diff --git a/CVE-2021/CVE-2021-279xx/CVE-2021-27915.json b/CVE-2021/CVE-2021-279xx/CVE-2021-27915.json index 56567f2bf8c..b15c0e5536f 100644 --- a/CVE-2021/CVE-2021-279xx/CVE-2021-27915.json +++ b/CVE-2021/CVE-2021-279xx/CVE-2021-27915.json @@ -2,13 +2,17 @@ "id": "CVE-2021-27915", "sourceIdentifier": "security@mautic.org", "published": "2024-09-17T14:15:14.100", - "lastModified": "2024-09-17T14:15:14.100", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\n\nThis could lead to the user having elevated access to the system." + }, + { + "lang": "es", + "value": "Antes de la versi\u00f3n parcheada, existe una vulnerabilidad XSS en los campos de descripci\u00f3n dentro de la aplicaci\u00f3n Mautic que podr\u00eda ser explotada por un usuario registrado de Mautic con los permisos adecuados. Esto podr\u00eda provocar que el usuario tenga acceso elevado al sistema." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-279xx/CVE-2021-27916.json b/CVE-2021/CVE-2021-279xx/CVE-2021-27916.json index b8321043f44..04ed2ae2216 100644 --- a/CVE-2021/CVE-2021-279xx/CVE-2021-27916.json +++ b/CVE-2021/CVE-2021-279xx/CVE-2021-27916.json @@ -2,13 +2,17 @@ "id": "CVE-2021-27916", "sourceIdentifier": "security@mautic.org", "published": "2024-09-17T15:15:11.967", - "lastModified": "2024-09-17T15:15:11.967", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.\n\nThis vulnerability exists in the implementation of the GrapesJS builder in Mautic." + }, + { + "lang": "es", + "value": "Antes de la versi\u00f3n parcheada, los usuarios registrados de Mautic eran vulnerables a la eliminaci\u00f3n arbitraria de archivos y al recorrido de ruta relativa. Independientemente del nivel de acceso que tuviera el usuario de Mautic, pod\u00eda eliminar archivos que no estuvieran en las carpetas multimedia, como archivos del sistema, librer\u00edas u otros archivos importantes. Esta vulnerabilidad existe en la implementaci\u00f3n del generador GrapesJS en Mautic." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-279xx/CVE-2021-27917.json b/CVE-2021/CVE-2021-279xx/CVE-2021-27917.json index 9687483cad4..f26105add9f 100644 --- a/CVE-2021/CVE-2021-279xx/CVE-2021-27917.json +++ b/CVE-2021/CVE-2021-279xx/CVE-2021-27917.json @@ -2,13 +2,17 @@ "id": "CVE-2021-27917", "sourceIdentifier": "security@mautic.org", "published": "2024-09-18T22:15:03.577", - "lastModified": "2024-09-18T22:15:03.577", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report." + }, + { + "lang": "es", + "value": "Antes de este parche, exist\u00eda una vulnerabilidad XSS almacenado en el seguimiento de contactos y en el informe de visitas a la p\u00e1gina." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-257xx/CVE-2022-25768.json b/CVE-2022/CVE-2022-257xx/CVE-2022-25768.json index b3760b1b22e..7b71700e80a 100644 --- a/CVE-2022/CVE-2022-257xx/CVE-2022-25768.json +++ b/CVE-2022/CVE-2022-257xx/CVE-2022-25768.json @@ -2,13 +2,17 @@ "id": "CVE-2022-25768", "sourceIdentifier": "security@mautic.org", "published": "2024-09-18T21:15:12.860", - "lastModified": "2024-09-18T21:15:12.860", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required." + }, + { + "lang": "es", + "value": "La l\u00f3gica implementada para facilitar el proceso de actualizaci\u00f3n a trav\u00e9s de la interfaz de usuario carece de control de acceso para verificar si existe permiso para realizar las tareas. Antes de que se aplicara este parche, era posible que un atacante accediera al n\u00famero de versi\u00f3n de Mautic o ejecutara partes del proceso de actualizaci\u00f3n sin permiso. Como la actualizaci\u00f3n en la interfaz de usuario est\u00e1 obsoleta, esta funcionalidad ya no es necesaria." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-257xx/CVE-2022-25769.json b/CVE-2022/CVE-2022-257xx/CVE-2022-25769.json index 213eaee9c20..89ef1e6c3fd 100644 --- a/CVE-2022/CVE-2022-257xx/CVE-2022-25769.json +++ b/CVE-2022/CVE-2022-257xx/CVE-2022-25769.json @@ -2,13 +2,17 @@ "id": "CVE-2022-25769", "sourceIdentifier": "security@mautic.org", "published": "2024-09-18T15:15:13.060", - "lastModified": "2024-09-18T15:15:13.060", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.\n\nThis logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path." + }, + { + "lang": "es", + "value": "ImpactoEl archivo .htaccess predeterminado tiene algunas restricciones en el acceso a los archivos PHP para permitir que solo se ejecuten archivos PHP espec\u00edficos en la ra\u00edz de la aplicaci\u00f3n. Esta l\u00f3gica no es correcta, ya que la expresi\u00f3n regular en el segundo FilesMatch solo verifica el nombre del archivo, no la ruta completa." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-257xx/CVE-2022-25770.json b/CVE-2022/CVE-2022-257xx/CVE-2022-25770.json index ca5c9c193fe..11f342d50e0 100644 --- a/CVE-2022/CVE-2022-257xx/CVE-2022-25770.json +++ b/CVE-2022/CVE-2022-257xx/CVE-2022-25770.json @@ -2,13 +2,17 @@ "id": "CVE-2022-25770", "sourceIdentifier": "security@mautic.org", "published": "2024-09-18T22:15:03.827", - "lastModified": "2024-09-18T22:15:03.827", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable." + }, + { + "lang": "es", + "value": "Mautic permite actualizar la aplicaci\u00f3n mediante un script de actualizaci\u00f3n. La l\u00f3gica de actualizaci\u00f3n no est\u00e1 protegida correctamente, lo que puede generar una situaci\u00f3n vulnerable. Esta vulnerabilidad se ve mitigada por el hecho de que Mautic debe instalarse de una determinada manera para que sea vulnerable." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-257xx/CVE-2022-25774.json b/CVE-2022/CVE-2022-257xx/CVE-2022-25774.json index f299a16ee84..030784510ca 100644 --- a/CVE-2022/CVE-2022-257xx/CVE-2022-25774.json +++ b/CVE-2022/CVE-2022-257xx/CVE-2022-25774.json @@ -2,13 +2,17 @@ "id": "CVE-2022-25774", "sourceIdentifier": "security@mautic.org", "published": "2024-09-18T15:15:13.253", - "lastModified": "2024-09-18T15:15:13.253", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.\n\nUsers could inject malicious code into the notification when saving Dashboards." + }, + { + "lang": "es", + "value": "Antes de la versi\u00f3n parcheada, los usuarios que hab\u00edan iniciado sesi\u00f3n en Mautic eran vulnerables a una vulnerabilidad XSS propia en las notificaciones dentro de Mautic. Los usuarios pod\u00edan inyectar c\u00f3digo malicioso en la notificaci\u00f3n al guardar los Dashboards." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-257xx/CVE-2022-25775.json b/CVE-2022/CVE-2022-257xx/CVE-2022-25775.json index d9edf401baa..13cc699a3f6 100644 --- a/CVE-2022/CVE-2022-257xx/CVE-2022-25775.json +++ b/CVE-2022/CVE-2022-257xx/CVE-2022-25775.json @@ -2,13 +2,17 @@ "id": "CVE-2022-25775", "sourceIdentifier": "security@mautic.org", "published": "2024-09-18T15:15:13.440", - "lastModified": "2024-09-18T15:15:13.440", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\n\nThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems." + }, + { + "lang": "es", + "value": "Antes de la versi\u00f3n parcheada, los usuarios registrados de Mautic eran vulnerables a una vulnerabilidad de inyecci\u00f3n SQL en el paquete de informes. El usuario pod\u00eda recuperar y alterar datos como datos confidenciales, datos de inicio de sesi\u00f3n y, seg\u00fan el permiso de la base de datos, el atacante pod\u00eda manipular los sistemas de archivos." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-257xx/CVE-2022-25776.json b/CVE-2022/CVE-2022-257xx/CVE-2022-25776.json index a3acc396c38..0e7ed6b6f6a 100644 --- a/CVE-2022/CVE-2022-257xx/CVE-2022-25776.json +++ b/CVE-2022/CVE-2022-257xx/CVE-2022-25776.json @@ -2,13 +2,17 @@ "id": "CVE-2022-25776", "sourceIdentifier": "security@mautic.org", "published": "2024-09-18T15:15:13.620", - "lastModified": "2024-09-18T15:15:13.620", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.\n\nUsers could potentially access sensitive data such as names and surnames, company names and stage names." + }, + { + "lang": "es", + "value": "Antes de la versi\u00f3n parcheada, los usuarios registrados de Mautic pod\u00edan acceder a \u00e1reas de la aplicaci\u00f3n a las que no deber\u00edan tener acceso. Los usuarios podr\u00edan acceder a datos confidenciales como nombres y apellidos, nombres de empresas y nombres art\u00edsticos." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-257xx/CVE-2022-25777.json b/CVE-2022/CVE-2022-257xx/CVE-2022-25777.json index 93a50ee0a26..bc8ff4471cf 100644 --- a/CVE-2022/CVE-2022-257xx/CVE-2022-25777.json +++ b/CVE-2022/CVE-2022-257xx/CVE-2022-25777.json @@ -2,13 +2,17 @@ "id": "CVE-2022-25777", "sourceIdentifier": "security@mautic.org", "published": "2024-09-18T16:15:04.980", - "lastModified": "2024-09-18T16:15:04.980", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability." + }, + { + "lang": "es", + "value": "Antes de la versi\u00f3n parcheada, un usuario autenticado de Mautic pod\u00eda leer archivos del sistema y acceder a las direcciones internas de la aplicaci\u00f3n debido a una vulnerabilidad de Server-Side Request Forgery (SSRF)." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-390xx/CVE-2022-39068.json b/CVE-2022/CVE-2022-390xx/CVE-2022-39068.json index f90e0e0ed46..29db35f9943 100644 --- a/CVE-2022/CVE-2022-390xx/CVE-2022-39068.json +++ b/CVE-2022/CVE-2022-390xx/CVE-2022-39068.json @@ -2,13 +2,17 @@ "id": "CVE-2022-39068", "sourceIdentifier": "psirt@zte.com.cn", "published": "2024-09-18T02:15:09.690", - "lastModified": "2024-09-18T02:15:09.690", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en ZTE MF296R. Debido a una validaci\u00f3n insuficiente de la longitud del par\u00e1metro SMS, un atacante autenticado podr\u00eda utilizar la vulnerabilidad para realizar un ataque de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-45xx/CVE-2022-4533.json b/CVE-2022/CVE-2022-45xx/CVE-2022-4533.json index 60bdce8ee6a..d019af46475 100644 --- a/CVE-2022/CVE-2022-45xx/CVE-2022-4533.json +++ b/CVE-2022/CVE-2022-45xx/CVE-2022-4533.json @@ -2,13 +2,17 @@ "id": "CVE-2022-4533", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-19T04:15:05.860", - "lastModified": "2024-09-19T04:15:05.860", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in." + }, + { + "lang": "es", + "value": "El complemento Limit Login Attempts Plus para WordPress es vulnerable a la suplantaci\u00f3n de direcciones IP en versiones hasta la 1.1.0 incluida. Esto se debe a restricciones insuficientes sobre d\u00f3nde se recupera la informaci\u00f3n de la direcci\u00f3n IP para el registro de solicitudes y las restricciones de inicio de sesi\u00f3n. Los atacantes pueden proporcionar el encabezado X-Forwarded-For con una direcci\u00f3n IP diferente que se registrar\u00e1 y se puede usar para eludir configuraciones que pueden haber bloqueado el inicio de sesi\u00f3n de una direcci\u00f3n IP o un pa\u00eds." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22378.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22378.json index 69d53f1a22a..dd8d0b6e507 100644 --- a/CVE-2023/CVE-2023-223xx/CVE-2023-22378.json +++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22378.json @@ -2,13 +2,13 @@ "id": "CVE-2023-22378", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T09:15:13.507", - "lastModified": "2024-05-28T13:15:08.783", + "lastModified": "2024-09-20T12:15:02.750", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\n\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way." + "value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application.\n\nAuthenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability." }, { "lang": "es", @@ -22,15 +22,15 @@ "type": "Secondary", "cvssData": { "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnerableSystemConfidentiality": "HIGH", - "vulnerableSystemIntegrity": "NONE", - "vulnerableSystemAvailability": "LOW", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "subsequentSystemAvailability": "NONE", @@ -55,7 +55,7 @@ "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", - "baseScore": 7.1, + "baseScore": 8.7, "baseSeverity": "HIGH" } } @@ -86,20 +86,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "availabilityImpact": "LOW", - "baseScore": 7.1, + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, - "impactScore": 4.2 + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22843.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22843.json index 6726ccf8a79..72cac9413cf 100644 --- a/CVE-2023/CVE-2023-228xx/CVE-2023-22843.json +++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22843.json @@ -2,13 +2,13 @@ "id": "CVE-2023-22843", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T09:15:13.667", - "lastModified": "2024-05-28T13:15:08.937", + "lastModified": "2024-09-20T12:15:03.493", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule.\nAn attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules.\nThe injected code will be executed in the context of the authenticated victim's session." + "value": "An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule.\nVia stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. JavaScript injection was possible in the contents for Yara rules, while limited HTML injection has been proven for packet and STYX rules." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23574.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23574.json index 37c9e1958a1..8c4faf386ef 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23574.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23574.json @@ -2,13 +2,13 @@ "id": "CVE-2023-23574", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T09:15:13.767", - "lastModified": "2024-05-28T13:15:09.070", + "lastModified": "2024-09-20T12:15:03.747", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\n\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way." + "value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application.\n\nAuthenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability." }, { "lang": "es", @@ -22,15 +22,15 @@ "type": "Secondary", "cvssData": { "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnerableSystemConfidentiality": "HIGH", - "vulnerableSystemIntegrity": "NONE", - "vulnerableSystemAvailability": "LOW", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "subsequentSystemAvailability": "NONE", @@ -55,7 +55,7 @@ "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", - "baseScore": 7.1, + "baseScore": 8.7, "baseSeverity": "HIGH" } } @@ -86,20 +86,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "availabilityImpact": "LOW", - "baseScore": 7.1, + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, - "impactScore": 4.2 + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23903.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23903.json index d1a307757e7..99c1a449999 100644 --- a/CVE-2023/CVE-2023-239xx/CVE-2023-23903.json +++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23903.json @@ -2,7 +2,7 @@ "id": "CVE-2023-23903", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T10:15:09.687", - "lastModified": "2024-05-28T13:15:09.210", + "lastModified": "2024-09-20T12:15:04.187", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -120,7 +120,7 @@ "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-1286" } ] } diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24015.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24015.json index d34b3d195e1..d02cca8b69f 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24015.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24015.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24015", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T10:15:09.890", - "lastModified": "2024-05-28T13:15:09.340", + "lastModified": "2024-09-20T12:15:04.520", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -120,7 +120,7 @@ "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-1286" } ] } diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24477.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24477.json index 98fa97f4657..f05941d93a9 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24477.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24477.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24477", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T08:15:09.280", - "lastModified": "2024-05-28T13:15:09.593", + "lastModified": "2024-09-20T13:15:04.357", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -18,15 +18,15 @@ "type": "Secondary", "cvssData": { "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "attackVector": "NETWORK", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", - "privilegesRequired": "NONE", - "userInteraction": "ACTIVE", - "vulnerableSystemConfidentiality": "LOW", - "vulnerableSystemIntegrity": "LOW", - "vulnerableSystemAvailability": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "subsequentSystemAvailability": "NONE", @@ -51,8 +51,8 @@ "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", - "baseScore": 2.1, - "baseSeverity": "LOW" + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } } ], @@ -82,20 +82,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "attackVector": "NETWORK", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", "attackComplexity": "HIGH", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "LOW", - "baseScore": 5.0, - "baseSeverity": "MEDIUM" + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 1.6, - "impactScore": 3.4 + "exploitabilityScore": 1.0, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2567.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2567.json index 2559111bfcb..ec801b6fa6e 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2567.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2567.json @@ -2,13 +2,13 @@ "id": "CVE-2023-2567", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-09-19T11:16:19.333", - "lastModified": "2024-05-28T13:15:09.857", + "lastModified": "2024-09-20T13:15:07.067", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way." + "value": "A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality.\nAuthenticated users may be able to execute arbitrary SQL statements on the DBMS used by the web application." }, { "lang": "es", @@ -22,15 +22,15 @@ "type": "Secondary", "cvssData": { "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnerableSystemConfidentiality": "HIGH", - "vulnerableSystemIntegrity": "LOW", - "vulnerableSystemAvailability": "LOW", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "subsequentSystemAvailability": "NONE", @@ -55,7 +55,7 @@ "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", - "baseScore": 7.2, + "baseScore": 8.7, "baseSeverity": "HIGH" } } @@ -86,20 +86,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "availabilityImpact": "LOW", - "baseScore": 7.6, + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, - "impactScore": 4.7 + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27584.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27584.json index f60017e4d09..8e2efda8b02 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27584.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27584.json @@ -2,13 +2,17 @@ "id": "CVE-2023-27584", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-19T23:15:11.233", - "lastModified": "2024-09-19T23:15:11.233", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, \"Secret Key\", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Dragonfly es un sistema de distribuci\u00f3n de archivos y aceleraci\u00f3n de im\u00e1genes basado en P2P de c\u00f3digo abierto. Est\u00e1 alojado por la Cloud Native Computing Foundation (CNCF) como un proyecto de nivel de incubaci\u00f3n. Dragonfly utiliza JWT para verificar al usuario. Sin embargo, la clave secreta para JWT, \"Clave secreta\", est\u00e1 codificada de forma r\u00edgida, lo que permite eludir la autenticaci\u00f3n. Un atacante puede realizar cualquier acci\u00f3n como usuario con privilegios de administrador. Este problema se ha solucionado en la versi\u00f3n 2.0.9. Se recomienda a todos los usuarios que actualicen. No existen workarounds conocidas para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28451.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28451.json index fdf83b1db81..7663eea1379 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28451.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28451.json @@ -2,13 +2,17 @@ "id": "CVE-2023-28451", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:13.900", - "lastModified": "2024-09-18T19:35:05.387", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit would be widespread and highly impactful, because the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Technitium 11.0.2. Existe una vulnerabilidad (denominada BadDNS) en el software de resoluci\u00f3n de DNS, que hace que un solucionador ignore las respuestas v\u00e1lidas, lo que provoca una denegaci\u00f3n de servicio (DoS) para una resoluci\u00f3n normal. Los efectos de una explotaci\u00f3n ser\u00edan generalizados y de gran impacto, porque el atacante podr\u00eda simplemente falsificar una respuesta dirigida al puerto de origen de un solucionador vulnerable sin necesidad de adivinar el TXID correcto." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28452.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28452.json index a1d1bf7171d..9ab05998dd3 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28452.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28452.json @@ -2,13 +2,17 @@ "id": "CVE-2023-28452", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:13.957", - "lastModified": "2024-09-18T15:15:13.957", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en CoreDNS a trav\u00e9s de la versi\u00f3n 1.10.1. Existe una vulnerabilidad en el software de resoluci\u00f3n de DNS que hace que un solucionador ignore las respuestas v\u00e1lidas, lo que provoca la denegaci\u00f3n de servicio para una resoluci\u00f3n normal. En un exploit, el atacante podr\u00eda simplemente falsificar una respuesta dirigida al puerto de origen de un solucionador vulnerable sin la necesidad de adivinar el TXID correcto." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28455.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28455.json index 53d141d8a96..8521e540ca7 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28455.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28455.json @@ -2,13 +2,17 @@ "id": "CVE-2023-28455", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:14.020", - "lastModified": "2024-09-18T18:35:01.490", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Technitium hasta la versi\u00f3n 11.0.2. El modo de reenv\u00edo permite a los atacantes crear un bucle de consultas mediante los solucionadores de Technitium, lanzando ataques de amplificaci\u00f3n y provocando posibles ataques de denegaci\u00f3n de servicio (DoS)." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28456.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28456.json index 9ae27d90fc7..c40b0aeae1b 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28456.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28456.json @@ -2,13 +2,17 @@ "id": "CVE-2023-28456", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:14.083", - "lastModified": "2024-09-18T18:35:02.367", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other \"golden model\" software like BIND) and cause potential DoS." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Technitium a trav\u00e9s de la versi\u00f3n 11.0.2. Permite a los atacantes lanzar ataques de amplificaci\u00f3n (tres veces m\u00e1s que otros programas de \"modelo dorado\" como BIND) y provocar posibles ataques de denegaci\u00f3n de servicio (DoS)." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28457.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28457.json index c15c3aef647..beb038dc435 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28457.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28457.json @@ -2,13 +2,17 @@ "id": "CVE-2023-28457", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:14.143", - "lastModified": "2024-09-18T18:35:03.190", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Technitium hasta la versi\u00f3n 11.0.3. Permite a los atacantes realizar un ataque de envenenamiento de cach\u00e9 de DNS e inyectar respuestas falsas en un segundo, lo que tiene un gran impacto." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30464.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30464.json index cdeaceec317..462ca9a9221 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30464.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30464.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30464", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T21:15:13.080", - "lastModified": "2024-09-19T19:35:01.113", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41610.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41610.json index 155b0176112..6e0677e7efb 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41610.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41610.json @@ -2,13 +2,17 @@ "id": "CVE-2023-41610", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T18:15:05.680", - "lastModified": "2024-09-19T02:35:17.530", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Victure PC420 1.1.39 contiene una contrase\u00f1a de superusuario codificada que se almacena en texto plano." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41611.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41611.json index 54b1637125a..ade3255eb4f 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41611.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41611.json @@ -2,13 +2,17 @@ "id": "CVE-2023-41611", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T18:15:05.750", - "lastModified": "2024-09-18T18:15:05.750", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Victure PC420 1.1.39 utiliza una clave d\u00e9bil y parcialmente codificada para cifrar datos." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41612.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41612.json index b0d4967e726..29ebfa154a0 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41612.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41612.json @@ -2,13 +2,17 @@ "id": "CVE-2023-41612", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T18:15:05.803", - "lastModified": "2024-09-18T18:15:05.803", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Victure PC420 1.1.39 utiliza una clave de cifrado d\u00e9bil para el archivo enabled_telnet.dat en la tarjeta Micro SD." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45854.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45854.json index 52dcdd07248..74cbc9543b8 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45854.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45854.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45854", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-16T18:15:53.053", - "lastModified": "2024-09-17T21:35:02.480", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47105.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47105.json index f2abf39f83f..81d39ce70f0 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47105.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47105.json @@ -2,13 +2,17 @@ "id": "CVE-2023-47105", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T17:15:18.277", - "lastModified": "2024-09-18T19:35:09.023", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication." + }, + { + "lang": "es", + "value": "exec.CommandContext en Chaosblade 0.3 a 1.7.3, cuando se utiliza el modo servidor, permite la ejecuci\u00f3n de comandos del sistema operativo a trav\u00e9s del par\u00e1metro cmd sin autenticaci\u00f3n." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49000.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49000.json index 3a277dbb75e..8c3d88f903c 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49000.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49000.json @@ -2,13 +2,20 @@ "id": "CVE-2023-49000", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-27T22:15:16.653", - "lastModified": "2024-01-04T18:45:41.737", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2024-09-20T13:15:13.783", + "vulnStatus": "Modified", + "cveTags": [ + { + "sourceIdentifier": "cve@mitre.org", + "tags": [ + "disputed" + ] + } + ], "descriptions": [ { "lang": "en", - "value": "An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component." + "value": "An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. NOTE: this is disputed by the vendor, who indicates that ArtisBrowser 34 does not support CSS3." }, { "lang": "es", @@ -83,6 +90,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://github.com/advisories/GHSA-866h-q63m-66xm", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49203.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49203.json index 5f7e93e91d1..ad94490ee5a 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49203.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49203.json @@ -2,13 +2,17 @@ "id": "CVE-2023-49203", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:14.513", - "lastModified": "2024-09-18T19:35:09.870", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic." + }, + { + "lang": "es", + "value": "Technitium 11.5.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (amplificaci\u00f3n del ancho de banda) porque la manipulaci\u00f3n DNSBomb provoca la acumulaci\u00f3n de consultas DNS de baja velocidad, de modo que hay una respuesta de gran tama\u00f1o en una r\u00e1faga de tr\u00e1fico." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5253.