admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-06T17:00:22.288814+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-06 17:03:24 +00:00
parent 01e90a8025
commit e4b71ed046
107 changed files with 4839 additions and 479 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
CVE-2020/CVE-2020-367xx/CVE-2020-36780.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36780",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-28T09:15:36.673",
"lastModified": "2024-02-28T14:06:45.783",
"lastModified": "2024-11-06T15:35:01.093",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: i2c: sprd: corrige la fuga de referencia cuando falla pm_runtime_get_sync No se espera que el recuento de referencias de PM aumente al regresar en sprd_i2c_master_xfer() y sprd_i2c_remove(). Sin embargo, pm_runtime_get_sync incrementar\u00e1 el recuento de referencias de PM incluso si falla. Olvidarse de poner en funcionamiento resultar\u00e1 en una fuga de referencia aqu\u00ed. Reempl\u00e1celo con pm_runtime_resume_and_get para mantener el contador de uso equilibrado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3a4f326463117cee3adcb72999ca34a9aaafda93",

39
CVE-2021/CVE-2021-470xx/CVE-2021-47057.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47057",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.590",
"lastModified": "2024-03-01T14:04:26.010",
"lastModified": "2024-11-06T15:35:01.363",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: sun8i-ss: corrige la p\u00e9rdida de memoria del objeto d cuando dma_iv no se puede asignar. En el caso de que falle la asignaci\u00f3n de dma_iv, la ruta de error de retorno pierde la memoria asignada al objeto d. Solucione este problema agregando una nueva etiqueta de devoluci\u00f3n de error y saltando a ella para asegurarse de que d est\u00e9 libre antes de la devoluci\u00f3n. Direcciones-Cobertura: (\"Fuga de recursos\")"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/617ec35ed51f731a593ae7274228ef2cfc9cb781",

39
CVE-2021/CVE-2021-471xx/CVE-2021-47161.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47161",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-25T10:15:08.433",
"lastModified": "2024-03-25T13:47:14.087",
"lastModified": "2024-11-06T15:35:02.283",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: spi: spi-fsl-dspi: reparar una fuga de recursos en una ruta de manejo de errores 'dspi_request_dma()' debe deshacerse mediante una llamada 'dspi_release_dma()' en la ruta de manejo de errores de la funci\u00f3n de sonda, como ya se hizo en la funci\u00f3n de eliminaci\u00f3n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/00450ed03a17143e2433b461a656ef9cd17c2f1d",

39
CVE-2021/CVE-2021-471xx/CVE-2021-47172.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47172",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-25T10:15:08.967",
"lastModified": "2024-03-25T13:47:14.087",
"lastModified": "2024-11-06T16:35:01.133",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: iio: adc: ad7124: Se corrige posible desbordamiento por n\u00fameros de canales no secuenciales. La numeraci\u00f3n de canales debe comenzar en 0 y luego no tener huecos, o es posible que se desborde el almacenamiento disponible. Tenga en cuenta que este error se introdujo como parte de una soluci\u00f3n para garantizar que no dependi\u00e9ramos del orden de los nodos secundarios. Por lo tanto, debemos apoyar el ordenamiento arbitrario, pero todos deben estar ah\u00ed en alguna parte. Tenga en cuenta que presion\u00e9 esto cuando uso qemu para probar el resto de esta serie. Podr\u00eda decirse que esta no es la mejor soluci\u00f3n, pero probablemente sea la opci\u00f3n m\u00e1s m\u00ednima para realizar backporting, etc. La aprobaci\u00f3n de Alexandru est\u00e1 aqu\u00ed porque llev\u00f3 este parche en un conjunto m\u00e1s grande que luego aplic\u00f3 Jonathan."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc",

34
CVE-2021/CVE-2021-475xx/CVE-2021-47592.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47592",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:53.793",
"lastModified": "2024-11-01T15:14:00.373",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-06T16:35:02.757",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-476"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-208xx/CVE-2023-20800.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20800",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-08-07T04:15:13.667",
"lastModified": "2023-08-09T13:25:26.837",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-06T16:35:05.560",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-212xx/CVE-2023-21256.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21256",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.097",
"lastModified": "2023-07-25T15:30:52.077",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-06T15:35:03.267",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-313xx/CVE-2023-31305.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31305",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-08-13T17:15:20.303",
"lastModified": "2024-08-14T02:07:05.410",
"lastModified": "2024-11-06T16:35:06.613",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-338"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",

39
CVE-2023/CVE-2023-344xx/CVE-2023-34423.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34423",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-04-03T08:15:48.990",
"lastModified": "2024-04-03T12:38:04.840",
"lastModified": "2024-11-06T15:35:04.380",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Survey Maker anterior a 3.6.4 contiene una vulnerabilidad de Cross Site Scripting almacenadas. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que inicia sesi\u00f3n en el sitio web utilizando el producto con privilegios administrativos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN51098626/",

13
CVE-2023/CVE-2023-426xx/CVE-2023-42670.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42670",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-03T08:15:07.883",
"lastModified": "2023-11-24T09:15:08.830",
"lastModified": "2024-11-06T15:15:08.453",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -150,17 +150,6 @@
"Issue Tracking"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0002/",
"source": "secalert@redhat.com"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-42670.html",
"source": "secalert@redhat.com",

27
CVE-2023/CVE-2023-428xx/CVE-2023-42834.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42834",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:47.977",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-11-06T15:35:05.580",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos. Este problema se solucion\u00f3 en watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213982",

39
CVE-2023/CVE-2023-459xx/CVE-2023-45929.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45929",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:11.067",
"lastModified": "2024-03-27T12:29:30.307",
"lastModified": "2024-11-06T15:35:06.040",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que S-Lang 2.3.2 conten\u00eda un error de segmentaci\u00f3n mediante la funci\u00f3n fixup_tgetstr()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "http://lists.jedsoft.org/lists/slang-users/2023/0000002.html",

10
CVE-2023/CVE-2023-470xx/CVE-2023-47039.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47039",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-02T06:15:13.737",
"lastModified": "2024-03-28T14:15:13.467",
"lastModified": "2024-11-06T15:15:10.383",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -133,14 +133,6 @@
"tags": [
"Issue Tracking"
]
},
{
"url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0005/",
"source": "secalert@redhat.com"
}
]
}

39
CVE-2023/CVE-2023-525xx/CVE-2023-52512.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52512",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-02T22:15:47.683",
"lastModified": "2024-03-04T13:58:23.447",
"lastModified": "2024-11-06T16:35:07.700",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: nuvoton: wpcm450: corregir escritura fuera de los l\u00edmites La escritura en 'pctrl->gpio_bank' ocurre antes de verificar la validez del \u00edndice GPIO, por lo que puede ocurrir una escritura fuera de los l\u00edmites. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/6c18c386fd13dbb3ff31a1086dabb526780d9bda",

39
CVE-2023/CVE-2023-525xx/CVE-2023-52566.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52566",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-02T22:15:49.023",
"lastModified": "2024-03-04T13:58:23.447",
"lastModified": "2024-11-06T15:35:06.933",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: soluciona el uso potencial despu\u00e9s de liberar en nilfs_gccache_submit_read_data() En nilfs_gccache_submit_read_data(), se llama a brelse(bh) para eliminar el recuento de referencias de bh cuando falla la llamada a nilfs_dat_translate(). Si el recuento de referencias llega a 0 y la p\u00e1gina del propietario se desbloquea, es posible que bh quede liberado. Sin embargo, se elimina la referencia a bh->b_page para colocar la p\u00e1gina despu\u00e9s de eso, lo que puede provocar un error de Use After Free. Este parche mueve la operaci\u00f3n de lanzamiento despu\u00e9s de desbloquear y poner la p\u00e1gina. NOTA: La funci\u00f3n en cuesti\u00f3n solo se llama en GC y, en combinaci\u00f3n con las herramientas actuales del usuario, la traducci\u00f3n de direcciones usando DAT no ocurre en esa funci\u00f3n, por lo que la ruta del c\u00f3digo que causa este problema no se ejecutar\u00e1. Sin embargo, es posible ejecutar esa ruta de c\u00f3digo modificando intencionalmente la librer\u00eda GC del \u00e1rea de usuario o llamando directamente al GC ioctl. [konishi.ryusuke@gmail.com: NOTA agregada al registro de confirmaci\u00f3n]"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/193b5a1c6c67c36b430989dc063fe7ea4e200a33",

39
CVE-2023/CVE-2023-525xx/CVE-2023-52585.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52585",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:07.290",
"lastModified": "2024-11-04T13:16:39.230",
"lastModified": "2024-11-06T16:35:08.497",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: corrige una posible desreferencia NULL en amdgpu_ras_query_error_status_helper() Devuelve un c\u00f3digo de error no v\u00e1lido -EINVAL para una identificaci\u00f3n de bloque no v\u00e1lida. Corrige lo siguiente: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 error amdgpu_ras_query_error_status_helper(): anteriormente asumimos que la 'informaci\u00f3n' podr\u00eda ser nula (consulte la l\u00ednea 1176)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a",

