admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-19T20:00:19.099372+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-19 20:03:15 +00:00
parent 5620d70ca3
commit e245d88a71
125 changed files with 9312 additions and 680 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
CVE-2018/CVE-2018-106xx/CVE-2018-10631.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-10631",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2018-07-13T19:29:00.213",
"lastModified": "2019-10-09T23:32:57.680",
"lastModified": "2024-08-19T19:35:00.700",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
@ -84,6 +106,16 @@
"value": "CWE-693"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

24
CVE-2019/CVE-2019-206xx/CVE-2019-20634.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-20634",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-03-30T21:15:12.373",
"lastModified": "2022-04-27T16:40:35.440",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T18:15:09.837",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
},
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [

82
CVE-2021/CVE-2021-475xx/CVE-2021-47584.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47584",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:52.947",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:35:20.133",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iocost: corrige la divisi\u00f3n por cero en la donaci\u00f3n de un grupo c de bajo peso. La l\u00f3gica de c\u00e1lculo de la donaci\u00f3n supone que el donante tiene un peso posterior a la donaci\u00f3n distinto de cero, por lo que el peso activo m\u00e1s bajo es una donaci\u00f3n. cgroup puede tener 2 para poder donar 1 y conservar el otro para s\u00ed mismo. Anteriormente, solo don\u00e1bamos de grupos comunitarios con excedentes considerables, por lo que esta condici\u00f3n siempre fue cierta. Sin embargo, con el algoritmo de donaci\u00f3n preciso implementado, f1de2439ec43 (\"blk-iocost: renovar la determinaci\u00f3n del monto de la donaci\u00f3n\") hizo que el c\u00e1lculo del monto de la donaci\u00f3n fuera exacto, permitiendo que incluso los grupos de bajo peso donaran. Esto significa que, en raras ocasiones, un grupo con un peso activo de 1 puede ingresar al c\u00e1lculo de la donaci\u00f3n, lo que genera la siguiente advertencia y luego una divisi\u00f3n por cero. ADVERTENCIA: CPU: 4 PID: 0 en block/blk-iocost.c:1928 transfer_surpluses.cold+0x0/0x53 [884/94867] ... RIP: 0010:transfer_surpluses.cold+0x0/0x53 C\u00f3digo: 92 y siguientes 48 c7 c7 28 d1 ab b5 65 48 8b 34 25 00 ae 01 00 48 81 c6 90 06 00 00 e8 8b 3f fe ff 48 c7 c0 ea ff ff ff e9 95 ff 92 ff <0f> 0b 48 c7 c7 30 da ab b5 e8 71 3f fe ff 4c 89 e8 4d 85 ed 74 0 4 ... Seguimiento de llamadas: ioc_timer_fn+0x1043/0x1390 call_timer_fn+0xa1/0x2c0 __run_timers.part.0+0x1ec/0x2e0 run_timer_softirq+0x35/0x70 ... iocg : pesos de donaci\u00f3n no v\u00e1lidos en /a/b: activo=1 donaci\u00f3n=1 despu\u00e9s=0 Corr\u00edjalo excluyendo cgroups con hweight activo < 2 de la donaci\u00f3n. Excluir estas donaciones de peso extremadamente bajo no deber\u00eda afectar la conservaci\u00f3n del trabajo de ninguna manera significativa."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.10.88",
"matchCriteriaId": "EB4181F8-6C8B-4641-A13A-D558F76ABA69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.11",
"matchCriteriaId": "11274E95-438A-449A-B100-01B2B0046669"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3a1a4eb574178c21241a6200f4785572e661c472",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a7c80674538f15f85d68138240aae440b8039519",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/edaa26334c117a584add6053f48d63a988d25a6e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2021/CVE-2021-475xx/CVE-2021-47585.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47585",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:53.057",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:29:03.543",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: btrfs: corrige la p\u00e9rdida de memoria en __add_inode_ref() La l\u00ednea 1169 (#3) asigna un fragmento de memoria para victim_name mediante kmalloc(), pero cuando la funci\u00f3n regresa en la l\u00ednea 1184 (#4) victim_name asignado por la l\u00ednea 1169 (#3) no se libera, lo que provocar\u00e1 una p\u00e9rdida de memoria. Hay un fragmento de c\u00f3digo similar en esta funci\u00f3n para asignar un fragmento de memoria para victim_name en la l\u00ednea 1104 (n.\u00ba 1), as\u00ed como para liberar la memoria en la l\u00ednea 1116 (n.\u00ba 2). Deber\u00edamos kfree() victim_name cuando el valor de retorno de backref_in_log() sea menor que cero y antes de que la funci\u00f3n regrese en la l\u00ednea 1184 (#4). 1057 static inline int __add_inode_ref(struct btrfs_trans_handle *trans, 1058 struct btrfs_root *root, 1059 struct btrfs_path *path, 1060 struct btrfs_root *log_root, 1061 struct btrfs_inode *dir, 1062 struct btrfs_inode *inode, 63 u64 inode_objectid, u64 parent_objectid, 1064 u64 ref_index, char *nombre, int nombrelen, 1065 int *search_done) 1066 { 1104 nombre_v\u00edctima = kmalloc(nombre_v\u00edctima_len, GFP_NOFS); // #1: kmalloc (nombre_v\u00edctima-1) 1105 if (!nombre_v\u00edctima) 1106 return -ENOMEM; 1112 ret = backref_in_log(log_root, &search_key, 1113 parent_objectid, victim_name, 1114 victim_name_len); 1115 if (ret < 0) { 1116 kfree(nombre_v\u00edctima); // #2: kfree (nombre_v\u00edctima-1) 1117 return ret; 1118 } else if (!ret) { 1169 nombre_v\u00edctima = kmalloc(nombre_v\u00edctima_len, GFP_NOFS); // #3: kmalloc (nombre_v\u00edctima-2) 1170 if (!nombre_v\u00edctima) 1171 return -ENOMEM; 1180 ret = backref_in_log(log_root, &search_key, 1181 parent_objectid, victim_name, 1182 victim_name_len); 1183 si (ret < 0) { 1184 retorno ret; // #4: falta kfree (nombre_v\u00edctima-2) 1185 } else if (!ret) { 1241 return 0; 1242 }"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.88",
"matchCriteriaId": "A657B2D0-5B9D-42BE-A3BF-228DBC1B057C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.11",
"matchCriteriaId": "11274E95-438A-449A-B100-01B2B0046669"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/005d9292b5b2e71a009f911bd85d755009b37242",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/493ff661d434d6bdf02e3a21adae04d7a0b4265d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f35838a6930296fc1988764cfa54cb3f705c0665",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2021/CVE-2021-475xx/CVE-2021-47596.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47596",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:54.197",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:22:13.667",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: hns3: corrige el error de use-after-free en hclgevf_send_mbx_msg Actualmente, la funci\u00f3n hns3_remove desinstala primero la instancia del cliente y luego desinstala el dispositivo del motor de aceleraci\u00f3n. El dispositivo de red se libera en el proceso de desinstalaci\u00f3n de la instancia del cliente, pero el proceso de desinstalaci\u00f3n del dispositivo del motor de aceleraci\u00f3n a\u00fan lo utiliza para rastrear la informaci\u00f3n del tiempo de ejecuci\u00f3n. Esto provoca un problema de use-after-free. Entonces lo soluciona verificando el estado del registro de la instancia para evitar use after free."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8",
"versionEndExcluding": "5.10.88",
"matchCriteriaId": "B4DD5FED-5CAF-4693-B5A1-1624BA9DBF0D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.11",
"matchCriteriaId": "11274E95-438A-449A-B100-01B2B0046669"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