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5253.json index 4455f475a19..868e29b991a 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5253.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5253.json @@ -2,13 +2,13 @@ "id": "CVE-2023-5253", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-01-15T11:15:08.627", - "lastModified": "2024-05-28T13:15:10.223", + "lastModified": "2024-09-20T12:15:04.893", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.\n\n\n\nMalicious unauthenticated users with knowledge on the underlying system may be able to extract asset information." + "value": "A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.\n\n\n\nMalicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5937.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5937.json index 315eca1b80c..9d41a439e46 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5937.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5937.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5937", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-05-15T16:15:09.577", - "lastModified": "2024-05-28T13:15:10.607", + "lastModified": "2024-09-20T12:15:05.110", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-732" + "value": "CWE-538" } ] } diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6916.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6916.json index 5364e158c4e..b98c16bc095 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6916.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6916.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6916", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-04-10T16:15:09.190", - "lastModified": "2024-05-28T13:15:10.800", + "lastModified": "2024-09-20T12:15:05.307", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-522" + "value": "CWE-201" } ] } diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0218.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0218.json index 0aecb354893..c4dec7be6ed 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0218.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0218.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0218", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-04-10T16:15:09.413", - "lastModified": "2024-05-28T13:15:10.927", + "lastModified": "2024-09-20T13:15:16.733", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-1286" } ] } diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1578.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1578.json index e8c535b8a04..c11369d8ef4 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1578.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1578.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1578", "sourceIdentifier": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "published": "2024-09-16T07:15:02.030", - "lastModified": "2024-09-16T15:35:14.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T13:53:31.657", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 4.7 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -84,6 +104,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "type": "Secondary", @@ -95,14 +125,77 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "CF183E5B-D277-422A-AEC8-3FA8253BEFDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34DA9EB3-51BA-4F27-83CF-25B1A4061C6E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D897A1C4-F336-49A2-B805-F6CFA20234A1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D784B14-21AE-4BF0-A1AF-3E43E85E7F79" + } + ] + } + ] + } + ], "references": [ { "url": "https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters", - "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3" + "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", + "tags": [ + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://www.canon-europe.com/psirt/advisory-information", - "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3" + "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21145.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21145.json index 140f1486a6d..0dce962b864 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21145.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21145.json @@ -2,7 +2,7 @@ "id": "CVE-2024-21145", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:15.993", - "lastModified": "2024-09-18T15:16:36.450", + "lastModified": "2024-09-20T13:46:53.830", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.5 + }, { "source": "secalert_us@oracle.com", "type": "Secondary", diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21743.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21743.json index ec351ef105e..9e4282ac200 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21743.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21743.json @@ -2,13 +2,17 @@ "id": "CVE-2024-21743", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T14:15:16.900", - "lastModified": "2024-09-17T14:15:16.900", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de escalada de privilegios en favethemes Houzez Login Register houzez-login-register. Este problema afecta a Houzez Login Register: desde n/a hasta 3.2.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22013.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22013.json index 8764a84c217..a382290040b 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22013.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22013.json @@ -2,13 +2,17 @@ "id": "CVE-2024-22013", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-09-16T20:15:45.743", - "lastModified": "2024-09-16T20:15:45.743", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "U-Boot environment is read from unauthenticated partition." + }, + { + "lang": "es", + "value": "El entorno U-Boot se lee desde una partici\u00f3n no autenticada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22303.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22303.json index f25d616d9df..5069bc19eae 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22303.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22303.json @@ -2,13 +2,17 @@ "id": "CVE-2024-22303", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T14:15:17.123", - "lastModified": "2024-09-17T14:15:17.123", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect Privilege Assignment vulnerability in favethemes Houzez houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de asignaci\u00f3n incorrecta de privilegios en favethemes Houzez Houzez permite la escalada de privilegios. Este problema afecta a Houzez: desde n/a hasta 3.2.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23237.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23237.json index 83e4beb8503..117264d0af0 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23237.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23237.json @@ -2,13 +2,17 @@ "id": "CVE-2024-23237", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:47.670", - "lastModified": "2024-09-17T00:15:47.670", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda provocar una denegaci\u00f3n de servicio." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23657.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23657.json index 6473434835b..a8030db12e3 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23657.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23657.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23657", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-05T21:15:37.880", - "lastModified": "2024-08-06T16:30:24.547", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T12:49:35.743", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -55,30 +85,67 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.9", + "matchCriteriaId": "D74FCC4E-3C6E-4A3E-87F1-F7D5875BA7D5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/dev-auth.ts#L14", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/assets.ts#L88C48-L88C48", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/assets.ts#L96C11-L96C28", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/index.ts#L109", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/nuxt/nuxt/security/advisories/GHSA-rcvg-rgf7-pppv", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://portswigger.net/web-security/websockets/cross-site-websocket-hijacking", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23915.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23915.json index 4abf73f5900..c8dc4d99a26 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23915.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23915.json @@ -2,13 +2,17 @@ "id": "CVE-2024-23915", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:12.580", - "lastModified": "2024-09-18T14:15:12.580", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::of13::InstructionSet::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desreferencia de puntero nulo de valor de retorno no controlado en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con las rutinas de programa fluid_msg::of13::InstructionSet::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23916.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23916.json index 9690ad2d024..c74da86b67c 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23916.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23916.json @@ -2,13 +2,17 @@ "id": "CVE-2024-23916", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:12.790", - "lastModified": "2024-09-18T14:15:12.790", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionSet::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desreferencia de puntero nulo de valor de retorno no controlado en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con las rutinas de programa fluid_msg::ActionSet::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25673.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25673.json index 50273364d5e..858247c80d1 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25673.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25673.json @@ -2,13 +2,17 @@ "id": "CVE-2024-25673", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-19T19:15:24.093", - "lastModified": "2024-09-19T19:15:24.093", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection." + }, + { + "lang": "es", + "value": "Couchbase Server 7.6.x anterior a 7.6.2, 7.2.x anterior a 7.2.6 y todas las versiones anteriores permiten la inyecci\u00f3n de encabezado de host HTTP." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27365.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27365.json index fbd602c24c3..ba42a12535f 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27365.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27365.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27365", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-09T21:15:10.990", - "lastModified": "2024-09-10T12:09:50.377", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-09-20T13:09:31.330", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -39,14 +59,277 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1928760C-4FC4-45B0-84FF-C1105CD1DD2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB410A6D-642B-49AE-8B1C-EADA953A84DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43DE4D6F-D662-46F2-93BC-9AE950320BDE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE06CD56-8BFD-4208-843A-179E3E6F5C10" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C2635646-DD6A-4735-8E01-F45445584832" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA0F8A58-71B7-4503-A03A-6FB4282D75BD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64897B0D-EBF6-4BEB-BF54-ABCDBFAB45E0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3F328B4-0442-4748-B5EE-DD1CEE50D6CF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B6ADED27-EDAF-4FB3-8CB2-AE5F59B93641" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4BF79654-E5C6-4DFF-B33A-A78571CD300C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "801E188F-C71B-4933-9099-151A4A1B1BC5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w930:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D8FC82D-57C5-4F00-BDF4-4261A32C4246" + } + ] + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27365/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-277xx/CVE-2024-27795.json b/CVE-2024/CVE-2024-277xx/CVE-2024-27795.json index 8f3e8af5ef1..526f2bcebee 100644 --- a/CVE-2024/CVE-2024-277xx/CVE-2024-27795.json +++ b/CVE-2024/CVE-2024-277xx/CVE-2024-27795.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27795", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:47.740", - "lastModified": "2024-09-17T00:15:47.740", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15. Es posible que una extensi\u00f3n de c\u00e1mara pueda acceder a Internet." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27858.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27858.json index 946aaa45b22..97b116694b6 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27858.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27858.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27858", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:47.797", - "lastModified": "2024-09-17T00:15:47.797", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n puede tener acceso a datos de usuario protegidos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27860.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27860.json index 1a8fca034ac..0c580b8ee58 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27860.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27860.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27860", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:47.847", - "lastModified": "2024-09-17T00:15:47.847", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda leer memoria restringida." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27861.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27861.json index d90152b99c3..63110b1f9e0 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27861.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27861.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27861", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:47.897", - "lastModified": "2024-09-17T00:15:47.897", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda leer memoria restringida." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27869.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27869.json index 1a229833e02..3d448183064 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27869.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27869.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27869", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:47.943", - "lastModified": "2024-09-17T21:35:03.670", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27874.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27874.json index 552346ff6bf..63f59e1651b 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27874.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27874.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27874", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:47.993", - "lastModified": "2024-09-17T15:35:06.550", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27875.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27875.json index e2b14d1d057..7ad91bb9010 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27875.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27875.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27875", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.063", - "lastModified": "2024-09-17T00:15:48.063", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de l\u00f3gica con una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en macOS Sequoia 15. Los indicadores de privacidad para el acceso al micr\u00f3fono o la c\u00e1mara pueden atribuirse de forma incorrecta." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27876.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27876.json index 36de74638ea..fd45449474a 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27876.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27876.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27876", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.127", - "lastModified": "2024-09-17T20:35:05.790", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27879.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27879.json index d1124732049..a5baa0245b2 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27879.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27879.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27879", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.190", - "lastModified": "2024-09-17T20:35:06.640", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27880.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27880.json index c7e96823b89..73f23d9346b 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27880.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27880.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27880", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.250", - "lastModified": "2024-09-17T00:15:48.250", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en iOS 17.7 y iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y tvOS 18. El procesamiento de un archivo manipulado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31164.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31164.json index 797debd5e45..4dd0ec3cafc 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31164.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31164.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31164", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:12.967", - "lastModified": "2024-09-18T14:15:12.967", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionList::unpack13.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desreferencia de valor de retorno no controlado a puntero nulo en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con las rutinas de programa fluid_msg::ActionList::unpack13. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31165.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31165.json index 46dca199e57..3fe643cd9c6 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31165.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31165.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31165", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:13.147", - "lastModified": "2024-09-18T14:15:13.147", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::SetFieldAction::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desreferencia de valor de retorno no controlado a puntero nulo en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina de programa fluid_msg::of13::SetFieldAction::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31166.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31166.json index 5a2c510dfa8..dad0a5f4ae5 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31166.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31166.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31166", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:13.327", - "lastModified": "2024-09-18T14:15:13.327", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::HelloElemVersionBitmap::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::HelloElemVersionBitmap::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31167.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31167.json index 698db343747..1dfcdc7417b 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31167.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31167.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31167", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:13.507", - "lastModified": "2024-09-18T14:15:13.507", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::QueuePropertyList::unpack13.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desreferencia de valor de retorno no controlado a puntero nulo en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::QueuePropertyList::unpack13. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31168.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31168.json index 3697b828dfa..53f43e0e4ed 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31168.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31168.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31168", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:13.683", - "lastModified": "2024-09-18T14:15:13.683", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::EchoCommon::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::EchoCommon::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31169.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31169.json index f823801e297..c4ca06d1932 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31169.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31169.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31169", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:13.860", - "lastModified": "2024-09-18T14:15:13.860", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::QueueGetConfigReply::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::QueueGetConfigReply::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31170.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31170.json index 8da6f46ef42..21d3e5a6248 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31170.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31170.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31170", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:14.037", - "lastModified": "2024-09-18T14:15:14.037", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::StatsReplyQueue::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::StatsReplyQueue::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31171.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31171.json index 1d643345d4c..9641d2af5ff 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31171.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31171.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31171", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:14.210", - "lastModified": "2024-09-18T14:15:14.210", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::StatsReplyPort::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::StatsReplyPort::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31172.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31172.json index aca5cb7bc4b..b01a98e9a5c 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31172.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31172.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31172", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:14.387", - "lastModified": "2024-09-18T14:15:14.387", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::StatsReplyTable::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::StatsReplyTable::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31173.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31173.json index 429d3bc7715..2af783b6465 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31173.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31173.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31173", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:14.557", - "lastModified": "2024-09-18T14:15:14.557", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::StatsReplyFlow::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::StatsReplyFlow::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31174.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31174.json index fdb9d8eed41..5646ce788aa 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31174.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31174.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31174", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:14.730", - "lastModified": "2024-09-18T14:15:14.730", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::FeaturesReply::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::FeaturesReply::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31175.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31175.json index 919b8fdba49..c77b5ff9caa 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31175.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31175.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31175", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:14.927", - "lastModified": "2024-09-18T14:15:14.927", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::TablePropertiesList::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desreferencia de valor de retorno no controlado a puntero nulo en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina de programa fluid_msg::of13::TablePropertiesList::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31176.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31176.json index ded4a6751ed..65cacda3f49 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31176.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31176.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31176", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:15.100", - "lastModified": "2024-09-18T14:15:15.100", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::TableFeaturePropOXM::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::TableFeaturePropOXM::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31177.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31177.json index 4407d3c4e9c..16945c24101 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31177.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31177.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31177", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:15.283", - "lastModified": "2024-09-18T14:15:15.283", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg modules). This vulnerability is associated with program routines fluid_msg::of13::TableFeaturePropActions::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulos libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con las rutinas de programa fluid_msg::of13::TableFeaturePropActions::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31178.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31178.json index 4e4cc36c694..325dc1c8c7a 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31178.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31178.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31178", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:15.460", - "lastModified": "2024-09-18T14:15:15.460", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::TableFeaturePropNextTables::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::TableFeaturePropNextTables::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31179.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31179.json index 7ec0910bf86..b7c33f0e04c 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31179.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31179.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31179", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:15.633", - "lastModified": "2024-09-18T14:15:15.633", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::TableFeaturePropInstruction::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::TableFeaturePropInstruction::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31180.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31180.json index e90d80de0f8..be40940bdce 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31180.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31180.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31180", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:15.820", - "lastModified": "2024-09-18T14:15:15.820", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::GroupDesc::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::GroupDesc::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31181.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31181.json index 13fdc2f3392..75af34930fd 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31181.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31181.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31181", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:16.000", - "lastModified": "2024-09-18T14:15:16.000", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::GroupStats::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::GroupStats::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31182.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31182.json index 383ea495e0e..d3962e7e507 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31182.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31182.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31182", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:16.193", - "lastModified": "2024-09-18T14:15:16.193", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::QueuePropertyList::unpack10.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desreferencia de valor de retorno no controlado a puntero nulo en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::QueuePropertyList::unpack10. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31183.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31183.json index 84b9b584617..4ac3fdf4c05 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31183.