27
CVE-2023/CVE-2023-526xx/CVE-2023-52674.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52674",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:18.187",
"lastModified": "2024-05-17T18:35:35.070",
"lastModified": "2024-11-06T16:35:09.330",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: scarlett2: Add clamp() en scarlett2_mixer_ctl_put() Aseg\u00farese de que el valor pasado a scarlett2_mixer_ctl_put() est\u00e9 entre 0 y SCARLETT2_MIXER_MAX_VALUE para que no intentemos acceder fuera de scarlett2_mixer_values[]."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/03035872e17897ba89866940bbc9cefca601e572",

27
CVE-2023/CVE-2023-527xx/CVE-2023-52700.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52700",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T16:15:12.480",
"lastModified": "2024-05-21T16:53:56.550",
"lastModified": "2024-11-06T15:35:07.743",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: corrige la advertencia del kernel al enviar un mensaje SYN Al enviar un mensaje SYN, se observa este seguimiento de la pila del kernel: ... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 . .. [ 13.398494] Seguimiento de llamadas: [ 13.398630] [ 13.398630] ? __alloc_skb+0xed/0x1a0 [13.398630] tipc_msg_build+0x12c/0x670 [tipc] [13.398630]? shmem_add_to_page_cache.isra.71+0x151/0x290 [13.398630] __tipc_sendmsg+0x2d1/0x710 [tipc] [13.398630] ? tipc_connect+0x1d9/0x230 [tipc] [13.398630]? __local_bh_enable_ip+0x37/0x80 [13.398630] tipc_connect+0x1d9/0x230 [tipc] [13.398630]? __sys_connect+0x9f/0xd0 [ 13.398630] __sys_connect+0x9f/0xd0 [ 13.398630] ? preempt_count_add+0x4d/0xa0 [13.398630]? fpregs_assert_state_consistent+0x22/0x50 [ 13.398630] __x64_sys_connect+0x16/0x20 [ 13.398630] do_syscall_64+0x42/0x90 [ 13.398630] Entry_SYSCALL_64_after_hwframe+0x63/0xcd Es porque la confirmaci\u00f3n 41dad905e5a (\"iov_iter: comprobaciones m\u00e1s sensatas para intentar copiar hacia/desde el iterador\") ha introducido una verificaci\u00f3n de cordura para copiar desde/hacia el iterador iov. La falta de direcci\u00f3n de copia desde el punto de vista del iterador conducir\u00eda a un seguimiento de la pila del kernel como se muestra arriba. Esta confirmaci\u00f3n soluciona este problema al inicializar el iterador iov con la direcci\u00f3n de copia correcta al enviar SYN o ACK sin datos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc",

27
CVE-2023/CVE-2023-527xx/CVE-2023-52779.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52779",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T16:15:16.890",
"lastModified": "2024-05-21T16:53:56.550",
"lastModified": "2024-11-06T15:35:07.953",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs: pasar el indicador AT_GETATTR_NOSEC a la funci\u00f3n de interfaz getattr. Cuando vfs_getattr_nosec() llama a la funci\u00f3n de interfaz getattr de un sistema de archivos, entonces 'nosec' debe propagarse a esta funci\u00f3n para que se pueda volver a llamar a vfs_getattr_nosec() desde gettattr del sistema de archivos en lugar de vfs_getattr(). Esto \u00faltimo agregar\u00eda controles de seguridad innecesarios que la llamada inicial a vfs_getattr_nosec() quer\u00eda evitar. Por lo tanto, introduzca el indicador getattr GETATTR_NOSEC y permita pasar con el nuevo par\u00e1metro getattr_flags a la funci\u00f3n de interfaz getattr. En overlayfs y ecryptfs use este indicador para determinar cu\u00e1l de las dos funciones llamar. En un cambio de c\u00f3digo reciente introducido en IMA, vfs_getattr_nosec() termin\u00f3 llamando a vfs_getattr() en overlayfs, que a su vez llam\u00f3 a security_inode_getattr() en un proceso saliente que ya no ten\u00eda current->fs configurado, lo que luego provoc\u00f3 una desreferencia del puntero NULL del kernel . Con este cambio se puede evitar la llamada a security_inode_getattr(), evitando as\u00ed la desreferencia del puntero NULL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3fb0fa08641903304b9d81d52a379ff031dc41d4",

39
CVE-2023/CVE-2023-528xx/CVE-2023-52872.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52872",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T16:15:23.990",
"lastModified": "2024-05-21T16:53:56.550",
"lastModified": "2024-11-06T15:35:08.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: corrige la condici\u00f3n de ejecuci\u00f3n en la l\u00ednea de estado, cambia en conexiones inactivas gsm_cleanup_mux() limpia el gsm cerrando todos los DLCI, deteniendo todos los temporizadores, eliminando los dispositivos tty virtuales y limpiando el colas de datos. Sin embargo, este procedimiento puede provocar cambios posteriores en las l\u00edneas de estado del m\u00f3dem virtual de un DLCI. Se agregan m\u00e1s datos a la cola de datos salientes y el temporizador de eliminaci\u00f3n eliminado se reinicia para manejar esto. En este punto, el procedimiento de limpieza ya ha eliminado muchos recursos. Por tanto, se produce un p\u00e1nico en el n\u00facleo. Solucione este problema demostrando en gsm_modem_update() que el procedimiento de limpieza no se ha iniciado y que el mux sigue activo. Tenga en cuenta que la escritura en un tty virtual ya est\u00e1 protegida mediante comprobaciones del estado de conexi\u00f3n espec\u00edfico de DLCI."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/19d34b73234af542cc8a218cf398dee73cdb1890",

27
CVE-2023/CVE-2023-528xx/CVE-2023-52884.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52884",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:09.560",
"lastModified": "2024-06-21T11:22:01.687",
"lastModified": "2024-11-06T16:35:09.513",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Entrada: cyapa: agrega bloqueo del n\u00facleo de entrada faltante para suspender/reanudar funciones. Toma entrada->mutex durante las funciones de suspensi\u00f3n/reanudaci\u00f3n como se hace en otros controladores de entrada. Esto corrige la siguiente advertencia durante el ciclo de suspensi\u00f3n/reanudaci\u00f3n del sistema en Snow Chromebook basado en Samsung Exynos5250: ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU : 1 PID: 1680 en drivers/input/input.c:2291 input_device_enabled+0x68/0x6c M\u00f3dulos vinculados en: ... CPU: 1 PID: 1680 Comm: kworker/u4:12 Contaminado: GW 6.6.0-rc5-next -20231009 #14109 Nombre de hardware: Samsung Exynos (\u00e1rbol de dispositivos aplanados) Cola de trabajo: events_unbound async_run_entry_fn unwind_backtrace de show_stack+0x10/0x14 show_stack de dump_stack_lvl+0x58/0x70 dump_stack_lvl de __warn+0x1a8/0x1cc __warn de warn _slowpath_fmt+0x18c/0x1b4 warn_slowpath_fmt de input_device_enabled+ 0x68/0x6c input_device_enabled de cyapa_gen3_set_power_mode+0x13c/0x1dc cyapa_gen3_set_power_mode de cyapa_reinitialize+0x10c/0x15c cyapa_reinitialize de cyapa_resume+0x48/0x98 cyapa_resume de dpm_run_callback+0x90/ 0x298 dpm_run_callback de dispositivo_resume+0xb4/0x258 dispositivo_resume de async_resume+0x20/0x64 async_resume de async_run_entry_fn+0x40 /0x15c async_run_entry_fn de Process_scheduled_works+0xbc/0x6a8 Process_scheduled_works de trabajador_thread+0x188/0x454 trabajador_thread de kthread+0x108/0x140 kthread de ret_from_fork+0x14/0x28 Pila de excepciones (0xf1625fb0 a 0xf1 625ff8) ... ---[ final de seguimiento 0000000000000000 ]-- - ... ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 1 PID: 1680 en drivers/input/input.c:2291 input_device_enabled+0x68/0x6c M\u00f3dulos vinculados en: ... CPU: 1 PID: 1680 Comm: kworker/u4:12 Tainted: GW 6.6.0-rc5-next-20231009 #14109 Nombre de hardware: Samsung Exynos (\u00e1rbol de dispositivos aplanados) Cola de trabajo : events_unbound async_run_entry_fn unwind_backtrace de show_stack+0x10/0x14 show_stack de dump_stack_lvl+0x58/0x70 dump_stack_lvl de __warn+0x1a8/0x1cc __warn de warn_slowpath_fmt+0x18c/0x1b4 warn_slowpath_fmt de input_ dispositivo_enabled+0x68/0x6c input_device_enabled de cyapa_gen3_set_power_mode+0x13c/0x1dc cyapa_gen3_set_power_mode de cyapa_reinitialize+0x10c /0x15c cyapa_reinitialize de cyapa_resume+0x48/0x98 cyapa_resume de dpm_run_callback+0x90/0x298 dpm_run_callback de device_resume+0xb4/0x258 device_resume de async_resume+0x20/0x64 async_resume de async_run_entry_fn+0x40/0x 15c async_run_entry_fn de Process_scheduled_works+0xbc/0x6a8 Process_scheduled_works de trabajador_thread+0x188/ 0x454 work_thread de kthread+0x108/0x140 kthread de ret_from_fork+0x14/0x28 Pila de excepciones (0xf1625fb0 a 0xf1625ff8)... ---[fin de seguimiento 0000000000000000]---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7b4e0b39182cf5e677c1fc092a3ec40e621c25b6",