94
CVE-2021/CVE-2021-475xx/CVE-2021-47597.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47597",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:54.290",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:15:30.577",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: inet_diag: corrige la fuga de informaci\u00f3n del kernel para sockets UDP KMSAN inform\u00f3 una fuga de informaci\u00f3n del kernel [1], que puede ser explotada por usuarios sin privilegios. Despu\u00e9s del an\u00e1lisis result\u00f3 que UDP no estaba inicializando r->idiag_expires. Otros usuarios de inet_sk_diag_fill() podr\u00edan cometer el mismo error en el futuro, as\u00ed que solucione este problema en inet_sk_diag_fill(). [1] ERROR: KMSAN: kernel-infoleak en instrument_copy_to_user include/linux/instrumented.h:121 [en l\u00ednea] ERROR: KMSAN: kernel-infoleak en copia lib/iov_iter.c:156 [en l\u00ednea] ERROR: KMSAN: kernel-infoleak en _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670 instrument_copy_to_user include/linux/instrumented.h:121 [en l\u00ednea] copia lib/iov_iter.c:156 [en l\u00ednea] _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670 copy_to_iter include/linux/uio.h:155 [en l\u00ednea] simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 __skb_datagram_iter+0x2cb/0x1280 net/core/datagram.c:425 skb_copy_datagram_iter+0xdc/0x270 net/core/datagram .c:533 skb_copy_datagram_msg include/linux/skbuff.h:3657 [en l\u00ednea] netlink_recvmsg+0x660/0x1c60 net/netlink/af_netlink.c:1974 sock_recvmsg_nosec net/socket.c:944 [en l\u00ednea] sock_recvmsg net/socket.c:962 [en l\u00ednea] sock_read_iter+0x5a9/0x630 net/socket.c:1035 call_read_iter include/linux/fs.h:2156 [en l\u00ednea] new_sync_read fs/read_write.c:400 [en l\u00ednea] vfs_read+0x1631/0x1980 fs/read_write.c: 481 ksys_read+0x28c/0x520 fs/read_write.c:619 __do_sys_read fs/read_write.c:629 [en l\u00ednea] __se_sys_read fs/read_write.c:627 [en l\u00ednea] __x64_sys_read+0xdb/0x120 fs/read_write.c:627 _arco x64/ x86/entry/common.c:51 [en l\u00ednea] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 Entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit se cre\u00f3 en: slab_post_alloc_hook mm/slab.h:524 [en l\u00ednea] slab_alloc_node mm/slub.c:3251 [en l\u00ednea] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974 kmalloc_reserve net/core/skbuff.c:354 [en l\u00ednea] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1126 [en l\u00ednea] netlink_dump+0x3d5/0x16a0 net/netlink/af_netlink.c:2245 __netlink_dump_start+0xd1c/0xee0 net/netlink/af_netlink.c:2370 netlink_dump_start include/linux/netlink.h:254 [en l\u00ednea] inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1343 sock_diag_rcv_msg+0x24a/0x620 netlink_rcv_skb+0x447/0x800 net/netlink/af_netlink.c:2491 sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:276 netlink_unicast_kernel net/netlink/af_netlink.c: 1319 [en l\u00ednea] netlink_unicast+0x1095/0x1360 netLink/af_netlink.c: 1345 netlink_sendmsg+0x16f3/0x1870 net/netlink/af_etlink.c: 1916 sockm. C: 704 [ en l\u00ednea] sock_sendmsg net/socket.c:724 [en l\u00ednea] sock_write_iter+0x594/0x690 net/socket.c:1057 do_iter_readv_writev+0xa7f/0xc70 do_iter_write+0x52c/0x1500 fs/read_write.c:851 vfs_writev fs/read_write.c:9 24 [en l\u00ednea] do_writev+0x63f/0xe30 fs/read_write.c:967 __do_sys_writev fs/read_write.c:1040 [en l\u00ednea] __se_sys_writev fs/read_write.c:1037 [en l\u00ednea] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037 _syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 Entry_SYSCALL_64_after_hwframe+0x44/0xae Los bytes 68-71 de 312 no est\u00e1n inicializados El acceso a la memoria de tama\u00f1o 312 comienza en ffff88812ab54000 Datos copiados a la direcci\u00f3n de usuario 0000000020001440 CPU: 1 PID: 6365 Comm: syz-executor801 Not tainted 5.16.0-rc3-syzkaller #0 Nombre de hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3",
"versionEndExcluding": "5.4.168",
"matchCriteriaId": "1339B5DB-EBC4-468A-9D4A-0B34B4FA69D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.88",
"matchCriteriaId": "A657B2D0-5B9D-42BE-A3BF-228DBC1B057C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.11",
"matchCriteriaId": "11274E95-438A-449A-B100-01B2B0046669"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3a4f6dba1eb98101abc012ef968a8b10dac1ce50",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/71ddeac8cd1d217744a0e060ff520e147c9328d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7b5596e531253ce84213d9daa7120b71c9d83198",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e5d28205bf1de7082d904ed277ceb2db2879e302",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

39
CVE-2022/CVE-2022-250xx/CVE-2022-25037.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25037",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-31T16:15:09.133",
"lastModified": "2024-05-31T19:14:47.793",
"lastModified": "2024-08-19T19:35:02.193",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que un problema en wanEditor v4.7.11 y solucionado en v.4.7.12 y v.5 conten\u00eda una vulnerabilidad de cross-site scripting (XSS) a trav\u00e9s de la funci\u00f3n de carga de im\u00e1genes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Mdxjj/5cf0a31e8abf24ed688ceb5b3543516d",

34
CVE-2022/CVE-2022-485xx/CVE-2022-48578.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48578",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T20:15:12.600",
"lastModified": "2024-06-12T18:07:41.117",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T19:35:03.153",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-125"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [

91
CVE-2023/CVE-2023-240xx/CVE-2023-24062.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24062",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-08T18:15:09.317",
"lastModified": "2024-08-08T18:55:19.180",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T19:05:06.027",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,96 @@
"value": "Diebold Nixdorf Vynamic Security Suite (VSS) anterior a 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02 y 4.2.0 SR01 no puede validar la estructura de directorios del sistema de archivos ra\u00edz durante el proceso de autorizaci\u00f3n previa al inicio (PBA) . Esto puede ser aprovechado por un atacante f\u00edsico que pueda manipular el contenido del disco duro del sistema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.0sr12",
"matchCriteriaId": "4B70F9BC-14EC-4E38-A079-63506F242F63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.0sr04",
"matchCriteriaId": "A45FE84B-35D3-4E42-942B-89EB84466C8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.0sr02",
"matchCriteriaId": "08A010AB-89B3-462F-B526-FDB06D2E8BC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.0sr01",
"matchCriteriaId": "37787D11-00BE-4351-8587-D2D02F52E769"
}
]
}
]
}
],
"references": [
{
"url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-240xx/CVE-2023-24063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24063",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-08T18:15:09.410",
"lastModified": "2024-08-08T18:55:19.180",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T19:04:47.293",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "Diebold Nixdorf Vynamic Security Suite (VSS) anterior a 3.3.0 SR10 no puede validar /etc/mtab durante el proceso Pre-Boot Authorization (PBA). Esto puede ser aprovechado por un atacante f\u00edsico que pueda manipular el contenido del disco duro del sistema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-354"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.0sr10",
"matchCriteriaId": "18EE18C7-3DB8-4564-8BD2-5B58C956A2B0"
}
]
}
]
}
],
"references": [
{
"url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-240xx/CVE-2023-24064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24064",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-08T18:15:09.467",
"lastModified": "2024-08-09T16:35:00.767",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T19:04:26.627",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -39,14 +59,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.0sr4",
"matchCriteriaId": "51E20FBA-6F78-4AB1-8B2F-5234A32D5B0E"
}
]
}
]
}
],
"references": [
{
"url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-288xx/CVE-2023-28865.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28865",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-08T18:15:09.533",
"lastModified": "2024-08-08T20:35:00.890",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T19:04:14.230",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.0sr15",
"matchCriteriaId": "2A0DCAA7-1178-4647-B2D0-4CCC6C12C843"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.0sr05",
"matchCriteriaId": "06F82886-CFE8-45C2-8438-2ECEF1EBB323"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.0sr03",
"matchCriteriaId": "CE37B991-7D9E-4E50-9162-FF0A9843B7F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.0sr02",
"matchCriteriaId": "78335240-1A2E-43F0-89ED-EA2ACB89B926"
}
]
}
]
}
],
"references": [
{
"url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2023/CVE-2023-298xx/CVE-2023-29881.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29881",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T12:55:53.443",
"lastModified": "2024-05-14T16:13:02.773",
"lastModified": "2024-08-19T19:35:04.057",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "phpok 6.4.003 es vulnerable a la inyecci\u00f3n SQL en la funci\u00f3n index_f() en phpok64/framework/api/call_control.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Northind/97522a49ae4bb0c8e6e2a49e75fd637a",