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31183.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31183", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:16.377", - "lastModified": "2024-09-18T14:15:16.377", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::Hello::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::Hello::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31184.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31184.json index 72e81695f56..7093d65b3dd 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31184.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31184.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31184", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:16.550", - "lastModified": "2024-09-18T14:15:16.550", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::MeterStats::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MeterStats::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31185.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31185.json index 0639a51215e..f7986d851c2 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31185.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31185.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31185", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:16.727", - "lastModified": "2024-09-18T14:15:16.727", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::MeterBandList::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desreferencia de puntero nulo de valor de retorno no controlado en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina de programa fluid_msg::of13::MeterBandList::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31186.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31186.json index 743740403ef..3eea3714bab 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31186.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31186.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31186", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:16.953", - "lastModified": "2024-09-18T14:15:16.953", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::QueueGetConfigReply::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::QueueGetConfigReply::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31187.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31187.json index e0223bb99ea..47f25dc74b6 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31187.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31187.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31187", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:17.173", - "lastModified": "2024-09-18T14:15:17.173", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyPortDescription::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyPortDescription::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31188.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31188.json index cd22860b42c..99a1f6f8926 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31188.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31188.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31188", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:17.403", - "lastModified": "2024-09-18T14:15:17.403", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyTableFeatures::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyTableFeatures::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31189.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31189.json index ed149f23f45..d646eebef6a 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31189.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31189.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31189", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:17.593", - "lastModified": "2024-09-18T14:15:17.593", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartRequestTableFeatures::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartRequestTableFeatures::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31190.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31190.json index 0a717cb0b33..5d8f5d92319 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31190.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31190.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31190", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:18.017", - "lastModified": "2024-09-18T14:15:18.017", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyMeterConfig::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyMeterConfig::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31191.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31191.json index ccca33f8fa3..1f90e72c1dc 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31191.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31191.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31191", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:18.290", - "lastModified": "2024-09-18T14:15:18.290", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyMeter::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyMeter::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31192.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31192.json index cd024101708..37789bd81dc 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31192.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31192.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31192", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:18.470", - "lastModified": "2024-09-18T14:15:18.470", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyGroupDesc::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyGroupDesc::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31193.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31193.json index 116a1c8b0b1..a386e0ae4de 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31193.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31193.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31193", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:18.647", - "lastModified": "2024-09-18T14:15:18.647", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyGroup::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyGroup::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31194.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31194.json index bb3c98d6b84..04eb91821ad 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31194.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31194.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31194", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:18.827", - "lastModified": "2024-09-18T14:15:18.827", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyPortStats::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyPortStats::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31195.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31195.json index 4bf164084f8..fd2f3528e76 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31195.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31195.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31195", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:19.000", - "lastModified": "2024-09-18T14:15:19.000", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyTable::unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyTable::unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31196.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31196.json index f3fc2757e1d..3359883b33c 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31196.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31196.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31196", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:19.190", - "lastModified": "2024-09-18T14:15:19.190", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::ActionList::unpack10.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desreferencia de puntero nulo de valor de retorno no controlado en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::ActionList::unpack10. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31197.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31197.json index a0e94017c89..7775d048087 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31197.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31197.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31197", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:19.367", - "lastModified": "2024-09-18T14:15:19.367", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::Port:unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de terminaci\u00f3n nula incorrecta en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::Port:unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31198.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31198.json index 1610ef212ac..ca1874efa89 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31198.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31198.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31198", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:19.550", - "lastModified": "2024-09-18T14:15:19.550", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::Port:unpack.\n\nThis issue affects libfluid: 0.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::Port:unpack. Este problema afecta a libfluid: 0.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-315xx/CVE-2024-31570.json b/CVE-2024/CVE-2024-315xx/CVE-2024-31570.json index 7c131195401..911c5de9a35 100644 --- a/CVE-2024/CVE-2024-315xx/CVE-2024-31570.json +++ b/CVE-2024/CVE-2024-315xx/CVE-2024-31570.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31570", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-19T17:15:12.623", - "lastModified": "2024-09-19T17:15:12.623", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file." + }, + { + "lang": "es", + "value": "libfreeimage en FreeImage 3.4.0 a 3.18.0 tiene un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n de carga PluginXPM.cpp a trav\u00e9s de un archivo XPM." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3153.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3153.json index b6d5c81a3fa..e1e9b148211 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3153.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3153.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3153", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:00.600", - "lastModified": "2024-06-07T14:56:05.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T13:15:04.307", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -51,14 +73,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0.0", + "matchCriteriaId": "0D667E32-5A5C-479C-BB81-47F3BCA38C13" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a46229a58cb53d9", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-320xx/CVE-2024-32034.json b/CVE-2024/CVE-2024-320xx/CVE-2024-32034.json index 8bd820d81e6..fb487879c86 100644 --- a/CVE-2024/CVE-2024-320xx/CVE-2024-32034.json +++ b/CVE-2024/CVE-2024-320xx/CVE-2024-32034.json @@ -2,13 +2,17 @@ "id": "CVE-2024-32034", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-16T19:16:10.300", - "lastModified": "2024-09-16T19:16:10.300", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted. This issue has been addressed in release version 0.27.7, 0.28.2, and newer. Users are advised to upgrade. Users unable to upgrade may redirect the pages /admin and /admin/logs to other admin pages to prevent this access (i.e. `/admin/organization/edit`)." + }, + { + "lang": "es", + "value": "Decidim es una democracia participativa, participaci\u00f3n ciudadana y gobierno abierto de c\u00f3digo abierto y gratuito para ciudades y organizaciones. El panel de administraci\u00f3n est\u00e1 sujeto a posibles ataques de cross site scripting (XSS) en caso de que un administrador asigne un evaluador a una propuesta o realice cualquier otra acci\u00f3n que genere un registro de actividad de administraci\u00f3n donde uno de los recursos tenga un XSS creado. Este problema se ha solucionado en las versiones de lanzamiento 0.27.7, 0.28.2 y posteriores. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden redirigir las p\u00e1ginas /admin y /admin/logs a otras p\u00e1ginas de administraci\u00f3n para evitar este acceso (es decir, `/admin/organization/edit`)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-331xx/CVE-2024-33109.json b/CVE-2024/CVE-2024-331xx/CVE-2024-33109.json index f527b776d09..bef8a9b19a9 100644 --- a/CVE-2024/CVE-2024-331xx/CVE-2024-33109.json +++ b/CVE-2024/CVE-2024-331xx/CVE-2024-33109.json @@ -2,13 +2,17 @@ "id": "CVE-2024-33109", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-19T19:15:24.170", - "lastModified": "2024-09-19T19:15:24.170", - "vulnStatus": "Received", + "lastModified": "2024-09-20T13:35:02.703", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function." + }, + { + "lang": "es", + "value": "Directory Traversal en la interfaz web del Tiptel IP 286 con la versi\u00f3n de firmware 2.61.13.10 permite a los atacantes sobrescribir archivos arbitrarios en el tel\u00e9fono a trav\u00e9s de la funci\u00f3n de carga de tono de llamada." } ], "metrics": { @@ -35,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], "references": [ { "url": "http://tiptel.com", diff --git a/CVE-2024/CVE-2024-340xx/CVE-2024-34016.json b/CVE-2024/CVE-2024-340xx/CVE-2024-34016.json index 402caa99e75..7e5fc9f4f4d 100644 --- a/CVE-2024/CVE-2024-340xx/CVE-2024-34016.json +++ b/CVE-2024/CVE-2024-340xx/CVE-2024-34016.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34016", "sourceIdentifier": "security@acronis.com", "published": "2024-09-16T20:15:46.087", - "lastModified": "2024-09-16T20:15:46.087", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235." + }, + { + "lang": "es", + "value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect Cloud Agent (Windows) antes de la compilaci\u00f3n 38235." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-340xx/CVE-2024-34026.json b/CVE-2024/CVE-2024-340xx/CVE-2024-34026.json index a88bd03cc79..35c0aa8275e 100644 --- a/CVE-2024/CVE-2024-340xx/CVE-2024-34026.json +++ b/CVE-2024/CVE-2024-340xx/CVE-2024-34026.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34026", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-09-18T15:15:14.623", - "lastModified": "2024-09-18T15:15:14.623", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer basada en pila en la funcionalidad del analizador EtherNet/IP de OpenPLC Runtime de OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. Una solicitud EtherNet/IP especialmente manipulada puede provocar la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar una serie de solicitudes EtherNet/IP para activar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-340xx/CVE-2024-34057.json b/CVE-2024/CVE-2024-340xx/CVE-2024-34057.json index fa91bc4e42b..49ea14ca3ac 100644 --- a/CVE-2024/CVE-2024-340xx/CVE-2024-34057.json +++ b/CVE-2024/CVE-2024-340xx/CVE-2024-34057.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34057", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T19:15:40.777", - "lastModified": "2024-09-19T15:35:09.077", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-343xx/CVE-2024-34399.json b/CVE-2024/CVE-2024-343xx/CVE-2024-34399.json index 837ca2be7de..576949fa94e 100644 --- a/CVE-2024/CVE-2024-343xx/CVE-2024-34399.json +++ b/CVE-2024/CVE-2024-343xx/CVE-2024-34399.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34399", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T18:15:06.163", - "lastModified": "2024-09-18T19:35:11.240", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer and the impacted version for this vulnerability is 7.6.04 only." + }, + { + "lang": "es", + "value": "**NO SE ADMITEN LAS FUNCIONES CUANDO SE ASIGNAN** Se descubri\u00f3 un problema en BMC Remedy Mid Tier 7.6.04. Un atacante remoto no autenticado puede acceder a cualquier cuenta de usuario sin usar ninguna contrase\u00f1a. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante y la versi\u00f3n afectada por esta vulnerabilidad es solo la 7.6.04." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-355xx/CVE-2024-35515.json b/CVE-2024/CVE-2024-355xx/CVE-2024-35515.json index 1bdc929ed2b..89cb018b69e 100644 --- a/CVE-2024/CVE-2024-355xx/CVE-2024-35515.json +++ b/CVE-2024/CVE-2024-355xx/CVE-2024-35515.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35515", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:14.843", - "lastModified": "2024-09-18T18:35:08.403", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code." + }, + { + "lang": "es", + "value": "La deserializaci\u00f3n insegura en sqlitedict hasta v2.1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36980.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36980.json index 483ecd88f5c..e0dd6552b8c 100644 --- a/CVE-2024/CVE-2024-369xx/CVE-2024-36980.json +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36980.json @@ -2,13 +2,17 @@ "id": "CVE-2024-36980", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-09-18T15:15:14.903", - "lastModified": "2024-09-18T15:15:14.903", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the first instance of the incorrect comparison." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites en la funcionalidad del analizador PCCC de OpenPLC Runtime EtherNet/IP de OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. Una solicitud de red especialmente manipulada puede provocar una denegaci\u00f3n de servicio. Un atacante puede enviar una serie de solicitudes EtherNet/IP para activar esta vulnerabilidad. Esta es la primera instancia de comparaci\u00f3n incorrecta." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36981.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36981.json index 363284b829e..d4d7a88dffb 100644 --- a/CVE-2024/CVE-2024-369xx/CVE-2024-36981.json +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36981.json @@ -2,13 +2,17 @@ "id": "CVE-2024-36981", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-09-18T15:15:15.110", - "lastModified": "2024-09-18T15:15:15.110", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the final instance of the incorrect comparison." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites en la funcionalidad del analizador PCCC de OpenPLC Runtime EtherNet/IP de OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. Una solicitud de red especialmente manipulada puede provocar una denegaci\u00f3n de servicio. Un atacante puede enviar una serie de solicitudes EtherNet/IP para activar esta vulnerabilidad. Esta es la \u00faltima instancia de la comparaci\u00f3n incorrecta." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-374xx/CVE-2024-37406.json b/CVE-2024/CVE-2024-374xx/CVE-2024-37406.json index 11c3d0992a3..c297ab787fc 100644 --- a/CVE-2024/CVE-2024-374xx/CVE-2024-37406.json +++ b/CVE-2024/CVE-2024-374xx/CVE-2024-37406.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37406", "sourceIdentifier": "support@hackerone.com", "published": "2024-09-18T22:15:04.573", - "lastModified": "2024-09-19T14:35:05.393", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37985.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37985.json index 0c9846b323f..186809b136e 100644 --- a/CVE-2024/CVE-2024-379xx/CVE-2024-37985.json +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37985.json @@ -2,13 +2,17 @@ "id": "CVE-2024-37985", "sourceIdentifier": "secure@microsoft.com", "published": "2024-09-17T23:15:14.913", - "lastModified": "2024-09-17T23:15:14.913", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Windows Kernel Information Disclosure Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del kernel de Windows" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-380xx/CVE-2024-38016.json b/CVE-2024/CVE-2024-380xx/CVE-2024-38016.json index a3eecbe1a94..6c6ac8f084f 100644 --- a/CVE-2024/CVE-2024-380xx/CVE-2024-38016.json +++ b/CVE-2024/CVE-2024-380xx/CVE-2024-38016.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38016", "sourceIdentifier": "secure@microsoft.com", "published": "2024-09-19T17:15:12.947", - "lastModified": "2024-09-19T17:15:12.947", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Office Visio Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Office Visio" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-381xx/CVE-2024-38183.json b/CVE-2024/CVE-2024-381xx/CVE-2024-38183.json index d5477364c20..02b56efbb3c 100644 --- a/CVE-2024/CVE-2024-381xx/CVE-2024-38183.json +++ b/CVE-2024/CVE-2024-381xx/CVE-2024-38183.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38183", "sourceIdentifier": "secure@microsoft.com", "published": "2024-09-17T19:15:25.737", - "lastModified": "2024-09-17T19:15:25.737", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "secure@microsoft.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de control de acceso inadecuado en GroupMe permite a un atacante no autenticado elevar los privilegios en una red al convencer a un usuario de hacer clic en un enlace malicioso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-382xx/CVE-2024-38221.json b/CVE-2024/CVE-2024-382xx/CVE-2024-38221.json index 6bf8fba0bf9..592e25322de 100644 --- a/CVE-2024/CVE-2024-382xx/CVE-2024-38221.json +++ b/CVE-2024/CVE-2024-382xx/CVE-2024-38221.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38221", "sourceIdentifier": "secure@microsoft.com", "published": "2024-09-19T21:15:13.933", - "lastModified": "2024-09-19T21:15:13.933", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Edge (basado en Chromium)" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38380.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38380.json index 7db846ecf26..93eca32e13f 100644 --- a/CVE-2024/CVE-2024-383xx/CVE-2024-38380.json +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38380.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38380", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-09-17T18:15:03.680", - "lastModified": "2024-09-17T18:15:03.680", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session." + }, + { + "lang": "es", + "value": "Esta vulnerabilidad ocurre cuando la entrada proporcionada por el usuario se desinfecta incorrectamente y luego se refleja en el navegador del usuario, lo que permite a un atacante ejecutar JavaScript arbitrario en el contexto de la sesi\u00f3n del navegador de la v\u00edctima." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38812.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38812.json index 34732d2e3f8..f991301e73c 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38812.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38812.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38812", "sourceIdentifier": "security@vmware.com", "published": "2024-09-17T18:15:03.920", - "lastModified": "2024-09-17T18:15:03.920", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The\u00a0vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution." + }, + { + "lang": "es", + "value": "vCenter Server contiene una vulnerabilidad de desbordamiento de pila en la implementaci\u00f3n del protocolo DCERPC. Un agente malintencionado con acceso de red al vCenter Server puede desencadenar esta vulnerabilidad enviando un paquete de red especialmente manipulado que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38813.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38813.json index 517e0d9d975..2e720ea1d12 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38813.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38813.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38813", "sourceIdentifier": "security@vmware.com", "published": "2024-09-17T18:15:04.127", - "lastModified": "2024-09-17T18:15:04.127", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The vCenter Server contains a privilege escalation vulnerability.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet." + }, + { + "lang": "es", + "value": "vCenter Server contiene una vulnerabilidad de escalada de privilegios. Un actor malintencionado con acceso de red al servidor vCenter puede activar esta vulnerabilidad para escalar privilegios a la ra\u00edz mediante el env\u00edo de un paquete de red especialmente manipulado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38860.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38860.json index 3548b3e984b..506ae09f36c 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38860.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38860.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38860", "sourceIdentifier": "security@checkmk.com", "published": "2024-09-17T14:15:17.347", - "lastModified": "2024-09-17T14:15:17.347", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks." + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de la entrada en Checkmk anterior a las versiones 2.3.0p16 y 2.2.0p34 permite a los atacantes crear enlaces maliciosos que pueden facilitar ataques de phishing." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-390xx/CVE-2024-39081.json b/CVE-2024/CVE-2024-390xx/CVE-2024-39081.json index 34dadcf8a16..e468257ed16 100644 --- a/CVE-2024/CVE-2024-390xx/CVE-2024-39081.json +++ b/CVE-2024/CVE-2024-390xx/CVE-2024-39081.json @@ -2,13 +2,17 @@ "id": "CVE-2024-39081", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T14:15:19.757", - "lastModified": "2024-09-18T14:15:19.757", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications." + }, + { + "lang": "es", + "value": "Un problema en SMART TYRE CAR & BIKE v4.2.0 permite a los atacantes realizar un ataque de intermediario a trav\u00e9s de comunicaciones Bluetooth." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-393xx/CVE-2024-39339.json b/CVE-2024/CVE-2024-393xx/CVE-2024-39339.json index 7a4dba785b8..55a57ae2435 100644 --- a/CVE-2024/CVE-2024-393xx/CVE-2024-39339.json +++ b/CVE-2024/CVE-2024-393xx/CVE-2024-39339.json @@ -2,13 +2,17 @@ "id": "CVE-2024-39339", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T20:15:03.197", - "lastModified": "2024-09-18T20:15:03.197", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used in Suzuki and Toyota cars. This misconfiguration can lead to information disclosure, leaking sensitive details such as diagnostic log traces, system logs, headunit passwords, and personally identifiable information (PII). The exposure of such information may have serious implications for user privacy and system integrity." + }, + { + "lang": "es", + "value": "Se ha descubierto una vulnerabilidad en todas las versiones de las unidades centrales Smartplay, que se utilizan ampliamente en los autom\u00f3viles Suzuki y Toyota. Esta configuraci\u00f3n incorrecta puede provocar la divulgaci\u00f3n de informaci\u00f3n, filtrando detalles confidenciales como registros de diagn\u00f3stico, registros del sistema, contrase\u00f1as de la unidad central e informaci\u00f3n de identificaci\u00f3n personal (PII). La exposici\u00f3n de dicha informaci\u00f3n puede tener consecuencias graves para la privacidad del usuario y la integridad del sistema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39589.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39589.json index 511882dd50a..13fdfaa4493 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39589.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39589.json @@ -2,13 +2,17 @@ "id": "CVE-2024-39589", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-09-18T15:15:15.333", - "lastModified": "2024-09-18T15:15:15.333", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Read_Reply` function" + }, + { + "lang": "es", + "value": "Existen m\u00faltiples vulnerabilidades de desreferencia de puntero no v\u00e1lido en la funcionalidad del analizador EtherNet/IP de OpenPLC Runtime de OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. Una solicitud EtherNet/IP especialmente manipulada puede provocar una denegaci\u00f3n de servicio. Un atacante puede enviar una serie de solicitudes EtherNet/IP para activar estas vulnerabilidades. Esta instancia de la vulnerabilidad se produce dentro de la funci\u00f3n `Protected_Logical_Read_Reply`" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39590.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39590.json index 199ae92ea30..ff870093286 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39590.