77
CVE-2024/CVE-2024-100xx/CVE-2024-10011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10011",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-25T07:15:02.637",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T16:01:39.573",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -51,26 +81,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "14.1.0",
"matchCriteriaId": "FCFCCBD4-7F7F-4585-8331-BF8343397BDC"
}
]
}
]
}
],
"references": [
{
"url": "https://codex.buddypress.org/releases/version-14-2-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/buddypress/buddypress/blob/master/src/bp-core/bp-core-avatars.php#L1270",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/buddypress/buddypress/blob/master/src/bp-core/bp-core-avatars.php#L1370",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3173924/buddypress/trunk/bp-core/bp-core-avatars.php?contextall=1&old=3102524&old_path=%2Fbuddypress%2Ftrunk%2Fbp-core%2Fbp-core-avatars.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4327f414-64f4-4193-a5c0-2a5ecdd75e11?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-100xx/CVE-2024-10081.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-10081",
"sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"published": "2024-11-06T15:15:11.480",
"lastModified": "2024-11-06T15:15:11.480",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability.\n\nThis issue affects CodeChecker: through 6.24.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
},
{
"lang": "en",
"value": "CWE-420"
}
]
}
],
"references": [
{
"url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q",
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf"
}
]
}

64
CVE-2024/CVE-2024-100xx/CVE-2024-10082.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-10082",
"sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"published": "2024-11-06T15:15:11.760",
"lastModified": "2024-11-06T15:15:11.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot be disabled, and has universal access.This vulnerability allows an attacker who can create an account on an enabled external authentication service, to log in as the root user, and access and control everything that can be controlled via the web interface.\u00a0The attacker needs to acquire the username of the root user to be successful.\n\nThis issue affects CodeChecker: through 6.24.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-305"
},
{
"lang": "en",
"value": "CWE-330"
},
{
"lang": "en",
"value": "CWE-842"
}
]
}
],
"references": [
{
"url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-fpm5-2wcj-vfr7",
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf"
}
]
}

54
CVE-2024/CVE-2024-101xx/CVE-2024-10148.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10148",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-25T07:15:03.000",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T16:02:22.120",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sohelwpexpert:awesome_buttons:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0",
"matchCriteriaId": "288EBBF7-969D-407A-B225-988B2F0F95A0"
}
]
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/wp-awesome-buttons/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84ef25b6-8119-41e5-9959-ccdfb9893e75?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-103xx/CVE-2024-10372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10372",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-25T02:15:03.597",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T16:14:18.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.0,
"impactScore": 2.5
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chidiwilliams:buzz:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3B19C4-1611-47F2-B41D-CD43B1C74D05"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Startr4ck/CVE_lists/blob/main/buzz/Insecure%20Temporary%20File%20in%20BUZZ.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281764",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281764",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.425441",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2024/CVE-2024-105xx/CVE-2024-10505.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10505",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T02:15:02.430",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T16:38:28.750",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wuzhicms:wuzhicms:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B76E69A-B2F3-4359-A7C0-046CEE2FAEEB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wuzhicms/wuzhicms/issues/209",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282444",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282444",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.427401",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2024/CVE-2024-105xx/CVE-2024-10597.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10597",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T21:15:15.893",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T16:28:48.520",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en ESAFENET CDG 5. Afecta a la funci\u00f3n delPolicyAction del archivo /com/esafenet/servlet/system/PolicyActionService.java. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*",
"matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74"
}
]
}
]
}
],
"references": [
{
"url": "https://flowus.cn/share/380bcc9d-95ae-4576-b3df-bf3b06f1c5cd?code=G8A6P3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282609",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282609",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431325",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

82
CVE-2024/CVE-2024-107xx/CVE-2024-10748.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10748",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T01:15:03.167",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:06:52.077",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument defaultRealmKey leads to use of default cryptographic key. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en la aplicaci\u00f3n Cosmote Greece What's Up 4.47.3 para Android. Este problema afecta a algunos procesos desconocidos del archivo gr/desquared/kmmsharedmodule/db/RealmDB.java del componente Realm Database Handler. La manipulaci\u00f3n del argumento defaultRealmKey conduce al uso de la clave criptogr\u00e1fica predeterminada. Se requiere acceso local para abordar este ataque. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -106,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -116,22 +150,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cosmote:what\\'s_up:4.47.3:*:*:*:*:android:*:*",
"matchCriteriaId": "59DD0845-5BB5-46AF-897C-0D45FF8BB27F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BHardcoded%20Realm%20Database%20Encryption%20Key%5D%20found%20in%20What's%20UP%20Android%20App%204.47.3%20-%20(RealmDB.java).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282917",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282917",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.432429",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

70
CVE-2024/CVE-2024-107xx/CVE-2024-10749.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10749",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T01:15:03.470",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:04:49.497",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en ThinkAdmin hasta la versi\u00f3n 6.1.67. El script de funci\u00f3n del archivo /app/admin/controller/api/Plugs.php est\u00e1 afectado. La manipulaci\u00f3n del argumento uptoken provoca la deserializaci\u00f3n. Es posible lanzar el ataque de forma remota. La complejidad del ataque es bastante alta. Se dice que la explotaci\u00f3n es dif\u00edcil. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thinkadmin:thinkadmin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0",
"versionEndIncluding": "6.1.67",
"matchCriteriaId": "BE5A0947-30AD-4012-89BA-DEE70CBCCA1B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pwysec/Xmwcq/blob/main/1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.282918",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282918",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.432436",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

81
CVE-2024/CVE-2024-107xx/CVE-2024-10768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10768",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T19:15:05.743",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:04:45.200",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -109,6 +129,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -128,26 +158,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E358155-68C0-4C86-8359-49F37445DC44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(two_tables.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282988",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282988",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436531",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

74
CVE-2024/CVE-2024-107xx/CVE-2024-10791.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10791",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T20:15:04.580",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:05:38.240",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -110,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -128,22 +158,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codezips:hospital_appointment_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "433A683B-ACF7-4D3C-8078-D70615147B08"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/3127434/CVE/issues/2",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282989",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.282989",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?submit.436538",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-108xx/CVE-2024-10806.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10806",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T01:15:03.100",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:06:48.493",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -110,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -128,26 +158,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anujkumar:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D5B4F7-34A0-411E-9F63-2788CA1EEF32"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(betweendates-detailsreports.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.283030",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.283030",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.436547",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-108xx/CVE-2024-10807.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10807",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T02:15:03.407",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:07:09.930",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -110,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -128,26 +158,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anujkumar:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D5B4F7-34A0-411E-9F63-2788CA1EEF32"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(search.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.283031",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.283031",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.436551",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-108xx/CVE-2024-10808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10808",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T02:15:03.700",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:14:13.607",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -110,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -128,26 +158,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anisha:e-health_care_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF4969C-5448-45BC-BD39-8ED478474F14"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/koevas257/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.283036",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.283036",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.436566",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-108xx/CVE-2024-10809.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10809",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T02:15:03.980",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:14:48.213",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -110,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -128,26 +158,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anisha:e-health_care_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF4969C-5448-45BC-BD39-8ED478474F14"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Xueweian/cve/blob/main/sql18.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.283037",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.283037",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.436759",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-108xx/CVE-2024-10810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10810",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-05T02:15:04.250",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:16:12.497",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -110,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -128,26 +158,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anisha:e-health_care_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF4969C-5448-45BC-BD39-8ED478474F14"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/wsy149433/cve/blob/main/sql19.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.283038",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.283038",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?submit.437018",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

145
CVE-2024/CVE-2024-109xx/CVE-2024-10916.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2024-10916",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-06T15:15:12.123",
"lastModified": "2024-11-06T16:15:05.450",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.283311",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.283311",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.432849",
"source": "cna@vuldb.com"
},
{
"url": "https://www.dlink.com/",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-109xx/CVE-2024-10919.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-10919",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-06T16:15:05.610",
"lastModified": "2024-11-06T16:15:05.610",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/didi/super-jacoco/issues/49",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.283315",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.283315",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.432689",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-109xx/CVE-2024-10920.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-10920",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-06T16:15:05.930",
"lastModified": "2024-11-06T16:15:05.930",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\\src\\main\\java\\io\\github\\mariazevedo88\\travelsjavaapi\\filters\\JwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key\r . The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 2.3,
"baseSeverity": "LOW"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 2.1
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-320"
},
{
"lang": "en",
"value": "CWE-321"
}
]
}
],
"references": [
{
"url": "https://github.com/mariazevedo88/travels-java-api/issues/23",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.283316",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.283316",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.433458",
"source": "cna@vuldb.com"
}
]
}

