now\nKernel Memory\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Now\n\u00a0 Data \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 312908\u00a0 \u00a0 \u00a0 7.6% Now\n\u00a0 Text \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 2560\u00a0 \u00a0 \u00a0 0.1% Now\n...\n\nThis issue affects:\nJunos OS:\n\n\n * All versions before 20.4R3-S9,\n * from 21.4 before 21.4R3-S5,\n * from 22.1 before 22.1R3-S5,\n * from 22.2 before 22.2R3-S3,\n * from 22.3 before 22.3R3-S2,\n * from 22.4 before 22.4R3,\n * from 23.2 before 23.2R2;\n\n\nJunos OS Evolved:\n\n\n * All versions before 21.4R3-S5-EVO,\n * from 22.1-EVO before 22.1R3-S5-EVO, \n * from 22.2-EVO before 22.2R3-S3-EVO, \n * from 22.3-EVO before 22.3R3-S2-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO."
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS).\n\nThe kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected.\n\nSystem kernel memory can be monitored through the use of the 'show system statistics kernel memory' command as shown below:\n\nuser@router> show system statistics kernel memory\nMemory \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Size (kB) Percentage When\n\u00a0 Active \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 753092 \u00a0 \u00a0 18.4% Now\n\u00a0 Inactive \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 574300 \u00a0 \u00a0 14.0% Now\n\u00a0 Wired\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 443236 \u00a0 \u00a0 10.8% Now\n\u00a0 Cached\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1911204 \u00a0 \u00a0 46.6% Now\n\u00a0 Buf \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 32768\u00a0 \u00a0 \u00a0 0.8% Now\n\u00a0 Free \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 385072\u00a0 \u00a0 \u00a0 9.4% Now\nKernel Memory\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Now\n\u00a0 Data \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 312908\u00a0 \u00a0 \u00a0 7.6% Now\n\u00a0 Text \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 2560\u00a0 \u00a0 \u00a0 0.1% Now\n...\n\nThis issue affects:\nJunos OS:\n\n\n * All versions before 20.4R3-S9,\n * All versions of 21.2,\n * from 21.4 before 21.4R3-S5,\n * from 22.1 before 22.1R3-S5,\n * from 22.2 before 22.2R3-S3,\n * from 22.3 before 22.3R3-S2,\n * from 22.4 before 22.4R3,\n * from 23.2 before 23.2R2;\n\n\nJunos OS Evolved:\n\n\n * All versions before 21.4R3-S5-EVO,\n * from 22.1-EVO before 22.1R3-S5-EVO, \n * from 22.2-EVO before 22.2R3-S3-EVO, \n * from 22.3-EVO before 22.3R3-S2-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO."
},
{
"lang": "es",

60
CVE-2024/CVE-2024-399xx/CVE-2024-39904.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-39904",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-11T16:15:04.860",
"lastModified": "2024-07-11T16:15:04.860",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example, file:///C:/WINDOWS/system32/cmd.exe. This allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as file:///C:/WINDOWS/system32/cmd.exe and file:///C:/WINDOWS/system32/calc.exe. This vulnerability can be exploited by creating and sharing specially crafted notes. An attacker could send a crafted note file and perform further attacks. This vulnerability is fixed in 3.18.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://github.com/vnotex/vnote/commit/3477469b669708ff547037fda9fc2817870428aa",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vnotex/vnote/security/advisories/GHSA-vhh5-8wcv-68gj",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2024/CVE-2024-399xx/CVE-2024-39905.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-39905",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-11T16:15:05.067",
"lastModified": "2024-07-11T16:15:05.067",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the `@commands.can_manage_channel()` command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of the core commands or core cogs are affected. The maintainers of the project are not aware of any _public_ 3rd-party cog utilizing this API at the time of writing this advisory. The problem was patched and released in version 3.5.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/Cog-Creators/Red-DiscordBot/commit/0b0b23b9717b40ed4f8715720b199417c8e89750",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Cog-Creators/Red-DiscordBot/pull/6398",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-5jq8-q6rj-9gq4",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2024/CVE-2024-64xx/CVE-2024-6484.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-6484",
"sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"published": "2024-07-11T17:15:17.007",
"lastModified": "2024-07-11T17:15:17.007",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2024-6484",
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c"
}
]
}

56
CVE-2024/CVE-2024-64xx/CVE-2024-6485.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-6485",
"sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"published": "2024-07-11T17:15:17.240",
"lastModified": "2024-07-11T17:15:17.240",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2024-6485",
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c"
}
]
}