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39590.json @@ -2,13 +2,17 @@ "id": "CVE-2024-39590", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-09-18T15:15:15.540", - "lastModified": "2024-09-18T15:15:15.540", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Write_Reply` function" + }, + { + "lang": "es", + "value": "Existen m\u00faltiples vulnerabilidades de desreferencia de puntero no v\u00e1lido en la funcionalidad del analizador EtherNet/IP de OpenPLC Runtime de OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. Una solicitud EtherNet/IP especialmente manipulada puede provocar una denegaci\u00f3n de servicio. Un atacante puede enviar una serie de solicitudes EtherNet/IP para activar estas vulnerabilidades. Esta instancia de la vulnerabilidad se produce dentro de la funci\u00f3n `Protected_Logical_Write_Reply`" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-396xx/CVE-2024-39613.json b/CVE-2024/CVE-2024-396xx/CVE-2024-39613.json index 5826fa5a518..327cbc755b8 100644 --- a/CVE-2024/CVE-2024-396xx/CVE-2024-39613.json +++ b/CVE-2024/CVE-2024-396xx/CVE-2024-39613.json @@ -2,8 +2,8 @@ "id": "CVE-2024-39613", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-09-16T07:15:02.373", - "lastModified": "2024-09-16T15:30:28.733", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T13:59:01.117", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.9.0", + "matchCriteriaId": "581E647F-BCA1-490E-9CCF-AFC4B65BD446" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-399xx/CVE-2024-39900.json b/CVE-2024/CVE-2024-399xx/CVE-2024-39900.json index 24390b449f6..c3ce4971632 100644 --- a/CVE-2024/CVE-2024-399xx/CVE-2024-39900.json +++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39900.json @@ -2,8 +2,8 @@ "id": "CVE-2024-39900", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-09T22:15:03.243", - "lastModified": "2024-07-11T13:05:54.930", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T12:40:20.277", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -51,18 +81,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opensearch:observability:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.14", + "matchCriteriaId": "A0A26A7A-D86D-48F6-A48F-83FA71FEFE7A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/opensearch-project/reporting/commit/2403014c57ee63268e83d919db3334b676a8c992", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/opensearch-project/reporting/security/advisories/GHSA-xmvg-335g-x44q", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://opensearch.org/versions/opensearch-2-14-0.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-399xx/CVE-2024-39901.json b/CVE-2024/CVE-2024-399xx/CVE-2024-39901.json index d577238ecfa..076e743d9a3 100644 --- a/CVE-2024/CVE-2024-399xx/CVE-2024-39901.json +++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39901.json @@ -2,8 +2,8 @@ "id": "CVE-2024-39901", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-09T22:15:03.450", - "lastModified": "2024-07-18T15:15:03.243", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T12:33:09.673", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -51,18 +81,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opensearch:observability:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.14", + "matchCriteriaId": "A0A26A7A-D86D-48F6-A48F-83FA71FEFE7A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/opensearch-project/observability/commit/014423178f8f61d90442dde03cbdcd754c70a84e", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/opensearch-project/observability/security/advisories/GHSA-77vc-rj32-2r33", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://opensearch.org/versions/opensearch-2-14-0.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-399xx/CVE-2024-39910.json b/CVE-2024/CVE-2024-399xx/CVE-2024-39910.json index 7b87827979c..2342b64654a 100644 --- a/CVE-2024/CVE-2024-399xx/CVE-2024-39910.json +++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39910.json @@ -2,13 +2,17 @@ "id": "CVE-2024-39910", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-16T19:16:10.540", - "lastModified": "2024-09-16T19:16:10.540", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to if they know how to craft these requests themselves. This issue has been addressed in release version 0.27.7. All users are advised to upgrade. Users unable to upgrade should review the user accounts that have access to the admin panel (i.e. general Administrators, and participatory space's Administrators) and remove access to them if they don't need it. Disable the \"Enable rich text editor for participants\" setting in the admin dashboard" + }, + { + "lang": "es", + "value": "Decidim es una democracia participativa, participaci\u00f3n ciudadana y gobierno abierto de c\u00f3digo abierto y gratuito para ciudades y organizaciones. El editor WYSWYG QuillJS est\u00e1 sujeto a posibles ataques XSS en caso de que el atacante logre modificar el HTML antes de subirlo al servidor. El atacante puede cambiar, por ejemplo, a si sabe c\u00f3mo crear estas solicitudes por s\u00ed mismo. Este problema se ha solucionado en la versi\u00f3n 0.27.7. Se recomienda a todos los usuarios que actualicen. Los usuarios que no puedan actualizar deben revisar las cuentas de usuario que tienen acceso al panel de administraci\u00f3n (es decir, administradores generales y administradores del espacio participativo) y eliminar el acceso a ellas si no lo necesitan. Desactive la opci\u00f3n \"Habilitar editor de texto enriquecido para participantes\" en el panel de administraci\u00f3n" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-401xx/CVE-2024-40125.json b/CVE-2024/CVE-2024-401xx/CVE-2024-40125.json index 018dc5c7023..e7743bc2b03 100644 --- a/CVE-2024/CVE-2024-401xx/CVE-2024-40125.json +++ b/CVE-2024/CVE-2024-401xx/CVE-2024-40125.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40125", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-19T19:15:24.350", - "lastModified": "2024-09-19T20:35:24.513", - "vulnStatus": "Received", + "lastModified": "2024-09-20T13:35:05.043", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de carga de archivos arbitrarios en la funci\u00f3n Media Manager de Closed-Loop Technology CLESS Server v4.5.2 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la carga de un archivo PHP manipulado espec\u00edficamente en el endpoint de carga." } ], "metrics": { @@ -18,20 +22,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "LOW", - "baseScore": 7.3, - "baseSeverity": "HIGH" + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, - "impactScore": 3.4 + "impactScore": 5.9 } ] }, @@ -42,7 +46,7 @@ "description": [ { "lang": "en", - "value": "CWE-94" + "value": "CWE-434" } ] } diff --git a/CVE-2024/CVE-2024-405xx/CVE-2024-40568.json b/CVE-2024/CVE-2024-405xx/CVE-2024-40568.json index c0ab682c67b..21a7722012d 100644 --- a/CVE-2024/CVE-2024-405xx/CVE-2024-40568.json +++ b/CVE-2024/CVE-2024-405xx/CVE-2024-40568.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40568", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T21:15:13.390", - "lastModified": "2024-09-19T19:35:13.880", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40770.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40770.json index fffc141026e..9d6f974a192 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40770.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40770.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40770", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.310", - "lastModified": "2024-09-17T00:15:48.310", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15. Un usuario sin privilegios puede modificar configuraciones de red restringidas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40790.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40790.json index d32adf690c4..942cff5c3b8 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40790.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40790.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40790", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.380", - "lastModified": "2024-09-17T00:15:48.380", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app may be able to read sensitive data from the GPU memory." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con un manejo mejorado de las memorias cach\u00e9. Este problema se solucion\u00f3 en visionOS 2. Es posible que una aplicaci\u00f3n pueda leer datos confidenciales de la memoria de la GPU." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40791.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40791.json index 4912870ed8f..3db9f943f8e 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40791.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40791.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40791", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.430", - "lastModified": "2024-09-17T00:15:48.430", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados en las entradas de registro. Este problema se solucion\u00f3 en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda acceder a informaci\u00f3n sobre los contactos de un usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40797.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40797.json index 8f8b38a3aae..264c6570997 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40797.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40797.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40797", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.490", - "lastModified": "2024-09-17T00:15:48.490", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Visiting a malicious website may lead to user interface spoofing." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 mediante una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Visitar un sitio web malicioso puede provocar la suplantaci\u00f3n de la interfaz de usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40801.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40801.json index 4ca555cd4fd..957de96daa1 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40801.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40801.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40801", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.547", - "lastModified": "2024-09-17T00:15:48.547", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected user data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda acceder a datos de usuario protegidos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40825.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40825.json index 2f61170199b..ff5a75d8e6a 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40825.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40825.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40825", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.597", - "lastModified": "2024-09-17T20:35:08.457", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40826.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40826.json index b6b42208e72..93821294bb3 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40826.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40826.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40826", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.653", - "lastModified": "2024-09-17T00:15:48.653", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos. Este problema se solucion\u00f3 en iOS 18 y iPadOS 18, macOS Sequoia 15. Es posible que un documento no cifrado se escriba en un archivo temporal al usar la vista previa de impresi\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40830.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40830.json index bb02d773c15..00fffd52ffe 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40830.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40830.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40830", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.700", - "lastModified": "2024-09-17T00:15:48.700", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 con una protecci\u00f3n de datos mejorada. Este problema se solucion\u00f3 en iOS 18 y iPadOS 18. Es posible que una aplicaci\u00f3n pueda enumerar las aplicaciones instaladas de un usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40831.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40831.json index 9147c73bd9a..c45c7f9de8c 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40831.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40831.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40831", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.753", - "lastModified": "2024-09-17T00:15:48.753", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n puede acceder a la librer\u00eda de fotos de un usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40837.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40837.json index bf3ce096d16..99e26ca04c2 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40837.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40837.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40837", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.800", - "lastModified": "2024-09-17T00:15:48.800", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n puede tener acceso a datos de usuario protegidos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40838.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40838.json index 94c52301494..bdf8b65040b 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40838.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40838.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40838", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.853", - "lastModified": "2024-09-17T00:15:48.853", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad moviendo los datos confidenciales a una ubicaci\u00f3n protegida. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n maliciosa podr\u00eda acceder a las notificaciones del dispositivo del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40840.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40840.json index 7b8b2ec5c9a..021903a7014 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40840.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40840.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40840", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.907", - "lastModified": "2024-09-17T00:15:48.907", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 mediante una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en iOS 18 y iPadOS 18. Un atacante con acceso f\u00edsico podr\u00eda usar Siri para acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40841.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40841.json index 341119e38f5..e10cd5243a5 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40841.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40841.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40841", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:48.957", - "lastModified": "2024-09-17T15:35:07.623", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40842.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40842.json index dc85c18cc0a..94d5dc750ef 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40842.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40842.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40842", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.013", - "lastModified": "2024-09-17T00:15:49.013", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema mejorando la validaci\u00f3n de las variables de entorno. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n podr\u00eda tener acceso a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40843.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40843.json index 57788669602..20a197a5dce 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40843.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40843.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40843", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.060", - "lastModified": "2024-09-17T00:15:49.060", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n puede modificar partes protegidas del sistema de archivos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40844.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40844.json index 0a01e801667..6a737ed2cfb 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40844.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40844.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40844", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.130", - "lastModified": "2024-09-17T00:15:49.130", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to observe data displayed to the user by Shortcuts." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos temporales. Este problema se solucion\u00f3 en iOS 17.7 y iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda observar los datos que se muestran al usuario mediante accesos directos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40845.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40845.json index 82fe450d1fc..bd6ead1d519 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40845.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40845.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40845", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.180", - "lastModified": "2024-09-17T00:15:49.180", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.7 y macOS Sequoia 15. El procesamiento de un archivo de video manipulado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40846.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40846.json index eee23c2a2c2..54a0f8b85c3 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40846.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40846.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40846", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.230", - "lastModified": "2024-09-17T00:15:49.230", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.7 y macOS Sequoia 15. El procesamiento de un archivo de video manipulado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40847.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40847.json index ab7c4fff0c1..9a6b2ad289d 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40847.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40847.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40847", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.277", - "lastModified": "2024-09-17T00:15:49.277", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive user data." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con restricciones adicionales para la firma de c\u00f3digo. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40848.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40848.json index 0a3659f3594..f7127c53d08 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40848.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40848.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40848", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.330", - "lastModified": "2024-09-17T00:15:49.330", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An attacker may be able to read sensitive information." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de degradaci\u00f3n con restricciones adicionales de firma de c\u00f3digo. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Un atacante podr\u00eda leer informaci\u00f3n confidencial." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40850.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40850.json index bf8654525e8..43ee44887e1 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40850.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40850.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40850", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.383", - "lastModified": "2024-09-17T00:15:49.383", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de acceso a archivos con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y tvOS 18. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40852.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40852.json index 64dbe4c3ed2..75b5fe5ec61 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40852.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40852.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40852", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.440", - "lastModified": "2024-09-17T14:35:28.813", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40856.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40856.json index 9ede0fd066e..2ffe6a5a992 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40856.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40856.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40856", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.490", - "lastModified": "2024-09-17T00:15:49.490", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, tvOS 18, macOS Sequoia 15. An attacker may be able to force a device to disconnect from a secure network." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de integridad con Beacon Protection. Este problema se solucion\u00f3 en iOS 18 y iPadOS 18, tvOS 18 y macOS Sequoia 15. Un atacante podr\u00eda forzar a un dispositivo a desconectarse de una red segura." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40857.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40857.json index f2d21535144..89b6e58f340 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40857.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40857.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40857", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.537", - "lastModified": "2024-09-17T00:15:49.537", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 mediante una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18 y tvOS 18. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un ataque de cross site scripting." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40859.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40859.json index af093b320af..e7b57cf49a8 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40859.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40859.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40859", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.590", - "lastModified": "2024-09-17T00:15:49.590", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n podr\u00eda tener acceso a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40860.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40860.json index f8a0f1c9f41..bc12f030879 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40860.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40860.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40860", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.640", - "lastModified": "2024-09-17T00:15:49.640", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de l\u00f3gica con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40861.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40861.json index 3f49d8cb44d..e25716cb809 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40861.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40861.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40861", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.690", - "lastModified": "2024-09-17T15:35:08.583", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40862.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40862.json index 9f77c46e86b..cd717ab5d10 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40862.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40862.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40862", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.743", - "lastModified": "2024-09-18T08:35:48.760", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40863.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40863.json index dbab4153d5b..057355e2eee 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40863.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40863.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40863", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.793", - "lastModified": "2024-09-17T00:15:49.793", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 con una protecci\u00f3n de datos mejorada. Este problema se solucion\u00f3 en iOS 18 y iPadOS 18. Una aplicaci\u00f3n puede filtrar informaci\u00f3n confidencial del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40866.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40866.json index 8f35512a8c2..f9834c63f9d 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40866.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40866.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40866", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.840", - "lastModified": "2024-09-17T00:15:49.840", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con una interfaz de usuario mejorada. Este problema se solucion\u00f3 en Safari 18 y macOS Sequoia 15. Visitar un sitio web malicioso puede provocar la suplantaci\u00f3n de la barra de direcciones." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41721.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41721.json index 094dd1ed47b..0aeecd379a3 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41721.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41721.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41721", "sourceIdentifier": "secteam@freebsd.org", "published": "2024-09-20T08:15:11.323", - "lastModified": "2024-09-20T08:15:11.323", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41929.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41929.json index 830b6e0747f..5909b845a2c 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41929.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41929.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41929", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-09-18T07:15:02.847", - "lastModified": "2024-09-18T16:35:07.527", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de autenticaci\u00f3n inadecuada en m\u00faltiples grabadoras de video digitales proporcionadas por TAKENAKA ENGINEERING CO., LTD. permite que un atacante autenticado remoto ejecute un comando de sistema operativo arbitrario en el dispositivo o altere la configuraci\u00f3n del dispositivo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41958.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41958.json index ffb805d9e40..5362e4c1f64 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41958.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41958.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41958", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-05T20:15:36.063", - "lastModified": "2024-08-06T16:30:24.547", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T12:58:23.553", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -51,14 +81,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mailcow:mailcow\\:_dockerized:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024-07", + "matchCriteriaId": "995C99DD-01FE-4772-808E-1A927518ED1D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mailcow/mailcow-dockerized/commit/f33d82ffc11ed3438609d4e7a6baa78cb3305bc3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-4fcc-q245-qqgg", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42404.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42404.json index fcd79b01d17..71d9f92875e 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42404.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42404.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42404", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-09-18T06:15:02.223", - "lastModified": "2024-09-18T16:35:08.267", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database." + }, + { + "lang": "es", + "value": "La vulnerabilidad de inyecci\u00f3n SQL en Welcart e-Commerce anterior a la versi\u00f3n 2.11.2 permite que un atacante que pueda iniciar sesi\u00f3n en el producto obtenga o altere la informaci\u00f3n almacenada en la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-425xx/CVE-2024-42501.json b/CVE-2024/CVE-2024-425xx/CVE-2024-42501.json index c82ac4f6ed4..569a5a12fcd 100644 --- a/CVE-2024/CVE-2024-425xx/CVE-2024-42501.json +++ b/CVE-2024/CVE-2024-425xx/CVE-2024-42501.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42501", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-09-17T18:15:04.337", - "lastModified": "2024-09-18T15:35:05.747", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-425xx/CVE-2024-42502.json b/CVE-2024/CVE-2024-425xx/CVE-2024-42502.json index 503d2830651..89082cd14f9 100644 --- a/CVE-2024/CVE-2024-425xx/CVE-2024-42502.json +++ b/CVE-2024/CVE-2024-425xx/CVE-2024-42502.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42502", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-09-17T18:15:04.527", - "lastModified": "2024-09-18T15:35:06.550", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-425xx/CVE-2024-42503.json b/CVE-2024/CVE-2024-425xx/CVE-2024-42503.json index 86b196ab713..5f02b86c401 100644 --- a/CVE-2024/CVE-2024-425xx/CVE-2024-42503.json +++ b/CVE-2024/CVE-2024-425xx/CVE-2024-42503.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42503", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-09-17T18:15:04.710", - "lastModified": "2024-09-18T15:35:10.277", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-427xx/CVE-2024-42794.json b/CVE-2024/CVE-2024-427xx/CVE-2024-42794.json index 0529785e5c5..82b0a69bf88 100644 --- a/CVE-2024/CVE-2024-427xx/CVE-2024-42794.json +++ b/CVE-2024/CVE-2024-427xx/CVE-2024-42794.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42794", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-16T20:15:46.770", - "lastModified": "2024-09-18T19:35:12.550", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-427xx/CVE-2024-42795.json b/CVE-2024/CVE-2024-427xx/CVE-2024-42795.json index a99ae105d89..c2826c9a3b7 100644 --- a/CVE-2024/CVE-2024-427xx/CVE-2024-42795.json +++ b/CVE-2024/CVE-2024-427xx/CVE-2024-42795.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42795", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-16T20:15:46.830", - "lastModified": "2024-09-18T16:35:09.097", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-427xx/CVE-2024-42796.json b/CVE-2024/CVE-2024-427xx/CVE-2024-42796.json index 595a92c94b0..7244f5ad3c0 100644 --- a/CVE-2024/CVE-2024-427xx/CVE-2024-42796.json +++ b/CVE-2024/CVE-2024-427xx/CVE-2024-42796.