91
CVE-2023/CVE-2023-332xx/CVE-2023-33206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33206",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-08T18:15:09.597",
"lastModified": "2024-08-10T16:35:00.407",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T19:04:03.527",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-354"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.0sr16",
"matchCriteriaId": "374241F8-B3F7-4B25-8C43-42FA7307BE69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.0sr06",
"matchCriteriaId": "4B855A5E-4381-4313-A414-18085BAE4A90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.0sr04",
"matchCriteriaId": "A2F041A0-1166-4A02-BAD5-FF323E9A9C5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.0sr03",
"matchCriteriaId": "2E631831-139E-445D-AA4B-6BA7D9980BC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3.0",
"versionEndExcluding": "4.3.0sr01",
"matchCriteriaId": "62407A0F-9945-41F4-B5E6-7734E82D4003"
}
]
}
]
}
],
"references": [
{
"url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2023/CVE-2023-389xx/CVE-2023-38944.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38944",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-06T00:15:52.143",
"lastModified": "2024-03-06T15:18:08.093",
"lastModified": "2024-08-19T18:35:01.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en el firmware v12.03.01.09_pt de Multilaser RE160V y el firmware v12.03.01.10_pt de Multilaser RE163V permite a los atacantes eludir el control de acceso y obtener acceso completo a la aplicaci\u00f3n modificando un encabezado HTTP."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://seclists.org/fulldisclosure/2024/Mar/0",

93
CVE-2023/CVE-2023-402xx/CVE-2023-40261.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40261",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-08T18:15:09.670",
"lastModified": "2024-08-14T16:15:10.437",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T19:03:54.307",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -39,14 +59,79 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-665"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.0sr17",
"matchCriteriaId": "4BB62AA5-698E-4A11-8D41-81A38702DE4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.0sr07",
"matchCriteriaId": "198EF035-8590-40CD-8774-9D5BC56CE7A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.0sr04",
"matchCriteriaId": "A2F041A0-1166-4A02-BAD5-FF323E9A9C5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.0sr04",
"matchCriteriaId": "4A1A5451-12A6-43B6-AC93-CE7CAF6EA0C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3.0",
"versionEndExcluding": "4.3.0sr03",
"matchCriteriaId": "B3A8B1DB-3957-490B-A9D3-A3F22570629F"
}
]
}
]
}
],
"references": [
{
"url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2023/CVE-2023-460xx/CVE-2023-46048.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46048",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T05:15:47.560",
"lastModified": "2024-08-02T21:15:49.117",
"lastModified": "2024-08-19T19:35:04.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -22,7 +22,42 @@
"value": "Tex Live 944e257 tiene una desreferencia de puntero NULL en texk/web2c/pdftexdir/writet1.c. NOTA: esto est\u00e1 en disputa porque deber\u00eda categorizarse como un problema de usabilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/65",

39
CVE-2023/CVE-2023-486xx/CVE-2023-48644.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-48644",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T23:15:07.260",
"lastModified": "2024-03-06T15:18:08.093",
"lastModified": "2024-08-19T18:35:03.937",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en la aplicaci\u00f3n Archibus 4.0.3 para iOS. Existe una vulnerabilidad XSS en la funci\u00f3n de creaci\u00f3n de solicitud de trabajo del m\u00f3dulo de mantenimiento, a trav\u00e9s del campo de descripci\u00f3n. Esto permite a un atacante realizar una acci\u00f3n en nombre del usuario, extraer datos, etc."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-48644",

39
CVE-2023/CVE-2023-499xx/CVE-2023-49970.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49970",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T00:15:52.350",
"lastModified": "2024-03-05T13:41:01.900",
"lastModified": "2024-08-19T18:35:05.600",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que Customer Support System v1 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro de asunto en /customer_support/ajax.php?action=save_ticket."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/geraldoalcantara/CVE-2023-49970",

47
CVE-2024/CVE-2024-207xx/CVE-2024-20789.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20789",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:17.263",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:59:05.617",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:dimension:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.4.11",
"matchCriteriaId": "F7075D52-19B9-473A-9D2F-E1C4618DE4DA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb24-47.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

49
CVE-2024/CVE-2024-207xx/CVE-2024-20790.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20790",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:17.580",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:58:42.660",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,7 +18,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:dimension:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.4.11",
"matchCriteriaId": "F7075D52-19B9-473A-9D2F-E1C4618DE4DA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb24-47.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-222xx/CVE-2024-22219.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22219",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T18:15:19.290",
"lastModified": "2024-08-19T13:00:23.117",
"lastModified": "2024-08-19T18:35:06.827",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de entidad externa XML (XXE) en Terminalfour 8.0.0001 a 8.3.18 y versiones XML JDBC hasta 1.0.4 permite a usuarios autenticados enviar XML malicioso a trav\u00e9s de funciones no especificadas que podr\u00edan conducir a diversas acciones, como acceder al servidor subyacente, c\u00f3digo remoto ejecuci\u00f3n (RCE) o realizar ataques de Server-Side Request Forgery (SSRF)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://docs.terminalfour.com/articles/release-notes-highlights/",

65
CVE-2024/CVE-2024-234xx/CVE-2024-23443.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23443",
"sourceIdentifier": "bressers@elastic.co",
"published": "2024-06-19T14:15:13.360",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T19:33:31.207",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -51,10 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.17.22",
"matchCriteriaId": "798CA4B3-9E66-406D-9C0D-57DF5F77FDC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.14.0",
"matchCriteriaId": "3F1EDB3A-548A-4F37-BE27-47D23FF88908"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update-esa-2024-11/361460",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

25
CVE-2024/CVE-2024-237xx/CVE-2024-23729.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-23729",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-19T19:15:07.867",
"lastModified": "2024-08-19T19:26:46.993",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/com.heytap.browser",
"source": "cve@mitre.org"
},
{
"url": "https://play.google.com/store/apps/details?id=com.heytap.browser",
"source": "cve@mitre.org"
}
]
}

57
CVE-2024/CVE-2024-251xx/CVE-2024-25157.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25157",
"sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"published": "2024-08-14T15:15:18.023",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T18:57:58.657",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
},
{
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.0",
"matchCriteriaId": "473E0873-F26C-4E9A-B58A-CF853E6F07DF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.fortra.com/security/advisories/product-security/fi-2024-009",
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-286xx/CVE-2024-28672.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28672",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-13T16:15:30.247",
"lastModified": "2024-03-13T18:15:58.530",
"lastModified": "2024-08-19T19:35:05.690",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que DedeCMS v5.7 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /dede/media_edit.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/777erp/cms/blob/main/3.md",

190
CVE-2024/CVE-2024-290xx/CVE-2024-29012.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29012",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2024-06-20T09:15:11.347",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T19:34:59.167",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,44 @@
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer basada en pila en el servidor HTTP de SonicOS permite que un atacante remoto autenticado provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n sscanf."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "PSIRT@sonicwall.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -28,10 +61,157 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.1-5161",
"matchCriteriaId": "BE881F9C-CE9E-4D1B-92BA-D28B2B16178A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.1",
"versionEndExcluding": "7.1.1-7058",
"matchCriteriaId": "FFC449BE-1EA7-42B9-BB33-4FF14A78D2B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.2",
"versionEndExcluding": "7.1.2-7019",
"matchCriteriaId": "A859C784-32BA-43BC-97BC-120047A67EEC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8B0C7A-FD65-47CA-A625-150A90EFA7A1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A69E000B-5806-46FD-A233-4E2CC9DD38D2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF4A322-7CC7-4AB9-B10E-FFF34DF2182D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C15FED5-C48C-47CF-9645-0563D77883C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A884B1BB-F201-4C77-9F6E-B8A884DCD4C2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3BA5A3-1160-4793-A8D6-40B9D264BCC4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6739DEA3-06FF-4FEB-9931-0DB27F63B70E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0250EDF9-0AEF-4711-8EF6-D447CF48BCAF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2ABC8D8-2943-4073-9568-E87961A18998"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsv_470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F57D527-AA3F-45E9-9BCE-6F76691066B5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsv_870:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ECCCF0-A5D8-42A8-8EC1-D12B49B1124A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0008",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