28
CVE-2024/CVE-2024-14xx/CVE-2024-1454.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1454",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-12T23:15:08.410",
"lastModified": "2024-10-16T13:57:49.460",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-06T15:15:14.010",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -158,30 +158,6 @@
"tags": [
"Patch"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-17xx/CVE-2024-1746.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1746",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-15T05:15:14.997",
"lastModified": "2024-04-15T13:15:31.997",
"lastModified": "2024-11-06T15:35:10.770",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento Testimonial Slider de WordPress anterior a 2.3.8 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/5f35572a-4129-4fe0-a465-d25f4c3b4419/",

27
CVE-2024/CVE-2024-19xx/CVE-2024-1901.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1901",
"sourceIdentifier": "security@devolutions.net",
"published": "2024-03-05T22:15:47.103",
"lastModified": "2024-03-06T15:18:08.093",
"lastModified": "2024-11-06T15:35:11.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "La denegaci\u00f3n de servicio en la rotaci\u00f3n de contrase\u00f1as de PAM durante el proceso de registro en Devolutions Server 2023.3.14.0 permite que un usuario autenticado con permisos de PAM espec\u00edficos haga que las credenciales de PAM no est\u00e9n disponibles."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2024-0002",

34
CVE-2024/CVE-2024-224xx/CVE-2024-22436.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22436",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-03-26T19:15:48.550",
"lastModified": "2024-03-27T12:29:41.530",
"lastModified": "2024-11-06T16:35:10.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -36,9 +36,41 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbmu04626en_us",

27
CVE-2024/CVE-2024-231xx/CVE-2024-23152.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23152",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-06-25T04:15:12.770",
"lastModified": "2024-06-25T12:24:17.873",
"lastModified": "2024-11-06T15:35:12.300",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un archivo 3DM creado con fines malintencionados, cuando se analiza en opennurbs.dll a trav\u00e9s de aplicaciones de Autodesk, puede forzar una lectura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@autodesk.com",

27
CVE-2024/CVE-2024-231xx/CVE-2024-23155.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23155",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-06-25T04:15:13.330",
"lastModified": "2024-06-25T12:24:17.873",
"lastModified": "2024-11-06T16:35:11.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un archivo MODEL creado con fines malintencionados, cuando se analiza en atf_asm_interface.dll a trav\u00e9s de aplicaciones de Autodesk, se puede utilizar para provocar un desbordamiento de b\u00fafer basado en mont\u00f3n. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@autodesk.com",

27
CVE-2024/CVE-2024-232xx/CVE-2024-23289.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23289",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-08T02:15:50.117",
"lastModified": "2024-03-13T22:15:11.227",
"lastModified": "2024-11-06T16:35:11.190",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se solucion\u00f3 un problema de la pantalla de bloqueo con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en iOS 16.7.6 y iPadOS 16.7.6, iOS 17.4 y iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. Una persona con acceso f\u00edsico a un dispositivo puede usar Siri para acceder a informaci\u00f3n privada del calendario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/21",

27
CVE-2024/CVE-2024-263xx/CVE-2024-26328.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26328",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-19T05:15:26.263",
"lastModified": "2024-04-19T07:15:09.770",
"lastModified": "2024-11-06T15:35:12.510",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se descubri\u00f3 un problema en QEMU 7.1.0 a 8.2.1. Register_vfs en hw/pci/pcie_sriov.c no configura NumVFs en PCI_SRIOV_TOTAL_VF y, por lo tanto, la interacci\u00f3n con hw/nvme/ctrl.c no se maneja correctamente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://lore.kernel.org/all/20240213055345-mutt-send-email-mst%40kernel.org/",

39
CVE-2024/CVE-2024-264xx/CVE-2024-26468.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26468",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T16:27:59.870",
"lastModified": "2024-02-26T16:32:25.577",
"lastModified": "2024-11-06T15:35:12.710",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) basada en DOM en el componente index.html de jstrieb/urlpages antes de el commit 035b647 permite a los atacantes ejecutar Javascript arbitrario mediante el env\u00edo de una URL manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/cd80/87b41cf58ba04564d55f4a26152bf0a9",

39
CVE-2024/CVE-2024-264xx/CVE-2024-26473.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26473",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:44:19.043",
"lastModified": "2024-02-29T13:49:29.390",
"lastModified": "2024-11-06T16:35:11.450",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) reflejada en SocialMediaWebsite v1.0.1 permite a los atacantes inyectar JavaScript malicioso en el navegador web de una v\u00edctima a trav\u00e9s del par\u00e1metro de encuesta en poll.php. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26473",

39
CVE-2024/CVE-2024-266xx/CVE-2024-26612.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26612",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-11T18:15:19.170",
"lastModified": "2024-03-12T12:40:13.500",
"lastModified": "2024-11-06T16:35:12.233",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfs, fscache: Prevenir Ups en fscache_put_cache() Esta funci\u00f3n desreferencia \"cach\u00e9\" y luego verifica si es IS_ERR_OR_NULL(). Primero verifique y luego elimine la referencia."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1c45256e599061021e2c848952e50f406457e448",

27
CVE-2024/CVE-2024-266xx/CVE-2024-26614.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26614",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-11T18:15:19.280",
"lastModified": "2024-11-05T10:15:33.150",
"lastModified": "2024-11-06T15:35:13.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: tcp: aseg\u00farese de iniciar los spinlocks de Accept_queue una vez. Cuando ejecuto el programa C de reproducci\u00f3n de syz localmente, causa el siguiente problema: pvqspinlock: \u00a1el bloqueo 0xffff9d181cd5c660 tiene un valor corrupto 0x0! ADVERTENCIA: CPU: 19 PID: 21160 en __pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508) Nombre del hardware: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt .h :508) C\u00f3digo: 73 56 3a ff 90 c3 cc cc cc 8b 05 bb 1f 48 01 85 c0 74 05 c3 cc cc cc cc 8b 17 48 89 fe 48 c7 c7 30 20 ce 8f e8 ad 56 42 ff <0f> 0b c3 cc cc cc cc 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffa8d200604cb8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 00000 00000000000 RCX: ffff9d1ef60e0908 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9d1ef60e0900 RBP: ffff9d181cd5c280 R08: 0000000000000000 R09: 00000000ffff7fff R10: ffffa8d200604b68 R11: ffffffff907dcdc8 R12: 00000000000000000 R13: ffff9d181cd5c660 R14: ffff9d181 3a3f330 R15: 0000000000001000 FS: 00007fa110184640(0000) GS:ffff9d1ef60c0000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000011f65e000 CR4: 00000000000006f0 Seguimiento de llamadas: _raw_spin_unlock (kernel/locking/spinlock.c:186) inet_csk_reqsk_queue_add (net/ipv4/inet_connection_sock.c:1321) inet_csk_complete_hashdance (net/ipv4/inet_connection_sock.c: 1358) tcp_check_req (net/ipv4/tcp_minisocks.c:868) tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2260) ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205) ip_local_deliver_finish (net/ipv4/ip_input.c:234 ) __netif_receive_skb_one_core (net/core/dev.c:5529) Process_backlog (./include/linux/rcupdate.h:779) __napi_poll (net/core/dev.c:6533) net_rx_action (net/core/dev.c:6604) __do_softirq (./arch/x86/include/asm/jump_label.h:27) do_softirq (kernel/softirq.c:454 kernel/softirq.c:441) __local_bh_enable_ip (kernel/softirq.c: 381) __dev_queue_xmit (net/core/dev.c:4374) ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:235) __ip_queue_xmit (net/ipv4/ip_output.c:535) __tcp_transmit_skb (net/ipv4/tcp_output.c:1462) tcp_rcv_synsent_state_process (net/ipv4/tcp_input.c:6469) tcp_rcv_state_process (net/ipv4/tcp_input.c:6657) tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1929) __release _calcet\u00edn (. /include/net/sock.h:1121 net/core/sock.c:2968) release_sock (net/core/sock.c:3536) inet_wait_for_connect (net/ipv4/af_inet.c:609) __inet_stream_connect (net/ipv4/ af_inet.c:702) inet_stream_connect (net/ipv4/af_inet.c:748) __sys_connect (./include/linux/file.h:45 net/socket.c:2064) __x64_sys_connect (net/socket.c:2073 net/ socket.c:2070 net/socket.c:2070) do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82) Entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S: 129) QEPD: 0033:0x7fa10ff05a3d C\u00f3digo: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4 c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48 RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003 RBP: 00007FA110183E20 R08: 000000000000000000 R09: 000000000000000000 R10: 0000000000000000000000000000000000000000202 R12: 00007FA1101846440000000000000000000000000000000000000000000000000000000000000SEN 00007FA10FE8B060 R15: 00007FFFF73E23B20 El proceso de activaci\u00f3n del problema se analiza de la siguiente manera: subhifique un subproceso b tcp_v4_rcv / /recibir acuse de recibo del paquete TCP inet_shutdown tcp_check_req tcp_disconnect //desconectar calcet\u00edn... tcp_set_state(sk, TCP_CLOSE) inet_csk_complete_hashdance... inet_csk_reqsk_queue_add ---truncado---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/168e7e599860654876c2a1102a82610285c02f02",