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42796", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-16T20:15:46.890", - "lastModified": "2024-09-18T16:35:09.880", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-427xx/CVE-2024-42798.json b/CVE-2024/CVE-2024-427xx/CVE-2024-42798.json index 583b6912bf7..54c33d7ecf4 100644 --- a/CVE-2024/CVE-2024-427xx/CVE-2024-42798.json +++ b/CVE-2024/CVE-2024-427xx/CVE-2024-42798.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42798", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-16T20:15:46.957", - "lastModified": "2024-09-18T16:35:10.637", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4283.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4283.json index 3ae21a42a04..b5f2aaa2d1c 100644 --- a/CVE-2024/CVE-2024-42xx/CVE-2024-4283.json +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4283.json @@ -2,13 +2,17 @@ "id": "CVE-2024-4283", "sourceIdentifier": "cve@gitlab.com", "published": "2024-09-16T22:15:20.650", - "lastModified": "2024-09-16T22:15:20.650", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow." + }, + { + "lang": "es", + "value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones a partir de la 11.1 anterior a la 17.1.7, la 17.2 anterior a la 17.2.5 y la 17.3 anterior a la 17.3.2. En determinadas condiciones, una vulnerabilidad de redirecci\u00f3n abierta podr\u00eda permitir la apropiaci\u00f3n de una cuenta interrumpiendo el flujo de OAuth." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43024.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43024.json index e8df9cb206a..dc3d3b51dd4 100644 --- a/CVE-2024/CVE-2024-430xx/CVE-2024-43024.json +++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43024.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43024", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T20:15:03.270", - "lastModified": "2024-09-18T20:15:03.270", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload." + }, + { + "lang": "es", + "value": "Varias vulnerabilidades de cross-site scripting (XSS) almacenado en RWS MultiTrans v7.0.23324.2 y versiones anteriores permiten a los atacantes ejecutar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un payload especialmente manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43025.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43025.json index ba78eb5e997..03061816586 100644 --- a/CVE-2024/CVE-2024-430xx/CVE-2024-43025.json +++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43025.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43025", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T20:15:03.343", - "lastModified": "2024-09-18T20:15:03.343", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n HTML en RWS MultiTrans v7.0.23324.2 y versiones anteriores permite a los atacantes alterar el dise\u00f1o HTML y posiblemente ejecutar un ataque de phishing a trav\u00e9s de un payload manipulado inyectado en un correo electr\u00f3nico enviado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-431xx/CVE-2024-43188.json b/CVE-2024/CVE-2024-431xx/CVE-2024-43188.json index 5636dd39048..a822ed8b056 100644 --- a/CVE-2024/CVE-2024-431xx/CVE-2024-43188.json +++ b/CVE-2024/CVE-2024-431xx/CVE-2024-43188.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43188", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-09-18T12:15:02.867", - "lastModified": "2024-09-18T12:15:02.867", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Business Automation Workflow \n\n22.0.2, 23.0.1, 23.0.2, and 24.0.0\n\ncould allow a privileged user to perform unauthorized activities due to improper client side validation." + }, + { + "lang": "es", + "value": "IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2 y 24.0.0 podr\u00edan permitir que un usuario privilegiado realice actividades no autorizadas debido a una validaci\u00f3n incorrecta del lado del cliente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43460.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43460.json index 8dca47148be..f15b53be1e6 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43460.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43460.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43460", "sourceIdentifier": "secure@microsoft.com", "published": "2024-09-17T19:15:27.500", - "lastModified": "2024-09-17T19:15:27.500", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "secure@microsoft.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network." + }, + { + "lang": "es", + "value": "Una autorizaci\u00f3n incorrecta en Dynamics 365 Business Central provoc\u00f3 una vulnerabilidad que permite a un atacante autenticado elevar privilegios en una red." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43489.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43489.json index cc860532d00..d9da4b7dc8c 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43489.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43489.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43489", "sourceIdentifier": "secure@microsoft.com", "published": "2024-09-19T21:15:15.677", - "lastModified": "2024-09-19T21:15:15.677", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Edge (basado en Chromium)" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43496.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43496.json index 52b7015369c..9d07bf70da8 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43496.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43496.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43496", "sourceIdentifier": "secure@microsoft.com", "published": "2024-09-19T21:15:15.917", - "lastModified": "2024-09-19T21:15:15.917", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Edge (basado en Chromium)" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-437xx/CVE-2024-43778.json b/CVE-2024/CVE-2024-437xx/CVE-2024-43778.json index 02159e6af05..3ee516feb68 100644 --- a/CVE-2024/CVE-2024-437xx/CVE-2024-43778.json +++ b/CVE-2024/CVE-2024-437xx/CVE-2024-43778.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43778", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-09-18T07:15:03.007", - "lastModified": "2024-09-18T15:35:11.213", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings." + }, + { + "lang": "es", + "value": "La vulnerabilidad de inyecci\u00f3n de comando del sistema operativo en m\u00faltiples grabadoras de video digitales proporcionadas por TAKENAKA ENGINEERING CO., LTD. permite que un atacante remoto autenticado ejecute un comando del sistema operativo arbitrario en el dispositivo o altere la configuraci\u00f3n del dispositivo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43938.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43938.json index e68fbab5ae3..271b3b98b27 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43938.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43938.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43938", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:18.037", - "lastModified": "2024-09-17T23:15:18.037", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jeroen Peters Name Directory allows Reflected XSS.This issue affects Name Directory: from n/a through 1.29.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Jeroen Peters Name Directory permite XSS reflejado. Este problema afecta a Name Directory: desde n/a hasta 1.29.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43969.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43969.json index 8228d472e62..dc5296b1e2b 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43969.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43969.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43969", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:18.253", - "lastModified": "2024-09-17T23:15:18.253", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en los complementos de Spiffy Spiffy Calendar permite la inyecci\u00f3n SQL. Este problema afecta a Spiffy Calendar: desde n/a hasta 4.9.12." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43970.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43970.json index 70a097c402b..f22f3472ab0 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43970.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43970.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43970", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:06.683", - "lastModified": "2024-09-18T00:15:06.683", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en SureCart permite XSS reflejado. Este problema afecta a SureCart: desde n/a hasta 2.29.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43971.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43971.json index 91c5b7477fc..170983f3a7f 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43971.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43971.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43971", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:06.937", - "lastModified": "2024-09-18T00:15:06.937", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.2.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP Sunshine Sunshine Photo Cart permite XSS reflejado. Este problema afecta a Sunshine Photo Cart: desde n/a hasta 3.2.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43972.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43972.json index dec07b51fc8..2e3723071ed 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43972.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43972.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43972", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:07.157", - "lastModified": "2024-09-18T00:15:07.157", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows Stored XSS.This issue affects PageLayer: from n/a through 1.8.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Pagelayer Team PageLayer permite XSS almacenado. Este problema afecta a PageLayer: desde n/a hasta 1.8.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43975.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43975.json index 8e51b91f40f..4ee57b94180 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43975.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43975.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43975", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:07.360", - "lastModified": "2024-09-18T00:15:07.360", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Highwarden Super Store Finder permite Cross-Site Scripting (XSS). Este problema afecta a Super Store Finder: desde n/a hasta 6.9.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43976.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43976.json index a7531de96ca..32d66a305eb 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43976.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43976.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43976", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:18.450", - "lastModified": "2024-09-17T23:15:18.450", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Highwarden Super Store Finder permite la inyecci\u00f3n SQL. Este problema afecta a Super Store Finder: desde n/a hasta 6.9.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43977.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43977.json index 9e1007e5174..6e74ce0241f 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43977.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43977.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43977", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:18.647", - "lastModified": "2024-09-17T23:15:18.647", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en POSIMYTH The Plus Addons para Elementor Page Builder Lite permite XSS almacenado. Este problema afecta a The Plus Addons para Elementor Page Builder Lite: desde n/a hasta 5.6.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43978.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43978.json index 98cd6e7b830..c4ba3500c10 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43978.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43978.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43978", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:18.837", - "lastModified": "2024-09-17T23:15:18.837", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Highwarden Super Store Finder permite la inyecci\u00f3n SQL. Este problema afecta a Super Store Finder: desde n/a hasta 6.9.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43983.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43983.json index e7764200a3c..c1213363c65 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43983.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43983.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43983", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:07.563", - "lastModified": "2024-09-18T00:15:07.563", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Podlove Podlove Podcast Publisher permite XSS almacenado. Este problema afecta a Podlove Podcast Publisher: desde n/a hasta 4.1.13." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43985.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43985.json index d209ebfb1b8..979e221c9ca 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43985.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43985.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43985", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:19.037", - "lastModified": "2024-09-17T23:15:19.037", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.3.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en MagePeople Team Bus Ticket Booking with Seat Reservation permite XSS almacenado. Este problema afecta a la reserva de billetes de autob\u00fas con reserva de asiento: desde n/a hasta 5.3.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43987.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43987.json index 94df03f46a8..d04efba1567 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43987.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43987.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43987", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:07.760", - "lastModified": "2024-09-18T00:15:07.760", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wayneconnor Sliding Door allows Stored XSS.This issue affects Sliding Door: from n/a through 3.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Sliding Door de wayneconnor permite XSS almacenado. Este problema afecta a Sliding Door: desde n/a hasta 3.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43988.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43988.json index 0babb3c04ea..c5e8b794ae4 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43988.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43988.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43988", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:07.953", - "lastModified": "2024-09-18T00:15:07.953", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in digitalnature Mystique allows Stored XSS.This issue affects Mystique: from n/a through 2.5.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Mystique de digitalnature permite XSS almacenado. Este problema afecta a Mystique: desde n/a hasta 2.5.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43991.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43991.json index 3f3eb44573e..898668ceaee 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43991.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43991.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43991", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:08.147", - "lastModified": "2024-09-18T00:15:08.147", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webdzier Hotel Galaxy allows Stored XSS.This issue affects Hotel Galaxy: from n/a through 4.4.24." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en webdzier Hotel Galaxy permite XSS almacenado. Este problema afecta a Hotel Galaxy: desde n/a hasta 4.4.24." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43992.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43992.json index 3983c5021a1..2f6935c1699 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43992.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43992.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43992", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:08.343", - "lastModified": "2024-09-18T00:15:08.343", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Latepoint LatePoint permite XSS almacenado. Este problema afecta a LatePoint: desde n/a hasta 4.9.91." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43993.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43993.json index 9cf4daa95cf..afea4d80044 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43993.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43993.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43993", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:08.530", - "lastModified": "2024-09-18T00:15:08.530", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Liquido allows Stored XSS.This issue affects Liquido: from n/a through 1.0.1.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CryoutCreations Liquido permite XSS almacenado. Este problema afecta a Liquido: desde n/a hasta 1.0.1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43994.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43994.json index 9e409ae4e8e..22a8e7be5cf 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43994.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43994.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43994", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:08.720", - "lastModified": "2024-09-18T00:15:08.720", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Kahuna allows Stored XSS.This issue affects Kahuna: from n/a through 1.7.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CryoutCreations Kahuna permite XSS almacenado. Este problema afecta a Kahuna: desde n/a hasta 1.7.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43995.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43995.json index 9884a3bdd65..7c863607592 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43995.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43995.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43995", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:08.923", - "lastModified": "2024-09-18T00:15:08.923", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sonalsinha21 Posterity allows Stored XSS.This issue affects Posterity: from n/a through 3.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en sonalsinha21 Posterity permite XSS almacenado. Este problema afecta a Posterity: desde n/a hasta 3.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43999.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43999.json index cd1ed69ebc2..44e178c96f2 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43999.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43999.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43999", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:09.110", - "lastModified": "2024-09-18T00:15:09.110", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Saturday Drive Ninja Forms permite XSS almacenado. Este problema afecta a Ninja Forms: desde n/a hasta 3.8.11." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44001.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44001.json index 6d304b336d9..19904c52973 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44001.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44001.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44001", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:09.297", - "lastModified": "2024-09-18T00:15:09.297", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.982." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP Royal Royal Elementor Addons permite XSS almacenado. Este problema afecta a Royal Elementor Addons: desde n/a hasta 1.3.982." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44002.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44002.json index 7f31f6952ea..fd8a6f367fd 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44002.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44002.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44002", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:09.503", - "lastModified": "2024-09-18T00:15:09.503", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Reflected XSS.This issue affects Team Showcase: from n/a through 1.22.25." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en PickPlugins Team Showcase permite XSS reflejado. Este problema afecta a Team Showcase: desde n/a hasta 1.22.25." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44003.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44003.json index 8030bec6d17..03665591f02 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44003.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44003.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44003", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:09.697", - "lastModified": "2024-09-18T00:15:09.697", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in spicethemes Spice Starter Sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through 1.2.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Spicethemes. Los sitios Spice Starter permiten XSS reflejado. Este problema afecta a los sitios Spice Starter: desde n/a hasta 1.2.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44004.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44004.json index 0035d5ea27f..43e2e3c8b71 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44004.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44004.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44004", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:19.230", - "lastModified": "2024-09-17T23:15:19.230", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en WPTaskForce WPCargo Track & Trace permite la inyecci\u00f3n SQL. Este problema afecta a WPCargo Track & Trace: desde n/a hasta 7.0.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44005.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44005.json index 648ced29999..be7ae6f4c6a 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44005.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44005.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44005", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-18T00:15:09.887", - "lastModified": "2024-09-18T00:15:09.887", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift \u2013 animation and page builder blocks allows Stored XSS.This issue affects Greenshift \u2013 animation and page builder blocks: from n/a through 9.3.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') vulnerabilidad en Wpsoul Greenshift \u2013 animation and page builder blocks permite XSS almacenado. Este problema afecta a Greenshift \u2013 animation and page builder blocks: desde n/a hasta 9.3.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44007.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44007.json index 090e4975a2f..d6496624ff0 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44007.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44007.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44007", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:19.423", - "lastModified": "2024-09-17T23:15:19.423", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Templates \u2013 Elementor & Gutenberg templates allows Reflected XSS.This issue affects SKT Templates \u2013 Elementor & Gutenberg templates: from n/a through 6.14." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en SKT Themes SKT Templates \u2013 Elementor & Gutenberg templates permite XSS reflejado. Este problema afecta a SKT Templates \u2013 Elementor & Gutenberg templates: desde n/a hasta 6.14." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44008.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44008.json index 68d71724e79..a0718e8c5e5 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44008.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44008.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44008", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:19.617", - "lastModified": "2024-09-17T23:15:19.617", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through 1.13.12." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Dylan Kuhn Geo Mashup permite XSS almacenado. Este problema afecta a Geo Mashup: desde n/a hasta 1.13.12." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44009.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44009.json index bf857b02481..5f29202961d 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44009.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44009.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44009", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:19.810", - "lastModified": "2024-09-17T23:15:19.810", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through 3.6.10." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WC Lovers WCFM Marketplace permite XSS reflejado. Este problema afecta a WCFM Marketplace: desde n/a hasta 3.6.10." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44047.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44047.json index 3277d6ab99f..8d28f3cb77a 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44047.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44047.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44047", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:19.983", - "lastModified": "2024-09-17T23:15:19.983", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in IDX Broker IMPress for IDX Broker allows Stored XSS.This issue affects IMPress for IDX Broker: from n/a through 3.2.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en IDX Broker IMPress para IDX Broker permite XSS almacenado. Este problema afecta a IMPress para IDX Broker: desde n/a hasta 3.2.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44049.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44049.json index adea4d21d0f..e526953bd8a 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44049.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44049.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44049", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:20.170", - "lastModified": "2024-09-17T23:15:20.170", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks \u2013 Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks \u2013 Unlimited blocks For Gutenberg: from n/a through 1.2.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en ThemeHunk Gutenberg Blocks \u2013 Unlimited blocks For Gutenberg permite XSS almacenado. Este problema afecta a Gutenberg Blocks \u2013 Unlimited blocks For Gutenberg: desde n/a hasta 1.2.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44050.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44050.json index fbe56bdc5de..822fbc82960 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44050.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44050.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44050", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:20.363", - "lastModified": "2024-09-17T23:15:20.363", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Verbosa allows Stored XSS.This issue affects Verbosa: from n/a through 1.2.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CryoutCreations Verbosa permite XSS almacenado. Este problema afecta a Verbosa: desde n/a hasta 1.2.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44051.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44051.json index 068175012a2..8073304f087 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44051.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44051.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44051", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:20.567", - "lastModified": "2024-09-17T23:15:20.567", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Johan van der Wijk Content Blocks (Custom Post Widget) permite XSS almacenado. Este problema afecta a Content Blocks (Custom Post Widget): desde n/a hasta 3.3.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44064.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44064.json index 800e854dd6a..8dea854a730 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44064.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44064.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44064", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:20.753", - "lastModified": "2024-09-17T23:15:20.753", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en LikeBtn Like Button Rating permite cross site scripting (XSS). Este problema afecta a Like Button Rating: desde n/a hasta 2.6.54." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44124.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44124.json index 633a0f18c85..c647adb24cb 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44124.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44124.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44124", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.890", - "lastModified": "2024-09-17T00:15:49.890", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 mediante una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en iOS 18 y iPadOS 18. Un dispositivo de entrada Bluetooth malintencionado puede omitir el emparejamiento." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44125.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44125.json index f2f3855ae59..f47235d2c67 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44125.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44125.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44125", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.940", - "lastModified": "2024-09-17T00:15:49.940", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14.7 y macOS Sequoia 15. Una aplicaci\u00f3n maliciosa podr\u00eda filtrar informaci\u00f3n confidencial del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44127.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44127.json index 99e37cfeef0..eca65a5feba 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44127.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44127.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44127", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:49.990", - "lastModified": "2024-09-18T18:35:10.113", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44128.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44128.json index 751396b217b..ac3ac113eb9 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44128.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44128.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44128", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.040", - "lastModified": "2024-09-17T00:15:50.040", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action workflow may be able to bypass Gatekeeper." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 agregando un mensaje adicional para el consentimiento del usuario. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que un flujo de trabajo de acci\u00f3n r\u00e1pida de Automator pueda omitir Gatekeeper." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44129.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44129.json index da86164b58c..7ad6c96f046 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44129.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44129.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44129", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.090", - "lastModified": "2024-09-17T00:15:50.090", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15. An app may be able to leak sensitive user information." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n filtre informaci\u00f3n confidencial del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44130.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44130.json index 700a2804b7f..32b4f65818c 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44130.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44130.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44130", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.147", - "lastModified": "2024-09-17T00:15:50.147", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15. An app with root privileges may be able to access private information." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 mejorando la protecci\u00f3n de datos. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n con privilegios de superusuario puede tener acceso a informaci\u00f3n privada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44131.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44131.json index 066a573660b..b916eae3231 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44131.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44131.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44131", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.200", - "lastModified": "2024-09-17T00:15:50.200", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 con una validaci\u00f3n mejorada de los enlaces simb\u00f3licos. Este problema se solucion\u00f3 en iOS 18 y iPadOS 18, macOS Sequoia 15. Una aplicaci\u00f3n puede tener acceso a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44132.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44132.json index bd9cd1a4fac..6a01c81e80a 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44132.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44132.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44132", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.250", - "lastModified": "2024-09-17T20:35:10.567", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44133.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44133.json index 37abb49bcee..334e7bde0c5 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44133.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44133.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44133", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.300", - "lastModified": "2024-09-17T00:15:50.300", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Sequoia 15. En los dispositivos administrados por MDM, una aplicaci\u00f3n puede ser capaz de eludir ciertas preferencias de privacidad." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44134.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44134.json index 2c89426fc4f..3a742fcc4c5 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44134.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44134.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44134", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.350", - "lastModified": "2024-09-17T00:15:50.350", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 con una redacci\u00f3n mejorada de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44135.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44135.json index 7341ade40aa..2d50a84acab 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44135.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44135.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44135", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.393", - "lastModified": "2024-09-17T00:15:50.393", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sonoma 14.7 y macOS Sequoia 15. Una aplicaci\u00f3n puede acceder a archivos protegidos dentro de un contenedor de App Sandbox." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44139.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44139.json index a043063e796..9445fb43f5a 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44139.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44139.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44139", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.443", - "lastModified": "2024-09-17T00:15:50.443", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en iOS 18 y iPadOS 18. Un atacante con acceso f\u00edsico podr\u00eda acceder a los contactos desde la pantalla de bloqueo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44146.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44146.json index fbef1d0b4e6..f17df488ed4 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44146.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44146.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44146", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.523", - "lastModified": "2024-09-17T00:15:50.523", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de l\u00f3gica mejorando el manejo de archivos. Este problema se solucion\u00f3 en macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda salir de su entorno limitado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44147.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44147.json index e914e51ace2..03c96b21ad2 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44147.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44147.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44147", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.573", - "lastModified": "2024-09-17T16:35:18.863", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44148.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44148.json index 107fbdbffd5..4fe83d84167 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44148.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44148.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44148", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.617", - "lastModified": "2024-09-17T00:15:50.617", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 con una validaci\u00f3n mejorada de los atributos de archivo. Este problema se solucion\u00f3 en macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda salir de su zona protegida." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44149.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44149.json index 4557e8a4782..af17fb661cd 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44149.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44149.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44149", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.663", - "lastModified": "2024-09-17T00:15:50.663", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n puede tener acceso a datos de usuario protegidos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44151.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44151.json index 7e8e4da55e0..8ed08821772 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44151.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44151.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44151", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.717", - "lastModified": "2024-09-17T00:15:50.717", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44152.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44152.json index abe7a62cf59..e10ccc85538 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44152.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44152.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44152", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.763", - "lastModified": "2024-09-17T00:15:50.763", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados en las entradas de registro. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n puede tener acceso a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44153.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44153.json index abe90314163..52148ddf582 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44153.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44153.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44153", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.810", - "lastModified": "2024-09-17T00:15:50.810", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando la l\u00f3gica de permisos. Este problema se solucion\u00f3 en macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44154.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44154.json index 8d2a7afc03c..286c9895cfd 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44154.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44154.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44154", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.860", - "lastModified": "2024-09-17T00:15:50.860", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted file may lead to unexpected app termination." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de inicializaci\u00f3n de memoria mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.7 y macOS Sequoia 15. Procesar un archivo manipulada con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44158.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44158.json index 5aaeca93a82..00f5baae478 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44158.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44158.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44158", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.910", - "lastModified": "2024-09-17T00:15:50.910", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A shortcut may output sensitive user data without consent." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 con una redacci\u00f3n mejorada de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en iOS 17.7 y iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Un acceso directo puede mostrar datos confidenciales del usuario sin consentimiento." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44160.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44160.json index 589a1e61f4a..2c74de94aee 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44160.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44160.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44160", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:50.963", - "lastModified": "2024-09-17T15:35:09.730", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44161.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44161.json index 48656375569..f4a9c0e685e 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44161.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44161.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44161", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.010", - "lastModified": "2024-09-17T00:15:51.010", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de lectura fuera de los l\u00edmites con una comprobaci\u00f3n de los l\u00edmites mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. El procesamiento de una textura manipulada con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44162.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44162.json index 0d1d392914a..43459416e29 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44162.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44162.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44162", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.060", - "lastModified": "2024-09-17T00:15:51.060", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 habilitando el tiempo de ejecuci\u00f3n reforzado. Este problema se solucion\u00f3 en Xcode 16. Una aplicaci\u00f3n malintencionada puede obtener acceso a los elementos de Keychain de un usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44163.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44163.json index 04293d8d4cd..7ba594e1aa2 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44163.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44163.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44163", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.107", - "lastModified": "2024-09-17T00:15:51.107", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to access private information." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Una aplicaci\u00f3n malintencionada podr\u00eda acceder a informaci\u00f3n privada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44164.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44164.json index b98f6b1cff8..a4a5cb59cf6 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44164.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44164.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44164", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.157", - "lastModified": "2024-09-17T00:15:51.157", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferences." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en iOS 17.7 y iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda omitir las preferencias de privacidad." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44165.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44165.json index 5b2c964d430..b6ba473a94a 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44165.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44165.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44165", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.207", - "lastModified": "2024-09-17T00:15:51.207", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de l\u00f3gica con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, visionOS 2, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y macOS Sequoia 15. El tr\u00e1fico de red puede filtrarse fuera de un t\u00fanel VPN." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44166.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44166.json index 609c2c1a1ba..53964054311 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44166.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44166.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44166", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.260", - "lastModified": "2024-09-17T00:15:51.260", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados en las entradas de registro. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44167.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44167.json index 9596777027f..ceb0f9db788 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44167.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44167.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44167", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.310", - "lastModified": "2024-09-18T08:35:53.200", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44168.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44168.json index 9c798c91bb3..7913633d780 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44168.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44168.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44168", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.367", - "lastModified": "2024-09-17T00:15:51.367", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de inyecci\u00f3n de librer\u00eda con restricciones adicionales. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44169.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44169.json index a971b8f95f1..e83b250ba89 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44169.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44169.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44169", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.410", - "lastModified": "2024-09-17T21:35:07.080", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44170.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44170.json index 2093b283295..2f8261827bf 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44170.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44170.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44170", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.463", - "lastModified": "2024-09-17T00:15:51.463", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad moviendo los datos confidenciales a una ubicaci\u00f3n m\u00e1s segura. Este problema se solucion\u00f3 en iOS 18 y iPadOS 18, watchOS 11 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44171.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44171.json index 22a4388ffd2..ed1b4bae6ca 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44171.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44171.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44171", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.520", - "lastModified": "2024-09-17T00:15:51.520", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 mediante una mejor gesti\u00f3n de estado. Este problema se solucion\u00f3 en iOS 17.7 y iPadOS 17.7, iOS 18 y iPadOS 18, watchOS 11. Un atacante con acceso f\u00edsico a un dispositivo bloqueado puede controlar dispositivos cercanos a trav\u00e9s de funciones de accesibilidad." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44176.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44176.json index c9c4a2ef027..3483137acb8 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44176.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44176.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44176", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.573", - "lastModified": "2024-09-17T00:15:51.573", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de acceso fuera de los l\u00edmites con una verificaci\u00f3n de los l\u00edmites mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y tvOS 18. El procesamiento de una imagen puede provocar una denegaci\u00f3n de servicio." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44177.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44177.json index e0af2fc343a..14a88f33bc8 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44177.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44177.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44177", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.637", - "lastModified": "2024-09-17T00:15:51.637", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed by removing sensitive data. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad eliminando datos confidenciales. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44178.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44178.json index a332c7945f6..fc24d3b68ce 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44178.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44178.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44178", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.690", - "lastModified": "2024-09-17T00:15:51.690", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 con una validaci\u00f3n mejorada de los enlaces simb\u00f3licos. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44180.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44180.json index 63c3b9eca42..7407000e951 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44180.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44180.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44180", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.743", - "lastModified": "2024-09-17T00:15:51.743", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en iOS 18 y iPadOS 18. Un atacante con acceso f\u00edsico podr\u00eda acceder a los contactos desde la pantalla de bloqueo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44181.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44181.json index b8c70a656d4..2126ce01228 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44181.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44181.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44181", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.790", - "lastModified": "2024-09-17T00:15:51.790", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read sensitive location information." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema mejorando el manejo de archivos temporales. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial sobre la ubicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44182.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44182.json index e94995d4dcd..d4b6bf93330 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44182.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44182.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44182", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.840", - "lastModified": "2024-09-17T00:15:51.840", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive data logged when a shortcut fails to launch another app." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 con una redacci\u00f3n mejorada de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Una aplicaci\u00f3n puede acceder a datos confidenciales registrados cuando un acceso directo no puede iniciar otra aplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44183.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44183.json index 1722558827b..c199e79e3fc 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44183.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44183.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44183", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.890", - "lastModified": "2024-09-17T00:15:51.890", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un error l\u00f3gico con un manejo de errores mejorado. Este problema se solucion\u00f3 en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y tvOS 18. Es posible que una aplicaci\u00f3n pueda provocar una denegaci\u00f3n de servicio." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44184.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44184.json index 6f6e662c3c0..b34976c7ac4 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44184.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44184.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44184", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.940", - "lastModified": "2024-09-17T00:15:51.940", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44186.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44186.json index dacdea83b8c..1f0377dde49 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44186.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44186.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44186", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:51.987", - "lastModified": "2024-09-17T00:15:51.987", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de acceso con restricciones adicionales en el entorno aislado. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n puede tener acceso a datos de usuario protegidos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44187.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44187.json index 0328edfeab7..937dc5efb30 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44187.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44187.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44187", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:52.037", - "lastModified": "2024-09-17T00:15:52.037", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin." + }, + { + "lang": "es", + "value": "Exist\u00eda un problema de origen cruzado con los elementos \"iframe\". Esto se solucion\u00f3 mejorando el seguimiento de los or\u00edgenes de seguridad. Este problema se solucion\u00f3 en Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18 y tvOS 18. Un sitio web malicioso puede filtrar datos de origen cruzado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44188.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44188.json index dc50aee5a62..bb949d33b9a 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44188.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44188.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44188", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:52.093", - "lastModified": "2024-09-17T00:15:52.093", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n puede tener acceso a datos de usuario protegidos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44189.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44189.json index d3f3a6027c0..bac075fcbd8 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44189.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44189.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44189", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:52.143", - "lastModified": "2024-09-17T00:15:52.143", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Sequoia 15. Exist\u00eda un problema l\u00f3gico por el cual un proceso pod\u00eda capturar el contenido de la pantalla sin el consentimiento del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44190.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44190.json index 77704d23893..07fa3274fc5 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44190.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44190.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44190", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:52.200", - "lastModified": "2024-09-17T00:15:52.200", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de manejo de rutas con una validaci\u00f3n mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.7, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda leer archivos arbitrarios." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44191.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44191.json index d7c9c0d8033..6d7b912e803 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44191.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44191.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44191", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:52.263", - "lastModified": "2024-09-17T00:15:52.263", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 mediante una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en iOS 17.7 y iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 y iPadOS 18, tvOS 18. Una aplicaci\u00f3n puede obtener acceso no autorizado a Bluetooth." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44198.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44198.json index b18079de38a..9093fa2c9be 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44198.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44198.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44198", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:52.320", - "lastModified": "2024-09-17T00:15:52.320", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un desbordamiento de n\u00fameros enteros mediante una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18 y tvOS 18. El procesamiento de contenido web creado con fines malintencionados puede provocar un bloqueo inesperado del proceso." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44202.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44202.json index 7b50bb91192..0ec5f9733ec 100644 --- a/CVE-2024/CVE-2024-442xx/CVE-2024-44202.json +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44202.