190
CVE-2024/CVE-2024-290xx/CVE-2024-29013.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29013",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2024-06-20T09:15:11.543",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T19:21:08.777",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,44 @@
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer basada en mont\u00f3n en SonicOS SSL-VPN permite que un atacante remoto autenticado provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n memcpy."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "PSIRT@sonicwall.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -28,10 +61,157 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.1-5161",
"matchCriteriaId": "BE881F9C-CE9E-4D1B-92BA-D28B2B16178A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.1",
"versionEndExcluding": "7.1.1-7058",
"matchCriteriaId": "FFC449BE-1EA7-42B9-BB33-4FF14A78D2B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.2",
"versionEndExcluding": "7.1.2-7019",
"matchCriteriaId": "A859C784-32BA-43BC-97BC-120047A67EEC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8B0C7A-FD65-47CA-A625-150A90EFA7A1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A69E000B-5806-46FD-A233-4E2CC9DD38D2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF4A322-7CC7-4AB9-B10E-FFF34DF2182D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C15FED5-C48C-47CF-9645-0563D77883C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A884B1BB-F201-4C77-9F6E-B8A884DCD4C2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3BA5A3-1160-4793-A8D6-40B9D264BCC4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6739DEA3-06FF-4FEB-9931-0DB27F63B70E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0250EDF9-0AEF-4711-8EF6-D447CF48BCAF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2ABC8D8-2943-4073-9568-E87961A18998"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsv_470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F57D527-AA3F-45E9-9BCE-6F76691066B5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:nsv_870:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ECCCF0-A5D8-42A8-8EC1-D12B49B1124A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0009",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Third Party Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-294xx/CVE-2024-29421.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29421",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-22T18:15:09.937",
"lastModified": "2024-05-22T18:59:20.240",
"lastModified": "2024-08-19T18:35:07.660",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "xmedcon 0.23.0 y corregido en v.0.24.0 es vulnerable a Buffer Overflow a trav\u00e9s de libs/dicom/basic.c, lo que permite a un atacante ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/SpikeReply/advisories/blob/530dbd7ce68600a22c47dd1bcbe360220feda1d9/cve/xmedcon/cve-2024-29421.md",

39
CVE-2024/CVE-2024-301xx/CVE-2024-30171.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30171",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:21:52.690",
"lastModified": "2024-06-14T13:15:51.603",
"lastModified": "2024-08-19T18:35:08.793",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en la API TLS Java de Bouncy Castle y en el proveedor JSSE anterior a la versi\u00f3n 1.78. Es posible que se produzcan fugas basadas en el tiempo en los protocolos de enlace basados en RSA debido al procesamiento de excepciones."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171",

39
CVE-2024/CVE-2024-326xx/CVE-2024-32611.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-32611",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:36:46.153",
"lastModified": "2024-05-14T16:12:23.490",
"lastModified": "2024-08-19T18:35:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La librer\u00eda HDF5 hasta 1.14.3 puede usar un valor no inicializado en H5A__attr_release_table en H5Aint.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-457"
}
]
}
],
"references": [
{
"url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/",

41
CVE-2024/CVE-2024-329xx/CVE-2024-32927.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32927",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-08-19T17:15:07.493",
"lastModified": "2024-08-19T17:15:07.493",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:20.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-08-01",

4
CVE-2024/CVE-2024-329xx/CVE-2024-32928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32928",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-08-19T17:15:07.557",
"lastModified": "2024-08-19T17:15:07.557",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:20.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

52
CVE-2024/CVE-2024-341xx/CVE-2024-34117.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34117",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:18.420",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T18:57:27.057",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,56 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:photoshop:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.2",
"versionEndExcluding": "24.7.4",
"matchCriteriaId": "2BB90BD5-CB50-4337-A388-BB94B72BE30F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:photoshop:*:*:*:*:*:*:*:*",
"versionStartIncluding": "25.0",
"versionEndExcluding": "25.11",
"matchCriteriaId": "575ACC03-B515-4296-A980-35EA6324A71F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/photoshop/apsb24-49.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-341xx/CVE-2024-34124.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34124",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:18.910",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:56:27.377",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:dimension:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.4.11",
"matchCriteriaId": "F7075D52-19B9-473A-9D2F-E1C4618DE4DA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb24-47.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

49
CVE-2024/CVE-2024-341xx/CVE-2024-34125.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34125",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:19.163",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:56:17.350",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,7 +18,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:dimension:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.4.11",
"matchCriteriaId": "F7075D52-19B9-473A-9D2F-E1C4618DE4DA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb24-47.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-341xx/CVE-2024-34126.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34126",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:19.397",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:55:47.043",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,7 +18,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -36,10 +36,40 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:dimension:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.4.11",
"matchCriteriaId": "F7075D52-19B9-473A-9D2F-E1C4618DE4DA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb24-47.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

34
CVE-2024/CVE-2024-349xx/CVE-2024-34905.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34905",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-16T15:15:47.887",
"lastModified": "2024-05-23T21:03:49.143",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T18:35:11.410",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-353xx/CVE-2024-35373.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35373",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T21:15:59.720",
"lastModified": "2024-05-28T12:39:42.673",
"lastModified": "2024-08-19T18:35:12.200",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Mocodo Mocodo Online 4.2.6 y versiones anteriores son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de /web/rewrite.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-75"
}
]
}
],
"references": [
{
"url": "https://chocapikk.com/posts/2024/mocodo-vulnerabilities/",

39
CVE-2024/CVE-2024-360xx/CVE-2024-36054.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36054",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-26T23:15:21.370",
"lastModified": "2024-05-28T12:39:28.377",
"lastModified": "2024-08-19T19:35:07.003",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Hw64.sys en Marvin Test HW.exe anterior a 5.0.5.0 permite que procesos en modo de usuario sin privilegios lean arbitrariamente la memoria del kernel (y en consecuencia obtengan todos los privilegios) a trav\u00e9s de IOCTL 0x9c4064b8 (a trav\u00e9s de MmMapIoSpace) e IOCTL 0x9c406490 (a trav\u00e9s de ZwMapViewOfSection)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.marvintest.com/Downloads.aspx?prodId=12&search=package",

57
CVE-2024/CVE-2024-366xx/CVE-2024-36684.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36684",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-19T21:15:57.680",
"lastModified": "2024-08-01T13:53:13.027",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:51:09.050",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:pk_customlinks:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.3",
"matchCriteriaId": "B3BF3E7C-5A5C-46EC-B6C9-C629BF9725C0"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2024/06/18/pk_customlinks.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

140
CVE-2024/CVE-2024-369xx/CVE-2024-36978.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36978",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T07:15:46.437",
"lastModified": "2024-07-05T08:15:03.020",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:31:13.670",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,155 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: sched: sch_multiq: corrige posible escritura OOB en multiq_tune() q->bands se asignar\u00e1n a qopt->bands para ejecutar la l\u00f3gica de c\u00f3digo posterior despu\u00e9s de kmalloc. Por lo tanto, las antiguas q->bands no deber\u00edan usarse en kmalloc. De lo contrario, se producir\u00e1 una escritura fuera de los l\u00edmites."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "5.4.279",
"matchCriteriaId": "1A920648-B954-4FF9-B516-2BAFC2674086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.221",
"matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.162",
"matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.95",
"matchCriteriaId": "D435765D-2766-44F5-B319-F713A13E35CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.35",
"matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.6",
"matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

4
CVE-2024/CVE-2024-370xx/CVE-2024-37099.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37099",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T17:15:07.700",
"lastModified": "2024-08-19T17:15:07.700",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:20.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