27
CVE-2024/CVE-2024-266xx/CVE-2024-26690.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26690",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.487",
"lastModified": "2024-04-03T17:24:18.150",
"lastModified": "2024-11-06T16:35:13.027",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: stmmac: protege las actualizaciones de los contadores de estad\u00edsticas de 64 bits. Como se explica en un comentario en , el lado de escritura de la estructura u64_stats_sync debe garantizar la exclusi\u00f3n mutua, o uno La actualizaci\u00f3n de seqcount podr\u00eda perderse en plataformas de 32 bits, bloqueando as\u00ed a los lectores para siempre. Estos bloqueos se han observado en el mundo real despu\u00e9s de que stmmac_xmit() en una CPU compitiera con stmmac_napi_poll_tx() en otra CPU. Para solucionar el problema sin introducir un nuevo bloqueo, divida la est\u00e1tica en tres partes: 1. campos actualizados solo bajo el bloqueo de la cola de transmisi\u00f3n, 2. campos actualizados solo durante la encuesta NAPI, 3. campos actualizados solo desde el contexto de interrupci\u00f3n, Actualizaciones de los campos en los dos primeros grupos ya est\u00e1n serializados a trav\u00e9s de otras cerraduras. Basta con dividir la estructura existente u64_stats_sync para que cada grupo tenga el suyo propio. Tenga en cuenta que tx_set_ic_bit se actualiza desde ambos contextos. Divida este contador para que cada contexto tenga el suyo y calcule su suma para obtener el valor total en stmmac_get_ethtool_stats(). Para el tercer grupo, diferentes CPU pueden procesar m\u00faltiples interrupciones al mismo tiempo, pero las interrupciones en la misma CPU no se anidar\u00e1n. Mueva los campos de este grupo a una estructura por CPU stmmac_pcpu_stats reci\u00e9n creada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/38cc3c6dcc09dc3a1800b5ec22aef643ca11eab8",

27
CVE-2024/CVE-2024-269xx/CVE-2024-26980.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26980",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T06:15:15.423",
"lastModified": "2024-05-17T11:15:08.357",
"lastModified": "2024-11-06T16:35:13.217",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: corrige slab-out-of-bounds en smb2_allocate_rsp_buf Si ->ProtocolId es SMB2_TRANSFORM_PROTO_NUM, se podr\u00eda omitir la validaci\u00f3n del tama\u00f1o de la solicitud smb2. Si el tama\u00f1o de la solicitud es menor que sizeof (struct smb2_query_info_req), la lectura de losa fuera de los l\u00edmites puede ocurrir en smb2_allocate_rsp_buf(). Este parche asigna un b\u00fafer de respuesta despu\u00e9s de descifrar la solicitud de transformaci\u00f3n. smb3_decrypt_req() validar\u00e1 el tama\u00f1o de la solicitud de transformaci\u00f3n y evitar\u00e1 la losa fuera de los l\u00edmites en smb2_allocate_rsp_buf()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0977f89722eceba165700ea384f075143f012085",

14
CVE-2024/CVE-2024-26xx/CVE-2024-2610.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-2610",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-03-19T12:15:08.957",
"lastModified": "2024-10-30T16:35:13.863",
"lastModified": "2024-11-06T16:35:15.013",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871112",

39
CVE-2024/CVE-2024-272xx/CVE-2024-27235.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27235",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-03-11T19:15:49.057",
"lastModified": "2024-03-15T20:15:09.253",
"lastModified": "2024-11-06T16:35:13.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En plugin_extern_func de TBD, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-03-01",

27
CVE-2024/CVE-2024-274xx/CVE-2024-27412.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27412",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T12:15:12.130",
"lastModified": "2024-11-05T10:16:32.610",
"lastModified": "2024-11-06T15:35:13.753",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: alimentaci\u00f3n: suministro: bq27xxx-i2c: no liberar IRQ no existente Es posible que el cliente bq27xxx i2c no tenga una IRQ, en cuyo caso client->irq ser\u00e1 0. bq27xxx_battery_i2c_probe( ) ya tiene una verificaci\u00f3n if (cliente->irq) que envuelve request_threaded_irq(). Pero bq27xxx_battery_i2c_remove() llama incondicionalmente a free_irq(cliente->irq) lo que lleva a: [190.310742] ------------[ cortar aqu\u00ed ]------------ [ 190.310843] Intentando liberar IRQ 0 [190.310861] que ya est\u00e1 libre ADVERTENCIA: CPU: 2 PID: 1304 en kernel/irq/manage.c:1893 free_irq+0x1b8/0x310 Seguido de un seguimiento al desvincular el controlador. Agregue un if (cliente->irq) a bq27xxx_battery_i2c_remove() mirroring probe() para solucionar este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/083686474e7c97b0f8b66df37fcb64e432e8b771",

39
CVE-2024/CVE-2024-274xx/CVE-2024-27477.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27477",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-10T15:16:04.980",
"lastModified": "2024-04-10T19:49:51.183",
"lastModified": "2024-11-06T16:35:14.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En Leantime 3.0.6, existe una vulnerabilidad de Cross-Site Scripting dentro de la funcionalidad de creaci\u00f3n y modificaci\u00f3n de tickets, lo que permite a los atacantes inyectar c\u00f3digo JavaScript malicioso en el campo de t\u00edtulo de los tickets (tambi\u00e9n conocido como tareas pendientes). Esta vulnerabilidad XSS almacenada se puede aprovechar para realizar ataques de Server-Side Request Forgery (SSRF)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://drive.proton.me/urls/35CKB8RV04#sEubCKVOuXqt",

32
CVE-2024/CVE-2024-319xx/CVE-2024-31971.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31971",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-24T15:15:11.800",
"lastModified": "2024-10-28T21:15:04.253",
"lastModified": "2024-11-06T16:35:15.840",
"vulnStatus": "Modified",
"cveTags": [
{
@ -43,6 +43,26 @@
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -56,6 +76,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-322xx/CVE-2024-32254.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-32254",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-16T17:15:10.987",
"lastModified": "2024-04-17T12:48:31.863",
"lastModified": "2024-11-06T15:35:15.373",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Phpgurukul Tourism Management System v2.0 es vulnerable a la carga sin restricciones de archivos con tipos peligrosos a trav\u00e9s de tms/admin/create-package.php. Al crear un nuevo paquete, no se verifica qu\u00e9 tipos de archivos se cargan desde la imagen."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/jinhaochan/CVE-POC/blob/main/tms/POC.md",

27
CVE-2024/CVE-2024-323xx/CVE-2024-32305.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-32305",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-17T16:15:08.893",
"lastModified": "2024-07-03T01:56:04.160",
"lastModified": "2024-11-06T16:35:16.710",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El firmware Tenda A18 v15.03.05.05 tiene una vulnerabilidad de desbordamiento de pila ubicada a trav\u00e9s del par\u00e1metro PPW en la funci\u00f3n fromWizardHandle."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",

39
CVE-2024/CVE-2024-329xx/CVE-2024-32914.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-32914",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:55.393",
"lastModified": "2024-06-17T12:43:31.090",
"lastModified": "2024-11-06T15:35:16.180",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En tpu_get_int_state de tpu.c, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a datos no inicializados. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",

14
CVE-2024/CVE-2024-32xx/CVE-2024-3250.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3250",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-04-04T15:15:39.837",
"lastModified": "2024-04-04T22:15:09.350",
"lastModified": "2024-11-06T16:35:18.000",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj",

27
CVE-2024/CVE-2024-340xx/CVE-2024-34047.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34047",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-30T00:15:07.770",
"lastModified": "2024-04-30T13:11:16.690",
"lastModified": "2024-11-06T16:35:17.080",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "O-RAN RIC I-Release e2mgr carece de comprobaciones de tama\u00f1o de matriz en RicServiceUpdateHandler."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://gerrit.o-ran-sc.org/r/c/ric-plt/e2mgr/+/12629",

56
CVE-2024/CVE-2024-351xx/CVE-2024-35146.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-35146",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-11-06T15:15:19.247",
"lastModified": "2024-11-06T15:15:19.247",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174946",
"source": "psirt@us.ibm.com"
}
]
}