133
CVE-2024/CVE-2024-66xx/CVE-2024-6680.json Normal file
View File

@ -0,0 +1,133 @@
{
"id": "CVE-2024-6680",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-11T16:15:05.320",
"lastModified": "2024-07-11T16:15:05.320",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271153 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://gitee.com/witmy/my-springsecurity-plus/issues/IAAH8A",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.271153",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.271153",
"source": "cna@vuldb.com"
}
]
}

133
CVE-2024/CVE-2024-66xx/CVE-2024-6681.json Normal file
View File

@ -0,0 +1,133 @@
{
"id": "CVE-2024-6681",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-11T17:15:17.467",
"lastModified": "2024-07-11T17:15:17.467",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271154 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://gitee.com/witmy/my-springsecurity-plus/issues/IAAGZY",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.271154",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.271154",
"source": "cna@vuldb.com"
}
]
}

91
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-07-11T16:00:18.806565+00:00
2024-07-11T18:00:19.361133+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-07-11T15:59:57.840000+00:00
2024-07-11T17:15:17.467000+00:00
```
### Last Data Feed Release
@ -33,50 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
256682
256719
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `37`
- [CVE-2024-28872](CVE-2024/CVE-2024-288xx/CVE-2024-28872.json) (`2024-07-11T15:15:11.377`)
- [CVE-2024-37151](CVE-2024/CVE-2024-371xx/CVE-2024-37151.json) (`2024-07-11T15:15:11.847`)
- [CVE-2024-38534](CVE-2024/CVE-2024-385xx/CVE-2024-38534.json) (`2024-07-11T15:15:12.350`)
- [CVE-2024-38535](CVE-2024/CVE-2024-385xx/CVE-2024-38535.json) (`2024-07-11T15:15:12.557`)
- [CVE-2024-38536](CVE-2024/CVE-2024-385xx/CVE-2024-38536.json) (`2024-07-11T15:15:12.760`)
- [CVE-2024-6679](CVE-2024/CVE-2024-66xx/CVE-2024-6679.json) (`2024-07-11T15:15:13.273`)
- [CVE-2024-39532](CVE-2024/CVE-2024-395xx/CVE-2024-39532.json) (`2024-07-11T17:15:10.403`)
- [CVE-2024-39533](CVE-2024/CVE-2024-395xx/CVE-2024-39533.json) (`2024-07-11T17:15:10.650`)
- [CVE-2024-39535](CVE-2024/CVE-2024-395xx/CVE-2024-39535.json) (`2024-07-11T17:15:10.900`)
- [CVE-2024-39536](CVE-2024/CVE-2024-395xx/CVE-2024-39536.json) (`2024-07-11T17:15:11.190`)
- [CVE-2024-39537](CVE-2024/CVE-2024-395xx/CVE-2024-39537.json) (`2024-07-11T17:15:11.843`)
- [CVE-2024-39538](CVE-2024/CVE-2024-395xx/CVE-2024-39538.json) (`2024-07-11T17:15:12.413`)
- [CVE-2024-39539](CVE-2024/CVE-2024-395xx/CVE-2024-39539.json) (`2024-07-11T17:15:12.633`)
- [CVE-2024-39540](CVE-2024/CVE-2024-395xx/CVE-2024-39540.json) (`2024-07-11T17:15:12.883`)
- [CVE-2024-39541](CVE-2024/CVE-2024-395xx/CVE-2024-39541.json) (`2024-07-11T17:15:13.127`)
- [CVE-2024-39542](CVE-2024/CVE-2024-395xx/CVE-2024-39542.json) (`2024-07-11T17:15:13.367`)
- [CVE-2024-39543](CVE-2024/CVE-2024-395xx/CVE-2024-39543.json) (`2024-07-11T17:15:13.583`)