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44202", "sourceIdentifier": "product-security@apple.com", "published": "2024-09-17T00:15:52.383", - "lastModified": "2024-09-18T18:35:11.417", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-444xx/CVE-2024-44445.json b/CVE-2024/CVE-2024-444xx/CVE-2024-44445.json index 537ed2e2f0a..73090c61518 100644 --- a/CVE-2024/CVE-2024-444xx/CVE-2024-44445.json +++ b/CVE-2024/CVE-2024-444xx/CVE-2024-44445.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44445", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-16T20:15:47.020", - "lastModified": "2024-09-16T20:15:47.020", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in BSC Smart Contract 0x0506e571aba3dd4c9d71bed479a4e6d40d95c833. Attackers are able to perform state manipulation attacks by borrowing a large amount of money and then using this amount to inflate the token balance in the token pair, leading to increased profits without cost." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en BSC Smart Contract 0x0506e571aba3dd4c9d71bed479a4e6d40d95c833. Los atacantes pueden realizar ataques de manipulaci\u00f3n de estado tomando prestada una gran cantidad de dinero y luego usando esta cantidad para inflar el saldo de tokens en el par de tokens, lo que genera mayores ganancias sin costo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44542.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44542.json index 7655fdec7bc..176c4cfea8d 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44542.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44542.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44542", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:16.137", - "lastModified": "2024-09-18T19:35:13.340", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter." + }, + { + "lang": "es", + "value": "La vulnerabilidad de inyecci\u00f3n SQL en todesk v.1.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro /todesk.com/news.html." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44589.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44589.json index abd05051be3..df4619d389b 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44589.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44589.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44589", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T20:15:03.410", - "lastModified": "2024-09-19T17:35:04.797", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-44xx/CVE-2024-4465.json b/CVE-2024/CVE-2024-44xx/CVE-2024-4465.json index 88dd5f7404e..721e9239a5d 100644 --- a/CVE-2024/CVE-2024-44xx/CVE-2024-4465.json +++ b/CVE-2024/CVE-2024-44xx/CVE-2024-4465.json @@ -2,13 +2,13 @@ "id": "CVE-2024-4465", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-11T15:15:18.490", - "lastModified": "2024-09-18T20:35:56.917", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-20T13:15:19.850", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges.\n\n\n\nIf a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration. This could result in a partial loss of data integrity. In Guardian/CMC instances with a reporting configuration, there could be limited Denial of Service (DoS) impacts, as the reports may not reach their intended destination, and there could also be limited information disclosure impacts. Furthermore, modifying the destination SMTP server for the reports could lead to the compromise of external credentials, as they might be sent to an unauthorized server." + "value": "An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges.\n\n\n\nIf a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration. This could result in a partial loss of data integrity. In Guardian/CMC instances with a reporting configuration, there could be limited Denial of Service (DoS) impacts, as the reports may not reach their intended destination, and there could also be limited information disclosure impacts. Furthermore, modifying the destination SMTP server for the reports could lead to the compromise of external credentials, as they might be sent to an unauthorized server. This could expand the scope of the attack." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45298.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45298.json index 90b4dff203c..df8e269f08f 100644 --- a/CVE-2024/CVE-2024-452xx/CVE-2024-45298.json +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45298.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45298", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-18T17:15:18.570", - "lastModified": "2024-09-18T17:15:18.570", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said e-mails by performing a password reset with my test user. To my shock, not only did it let me reset my password, but after resetting my password I can get into the wiki I was locked out of. The ramifications of this bug is a user can **bypass an account disabling by requesting their password be reset**. All users of wiki.js version `2.5.303` who use any account restrictions and have disabled user are affected. This issue has been addressed in version 2.5.304 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Wiki.js es una aplicaci\u00f3n wiki de c\u00f3digo abierto creada en Node.js. Un usuario deshabilitado puede acceder a una wiki abusando de la funci\u00f3n de restablecimiento de contrase\u00f1a. Mientras configuraba los correos electr\u00f3nicos SMTP en mi servidor, prob\u00e9 dichos correos electr\u00f3nicos restableciendo la contrase\u00f1a con mi usuario de prueba. Para mi sorpresa, no solo me permiti\u00f3 restablecer mi contrase\u00f1a, sino que despu\u00e9s de restablecerla puedo ingresar a la wiki de la que estaba bloqueado. Las ramificaciones de este error son que un usuario puede **evitar la deshabilitaci\u00f3n de una cuenta solicitando que se restablezca su contrase\u00f1a**. Todos los usuarios de la versi\u00f3n 2.5.303 de wiki.js que usan cualquier restricci\u00f3n de cuenta y tienen un usuario deshabilitado se ven afectados. Este problema se ha solucionado en la versi\u00f3n 2.5.304 y se recomienda a todos los usuarios que actualicen. No existen workarounds conocidas para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45366.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45366.json index 658c61e1743..58267639348 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45366.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45366.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45366", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-09-18T06:15:02.413", - "lastModified": "2024-09-18T06:15:02.413", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser." + }, + { + "lang": "es", + "value": "Las versiones anteriores a la versi\u00f3n 2.11.2 de Welcart e-Commerce contienen una vulnerabilidad de cross site scripting. Si se explota esta vulnerabilidad, se puede ejecutar una secuencia de comandos arbitraria en el navegador web del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45384.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45384.json index 7a3fc07e587..c4cffea0184 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45384.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45384.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45384", "sourceIdentifier": "security@apache.org", "published": "2024-09-17T19:15:28.100", - "lastModified": "2024-09-17T19:15:28.100", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Padding Oracle vulnerability in Apache Druid extension, druid-pac4j.\nThis could allow an attacker to manipulate a pac4j session cookie.\n\nThis issue affects Apache Druid versions 0.18.0 through 30.0.0.\nSince the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability.\n\nWhile we are not aware of a way to meaningfully exploit this flaw, we \nnevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue\nand ensuring you have a strong \ndruid.auth.pac4j.cookiePassphrase as a precaution." + }, + { + "lang": "es", + "value": "Vulnerabilidad de relleno de Oracle en la extensi\u00f3n de Apache Druid, druid-pac4j. Esto podr\u00eda permitir que un atacante manipule una cookie de sesi\u00f3n de pac4j. Este problema afecta a las versiones de Apache Druid 0.18.0 a 30.0.0. Dado que la extensi\u00f3n druid-pac4j es opcional y est\u00e1 deshabilitada de forma predeterminada, las instalaciones de Druid que no utilicen la extensi\u00f3n druid-pac4j no se ven afectadas por esta vulnerabilidad. Si bien no conocemos una forma de explotar significativamente esta falla, recomendamos actualizar a la versi\u00f3n 30.0.1 o superior que soluciona el problema y asegurarse de tener una contrase\u00f1a de cookie druid.auth.pac4j. segura como medida de precauci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45398.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45398.json index 561f6fa3931..0ca51cf86d1 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45398.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45398.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45398", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T20:15:04.670", - "lastModified": "2024-09-17T20:15:04.670", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory." + }, + { + "lang": "es", + "value": "Contao es un CMS de c\u00f3digo abierto. En las versiones afectadas, un usuario de back-end con acceso al administrador de archivos puede cargar archivos maliciosos y ejecutarlos en el servidor. Se recomienda a los usuarios que actualicen a Contao 4.13.49, 5.3.15 o 5.4.3. A los usuarios que no puedan actualizar se les recomienda que configuren su servidor web para que no ejecute archivos PHP y otros scripts en el directorio de carga de archivos de Contao." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45410.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45410.json index 557440b84f2..5b72978b85e 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45410.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45410.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45410", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-19T23:15:11.480", - "lastModified": "2024-09-19T23:15:11.480", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Traefik es un proxy de aplicaci\u00f3n nativo de la nube (golang). Cuando Traefik procesa una solicitud HTTP, Traefik agrega ciertos encabezados HTTP como X-Forwarded-Host o X-Forwarded-Port antes de que la solicitud se env\u00ede a la aplicaci\u00f3n. Para un cliente HTTP, no deber\u00eda ser posible eliminar o modificar estos encabezados. Dado que la aplicaci\u00f3n conf\u00eda en el valor de estos encabezados, podr\u00edan surgir implicaciones de seguridad si se pueden modificar. Sin embargo, para HTTP/1.1, se descubri\u00f3 que algunos de estos encabezados personalizados s\u00ed se pueden eliminar y, en ciertos casos, manipular. El ataque se basa en el comportamiento de HTTP/1.1, que permite definir los encabezados como salto a salto a trav\u00e9s del encabezado de conexi\u00f3n HTTP. Este problema se ha solucionado en las versiones de lanzamiento 2.11.9 y 3.1.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45413.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45413.json index 7458ef8c3cb..4e050a398ce 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45413.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45413.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45413", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-16T21:15:45.833", - "lastModified": "2024-09-18T16:35:11.470", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45414.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45414.json index 62a7b148b77..a74e072f72b 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45414.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45414.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45414", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-16T21:15:45.890", - "lastModified": "2024-09-18T16:35:12.227", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45415.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45415.json index 31e74905d94..211aceb632d 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45415.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45415.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45415", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-16T21:15:45.943", - "lastModified": "2024-09-18T16:35:12.983", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45416.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45416.json index dfff51baaff..ea874735a87 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45416.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45416.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45416", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-16T21:15:46.003", - "lastModified": "2024-09-18T16:35:13.743", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45451.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45451.json index 61732136d98..fbfbefe690e 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45451.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45451.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45451", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:20.970", - "lastModified": "2024-09-17T23:15:20.970", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Roseta allows Stored XSS.This issue affects Roseta: from n/a through 1.3.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CryoutCreations Roseta permite XSS almacenado. Este problema afecta a Roseta: desde n/a hasta 1.3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45452.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45452.json index 379d78b4d94..fc8f9f8ebd9 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45452.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45452.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45452", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T23:15:21.183", - "lastModified": "2024-09-17T23:15:21.183", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Septera septera allows Stored XSS.This issue affects Septera: from n/a through 1.5.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CryoutCreations Septera septera permite XSS almacenado. Este problema afecta a Septera: desde n/a hasta 1.5.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45496.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45496.json index 107cea52e13..c06251fb592 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45496.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45496.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45496", "sourceIdentifier": "secalert@redhat.com", "published": "2024-09-17T00:15:52.433", - "lastModified": "2024-09-19T20:15:06.813", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45523.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45523.json index 537f2ea9592..41eb41be462 100644 --- a/CVE-2024/CVE-2024-455xx/CVE-2024-45523.json +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45523.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45523", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T18:15:06.420", - "lastModified": "2024-09-18T18:15:06.420", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource leak by issuing multiple failed login attempts through API SOAP." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en las versiones 12.3.x anteriores a la 12.3.5.32784, 12.4.x anteriores a la 12.4.3.35110, 12.5.x anteriores a la 12.5.2.35950, 12.6.x anteriores a la 12.6.2.37183 y 12.7.x anteriores a la 12.7.1.38241 de Bravura Security Fabric. Un atacante no autenticado puede provocar una fuga de recursos al realizar varios intentos de inicio de sesi\u00f3n fallidos a trav\u00e9s de API SOAP." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45537.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45537.json index 7bbc34724a0..1d1b8947ad2 100644 --- a/CVE-2024/CVE-2024-455xx/CVE-2024-45537.json +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45537.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45537", "sourceIdentifier": "security@apache.org", "published": "2024-09-17T19:15:28.157", - "lastModified": "2024-09-17T19:15:28.157", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide for their JDBC connections. By default, this allowed properties list restricts users to TLS-related properties only. However, when configuration a MySQL JDBC connection, users can use a particularly-crafted JDBC connection string to provide properties that are not on this allow list.\n\nUsers without the permission to configure JDBC connections are not able to exploit this vulnerability.\nCVE-2021-26919 describes a similar vulnerability which was partially addressed in Apache Druid 0.20.2.\n\nThis issue is fixed in Apache Druid 30.0.1." + }, + { + "lang": "es", + "value": "Apache Druid permite a los usuarios con ciertos permisos leer datos de otros sistemas de bases de datos mediante JDBC. Esta funcionalidad permite a los usuarios de confianza configurar b\u00fasquedas de Druid o ejecutar tareas de ingesta. Druid tambi\u00e9n permite a los administradores configurar una lista de propiedades permitidas que los usuarios pueden proporcionar para sus conexiones JDBC. De forma predeterminada, esta lista de propiedades permitidas restringe a los usuarios solo a las propiedades relacionadas con TLS. Sin embargo, al configurar una conexi\u00f3n JDBC de MySQL, los usuarios pueden usar una cadena de conexi\u00f3n JDBC especialmente manipulada para proporcionar propiedades que no est\u00e1n en esta lista de permitidos. Los usuarios sin permiso para configurar conexiones JDBC no pueden aprovechar esta vulnerabilidad. CVE-2021-26919 describe una vulnerabilidad similar que se solucion\u00f3 parcialmente en Apache Druid 0.20.2. Este problema se solucion\u00f3 en Apache Druid 30.0.1." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45601.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45601.json index 4dbc1970c18..970a4525bf8 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45601.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45601.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45601", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-18T18:15:06.473", - "lastModified": "2024-09-18T18:15:06.473", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files not intended to be served. Users are strongly advised to update to the latest version of Mesop immediately. The latest version includes a fix for this vulnerability. At time of publication 0.12.4 is the most recently available version of Mesop." + }, + { + "lang": "es", + "value": "Mesop es un framework de interfaz de usuario basado en Python dise\u00f1ado para el desarrollo r\u00e1pido de aplicaciones web. Se ha descubierto y corregido una vulnerabilidad en Mesop que podr\u00eda permitir el acceso no autorizado a los archivos del servidor que aloja la aplicaci\u00f3n Mesop. La vulnerabilidad estaba relacionada con una validaci\u00f3n de entrada insuficiente en un endpoint espec\u00edfico. Esto podr\u00eda haber permitido a un atacante acceder a archivos que no estaban destinados a ser entregados. Se recomienda encarecidamente a los usuarios que actualicen a la \u00faltima versi\u00f3n de Mesop de inmediato. La \u00faltima versi\u00f3n incluye una correcci\u00f3n para esta vulnerabilidad. En el momento de la publicaci\u00f3n, la versi\u00f3n 0.12.4 es la versi\u00f3n m\u00e1s reciente disponible de Mesop." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45604.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45604.json index 082bd6dbe2a..5e657b30c2b 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45604.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45604.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45604", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T20:15:04.893", - "lastModified": "2024-09-17T20:15:04.893", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Contao es un CMS de c\u00f3digo abierto. En las versiones afectadas, los usuarios autenticados en el back-end pueden incluir archivos fuera de la ra\u00edz del documento en el widget selector de archivos. Se recomienda a los usuarios que actualicen a Contao 4.13.49. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45605.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45605.json index ccf44541e65..3ada81b1b8b 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45605.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45605.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45605", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T20:15:05.120", - "lastModified": "2024-09-17T20:15:05.120", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Sentry es una plataforma de monitoreo de rendimiento y seguimiento de errores que prioriza a los desarrolladores. Un usuario autenticado elimina las notificaciones de alerta de emisi\u00f3n de usuario para usuarios arbitrarios a partir de una ID de alerta conocida. Se emiti\u00f3 un parche para garantizar que las verificaciones de autorizaci\u00f3n tengan el alcance adecuado en las solicitudes de eliminaci\u00f3n de notificaciones de alerta de usuario. Los usuarios de Sentry SaaS no necesitan realizar ninguna acci\u00f3n. Los usuarios de Sentry alojado en servidores propios deben actualizar a la versi\u00f3n 24.9.0 o superior. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45606.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45606.json index 1000145f45e..c8e6915218b 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45606.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45606.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45606", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T20:15:05.393", - "lastModified": "2024-09-17T20:15:05.393", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we have identified no instances where alerts have been muted by unauthorized parties. A patch was issued to ensure authorization checks are properly scoped on requests to mute alert rules. Authenticated users who do not have the necessary permissions are no longer able to mute alerts. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version **24.9.0** or higher. The rule mute feature was generally available as of 23.6.0 but users with early access may have had the feature as of 23.4.0. Affected users are advised to upgrade to version 24.9.0. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Sentry es una plataforma de seguimiento de errores y monitoreo de rendimiento que prioriza a los desarrolladores. Un usuario autenticado puede silenciar las reglas de alerta de organizaciones y proyectos arbitrarios con una ID de regla conocida. El usuario no necesita ser miembro de la organizaci\u00f3n ni tener permisos en el proyecto. En nuestra revisi\u00f3n, no hemos identificado instancias en las que las alertas hayan sido silenciadas por partes no autorizadas. Se emiti\u00f3 un parche para garantizar que las verificaciones de autorizaci\u00f3n tengan el alcance adecuado en las solicitudes para silenciar las reglas de alerta. Los usuarios autenticados que no tienen los permisos necesarios ya no pueden silenciar las alertas. Los usuarios de Sentry SaaS no necesitan realizar ninguna acci\u00f3n. Los usuarios alojados en Sentry deben actualizar a la versi\u00f3n **24.9.0** o superior. La funci\u00f3n de silenciamiento de reglas estaba disponible de manera general a partir de la versi\u00f3n 23.6.0, pero los usuarios con acceso anticipado pueden haber tenido la funci\u00f3n a partir de la versi\u00f3n 23.4.0. Se recomienda a los usuarios afectados que actualicen a la versi\u00f3n 24.9.0. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45612.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45612.json index f690b255ff4..14f504ebbbf 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45612.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45612.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45612", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T19:15:28.250", - "lastModified": "2024-09-17T19:15:28.250", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings." + }, + { + "lang": "es", + "value": "Contao es un CMS de c\u00f3digo abierto. En las versiones afectadas, un usuario no confiable puede insertar etiquetas de inserci\u00f3n en la etiqueta can\u00f3nica, que luego se reemplazan en la p\u00e1gina web (interfaz). Se recomienda a los usuarios que actualicen a Contao 4.13.49, 5.3.15 o 5.4.3. Los usuarios que no puedan actualizar deben deshabilitar las etiquetas can\u00f3nicas en la configuraci\u00f3n de la p\u00e1gina ra\u00edz." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45614.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45614.json index 49db72fb50a..5ca0a88cd49 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45614.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45614.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45614", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-19T23:15:11.703", - "lastModified": "2024-09-19T23:15:11.703", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now discards any headers using underscores if the non-underscore version also exists. Effectively, allowing the proxy defined headers to always win. Users are advised to upgrade. Nginx has a underscores_in_headers configuration variable to discard these headers at the proxy level as a mitigation. Any users that are implicitly trusting the proxy defined headers for security should immediately cease doing so until upgraded to the fixed versions." + }, + { + "lang": "es", + "value": "Puma es un servidor web Ruby/Rack creado para el paralelismo. En las versiones afectadas, los clientes pod\u00edan alterar los valores establecidos por los servidores proxy intermedios (como X-Forwarded-For) al proporcionar una versi\u00f3n con guiones bajos del mismo encabezado (X-Forwarded_For). Todos los usuarios que dependan de las variables establecidas por el proxy se ven afectados. v6.4.3/v5.6.9 ahora descarta cualquier encabezado que utilice guiones bajos si tambi\u00e9n existe la versi\u00f3n sin guiones bajos. De hecho, permite que los encabezados definidos por el proxy siempre prevalezcan. Se recomienda a los usuarios que actualicen. Nginx tiene una variable de configuraci\u00f3n underscores_in_headers para descartar estos encabezados a nivel de proxy como mitigaci\u00f3n. Todos los usuarios que conf\u00eden impl\u00edcitamente en los encabezados definidos por el proxy por razones de seguridad deben dejar de hacerlo de inmediato hasta que se actualicen a las versiones corregidas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45679.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45679.json index 6e424d931de..d5a138e17de 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45679.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45679.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45679", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-09-18T04:15:42.080", - "lastModified": "2024-09-18T16:35:14.530", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product." + }, + { + "lang": "es", + "value": "La vulnerabilidad de desbordamiento de b\u00fafer basado en mont\u00f3n en versiones de Assimp anteriores a 5.4.3 permite a un atacante local ejecutar c\u00f3digo arbitrario importando un archivo especialmente manipulado en el producto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45682.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45682.json index be10b12e417..4be0fb96209 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45682.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45682.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45682", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-09-17T18:15:04.893", - "lastModified": "2024-09-17T18:15:04.893", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos que puede permitir a un atacante inyectar informaci\u00f3n maliciosa en el sistema operativo del dispositivo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45752.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45752.json index aef2c7c79a7..022c5f4e6b4 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45752.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45752.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45752", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-19T16:15:04.910", - "lastModified": "2024-09-19T16:35:06.277", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction." + }, + { + "lang": "es", + "value": "Desde logiops hasta la versi\u00f3n 0.3.4, en su configuraci\u00f3n predeterminada, se permite que cualquier usuario sin privilegios configure su daemon logid a trav\u00e9s de un servicio D-Bus sin restricciones, incluida la configuraci\u00f3n de macros de teclado maliciosas. Esto permite la escalada de privilegios con una interacci\u00f3n m\u00ednima del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45769.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45769.json index cbf7c8ca07d..efb28dc98b9 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45769.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45769.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45769", "sourceIdentifier": "secalert@redhat.com", "published": "2024-09-19T09:15:02.343", - "lastModified": "2024-09-19T14:15:17.120", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45770.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45770.json index 54f80f56871..59bdaf45e14 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45770.