104
CVE-2024/CVE-2024-393xx/CVE-2024-39371.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39371",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-25T15:15:14.410",
"lastModified": "2024-06-25T18:50:42.040",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T19:40:41.547",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,113 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring: comprueba si hay un puntero de archivo que no sea NULL en io_file_can_poll(). En kernels anteriores, era posible activar una desreferencia del puntero NULL fuera de la ruta de preparaci\u00f3n asincr\u00f3nica forzada, si no se hab\u00eda creado ning\u00fan archivo. asignado. El rastro que conduce a esto tiene el siguiente aspecto: ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 00000000000000b0 PGD 0 P4D 0 Ups: 0000 [#1] CPU SMP PREEMPT: 67 PID: 1633 Comm: buf-ring-invali Not tainted 6.8.0 -rc3+ #1 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS desconocido 2/2/2022 RIP: 0010:io_buffer_select+0xc3/0x210 C\u00f3digo: 00 00 48 39 d1 0f 82 ae 00 00 00 48 81 4b 48 00 00 01 00 48 89 73 70 0f b7 50 0c 66 89 53 42 85 ed 0f 85 d2 00 00 00 48 8b 13 <48> 8b 92 b0 00 00 00 48 83 7a 40 00 84 21 01 00 00 4c 8b 20 5b RSP: 0018:ffffb7bec38c7d88 EFLAGS: 00010246 RAX: ffff97af2be61000 RBX: ffff97af234f1700 RCX: 00000000000000040 RDX: 0000000000000000 RSI: 97aecfb04820 RDI: ffff97af234f1700 RBP: 0000000000000000 R08: 0000000000200030 R09: 0000000000000020 R10: ffffb7bec38c7dc8 R11: 000000000000 c000 R12: ffffb7bec38c7db8 R13: ffff97aecfb05800 R14 : ffff97aecfb05800 R15: ffff97af2be5e000 FS: 00007f852f74b740(0000) GS:ffff97b1eeec0000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000b0 CR3: 000000016deab005 CR4: 0000000000370ef0 Seguimiento de llamadas: ? __die+0x1f/0x60 ? page_fault_oops+0x14d/0x420? do_user_addr_fault+0x61/0x6a0? exc_page_fault+0x6c/0x150? asm_exc_page_fault+0x22/0x30? io_buffer_select+0xc3/0x210 __io_import_iovec+0xb5/0x120 io_readv_prep_async+0x36/0x70 io_queue_sqe_fallback+0x20/0x260 io_submit_sqes+0x314/0x630 __do_sys_io_uring_enter+0x33 9/0xbc0 ? __do_sys_io_uring_register+0x11b/0xc50? vm_mmap_pgoff+0xce/0x160 do_syscall_64+0x5f/0x180 Entry_SYSCALL_64_after_hwframe+0x46/0x4e RIP: 0033:0x55e0a110a67e C\u00f3digo: ba cc 00 00 00 45 31 c0 44 0f b6 92 d0 0 00 00 31 d2 41 b9 08 00 00 00 41 83 e2 01 41 c1 e2 04 41 09 c2 b8 aa 01 00 00 0f 05 90 89 30 eb a9 0f 1f 40 00 48 8b 42 20 8b 00 a8 06 75 af 85 f6 porque la solicitud est\u00e1 marcada como ASYNC forzado y tiene un archivo incorrecto fd y, por lo tanto, toma la ruta de preparaci\u00f3n asincr\u00f3nica forzada. Los kernels actuales con la preparaci\u00f3n as\u00edncrona de solicitud limpia ya no pueden solucionar este problema, pero para facilitar la compatibilidad, agreguemos esta verificaci\u00f3n de seguridad aqu\u00ed tambi\u00e9n, ya que realmente no hace da\u00f1o. En ambos casos, esto inevitablemente terminar\u00e1 con un CQE publicado con -EBADF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19",
"versionEndExcluding": "6.1.95",
"matchCriteriaId": "E0A7F60D-A7BB-486D-9C47-C6BD16DE5AC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.35",
"matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.5",
"matchCriteriaId": "8366481F-770F-4850-9D0F-2977BD97D5C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/43cfac7b88adedfb26c27834386992650f1642f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5fc16fa5f13b3c06fdb959ef262050bd810416a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/65561b4c1c9e01443cb76387eb36a9109e7048ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c2844d5e58576c55d8e8d4a9f74902d3f7be8044",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

51
CVE-2024/CVE-2024-393xx/CVE-2024-39386.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39386",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:22.000",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T18:53:49.387",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,55 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.0.9",
"matchCriteriaId": "4550B81F-3B0A-4862-BF98-572FE642C063"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.1.2",
"matchCriteriaId": "D5F292EF-BC9A-4F7E-9F5B-5A404C32A63C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/bridge/apsb24-59.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-393xx/CVE-2024-39387.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39387",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:22.233",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T18:53:28.930",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -51,10 +61,55 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.0.9",
"matchCriteriaId": "4550B81F-3B0A-4862-BF98-572FE642C063"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.1.2",
"matchCriteriaId": "D5F292EF-BC9A-4F7E-9F5B-5A404C32A63C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/bridge/apsb24-59.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