- [CVE-2024-39545](CVE-2024/CVE-2024-395xx/CVE-2024-39545.json) (`2024-07-11T17:15:13.823`)
- [CVE-2024-39546](CVE-2024/CVE-2024-395xx/CVE-2024-39546.json) (`2024-07-11T17:15:14.163`)
- [CVE-2024-39548](CVE-2024/CVE-2024-395xx/CVE-2024-39548.json) (`2024-07-11T17:15:14.730`)
- [CVE-2024-39549](CVE-2024/CVE-2024-395xx/CVE-2024-39549.json) (`2024-07-11T17:15:15.433`)
- [CVE-2024-39550](CVE-2024/CVE-2024-395xx/CVE-2024-39550.json) (`2024-07-11T17:15:15.900`)
- [CVE-2024-39551](CVE-2024/CVE-2024-395xx/CVE-2024-39551.json) (`2024-07-11T17:15:16.140`)
- [CVE-2024-39552](CVE-2024/CVE-2024-395xx/CVE-2024-39552.json) (`2024-07-11T17:15:16.370`)
- [CVE-2024-39553](CVE-2024/CVE-2024-395xx/CVE-2024-39553.json) (`2024-07-11T17:15:16.620`)
- [CVE-2024-39904](CVE-2024/CVE-2024-399xx/CVE-2024-39904.json) (`2024-07-11T16:15:04.860`)
- [CVE-2024-39905](CVE-2024/CVE-2024-399xx/CVE-2024-39905.json) (`2024-07-11T16:15:05.067`)
- [CVE-2024-6484](CVE-2024/CVE-2024-64xx/CVE-2024-6484.json) (`2024-07-11T17:15:17.007`)
- [CVE-2024-6485](CVE-2024/CVE-2024-64xx/CVE-2024-6485.json) (`2024-07-11T17:15:17.240`)
- [CVE-2024-6680](CVE-2024/CVE-2024-66xx/CVE-2024-6680.json) (`2024-07-11T16:15:05.320`)
- [CVE-2024-6681](CVE-2024/CVE-2024-66xx/CVE-2024-6681.json) (`2024-07-11T17:15:17.467`)
### CVEs modified in the last Commit
Recently modified CVEs: `128`
Recently modified CVEs: `52`
- [CVE-2024-40333](CVE-2024/CVE-2024-403xx/CVE-2024-40333.json) (`2024-07-11T15:06:21.320`)
- [CVE-2024-40336](CVE-2024/CVE-2024-403xx/CVE-2024-40336.json) (`2024-07-11T15:06:22.143`)
- [CVE-2024-40726](CVE-2024/CVE-2024-407xx/CVE-2024-40726.json) (`2024-07-11T15:06:22.967`)
- [CVE-2024-40727](CVE-2024/CVE-2024-407xx/CVE-2024-40727.json) (`2024-07-11T15:06:23.850`)
- [CVE-2024-40730](CVE-2024/CVE-2024-407xx/CVE-2024-40730.json) (`2024-07-11T15:06:24.660`)
- [CVE-2024-40731](CVE-2024/CVE-2024-407xx/CVE-2024-40731.json) (`2024-07-11T15:06:25.460`)
- [CVE-2024-40734](CVE-2024/CVE-2024-407xx/CVE-2024-40734.json) (`2024-07-11T15:06:26.257`)
- [CVE-2024-40735](CVE-2024/CVE-2024-407xx/CVE-2024-40735.json) (`2024-07-11T15:06:27.070`)
- [CVE-2024-40736](CVE-2024/CVE-2024-407xx/CVE-2024-40736.json) (`2024-07-11T15:06:27.890`)
- [CVE-2024-40739](CVE-2024/CVE-2024-407xx/CVE-2024-40739.json) (`2024-07-11T15:06:28.767`)
- [CVE-2024-40742](CVE-2024/CVE-2024-407xx/CVE-2024-40742.json) (`2024-07-11T15:06:29.580`)
- [CVE-2024-5488](CVE-2024/CVE-2024-54xx/CVE-2024-5488.json) (`2024-07-11T15:06:31.120`)
- [CVE-2024-5681](CVE-2024/CVE-2024-56xx/CVE-2024-5681.json) (`2024-07-11T15:06:31.987`)
- [CVE-2024-5711](CVE-2024/CVE-2024-57xx/CVE-2024-5711.json) (`2024-07-11T14:54:55.473`)
- [CVE-2024-6026](CVE-2024/CVE-2024-60xx/CVE-2024-6026.json) (`2024-07-11T15:06:33.000`)
- [CVE-2024-6138](CVE-2024/CVE-2024-61xx/CVE-2024-6138.json) (`2024-07-11T15:06:33.753`)
- [CVE-2024-6229](CVE-2024/CVE-2024-62xx/CVE-2024-6229.json) (`2024-07-11T15:03:15.233`)
- [CVE-2024-6235](CVE-2024/CVE-2024-62xx/CVE-2024-6235.json) (`2024-07-11T15:06:34.163`)