27
CVE-2024/CVE-2024-358xx/CVE-2024-35888.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35888",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-19T09:15:09.910",
"lastModified": "2024-11-05T10:16:49.277",
"lastModified": "2024-11-06T16:35:17.350",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: erspan: aseg\u00farese de que erspan_base_hdr est\u00e9 presente en skb->head syzbot inform\u00f3 un problema en ip6erspan_rcv() [1] El problema es que ip6erspan_rcv() (y erspan_rcv()) ya no funcionan aseg\u00farese de que erspan_base_hdr est\u00e9 presente en la parte lineal de skb (skb->head) antes de obtener el campo @ver. Agregue las llamadas pskb_may_pull() que faltan. v2: Vuelva a cargar el puntero iph en erspan_rcv() despu\u00e9s de pskb_may_pull() porque skb->head podr\u00eda haber cambiado. [1] ERROR: KMSAN: valor uninit en pskb_may_pull_reason include/linux/skbuff.h:2742 [en l\u00ednea] ERROR: KMSAN: valor uninit en pskb_may_pull include/linux/skbuff.h:2756 [en l\u00ednea] ERROR: KMSAN: uninit -valor en ip6erspan_rcv net/ipv6/ip6_gre.c:541 [en l\u00ednea] ERROR: KMSAN: valor uninit en gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610 pskb_may_pull_reason include/linux/skbuff.h:2742 [en l\u00ednea ] PSKB_MAY_PULL incluye/linux/skbuff.h: 2756 [en l\u00ednea] ip6erspan_rcv net/ipv6/ip6_gre.c: 541 [inline] gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c: 610 ip6_protocol_reLiver+0x1d4cu 6/ ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [en l\u00ednea] NF_HOOK include/linux/netfilter.h:314 [en l\u00ednea] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:460 [en l\u00ednea] ip6_rcv_finish+0x955/0x970 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [en l\u00ednea] ipv6_rcv +0xde/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5538 [en l\u00ednea] __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5652 netif_receive_skb_internal net/core/dev.c:5738 [en l\u00ednea] netif_receive_skb+0x58/0x660 net/core/dev.c:5798 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1549 tun_get_user+0x5566/0x69e0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2108 [en l\u00ednea] new_sync_write fs/read_write.c:497 [en l\u00ednea] vfs_write+0xb63/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [en l\u00ednea] __se_sys_write fs/read_write.c:652 [en l\u00ednea] __x64_sys_write+0x93/0xe0 fs/read_write.c:652 do_syscall_64+0xd5/0x1f0 entrada_SYSCALL_64 _despu\u00e9s_hwframe+0x6d/ 0x75 Uninit was created at: slab_post_alloc_hook mm/slub.c:3804 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff .c:577 __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668 alloc_skb include/linux/skbuff.h:1318 [en l\u00ednea] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795 tun_alloc_skb drivers/net/tun.c:1525 [en l\u00ednea] tun_get_user+0x209a/0x69e0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2108 [en l\u00ednea] new_sync_write fs/read_write.c:497 [en l\u00ednea] vfs_write+0xb63/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs /read_write.c:655 [en l\u00ednea] __se_sys_write fs/read_write.c:652 [en l\u00ednea] __x64_sys_write+0x93/0xe0 fs/read_write.c:652 do_syscall_64+0xd5/0x1f0 Entry_SYSCALL_64_after_hwframe+0x6d/0x75 CPU: 1 Comunicaci\u00f3n 5045: syz-executor114 No contaminado 6.9.0-rc1-syzkaller-00021-g962490525cff #0"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/06a939f72a24a7d8251f84cf4c042df86c6666ac",

27
CVE-2024/CVE-2024-360xx/CVE-2024-36007.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36007",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-20T10:15:14.637",
"lastModified": "2024-11-05T10:17:03.343",
"lastModified": "2024-11-06T15:35:17.003",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mlxsw: espectro_acl_tcam: Advertencia de correcci\u00f3n durante el rehash Como se explic\u00f3 anteriormente, el trabajo retrasado del rehash migra filtros de una regi\u00f3n a otra. Esto se hace iterando sobre todos los fragmentos (todos los filtros con la misma prioridad) en la regi\u00f3n y en cada fragmento iterando sobre todos los filtros. Cuando el trabajo se queda sin cr\u00e9ditos, almacena el fragmento y la entrada actuales como marcadores en el contexto por trabajo para saber d\u00f3nde reanudar la migraci\u00f3n la pr\u00f3xima vez que se programe el trabajo. En caso de error, el marcador de fragmento se restablece a NULL, pero sin restablecer los marcadores de entrada a pesar de ser relativos a \u00e9l. Esto puede provocar que la migraci\u00f3n se reanude desde una entrada que no pertenece al fragmento que se est\u00e1 migrando. A su vez, esto eventualmente conducir\u00e1 a que se repita un fragmento como si fuera una entrada. Debido a c\u00f3mo se definen las dos estructuras, esto no genera s\u00edmbolos KASAN, sino advertencias como [1]. Para solucionarlo, cree un asistente que restablezca todos los marcadores y ll\u00e1melo desde todos los lugares donde actualmente solo restablece el marcador de fragmentos. Por si acaso, ll\u00e1melo tambi\u00e9n al iniciar un rehash completamente nuevo. Agregue una advertencia para evitar casos futuros. [1] ADVERTENCIA: CPU: 7 PID: 1076 en drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0 M\u00f3dulos vinculados en: CPU: 7 PID: 1076 Comm: kworker/7:24 Tainted : GW 6.9.0-rc3-custom-00880-g29e61d91b77b #29 Nombre del hardware: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 06/01/2019 Cola de trabajo: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP 0010:mlxsw_af k_encode+0x242/0x2f0 [... ] Seguimiento de llamadas: mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290 mlxsw_sp_acl_tcam_vregion_rehash_work+0x6 c/0x470 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573",

27
CVE-2024/CVE-2024-369xx/CVE-2024-36928.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36928",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-30T16:15:16.033",
"lastModified": "2024-05-30T18:18:58.870",
"lastModified": "2024-11-06T16:35:17.740",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/qeth: soluciona el p\u00e1nico del kernel despu\u00e9s de configurar hsuid S\u00edntoma: cuando el atributo hsuid se establece por primera vez en un dispositivo IQD Layer3 mientras la interfaz de red correspondiente ya est\u00e1 activa, el kernel Intentar\u00e1 ejecutar un puntero de funci\u00f3n napi que sea NULL. Ejemplo: ------------------------------------------------ --------------------- [ 2057.572696] operaci\u00f3n ilegal: 0001 ilc:1 [#1] SMP [ 2057.572702] M\u00f3dulos vinculados en: af_iucv qeth_l3 zfcp scsi_transport_fc sunrpc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nf_tables_set nft_chain_nat nf_nat pista nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink ghash_s390 prng xts aes_s390 des_s390 de s_generic sha3_512_s390 sha3_256_s390 sha512_s390 vfio_ccw vfio_mdev mdev _iommu_type1 eadm_sch vfio ext4 mbcache jbd2 qeth_l2 puente stp llc dasd_eckd_mod qeth dasd_mod qdio ccwgroup pkey zcrypt [2057.572739] CPU: 6 PID: 60182 Comm: stress_client Kdump: cargado No contaminado 4.18.0-541.el8.s390x #1 [2057.572742] Nombre de hardware: IBM 3931 A01 704 (LPAR) [2057.572744] PSW : 0704f00180000000 0000000000000002 (0x2) [ 2057.572748] R:0 T:1 IO:1 EX:1 Clave:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3 [ 2057.572751] Krnl GPRS: 0000000000000004 0000000000000000 00000000a3b008d8 0000000000000000 [2057.572754] 00000000a3b008d8 cb923a29c779abc5 000000000000000 00000000814cfd80 [ 2057.572756] 000000000000012c 0000000000000000 00000000a3b008d8 00000000a3b008d8 [ 2057.5727 58] 00000000bab6d500 00000000814cfd80 0000000091317e46 00000000814cfc68 [2057.572762] C\u00f3digo Krnl:#0000000000000000: 0000 ilegal >00000000000 00002: 0000 ilegal 0000000000000004: 0000 ilegal 0000000000000006: 0000 ilegal 0000000000000008: 0000 ilegal 000000000000000a: 0000 ilegal 000000000000000c: 0000 ilegal 000000000000000e: 0000 ilegal [ 2057.572800] Rastreo de llamadas: [ 57.572801] ([<00000000ec639700>] 0xec639700) [ 2057.572803] [<00000000913183e2>] net_rx_action+0x2ba/0x398 [ 2057.572809 ] [<0000000091515f76>] __do_softirq+0x11e/0x3a0 [ 2057.572813] [<0000000090ce160c>] do_softirq_own_stack+0x3c/0x58 [ 2057.572817 ([<0000000090d] 2cbd6>] do_softirq.part.1+0x56/0x60) [ 2057.572822] [<0000000090d2cc60> ] __local_bh_enable_ip+0x80/0x98 [ 2057.572825] [<0000000091314706>] __dev_queue_xmit+0x2be/0xd70 [ 2057.572827] [<000003ff803dd6d6>] 24e/0x300 [af_iucv] [ 2057.572830] [<000003ff803dd88a>] iucv_send_ctrl+0x102/0x138 [af_iucv ] [ 2057.572833] [<000003ff803de72a>] iucv_sock_connect+0x37a/0x468 [af_iucv] [ 2057.572835] [<00000000912e7e90>] __sys_connect+0xa0/0xd8 [ 2057.57283 9] [<00000000912e9580>] sys_socketcall+0x228/0x348 [ 2057.572841] [<0000000091514e1a> ] system_call+0x2a6/0x2c8 [ 2057.572843] \u00daltima direcci\u00f3n del evento de \u00faltima hora: [ 2057.572844] [<0000000091317e44>] __napi_poll+0x4c/0x1d8 [ 2057.572846] [ 2057.572847] p\u00e1nico - no se sincroniza: excepci\u00f3n fatal en la interrupci\u00f3n ----- -------------------------------------------------- ------------------------------------ An\u00e1lisis: Hay una estructura napi por out_q: tarjeta->qdio .out_qs[i].napi Las funciones napi.poll se configuran durante qeth_open(). Desde la confirmaci\u00f3n 1cfef80d4c2b (\"s390/qeth: No llamar a dev_close/dev_open (DOWN/UP)\") qeth_set_offline()/qeth_set_online() ya no llama a dev_close()/dev_open(). Entonces, si qeth_free_qdio_queues() borr\u00f3 card->qdio.out_qs[i].napi.poll mientras la interfaz de red estaba activa y la tarjeta estaba fuera de l\u00ednea, no se vuelven a configurar. Reproducci\u00f3n: chzdev -e $devno Layer2=0 ip link set dev $network_interface up echo 0 > /sys/bus/ccw ---truncado---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/10cb803aff3b11fe0bd5f274fc1c231a43e88df6",