464
CVE-2024/CVE-2024-411xx/CVE-2024-41164.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41164",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2024-08-14T15:15:27.093",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T18:39:06.157",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "f5sirt@f5.com",
"type": "Secondary",
@ -84,6 +104,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "f5sirt@f5.com",
"type": "Secondary",
@ -95,10 +125,438 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "37E3F8BF-CF06-45ED-B30C-EC5FEDEC1515"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "1A235DA1-7C50-49A5-A874-7FA00EA8B7D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "F8BAF117-D67E-4A1E-9CED-F49289C2B7C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "2B8910E0-3AC4-4FEE-8BA0-8E592F546B4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "AC7E0E85-B0A1-47F2-9BD0-C97D112C9DF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "F7C5BCA9-39A7-446F-8B61-F69C704DDBEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1769D69A-CB59-46B1-89B3-FB97DC6DEB9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "3EAFF56F-8070-4617-A5DD-BA55AC2EFE93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "AF371739-2974-49F4-95BE-109ED6007A9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59203EBF-C52A-45A1-B8DF-00E17E3EFB51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "76FD103B-5FE3-46D7-A00D-CD092A0407D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "87E768C7-28EC-4999-8822-C8CE7EEE2270"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C698C1C-A3DD-46E2-B05A-12F2604E7F85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "BE9FBA0B-2B92-468D-A990-EF4F5183F506"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "E9697B71-CD20-42EF-8E6C-8C11FC84BE4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87670A74-34FE-45DF-A725-25B804C845B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "B6F06042-9552-4395-A9DA-078ABE6B0247"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "3BB3D3AA-00B7-4F3A-9B02-7467A8559325"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67DB21AE-DF53-442D-B492-C4ED9A20B105"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "785D1ED9-6073-4780-A48B-412A8F838219"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "95C55C3E-D185-4E65-9F32-AD11BC2018B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6003DFC-FB4C-4870-BB52-B0823767281D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "98D5B208-8EC0-4FFA-B9AA-B2FCC649AED5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "A6C8A4F0-FECB-42DE-88F7-D647CE10BF16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC1D037-74D2-4F92-89AD-C90F6CBF440B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "EB1B9FE6-2839-44D4-A092-7C3748C9D4CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "DA8A9AAB-A316-4C4C-9BB5-DAF4951E5FEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A54BB61-6885-4F73-B7AA-4CDCFEA3FCAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "49F35EAE-6998-41A5-AA7B-EDCF958FA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "4739D2EA-CA4B-4E42-842F-733DA88AF183"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B235A78-649B-46C5-B24B-AB485A884654"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "E79AF4D5-2188-4059-B9A0-AFACD8D191A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "A72B6A1F-492B-48D7-8F90-717CFAE9E0A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84D00768-E71B-4FF7-A7BF-F2C8CFBC900D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "018055B1-C2D8-4F63-883B-952E9E9DD434"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "841D943B-F60B-4755-941A-79F8D9B54E25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F28D083-19BE-4584-A61A-85DD3CDC66BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "84561BE2-7368-44D5-9175-A458590D19A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "6AF9FDCB-A975-4A4E-8F58-C1E830E6836D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBD10E8-6054-408F-9687-B9BF6375CA09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "57815520-E17B-42FA-B213-0CE90E657AA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "14043026-1D70-46F9-BBA7-93460ACCB76A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83794B04-87E2-4CA9-81F5-BB820D0F5395"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "CD587AF0-4D51-41C8-9F2B-1E66439A7249"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "8C260295-74F2-402C-B25E-3EDADF221A29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6E7035-3299-474F-8F67-945EA9A059D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "0409FB75-2AAD-4E06-8C47-E70EFA1F7DD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "AD9977B4-1808-4706-A98A-6BDF124773B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndExcluding": "1.2.0",
"matchCriteriaId": "D7147DD9-C334-4BD1-A229-C510F1DB0C06"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.7.0",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "75C7966C-470A-4B54-8113-D3EACCF464C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "604710F9-7A47-4F93-AA14-985678733ED1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "A0286214-6B81-45FB-8113-B5A9A1B4BEC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "667EB77B-DA13-4BA4-9371-EE3F3A109F38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "2E3EB2F4-3D19-4154-A381-99C18A5CD6D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "6BB5AAB5-64A1-4956-9255-09E0C999CC1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C446827A-1F71-4FAD-9422-580642D26AD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "C96B6834-CB0D-446C-BEF9-C3B42B2BC823"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "055A386F-ACAF-48A9-AB18-277270CF7A1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1B2000-C3FE-4B4C-885A-A5076EB164E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.1",
"matchCriteriaId": "30AAE065-0480-44EE-9A76-93D45AA0D4AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "BEE85927-DBCF-418D-AFE7-2633917FD26B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB23AE6-245E-43D6-B832-933F8259F937"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000138477",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-417xx/CVE-2024-41719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41719",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2024-08-14T15:15:27.343",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T18:40:35.203",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "f5sirt@f5.com",
"type": "Secondary",
@ -84,6 +104,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "f5sirt@f5.com",
"type": "Secondary",
@ -95,10 +125,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.1.0",
"versionEndExcluding": "20.2.1",
"matchCriteriaId": "275E22C9-F66B-45BA-960C-257D49FA0221"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000140006",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-418xx/CVE-2024-41840.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41840",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:29.453",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T18:54:02.200",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,55 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.0.9",
"matchCriteriaId": "4550B81F-3B0A-4862-BF98-572FE642C063"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.1.2",
"matchCriteriaId": "D5F292EF-BC9A-4F7E-9F5B-5A404C32A63C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/bridge/apsb24-59.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2024/CVE-2024-418xx/CVE-2024-41850.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41850",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:29.667",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:41:14.083",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,55 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.5.3",
"matchCriteriaId": "2D5EBEA0-C4C4-4D20-8420-E00C50E1ABC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0",
"versionEndExcluding": "19.5",
"matchCriteriaId": "FA2F3D57-560A-45F4-9A94-F8E059909279"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb24-56.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-418xx/CVE-2024-41851.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41851",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:29.917",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:41:29.073",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,55 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.5.3",
"matchCriteriaId": "2D5EBEA0-C4C4-4D20-8420-E00C50E1ABC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0",
"versionEndExcluding": "19.5",
"matchCriteriaId": "FA2F3D57-560A-45F4-9A94-F8E059909279"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb24-56.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-418xx/CVE-2024-41852.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41852",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:30.160",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:42:01.693",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,55 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.5.3",
"matchCriteriaId": "2D5EBEA0-C4C4-4D20-8420-E00C50E1ABC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0",
"versionEndExcluding": "19.5",
"matchCriteriaId": "FA2F3D57-560A-45F4-9A94-F8E059909279"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb24-56.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-418xx/CVE-2024-41853.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41853",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:30.380",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:42:21.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,55 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.5.3",
"matchCriteriaId": "2D5EBEA0-C4C4-4D20-8420-E00C50E1ABC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0",
"versionEndExcluding": "19.5",
"matchCriteriaId": "FA2F3D57-560A-45F4-9A94-F8E059909279"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb24-56.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-418xx/CVE-2024-41854.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41854",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:30.613",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:43:34.970",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,7 +18,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -51,10 +71,55 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.5.3",
"matchCriteriaId": "2D5EBEA0-C4C4-4D20-8420-E00C50E1ABC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0",
"versionEndExcluding": "19.5",
"matchCriteriaId": "FA2F3D57-560A-45F4-9A94-F8E059909279"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb24-56.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-418xx/CVE-2024-41856.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41856",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:30.833",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T18:54:40.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,56 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "27.0",
"versionEndExcluding": "27.9.5",
"matchCriteriaId": "693A2D61-DBC9-44D7-BA72-0DF97BDC9661"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "28.0",
"versionEndExcluding": "28.6",
"matchCriteriaId": "0CAA6BF3-38F6-4E33-9D80-66CE521775AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-418xx/CVE-2024-41865.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41865",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:31.227",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:44:04.163",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:dimension:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.4.11",
"matchCriteriaId": "F7075D52-19B9-473A-9D2F-E1C4618DE4DA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb24-47.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-418xx/CVE-2024-41866.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41866",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:31.460",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:44:22.577",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,55 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.5.3",
"matchCriteriaId": "2D5EBEA0-C4C4-4D20-8420-E00C50E1ABC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0",
"versionEndExcluding": "19.5",
"matchCriteriaId": "FA2F3D57-560A-45F4-9A94-F8E059909279"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb24-56.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-422xx/CVE-2024-42282.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42282",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.090",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T19:53:45.483",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mediatek: corrige la posible desreferencia del puntero NULL en el manejo del net_device ficticio. Mueva la liberaci\u00f3n del net_device ficticio de mtk_free_dev() a mtk_remove(). Anteriormente, si alloc_netdev_dummy() fallaba en mtk_probe(), eth->dummy_dev ser\u00eda NULL. La ruta de error luego llamar\u00eda a mtk_free_dev(), que a su vez llamar\u00eda a free_netdev() suponiendo que dummy_dev estuviera asignado (pero no lo estaba), causando potencialmente una desreferencia del puntero NULL. Al mover free_netdev() a mtk_remove(), nos aseguramos de que solo se llame cuando mtk_probe() haya tenido \u00e9xito y dummy_dev est\u00e9 completamente asignado. Esto soluciona una posible desreferencia de puntero NULL detectada por Smatch[1]."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "21DC7A88-E88C-4C44-9AFB-CBB30134097C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/16f3a28cf5f876a7f3550d8f4c870a7b41bcfaef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/af6bd5c9901b13a26eaf4d57d97a813297791596",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

130
CVE-2024/CVE-2024-422xx/CVE-2024-42283.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42283",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.163",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T19:54:33.213",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,145 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: nexthop: inicializa todos los campos en la estructura nexthops volcada. nexthop_grp contiene dos campos reservados que no son inicializados por nla_put_nh_group() y transporta basura. Esto se puede observar, por ejemplo, con strace (editado para mayor claridad): # ip nexthop add id 1 dev lo # ip nexthop add id 101 group 1 # strace -e recvmsg ip nexthop get id 101 ... recvmsg(... [{nla_len =12, nla_type=NHA_GROUP}, [{id=1, peso=0, resvd1=0x69, resvd2=0x67}]] ...) = 52 Los campos est\u00e1n reservados y, por lo tanto, no se utilizan actualmente. Pero tal como est\u00e1n, pierden memoria del n\u00facleo, y el hecho de que no sean simplemente cero complica la reutilizaci\u00f3n de los campos para nuevos fines. Inicialice la estructura completa."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3",
"versionEndExcluding": "5.4.282",
"matchCriteriaId": "02035E8E-6E63-424F-B9C8-AA3CA88D499E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.224",
"matchCriteriaId": "5CCEDF13-293D-4E64-B501-4409D0365AFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.165",
"matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.103",
"matchCriteriaId": "E45EAC72-8329-4F99-8276-86AF9BB3496A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