- [CVE-2024-6286](CVE-2024/CVE-2024-62xx/CVE-2024-6286.json) (`2024-07-11T15:06:34.997`)
- [CVE-2024-6387](CVE-2024/CVE-2024-63xx/CVE-2024-6387.json) (`2024-07-11T14:15:13.510`)
- [CVE-2024-6539](CVE-2024/CVE-2024-65xx/CVE-2024-6539.json) (`2024-07-11T14:56:20.733`)
- [CVE-2024-6602](CVE-2024/CVE-2024-66xx/CVE-2024-6602.json) (`2024-07-11T15:06:37.333`)
- [CVE-2024-6606](CVE-2024/CVE-2024-66xx/CVE-2024-6606.json) (`2024-07-11T15:06:37.647`)
- [CVE-2024-6611](CVE-2024/CVE-2024-66xx/CVE-2024-6611.json) (`2024-07-11T15:06:37.977`)
- [CVE-2024-6612](CVE-2024/CVE-2024-66xx/CVE-2024-6612.json) (`2024-07-11T15:06:38.870`)
- [CVE-2024-38022](CVE-2024/CVE-2024-380xx/CVE-2024-38022.json) (`2024-07-11T16:48:59.647`)
- [CVE-2024-38023](CVE-2024/CVE-2024-380xx/CVE-2024-38023.json) (`2024-07-11T16:47:34.203`)
- [CVE-2024-38024](CVE-2024/CVE-2024-380xx/CVE-2024-38024.json) (`2024-07-11T16:46:07.437`)
- [CVE-2024-38025](CVE-2024/CVE-2024-380xx/CVE-2024-38025.json) (`2024-07-11T16:43:28.747`)
- [CVE-2024-38027](CVE-2024/CVE-2024-380xx/CVE-2024-38027.json) (`2024-07-11T16:42:49.083`)
- [CVE-2024-38028](CVE-2024/CVE-2024-380xx/CVE-2024-38028.json) (`2024-07-11T16:42:20.313`)
- [CVE-2024-38030](CVE-2024/CVE-2024-380xx/CVE-2024-38030.json) (`2024-07-11T16:35:21.450`)
- [CVE-2024-38031](CVE-2024/CVE-2024-380xx/CVE-2024-38031.json) (`2024-07-11T16:32:33.517`)
- [CVE-2024-38032](CVE-2024/CVE-2024-380xx/CVE-2024-38032.json) (`2024-07-11T16:31:16.480`)
- [CVE-2024-38033](CVE-2024/CVE-2024-380xx/CVE-2024-38033.json) (`2024-07-11T16:27:21.303`)
- [CVE-2024-38034](CVE-2024/CVE-2024-380xx/CVE-2024-38034.json) (`2024-07-11T16:26:19.257`)
- [CVE-2024-38041](CVE-2024/CVE-2024-380xx/CVE-2024-38041.json) (`2024-07-11T16:25:14.153`)
- [CVE-2024-38043](CVE-2024/CVE-2024-380xx/CVE-2024-38043.json) (`2024-07-11T16:25:00.517`)
- [CVE-2024-38060](CVE-2024/CVE-2024-380xx/CVE-2024-38060.json) (`2024-07-11T17:09:20.017`)
- [CVE-2024-38061](CVE-2024/CVE-2024-380xx/CVE-2024-38061.json) (`2024-07-11T17:08:40.157`)
- [CVE-2024-38062](CVE-2024/CVE-2024-380xx/CVE-2024-38062.json) (`2024-07-11T17:08:22.053`)
- [CVE-2024-38064](CVE-2024/CVE-2024-380xx/CVE-2024-38064.json) (`2024-07-11T17:07:36.783`)
- [CVE-2024-38065](CVE-2024/CVE-2024-380xx/CVE-2024-38065.json) (`2024-07-11T17:06:56.247`)
- [CVE-2024-38066](CVE-2024/CVE-2024-380xx/CVE-2024-38066.json) (`2024-07-11T16:59:19.463`)
- [CVE-2024-38067](CVE-2024/CVE-2024-380xx/CVE-2024-38067.json) (`2024-07-11T16:53:35.477`)
- [CVE-2024-38068](CVE-2024/CVE-2024-380xx/CVE-2024-38068.json) (`2024-07-11T16:53:21.910`)
- [CVE-2024-38069](CVE-2024/CVE-2024-380xx/CVE-2024-38069.json) (`2024-07-11T16:52:57.883`)
- [CVE-2024-38070](CVE-2024/CVE-2024-380xx/CVE-2024-38070.json) (`2024-07-11T16:50:59.957`)
- [CVE-2024-39202](CVE-2024/CVE-2024-392xx/CVE-2024-39202.json) (`2024-07-11T16:13:13.487`)
- [CVE-2024-39560](CVE-2024/CVE-2024-395xx/CVE-2024-39560.json) (`2024-07-11T17:15:16.867`)
## Download and Usage

409
_state.csv
View File

File diff suppressed because it is too large Load Diff