14
CVE-2024/CVE-2024-37xx/CVE-2024-3786.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3786",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-04-15T14:15:08.920",
"lastModified": "2024-04-15T19:12:25.887",
"lastModified": "2024-11-06T15:35:17.487",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions",

14
CVE-2024/CVE-2024-425xx/CVE-2024-42509.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-42509",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-11-05T23:15:03.423",
"lastModified": "2024-11-05T23:15:03.423",
"lastModified": "2024-11-06T16:35:18.743",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US",

39
CVE-2024/CVE-2024-427xx/CVE-2024-42773.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-42773",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T18:15:10.367",
"lastModified": "2024-08-23T16:18:28.547",
"lastModified": "2024-11-06T15:35:18.200",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se encontr\u00f3 una vulnerabilidad de control de acceso incorrecto en /admin/edit_room_controller.php en Kashipara Hotel Management System v1.0, que permite a un atacante no autenticado editar las entradas v\u00e1lidas de las habitaciones del hotel en la secci\u00f3n del administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Edit%20Room%20Entry.pdf",

74
CVE-2024/CVE-2024-451xx/CVE-2024-45164.json
View File

@ -2,24 +2,88 @@
"id": "CVE-2024-45164",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T14:15:14.677",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:51:17.410",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the /#app/intelligence/threatAvertPolicies URI and disable policy enforcement."
},
{
"lang": "es",
"value": "Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, en SPS (Security and Personality Services) antes del \u00faltimo parche 19.2.0 y en Apps Portal antes de 19.2.0.3 o 19.2.0.20240814, tiene controles de autorizaci\u00f3n incorrectos para la funcionalidad de administrador en la p\u00e1gina de pol\u00edticas de ThreatAvert. Un usuario autenticado puede navegar directamente a la URL /#app/intelligence/threatAvertPolicies y deshabilitar la aplicaci\u00f3n de pol\u00edticas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:akamai:secure_internet_access_enterprise_threatavert:19.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCD0583-5730-41B0-8F91-7E929A749F12"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://notes.netbytesec.com/2024/11/cve-2024-45164-broken-access-control.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://www.akamai.com/global-services/support/vulnerability-reporting",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

52
CVE-2024/CVE-2024-471xx/CVE-2024-47137.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-47137",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-11-05T08:15:02.830",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:26:35.547",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write."
},
{
"lang": "es",
"value": " en OpenHarmony v4.1.0 y versiones anteriores, se permite que un atacante local haga que el permiso com\u00fan se actualice a root y se filtre informaci\u00f3n confidencial mediante escritura fuera de los l\u00edmites."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -47,10 +71,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.0",
"versionEndIncluding": "4.1",
"matchCriteriaId": "6304CD6F-CBB6-4B5A-A555-3161F8CDDD35"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-474xx/CVE-2024-47402.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-47402",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-11-05T08:15:03.250",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:26:23.290",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read."
},
{
"lang": "es",
"value": "en OpenHarmony v4.0.0 y versiones anteriores se permite que un atacante local provoque DOS a trav\u00e9s de lectura fuera de los l\u00edmites."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -47,10 +71,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.0",
"versionEndIncluding": "4.1",
"matchCriteriaId": "6304CD6F-CBB6-4B5A-A555-3161F8CDDD35"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-474xx/CVE-2024-47404.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-47404",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-11-05T08:15:03.500",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:25:24.887",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free."
},
{
"lang": "es",
"value": " en OpenHarmony v4.1.0 y versiones anteriores se permite que un atacante local haga que el permiso com\u00fan se actualice a root y se filtre informaci\u00f3n confidencial a trav\u00e9s de una doble liberaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -47,10 +71,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.0",
"versionEndIncluding": "4.1",
"matchCriteriaId": "6304CD6F-CBB6-4B5A-A555-3161F8CDDD35"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2024/CVE-2024-474xx/CVE-2024-47460.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47460",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-11-05T23:15:03.610",
"lastModified": "2024-11-05T23:15:03.610",
"lastModified": "2024-11-06T16:35:19.473",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US",

14
CVE-2024/CVE-2024-474xx/CVE-2024-47461.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47461",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-11-05T23:15:03.787",
"lastModified": "2024-11-05T23:15:03.787",
"lastModified": "2024-11-06T16:35:20.197",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US",

14
CVE-2024/CVE-2024-474xx/CVE-2024-47464.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47464",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-11-05T23:15:04.300",
"lastModified": "2024-11-05T23:15:04.300",
"lastModified": "2024-11-06T16:35:21.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US",

52
CVE-2024/CVE-2024-477xx/CVE-2024-47797.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-47797",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-11-05T08:15:03.730",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:24:53.210",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write."
},
{
"lang": "es",
"value": " en OpenHarmony v4.1.0 y versiones anteriores, se permite que un atacante local haga que el permiso com\u00fan se actualice a root y se filtre informaci\u00f3n confidencial mediante escritura fuera de los l\u00edmites."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -47,10 +71,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.0",
"versionEndIncluding": "4.1",
"matchCriteriaId": "6304CD6F-CBB6-4B5A-A555-3161F8CDDD35"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-481xx/CVE-2024-48176.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48176",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-05T23:15:04.470",
"lastModified": "2024-11-05T23:15:04.470",
"lastModified": "2024-11-06T16:35:21.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Lylme Spage v1.9.5 es vulnerable a un control de acceso incorrecto. No hay l\u00edmite en la cantidad de intentos de inicio de sesi\u00f3n y el c\u00f3digo de verificaci\u00f3n no se actualizar\u00e1 despu\u00e9s de un inicio de sesi\u00f3n fallido, lo que permite a los atacantes obtener el nombre de usuario y la contrase\u00f1a e iniciar sesi\u00f3n en el backend del sistema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Gryffinbit/c0b37c6caae4844d4f59368e454d3e46",

63
CVE-2024/CVE-2024-489xx/CVE-2024-48931.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48931",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-24T21:15:14.580",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:46:23.067",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimaspace:zimaos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.5",
"matchCriteriaId": "90AF6DD7-39AC-4647-9446-C4720FA2A721"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-hjw2-9gq5-qgwj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://youtu.be/FyIfcmCyDXs",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}

65
CVE-2024/CVE-2024-489xx/CVE-2024-48932.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48932",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-24T21:15:14.790",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:25:41.470",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimaspace:zimaos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.5",
"matchCriteriaId": "90AF6DD7-39AC-4647-9446-C4720FA2A721"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-9mrr-px2c-w42c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://youtu.be/wJFq8cuyFm4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}

65
CVE-2024/CVE-2024-493xx/CVE-2024-49357.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49357",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-24T22:15:03.880",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:28:38.160",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimaspace:zimaos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.5",
"matchCriteriaId": "90AF6DD7-39AC-4647-9446-C4720FA2A721"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-hg2h-q5h6-r5c4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://youtu.be/H_WoqzM-9Cc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}

63
CVE-2024/CVE-2024-493xx/CVE-2024-49358.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49358",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-24T22:15:04.083",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:27:26.637",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimaspace:zimaos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.5",
"matchCriteriaId": "90AF6DD7-39AC-4647-9446-C4720FA2A721"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-3f6g-8r88-3mx5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://youtu.be/BClx2u8DMfM",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}