142
CVE-2024/CVE-2024-422xx/CVE-2024-42284.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42284",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.233",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T19:47:55.623",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: Devuelve un valor distinto de cero desde tipc_udp_addr2str() en caso de error tipc_udp_addr2str() deber\u00eda devolver un valor distinto de cero si la direcci\u00f3n de medios UDP no es v\u00e1lida. De lo contrario, puede ocurrir un acceso de desbordamiento del b\u00fafer en tipc_media_addr_printf(). Solucione este problema devolviendo 1 en una direcci\u00f3n de medios UDP no v\u00e1lida."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1",
"versionEndExcluding": "4.19.320",
"matchCriteriaId": "85CB8233-C8F9-4CE9-B044-72B6989F6312"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.282",
"matchCriteriaId": "A8961D98-9ACF-4188-BA88-44038B14BC28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.224",
"matchCriteriaId": "5CCEDF13-293D-4E64-B501-4409D0365AFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.165",
"matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.103",
"matchCriteriaId": "E45EAC72-8329-4F99-8276-86AF9BB3496A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

142
CVE-2024/CVE-2024-422xx/CVE-2024-42285.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42285",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.300",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T19:45:41.590",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/iwcm: corrige un use-after-free relacionado con la destrucci\u00f3n de ID de CM iw_conn_req_handler() asocia una nueva estructura rdma_id_private (conn_id) con una estructura iw_cm_id (cm_id) existente de la siguiente manera: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() libera tanto cm_id como struct rdma_id_private. Aseg\u00farese de que cm_work_handler() no active un use-after-free liberando solo la estructura rdma_id_private despu\u00e9s de que todo el trabajo pendiente haya finalizado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.8",
"versionEndExcluding": "4.19.320",
"matchCriteriaId": "931B85D9-2A7D-4BFF-97EF-D4E9CBD7E552"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.282",
"matchCriteriaId": "A8961D98-9ACF-4188-BA88-44038B14BC28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.224",
"matchCriteriaId": "5CCEDF13-293D-4E64-B501-4409D0365AFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.165",
"matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.103",
"matchCriteriaId": "E45EAC72-8329-4F99-8276-86AF9BB3496A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2024/CVE-2024-422xx/CVE-2024-42294.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42294",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.947",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-19T19:43:22.460",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bloquear: soluciona el punto muerto entre sd_remove y sd_release Nuestra prueba informa la siguiente tarea colgada: [ 2538.459400] INFO: task \"kworker/0:0\":7 blocked for more than 188 seconds. [ 2538.459427] Call trace: [ 2538.459430] __switch_to+0x174/0x338 [ 2538.459436] __schedule+0x628/0x9c4 [ 2538.459442] schedule+0x7c/0xe8 [ 2538.459447] schedule_preempt_disabled+0x24/0x40 [ 2538.459453] __mutex_lock+0x3ec/0xf04 [ 2538.459456] __mutex_lock_slowpath+0x14/0x24 [ 2538.459459] mutex_lock+0x30/0xd8 [ 2538.459462] del_gendisk+0xdc/0x350 [ 2538.459466] sd_remove+0x30/0x60 [ 2538.459470] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459474] device_release_driver+0x18/0x28 [ 2538.459478] bus_remove_device+0x15c/0x174 [ 2538.459483] device_del+0x1d0/0x358 [ 2538.459488] __scsi_remove_device+0xa8/0x198 [ 2538.459493] scsi_forget_host+0x50/0x70 [ 2538.459497] scsi_remove_host+0x80/0x180 [ 2538.459502] usb_stor_disconnect+0x68/0xf4 [ 2538.459506] usb_unbind_interface+0xd4/0x280 [ 2538.459510] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459514] device_release_driver+0x18/0x28 [ 2538.459518] bus_remove_device+0x15c/0x174 [ 2538.459523] device_del+0x1d0/0x358 [ 2538.459528] usb_disable_device+0x84/0x194 [ 2538.459532] usb_disconnect+0xec/0x300 [ 2538.459537] hub_event+0xb80/0x1870 [ 2538.459541] process_scheduled_works+0x248/0x4dc [ 2538.459545] worker_thread+0x244/0x334 [ 2538.459549] kthread+0x114/0x1bc [ 2538.461001] INFO: task \"fsck.\":15415 blocked for more than 188 seconds. [ 2538.461014] Call trace: [ 2538.461016] __switch_to+0x174/0x338 [ 2538.461021] __schedule+0x628/0x9c4 [ 2538.461025] schedule+0x7c/0xe8 [ 2538.461030] blk_queue_enter+0xc4/0x160 [ 2538.461034] blk_mq_alloc_request+0x120/0x1d4 [ 2538.461037] scsi_execute_cmd+0x7c/0x23c [ 2538.461040] ioctl_internal_command+0x5c/0x164 [ 2538.461046] scsi_set_medium_removal+0x5c/0xb0 [ 2538.461051] sd_release+0x50/0x94 [ 2538.461054] blkdev_put+0x190/0x28c [ 2538.461058] blkdev_release+0x28/0x40 [ 2538.461063] __fput+0xf8/0x2a8 [ 2538.461066] __fput_sync+0x28/0x5c [ 2538.461070] __arm64_sys_close+0x84/0xe8 [ 2538.461073] invoke_syscall+0x58/0x114 [ 2538.461078] el0_svc_common+0xac/0xe0 [ 2538.461082] do_el0_svc+0x1c/0x28 [ 2538.461087] el0_svc+0x38/0x68 [ 2538.461090] el0t_64_sync_handler+0x68/0xbc [ 2538.461093] el0t_64_sync+0x1a8/0x1ac T1: T2: sd_remove del_gendisk __blk_mark_disk_dead blk_freeze_queue_start ++q->mq_freeze_depth bdev_release mutex_lock(&disk->open_mutex) sd_release scsi_execute_cmd blk_queue_enter wait_event(!q->mq_freeze_depth) mutex_lock(&disk->open_mutex) SCSI no configura GD_OWNS_QUEUE, por lo que QUEUE_FLAG_DYING no est\u00e1 configurado en este escenario. Este es un cl\u00e1sico punto muerto de ABBA. Para solucionar el punto muerto, aseg\u00farese de no intentar adquirir disco->open_mutex despu\u00e9s de congelar la cola."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "9C43C45E-798F-4F27-A7BF-764CEB4C1BC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

63
CVE-2024/CVE-2024-423xx/CVE-2024-42353.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42353",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-14T21:15:17.073",
"lastModified": "2024-08-15T13:01:10.150",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:44:59.903",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pylonsproject:webob:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.8.8",
"matchCriteriaId": "7C7C7DB3-3268-4761-83C0-8A0C03A4451D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Pylons/webob/commit/f689bcf4f0a1f64f1735b1d5069aef5be6974b5b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Pylons/webob/security/advisories/GHSA-mg3v-6m49-jhp3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-426xx/CVE-2024-42633.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42633",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-19T16:15:08.740",
"lastModified": "2024-08-19T16:15:08.740",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:20.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

27
CVE-2024/CVE-2024-426xx/CVE-2024-42639.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-42639",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-16T18:15:10.067",
"lastModified": "2024-08-19T13:00:23.117",
"lastModified": "2024-08-19T18:35:13.310",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se descubri\u00f3 que H3C GR1100-P v100R009 utiliza una contrase\u00f1a codificada en /etc/shadow, que permite a los atacantes iniciar sesi\u00f3n como superusuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://palm-vertebra-fe9.notion.site/H3C-GR1100-PV100R009-was-discovered-to-contain-a-hardcoded-824141daa44f4c52a914860c6e4a7684",

4
CVE-2024/CVE-2024-426xx/CVE-2024-42657.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42657",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-19T17:15:07.967",
"lastModified": "2024-08-19T17:15:07.967",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:20.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

41
CVE-2024/CVE-2024-426xx/CVE-2024-42658.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42658",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-19T17:15:08.027",
"lastModified": "2024-08-19T17:15:08.027",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:20.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookie's parameter"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/sudo-subho/CVE-2024-42658",