65
CVE-2024/CVE-2024-493xx/CVE-2024-49359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49359",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-24T22:15:04.287",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:27:02.347",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimaspace:zimaos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.5",
"matchCriteriaId": "90AF6DD7-39AC-4647-9446-C4720FA2A721"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-mwpw-fhrm-728x",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://youtu.be/IuaEH09ot9s",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2024/CVE-2024-497xx/CVE-2024-49760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49760",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-24T22:15:04.703",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:01:01.013",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openrefine:openrefine:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8.3",
"matchCriteriaId": "0B0F993E-8EB2-4CD2-8985-3DCD90F7EBBF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OpenRefine/OpenRefine/commit/24d084052dc55426fe460f2a17524fd18d28b20c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qfwq-6jh6-8xx4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-505xx/CVE-2024-50523.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50523",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-04T14:15:14.770",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:46:32.907",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through 1.7.3."
},
{
"lang": "es",
"value": " Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en RainbowLink Inc. All Post Contact Form permite cargar un shell web a un servidor web. Este problema afecta a All Post Contact Form: desde n/a hasta 1.7.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -47,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rainbow-link:all_post_contact_form:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.3",
"matchCriteriaId": "5F04A40C-163A-4C2C-BDFF-15642515EC94"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/allpost-contactform/wordpress-all-post-contact-form-plugin-1-6-7-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-505xx/CVE-2024-50525.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50525",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-04T14:15:14.983",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:42:52.993",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a Web Server.This issue affects Plug your WooCommerce into the largest catalog of customized print products from Helloprint: from n/a through 2.0.2."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga sin restricciones de archivo con tipo peligroso en Helloprint Plug your WooCommerce al cat\u00e1logo m\u00e1s grande de productos de impresi\u00f3n personalizados de Helloprint permite cargar un Web Shell a un servidor web. Este problema afecta a Plug your WooCommerce al cat\u00e1logo m\u00e1s grande de productos de impresi\u00f3n personalizados de Helloprint: desde n/a hasta 2.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -47,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:helloprint:helloprint:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.2",
"matchCriteriaId": "22AC50B9-EF2F-4D67-971B-9EA549A7F4C7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/helloprint/wordpress-helloprint-plugin-2-0-2-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-505xx/CVE-2024-50531.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-50531",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-04T14:15:16.117",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T16:34:13.990",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4."
},
{
"lang": "es",
"value": " Vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en David F. Carr RSVPMaker para Toastmasters permite cargar un shell web a un servidor web. Este problema afecta a RSVPMaker para Toastmasters: desde n/a hasta 6.2.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -47,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.2.5",
"matchCriteriaId": "BA522E56-B833-40FC-AF20-4E9798E2B93E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rsvpmaker-for-toastmasters/wordpress-rsvpmaker-for-toastmasters-plugin-6-2-4-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-513xx/CVE-2024-51326.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51326",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T18:15:05.207",
"lastModified": "2024-11-05T18:35:15.287",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-06T15:02:12.403",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:travel_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0671D1CF-7E82-4F03-A3F3-AF34E6F72DAF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51326%20-%20Union%20SQLi",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

62
CVE-2024/CVE-2024-513xx/CVE-2024-51327.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51327",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T18:15:05.310",
"lastModified": "2024-11-05T18:35:16.387",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-06T15:02:55.710",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:travel_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0671D1CF-7E82-4F03-A3F3-AF34E6F72DAF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51327%20-%20SQLi%20Auth%20Bypass",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

71
CVE-2024/CVE-2024-515xx/CVE-2024-51561.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-51561",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-11-04T13:17:05.963",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:59:22.287",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. \n\nSuccessful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts."
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Aero debido a la implementaci\u00f3n incorrecta del mecanismo de validaci\u00f3n OTP en ciertos endpoints de API. Un atacante remoto autenticado podr\u00eda aprovechar esta vulnerabilidad interceptando y manipulando las respuestas intercambiadas durante el proceso de autenticaci\u00f3n de segundo factor. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante omitir la verificaci\u00f3n OTP para acceder a otras cuentas de usuario."
}
],
"metrics": {
@ -55,12 +59,44 @@
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "vdisclose@cert-in.org.in",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "vdisclose@cert-in.org.in",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -69,10 +105,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120820241550",
"matchCriteriaId": "F04B8B0A-9AD2-4CB8-B164-4D024B9E8547"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1.7",
"matchCriteriaId": "6CB8ACF7-4C40-492A-AA7E-41FDA5A3B913"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332",
"source": "vdisclose@cert-in.org.in"
"source": "vdisclose@cert-in.org.in",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-515xx/CVE-2024-51582.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-51582",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-04T14:15:16.797",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:47:13.077",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through 2.1.4."
},
{
"lang": "es",
"value": " Vulnerabilidad de Path Traversal:'.../...//' en ThimPress WP Hotel Booking permite la inclusi\u00f3n de archivos locales PHP. Este problema afecta a WP Hotel Booking: desde n/a hasta 2.1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -37,8 +61,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thimpress:wp_hotel_booking:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.4",
"matchCriteriaId": "0BB4DC32-F74A-4A4F-8D81-BE9E74FB56F0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-hotel-booking/wordpress-wp-hotel-booking-plugin-2-1-4-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-55xx/CVE-2024-5578.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-5578",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-11-05T06:15:05.760",
"lastModified": "2024-11-05T17:35:32.760",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:44:19.040",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
},
{
"lang": "es",
"value": " El complemento Table of Contents Plus para WordPress hasta la versi\u00f3n 2408 no desinfecta ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir que usuarios con privilegios elevados, como editores, realicen ataques de Cross Site Scripting incluso cuando unfiltered_html no est\u00e1 permitido."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -35,10 +59,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dublue:table_of_contents_plus:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2408",
"matchCriteriaId": "84C27B98-4BAC-4BEF-A012-173DE7466A86"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/641e4fc3-4214-4c2e-8245-15e9dcdd37b4/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-57xx/CVE-2024-5764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5764",
"sourceIdentifier": "103e4ec9-0a87-450b-af77-479448ddef11",
"published": "2024-10-23T15:15:32.340",
"lastModified": "2024-10-25T12:56:36.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T16:41:00.277",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "103e4ec9-0a87-450b-af77-479448ddef11",
"type": "Secondary",
@ -73,10 +105,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.73.0",
"matchCriteriaId": "76F5FE4A-2136-462C-9236-71524B84563E"
}
]
}
]
}
],
"references": [
{
"url": "https://support.sonatype.com/hc/en-us/articles/34496708991507",
"source": "103e4ec9-0a87-450b-af77-479448ddef11"
"source": "103e4ec9-0a87-450b-af77-479448ddef11",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-66xx/CVE-2024-6615.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6615",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-07-09T15:15:13.307",
"lastModified": "2024-07-16T18:15:09.893",
"lastModified": "2024-11-06T15:35:19.120",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Errores de seguridad de la memoria presentes en Firefox 127. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haberse aprovechado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox < 128."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1892875%2C1894428%2C1898364",

72
CVE-2024/CVE-2024-68xx/CVE-2024-6861.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-6861",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-11-06T15:15:20.187",
"lastModified": "2024-11-06T15:15:20.187",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2022:8506",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-6861",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317450",
"source": "secalert@redhat.com"
},
{
"url": "https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2",
"source": "secalert@redhat.com"
},
{
"url": "https://projects.theforeman.org/issues/34328",
"source": "secalert@redhat.com"
}
]
}

70
CVE-2024/CVE-2024-74xx/CVE-2024-7456.json
View File

@ -2,16 +2,42 @@
"id": "CVE-2024-7456",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-01T12:15:03.557",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:45:58.993",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, allowing for SQL injection. The `orderByClause` variable is constructed without server-side validation or sanitization, enabling an attacker to execute arbitrary SQL commands. Successful exploitation can lead to complete data loss, modification, or corruption."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en la ruta `/api/v1/external-users` de la versi\u00f3n v1.4.2 de lunary-ai/lunary. La cl\u00e1usula `order by` de la consulta SQL utiliza `sql.unsafe` sin una desinfecci\u00f3n previa, lo que permite la inyecci\u00f3n SQL. La variable `orderByClause` se construye sin validaci\u00f3n ni desinfecci\u00f3n del lado del servidor, lo que permite que un atacante ejecute comandos SQL arbitrarios. Una explotaci\u00f3n exitosa puede provocar la p\u00e9rdida, modificaci\u00f3n o corrupci\u00f3n total de los datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -37,7 +63,7 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -45,16 +71,50 @@
"value": "CWE-89"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lunary:lunary:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A64BDBD-DC45-4169-A233-B1146A3EED5A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/6a0bc201181e0f4a0cc375ccf4ef0d7ae65c8a8e",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Product"
]
},
{
"url": "https://huntr.com/bounties/bfb3015e-5642-4d94-ab49-e8b49c4e07e4",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-78xx/CVE-2024-7876.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-7876",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-11-05T06:15:05.927",
"lastModified": "2024-11-05T16:35:59.460",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:42:37.723",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
},
{
"lang": "es",
"value": " El complemento de WordPress Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin anterior a la versi\u00f3n 1.6.7.55 no desinfecta ni escapa de algunas de sus configuraciones de tipo de cita, lo que podr\u00eda permitir que usuarios con privilegios elevados, como el administrador, realicen ataques de Cross Site Scripting incluso cuando unfiltered_html no est\u00e1 permitido"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -35,10 +59,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.7.55",
"matchCriteriaId": "F6019A59-B763-431F-BBB7-3990AE76719B"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/fffe862f-5bf0-4a05-9d32-caff0bfdb860/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-78xx/CVE-2024-7877.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-7877",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-11-05T06:15:05.990",
"lastModified": "2024-11-05T16:35:59.660",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T15:42:19.343",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
},
{
"lang": "es",
"value": " El complemento de WordPress Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin anterior a la versi\u00f3n 1.6.7.55 no desinfecta ni omite algunas de sus configuraciones de notificaci\u00f3n, lo que podr\u00eda permitir que usuarios con privilegios elevados, como el administrador, realicen ataques de Cross Site Scripting incluso cuando unfiltered_html no est\u00e1 permitido"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -35,10 +59,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.7.55",
"matchCriteriaId": "F6019A59-B763-431F-BBB7-3990AE76719B"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/fbec3738-2135-458d-be25-1ffb00e6deb6/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More