34
CVE-2024/CVE-2024-426xx/CVE-2024-42681.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42681",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T17:15:18.303",
"lastModified": "2024-08-19T15:59:00.500",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T19:35:08.437",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-276"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-277"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-427xx/CVE-2024-42758.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-42758",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-16T18:15:10.400",
"lastModified": "2024-08-19T13:00:23.117",
"lastModified": "2024-08-19T18:35:14.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la versi\u00f3n v2024-01-05 del complemento indexmenu cuando se usa y habilita en Dokuwiki (motor Wiki de c\u00f3digo abierto). Un atacante malicioso puede ingresar payload XSS, por ejemplo, al crear o editar una p\u00e1gina existente, para activar el XSS en Dokuwiki, que luego se almacena en un archivo .txt (debido a la naturaleza de c\u00f3mo est\u00e1 manipulado Dokuwiki), que presenta el XSS almacenado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/1s1ldur/CVE-2024-42758/blob/main/README.md",

34
CVE-2024/CVE-2024-428xx/CVE-2024-42843.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42843",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T17:15:18.400",
"lastModified": "2024-08-19T15:58:03.563",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T19:35:09.180",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-429xx/CVE-2024-42966.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42966",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T17:15:20.130",
"lastModified": "2024-08-16T13:35:28.477",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T19:35:09.913",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-430xx/CVE-2024-43005.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-43005",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-16T20:15:13.253",
"lastModified": "2024-08-19T13:00:23.117",
"lastModified": "2024-08-19T18:35:14.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el componente dl_liuyan_save.php de ZZCMS v2023 permite a los atacantes ejecutar c\u00f3digo arbitrario en el contexto del navegador de un usuario mediante la inyecci\u00f3n de un payload manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "http://zzcms.net",

39
CVE-2024/CVE-2024-430xx/CVE-2024-43006.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-43006",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-16T20:15:13.333",
"lastModified": "2024-08-19T13:00:23.117",
"lastModified": "2024-08-19T18:35:15.920",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en ZZCMS2023 en el archivo Ask/show.php en la l\u00ednea 21. Un atacante puede explotar esta vulnerabilidad enviando una solicitud POST especialmente manipulada a /user/ask_edit.php?action=add. que incluye c\u00f3digo JavaScript malicioso en el par\u00e1metro 'contenido'. Cuando un usuario visita la p\u00e1gina Ask/show_{newsid}.html, el script inyectado se ejecuta en el contexto del navegador del usuario, lo que genera un posible robo de cookies, tokens de sesi\u00f3n u otra informaci\u00f3n confidencial."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "http://www.zzcms.net/about/download.html",

4
CVE-2024/CVE-2024-432xx/CVE-2024-43221.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43221",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T17:15:08.260",
"lastModified": "2024-08-19T17:15:08.260",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:20.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-432xx/CVE-2024-43232.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43232",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T17:15:08.443",
"lastModified": "2024-08-19T17:15:08.443",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-432xx/CVE-2024-43236.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43236",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T17:15:08.640",
"lastModified": "2024-08-19T17:15:08.640",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-432xx/CVE-2024-43240.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43240",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T17:15:08.850",
"lastModified": "2024-08-19T17:15:08.850",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

56
CVE-2024/CVE-2024-432xx/CVE-2024-43242.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43242",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:10.463",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/indeed-membership-pro/wordpress-indeed-ultimate-membership-pro-plugin-12-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-432xx/CVE-2024-43245.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43245",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:10.660",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-plugin-2-3-4-unauthenticated-account-takeover-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-432xx/CVE-2024-43247.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43247",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:10.843",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/whmpress/wordpress-whmpress-plugin-6-2-revision-5-subscriber-arbitrary-settings-change-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-432xx/CVE-2024-43248.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43248",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:11.030",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bitformpro/wordpress-bit-form-pro-plugin-2-6-4-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-432xx/CVE-2024-43249.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43249",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:11.217",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bitformpro/wordpress-bit-form-pro-plugin-2-6-4-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-432xx/CVE-2024-43250.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43250",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:11.420",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bitformpro/wordpress-bit-form-pro-plugin-2-6-4-authenticated-plugin-settings-change-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-432xx/CVE-2024-43252.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43252",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:11.607",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Crew HRM allows Object Injection.This issue affects Crew HRM: from n/a through 1.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/hr-management/wordpress-crew-hrm-plugin-1-1-1-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-432xx/CVE-2024-43256.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43256",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:11.787",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/leopard-wordpress-offload-media/wordpress-leopard-wordpress-offload-media-plugin-2-0-36-subscriber-plugin-settings-change-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-432xx/CVE-2024-43261.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43261",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:11.970",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/compute-links/wordpress-compute-links-plugin-1-2-1-remote-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-432xx/CVE-2024-43271.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43271",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:12.157",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-products-widgets-for-elementor/wordpress-widgets-for-woocommerce-products-on-elementor-plugin-2-0-0-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-432xx/CVE-2024-43272.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43272",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:12.333",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authentication for Critical Function vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-24-unauthenticated-unpublished-campaign-viewer-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-432xx/CVE-2024-43280.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43280",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:12.527",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/salon-booking-system/wordpress-salon-booking-system-plugin-10-8-1-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-432xx/CVE-2024-43281.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43281",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-19T18:15:12.707",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.This issue affects Void Elementor Post Grid Addon for Elementor Page builder: from n/a through 2.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/void-elementor-post-grid-addon-for-elementor-page-builder/wordpress-void-elementor-post-grid-addon-for-elementor-page-builder-plugin-2-3-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2024/CVE-2024-433xx/CVE-2024-43379.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43379",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-19T15:15:08.683",
"lastModified": "2024-08-19T15:15:08.683",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:20.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-433xx/CVE-2024-43380.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43380",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-19T15:15:08.893",
"lastModified": "2024-08-19T15:15:08.893",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:20.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-433xx/CVE-2024-43399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43399",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-19T15:15:09.073",
"lastModified": "2024-08-19T15:15:09.073",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:20.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-434xx/CVE-2024-43400.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43400",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-19T17:15:09.097",
"lastModified": "2024-08-19T17:15:09.097",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-434xx/CVE-2024-43401.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43401",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-19T17:15:09.317",
"lastModified": "2024-08-19T17:15:09.317",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:07.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

62
CVE-2024/CVE-2024-60xx/CVE-2024-6039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6039",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-06-16T22:15:09.360",
"lastModified": "2024-06-17T14:15:12.620",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T19:26:48.043",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fengoffice:feng_office:3.11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3621E4D-7172-4D4F-9310-067DD804A1CD"
}
]
}
]
}
],
"references": [
{
"url": "https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://seclists.org/fulldisclosure/2024/Jun/2",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.268752",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.268752",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-61xx/CVE-2024-6181.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6181",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-06-20T11:15:56.723",
"lastModified": "2024-06-20T14:15:11.837",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:45:06.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:labvantage:labvantage_lims:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "FC30AE98-8DE2-4D95-B70D-2E96D9859429"
}
]
}
]
}
],
"references": [
{
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-9531d77dce984d4da2ddcab863962e9c?pvs=4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.269152",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.269152",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.353709",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

64
CVE-2024/CVE-2024-61xx/CVE-2024-6182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6182",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-06-20T11:15:57.117",
"lastModified": "2024-06-20T16:15:14.807",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:46:05.410",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:labvantage:labvantage_lims:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "FC30AE98-8DE2-4D95-B70D-2E96D9859429"
}
]
}
]
}
],
"references": [
{
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-95e338b6f9ea45db9a6c635c3c1ff3b8",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.269153",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.269153",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.354361",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

4
CVE-2024/CVE-2024-63xx/CVE-2024-6348.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6348",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-08-19T16:15:08.973",
"lastModified": "2024-08-19T16:15:08.973",
"vulnStatus": "Received",
"lastModified": "2024-08-19T18:36:20.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

54
CVE-2024/CVE-2024-65xx/CVE-2024-6533.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6533",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-08-15T03:15:04.567",
"lastModified": "2024-08-15T13:01:10.150",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T18:13:59.457",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monospace:directus:10.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59902E26-19CC-4A1A-9BB4-54C1EE864B96"
}
]
}
]
}
],
"references": [
{
"url": "https://directus.io/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
},
{
"url": "https://fluidattacks.com/advisories/bocelli",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More