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45770.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45770", "sourceIdentifier": "secalert@redhat.com", "published": "2024-09-19T09:15:02.613", - "lastModified": "2024-09-19T14:15:17.237", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45798.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45798.json index 0bdeb195031..131748c4223 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45798.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45798.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45798", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T19:15:28.457", - "lastModified": "2024-09-17T19:15:28.457", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts." + }, + { + "lang": "es", + "value": "arduino-esp32 es un n\u00facleo Arduino para los microcontroladores ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 y ESP32-H2. El CI `arduino-esp32` es vulnerable a m\u00faltiples vulnerabilidades de Poisoned Pipeline Execution (PPE). Inyecci\u00f3n de c\u00f3digo en el flujo de trabajo `tests_results.yml` (`GHSL-2024-169`) e inyecci\u00f3n de variable de entorno (`GHSL-2024-170`). Estos problemas se han solucionado, pero se recomienda a los usuarios que verifiquen el contenido de los artefactos descargados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45799.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45799.json index 46e2db32b41..a50ea7a384e 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45799.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45799.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45799", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-16T19:16:10.880", - "lastModified": "2024-09-16T19:16:10.880", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a result all logged in to fluxcp users can have their session info stolen. This issue has been addressed in release version 1.3. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "FluxCP es un panel de control basado en la web para servidores rAthena escrito en PHP. Es posible realizar una inyecci\u00f3n de JavaScript a trav\u00e9s de las p\u00e1ginas de listas de vendedores/compradores y los nombres de las tiendas, que actualmente no est\u00e1n desinfectadas. Esto permite ejecutar c\u00f3digo JavaScript arbitrario en el navegador del usuario con solo visitar las p\u00e1ginas de la tienda. Como resultado, todos los usuarios que hayan iniciado sesi\u00f3n en FluxCP pueden sufrir el robo de la informaci\u00f3n de su sesi\u00f3n. Este problema se ha solucionado en la versi\u00f3n 1.3. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45800.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45800.json index 5e3f4ce27e3..d5f7b58f3a1 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45800.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45800.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45800", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-16T20:15:47.097", - "lastModified": "2024-09-16T20:15:47.097", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Snappymail is an open source web-based email client. SnappyMail uses the `cleanHtml()` function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many (invalid) HTML elements, it was possible (with incorrect markup) to trick the browser to \"fix\" the broken markup into valid markup. As a result a motivated attacker may be able to inject javascript. However, due to the default Content Security Policy the impact of the exploit is minimal. It could be possible to create an attack which leaks some data when loading images through the proxy.\nThis way it might be possible to use the proxy to attack the local system, like with `http://localhost:5000/leak`. Another attack could be to load a JavaScript attachment of the email. This is very tricky as the email must link to every possible UID as each email has a unique UID which has a value between 1 and 18446744073709551615 **v2.38.0** and up now remove unsupported HTML elements which mitigates the issue. Users are advised to upgrade. Older versions can install an extension named \"Security mXSS\" as a mitigation. This will be available at the administration area at `/?admin#/packages`. **NOTE:** this extension can not \"fix\" malicious code in encrypted messages or (html) attachments as it can't manipulate the JavaScript code for this. It only protects normal message HTML." + }, + { + "lang": "es", + "value": "Snappymail es un cliente de correo electr\u00f3nico basado en la web de c\u00f3digo abierto. SnappyMail utiliza la funci\u00f3n `cleanHtml()` para limpiar el HTML y CSS en los correos electr\u00f3nicos. La investigaci\u00f3n descubri\u00f3 que la funci\u00f3n tiene algunos errores que provocan un exploit mXSS. Debido a que la funci\u00f3n permit\u00eda demasiados elementos HTML (no v\u00e1lidos), era posible (con un marcado incorrecto) enga\u00f1ar al navegador para que \"arreglara\" el marcado roto y lo convirtiera en un marcado v\u00e1lido. Como resultado, un atacante motivado podr\u00eda ser capaz de inyectar JavaScript. Sin embargo, debido a la Pol\u00edtica de seguridad de contenido predeterminada, el impacto del exploit es m\u00ednimo. Podr\u00eda ser posible crear un ataque que filtre algunos datos al cargar im\u00e1genes a trav\u00e9s del proxy. De esta manera, podr\u00eda ser posible usar el proxy para atacar el sistema local, como con `http://localhost:5000/leak`. Otro ataque podr\u00eda ser cargar un archivo adjunto de JavaScript del correo electr\u00f3nico. Esto es muy complicado, ya que el correo electr\u00f3nico debe vincularse a cada UID posible, ya que cada correo electr\u00f3nico tiene un UID \u00fanico que tiene un valor entre 1 y 18446744073709551615 **v2.38.0** y versiones posteriores ahora eliminan los elementos HTML no compatibles, lo que mitiga el problema. Se recomienda a los usuarios que actualicen. Las versiones anteriores pueden instalar una extensi\u00f3n llamada \"Security mXSS\" como mitigaci\u00f3n. Estar\u00e1 disponible en el \u00e1rea de administraci\u00f3n en `/?admin#/packages`. **NOTA:** esta extensi\u00f3n no puede \"arreglar\" c\u00f3digo malicioso en mensajes cifrados o archivos adjuntos (html) ya que no puede manipular el c\u00f3digo JavaScript para esto. Solo protege el HTML de los mensajes normales." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45801.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45801.json index 65948e789c0..8c63427875c 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45801.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45801.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45801", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-16T19:16:11.080", - "lastModified": "2024-09-16T19:16:11.080", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "DOMPurify es un desinfectante XSS ultrarr\u00e1pido, ultratolerante y exclusivo de DOM para HTML, MathML y SVG. Se ha descubierto que el HTML malicioso que utiliza t\u00e9cnicas de anidaci\u00f3n especiales puede eludir la comprobaci\u00f3n de profundidad agregada a DOMPurify en versiones recientes. Tambi\u00e9n fue posible utilizar Prototype Pollution para debilitar la comprobaci\u00f3n de profundidad. Esto hace que dompurify no pueda evitar los ataques de cross site scripting (XSS). Este problema se ha solucionado en las versiones 2.5.4 y 3.1.3 de DOMPurify. Se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45803.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45803.json index 083bbbef9f5..857ff3a01e9 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45803.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45803.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45803", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T19:15:28.660", - "lastModified": "2024-09-17T19:15:28.660", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting (XSS) vulnerability has been identified in the `/wireui/button` endpoint, specifically through the `label` query parameter. Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. The `/wireui/button` endpoint dynamically renders button labels based on user-provided input via the `label` query parameter. Due to insufficient sanitization or escaping of this input, an attacker can inject malicious JavaScript. By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the affected website. This could lead to: **Session Hijacking**: Stealing session cookies, tokens, or other sensitive information. **User Impersonation**: Performing unauthorized actions on behalf of authenticated users. **Phishing**: Redirecting users to malicious websites. **Content Manipulation**: Altering the appearance or behavior of the affected page to mislead users or execute further attacks. The severity of this vulnerability depends on the context of where the affected component is used, but in all cases, it poses a significant risk to user security. This issue has been addressed in release versions 1.19.3 and 2.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Wire UI es una librer\u00eda de componentes y recursos para potenciar el desarrollo de aplicaciones Laravel y Livewire. Se ha identificado una posible vulnerabilidad de Cross-Site Scripting (XSS) en el endpoint `/wireui/button`, espec\u00edficamente a trav\u00e9s del par\u00e1metro de consulta `label`. Los actores maliciosos podr\u00edan explotar esta vulnerabilidad inyectando JavaScript en el par\u00e1metro `label`, lo que lleva a la ejecuci\u00f3n de c\u00f3digo arbitrario en el navegador de la v\u00edctima. El endpoint `/wireui/button` representa din\u00e1micamente las etiquetas de los botones en funci\u00f3n de la entrada proporcionada por el usuario a trav\u00e9s del par\u00e1metro de consulta `label`. Debido a la desinfecci\u00f3n o el escape insuficiente de esta entrada, un atacante puede inyectar JavaScript malicioso. Al crear una solicitud de este tipo, un atacante puede inyectar c\u00f3digo arbitrario que ser\u00e1 ejecutado por el navegador cuando se acceda al endpoint. Si se explota, esta vulnerabilidad podr\u00eda permitir a un atacante ejecutar c\u00f3digo JavaScript arbitrario en el contexto del sitio web afectado. Esto podr\u00eda conducir a: **Secuestro de sesi\u00f3n**: Robo de cookies de sesi\u00f3n, tokens u otra informaci\u00f3n confidencial. **Suplantaci\u00f3n de identidad de usuario**: realizar acciones no autorizadas en nombre de usuarios autenticados. **Phishing**: redireccionar a los usuarios a sitios web maliciosos. **Manipulaci\u00f3n de contenido**: alterar la apariencia o el comportamiento de la p\u00e1gina afectada para enga\u00f1ar a los usuarios o ejecutar m\u00e1s ataques. La gravedad de esta vulnerabilidad depende del contexto en el que se utiliza el componente afectado, pero en todos los casos supone un riesgo importante para la seguridad del usuario. Este problema se ha solucionado en las versiones 1.19.3 y 2.1.3. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45806.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45806.json index fa413dddf51..f2a7100dcc5 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45806.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45806.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45806", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-20T00:15:02.293", - "lastModified": "2024-09-20T00:15:02.293", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers) please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. Una vulnerabilidad de seguridad en Envoy permite que los clientes externos manipulen los encabezados de Envoy, lo que puede provocar un acceso no autorizado u otras acciones maliciosas dentro de la malla. Este problema surge debido a la configuraci\u00f3n predeterminada de Envoy de los l\u00edmites de confianza internos, que considera todos los rangos de direcciones privadas RFC1918 como internos. Se ha cambiado el comportamiento predeterminado para manejar direcciones internas en Envoy. Anteriormente, las direcciones IP RFC1918 se consideraban internas autom\u00e1ticamente, incluso si internal_address_config estaba vac\u00edo. La configuraci\u00f3n predeterminada de Envoy seguir\u00e1 confiando en las direcciones internas mientras est\u00e9 en esta versi\u00f3n y no confiar\u00e1 en ellas de forma predeterminada en la pr\u00f3xima versi\u00f3n. Si tiene herramientas como sondas en su red privada que deben tratarse como confiables (por ejemplo, cambiando encabezados x-envoy arbitrarios), incluya expl\u00edcitamente esas direcciones o rangos CIDR en `internal_address_config`. Una explotaci\u00f3n exitosa podr\u00eda permitir a los atacantes eludir los controles de seguridad, acceder a datos confidenciales o interrumpir servicios dentro de la malla, como Istio. Este problema se ha solucionado en las versiones 1.31.2, 1.30.6, 1.29.9 y 1.28.7. Se recomienda a los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45807.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45807.json index adc326dbc85..86906e6b8fe 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45807.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45807.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45807", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-20T00:15:02.520", - "lastModified": "2024-09-20T00:15:02.520", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue." + }, + { + "lang": "es", + "value": "Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. La versi\u00f3n 1.31 de Envoy utiliza `oghttp` como el c\u00f3dec HTTP/2 predeterminado y existen posibles errores en la administraci\u00f3n de transmisiones en el c\u00f3dec. Para resolver esto, Envoy desactivar\u00e1 `oghttp2` de manera predeterminada. El impacto de este problema es que Envoy se bloquear\u00e1. Este problema se ha solucionado en la versi\u00f3n 1.31.2. Se recomienda a todos los usuarios que actualicen. No existen workarounds conocidas para este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45808.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45808.json index 00d1c32067e..1cbffba794f 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45808.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45808.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45808", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-20T00:15:02.733", - "lastModified": "2024-09-20T00:15:02.733", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. Se identific\u00f3 una vulnerabilidad en Envoy que permite a atacantes maliciosos inyectar contenido inesperado en los registros de acceso. Esto se logra explotando la falta de validaci\u00f3n del campo `REQUESTED_SERVER_NAME` para los registradores de acceso. Este problema se solucion\u00f3 en las versiones 1.31.2, 1.30.6, 1.29.9 y 1.28.7. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45809.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45809.json index 5a1d9efa9e6..ad49cf2c3c9 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45809.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45809.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45809", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-20T00:15:02.930", - "lastModified": "2024-09-20T00:15:02.930", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cache is enabled on the provider; 3. header operations are enabled in JWT filter, e.g. header to claims feature; 4. the routing table is configured in a way that the JWT header operations modify requests to not match any route. When these conditions are met, a crash is triggered in the upstream code due to nullptr reference conversion from route(). The root cause is the ordering of continueDecoding and clearRouteCache. This issue has been addressed in versions 1.31.2, 1.30.6, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Envoy es un proxy de servicio/per\u00edmetro/medio de alto rendimiento nativo de la nube. El filtro JWT provocar\u00e1 un bloqueo de Envoy cuando se borre la cach\u00e9 de ruta con JWK remotos. En el siguiente caso: 1. se utilizan JWK remotos, lo que requiere procesamiento de encabezado asincr\u00f3nico; 2. clear_route_cache est\u00e1 habilitado en el proveedor; 3. las operaciones de encabezado est\u00e1n habilitadas en el filtro JWT, por ejemplo, la funci\u00f3n de encabezado a reclamos; 4. la tabla de enrutamiento est\u00e1 configurada de manera que las operaciones de encabezado JWT modifiquen las solicitudes para que no coincidan con ninguna ruta. Cuando se cumplen estas condiciones, se activa un bloqueo en el c\u00f3digo ascendente debido a la conversi\u00f3n de referencia nullptr de route(). La causa principal es el orden de continueDecoding y clearRouteCache. Este problema se ha solucionado en las versiones 1.31.2, 1.30.6 y 1.29.9. Se recomienda a los usuarios que actualicen. No existen workarounds conocidas para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45810.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45810.json index 846780a3dce..57316b6ce32 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45810.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45810.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45810", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-20T00:15:03.153", - "lastModified": "2024-09-20T00:15:03.153", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. There will be problems that the stream decoder is destroyed but its reference is called in `router.onDestroy()`, causing segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed, and request mirrorring. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Envoy es un proxy de servicio/borde/medio de alto rendimiento nativo de la nube. Envoy se bloquear\u00e1 cuando el cliente asincr\u00f3nico http est\u00e9 manejando `sendLocalReply` en alguna circunstancia, por ejemplo, actualizaci\u00f3n de websocket y duplicaci\u00f3n de solicitudes. El cliente asincr\u00f3nico http se bloquear\u00e1 durante `sendLocalReply()` en el cliente asincr\u00f3nico http, una raz\u00f3n es que el cliente asincr\u00f3nico http est\u00e1 duplicando el c\u00f3digo de estado, otra es que la destrucci\u00f3n del enrutador se llama en el destructor de la transmisi\u00f3n asincr\u00f3nica, mientras que la transmisi\u00f3n se elimina diferida al principio. Habr\u00e1 problemas si se destruye el decodificador de transmisi\u00f3n, pero se llama a su referencia en `router.onDestroy()`, lo que provoca una falla de segmento. Esto afectar\u00e1 a ext_authz si se permiten los encabezados `upgrade` y `connection`, y solicitar\u00e1 duplicaci\u00f3n. Este problema se ha solucionado en las versiones 1.31.2, 1.30.6, 1.29.9 y 1.28.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45811.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45811.json index e0b43930ba5..ffde21aff5b 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45811.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45811.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45811", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T20:15:05.800", - "lastModified": "2024-09-17T20:15:05.800", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Vite es un framework de herramientas de compilaci\u00f3n de interfaz para JavaScript. En las versiones afectadas, el contenido de archivos arbitrarios se puede devolver al navegador. `@fs` niega el acceso a archivos fuera de la lista de permitidos de Vite. Agregar `?import&raw` a la URL evita esta limitaci\u00f3n y devuelve el contenido del archivo si existe. Este problema se ha corregido en las versiones 5.4.6, 5.3.6, 5.2.14, 4.5.5 y 3.2.11. Se recomienda a los usuarios que actualicen. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45812.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45812.json index 8d5d1b51aa0..8be1259935b 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45812.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45812.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45812", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T20:15:06.037", - "lastModified": "2024-09-17T20:15:06.037", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. We have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format to `cjs`, `iife`, or `umd`. In such cases, Vite replaces relative paths starting with `__VITE_ASSET__` using the URL retrieved from `document.currentScript`. However, this implementation is vulnerable to a DOM Clobbering attack. The `document.currentScript` lookup can be shadowed by an attacker via the browser's named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server. This vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format of `cjs`, `iife`, or `umd`) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Vite es un framework de herramientas de compilaci\u00f3n de interfaz para javascript. Se descubri\u00f3 que las versiones afectadas de vite contienen una vulnerabilidad de DOM Clobbering al compilar scripts en formato de salida `cjs`/`iife`/`umd`. El gadget DOM Clobbering en el m\u00f3dulo puede provocar cross site scripting (XSS) en p\u00e1ginas web donde hay elementos HTML controlados por atacantes sin script (por ejemplo, una etiqueta img con un atributo de nombre no saneado). DOM Clobbering es un tipo de ataque de reutilizaci\u00f3n de c\u00f3digo en el que el atacante primero incorpora un fragmento de marcado HTML aparentemente benigno que no es un script en la p\u00e1gina web (por ejemplo, a trav\u00e9s de una publicaci\u00f3n o comentario) y aprovecha los gadgets (fragmentos de c\u00f3digo js) que se encuentran en el c\u00f3digo javascript existente para transformarlo en c\u00f3digo ejecutable. Hemos identificado una vulnerabilidad de DOM Clobbering en los scripts incluidos en Vite, en particular cuando los scripts importan din\u00e1micamente otros scripts desde la carpeta de activos y el desarrollador establece el formato de salida de compilaci\u00f3n en `cjs`, `iife` o `umd`. En tales casos, Vite reemplaza las rutas relativas que comienzan con `__VITE_ASSET__` utilizando la URL recuperada de `document.currentScript`. Sin embargo, esta implementaci\u00f3n es vulnerable a un ataque DOM Clobbering. La b\u00fasqueda `document.currentScript` puede ser ocultada por un atacante a trav\u00e9s del mecanismo de acceso al elemento del \u00e1rbol DOM nombrado del navegador. Esta manipulaci\u00f3n permite a un atacante reemplazar el elemento de script deseado con un elemento HTML malicioso. Cuando esto sucede, el atributo src del elemento controlado por el atacante se utiliza como la URL para importar scripts, lo que potencialmente conduce a la carga din\u00e1mica de scripts desde un servidor controlado por el atacante. Esta vulnerabilidad puede resultar en ataques de cross site scripting (XSS) en sitios web que incluyen archivos incluidos en Vite (configurados con un formato de salida de `cjs`, `iife` o `umd`) y permiten a los usuarios inyectar ciertas etiquetas HTML sin scripts sin sanear adecuadamente los atributos name o id. Este problema se ha corregido en las versiones 5.4.6, 5.3.6, 5.2.14, 4.5.5 y 3.2.11. Se recomienda a los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45813.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45813.json index e4372688190..7461b552b1b 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45813.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45813.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45813", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-18T17:15:19.163", - "lastModified": "2024-09-18T17:15:19.163", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue." + }, + { + "lang": "es", + "value": "find-my-way es un enrutador HTTP r\u00e1pido y de c\u00f3digo abierto que utiliza internamente un \u00e1rbol de base (tambi\u00e9n conocido como \u00e1rbol de prefijos compacto), admite par\u00e1metros de ruta, comodines y es independiente del framework de trabajo. Se genera una expresi\u00f3n regular incorrecta cada vez que se tienen dos par\u00e1metros dentro de un solo segmento, al agregar un `-` al final, como `/:a-:b-`. Esto puede causar una denegaci\u00f3n de servicio en algunos casos. Se recomienda a los usuarios que actualicen find-my-way a v8.2.2 o v9.0.1 o versiones posteriores. No se conocen workarounds para este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45815.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45815.json index fbd831d27be..2e1dafcbb89 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45815.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45815.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45815", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T21:15:12.320", - "lastModified": "2024-09-17T21:15:12.320", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the `1.26.0` release of the `@backstage/plugin-catalog-backend`. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Backstage es un framework abierto para crear portales para desarrolladores. Un actor malintencionado con acceso autenticado a una instancia de Backstage con el complemento de backend de cat\u00e1logo instalado puede interrumpir el servicio mediante una consulta especialmente manipulada a la API de cat\u00e1logo. Esto se ha solucionado en la versi\u00f3n `1.26.0` de `@backstage/plugin-catalog-backend`. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45816.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45816.json index fa61c6aea7c..5b23dc121fb 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45816.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45816.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45816", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T21:15:12.553", - "lastModified": "2024-09-17T21:15:12.553", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Backstage es un framework abierto para crear portales para desarrolladores. Al utilizar el proveedor de almacenamiento AWS S3 o GCS para TechDocs, es posible acceder al contenido de todo el dep\u00f3sito de almacenamiento. Esto puede filtrar contenido del dep\u00f3sito al que no se pretende acceder, as\u00ed como eludir las comprobaciones de permisos en Backstage. Esto se ha solucionado en la versi\u00f3n 1.10.13 del paquete `@backstage/plugin-techdocs-backend`. Se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45858.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45858.json index 828ebd6a4ab..f6a01e5cb29 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45858.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45858.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45858", "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "published": "2024-09-18T15:15:16.333", - "lastModified": "2024-09-18T15:15:16.333", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing it to execute on the user's machine." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en las versiones 0.2.9 a 0.5.10 del framework Guardrails AI Guardrails debido a la forma en que valida los archivos XML. Si un usuario v\u00edctima carga un archivo XML manipulado con fines malintencionados que contiene c\u00f3digo Python, el c\u00f3digo se pasar\u00e1 a una funci\u00f3n eval, lo que provocar\u00e1 su ejecuci\u00f3n en la m\u00e1quina del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45861.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45861.json index 3f273530a4f..17aa3747200 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45861.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45861.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45861", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-09-19T16:15:05.103", - "lastModified": "2024-09-19T16:15:05.103", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information." + }, + { + "lang": "es", + "value": "El firmware de Kastle Systems anterior al 1 de mayo de 2024 conten\u00eda una credencial codificada que, si se acced\u00eda a ella, pod\u00eda permitir a un atacante acceder a informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45862.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45862.json index 1aa520632dc..31b6c5af0b1 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45862.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45862.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45862", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-09-19T16:15:05.227", - "lastModified": "2024-09-19T16:15:05.227", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information." + }, + { + "lang": "es", + "value": "El firmware de Kastle Systems anterior al 1 de mayo de 2024 almacenaba las credenciales de la m\u00e1quina en texto plano, lo que pod\u00eda permitir a un atacante acceder a informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-460xx/CVE-2024-46085.json b/CVE-2024/CVE-2024-460xx/CVE-2024-46085.json index 04e0f98aa73..7397e5d7841 100644 --- a/CVE-2024/CVE-2024-460xx/CVE-2024-46085.json +++ b/CVE-2024/CVE-2024-460xx/CVE-2024-46085.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46085", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-17T13:15:03.793", - "lastModified": "2024-09-17T18:35:01.317", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename" + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que FrogCMS V0.9.5 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/?/plugin/file_manager/rename" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-460xx/CVE-2024-46086.json b/CVE-2024/CVE-2024-460xx/CVE-2024-46086.json index 9d6a55cc6a2..b0297a78910 100644 --- a/CVE-2024/CVE-2024-460xx/CVE-2024-46086.json +++ b/CVE-2024/CVE-2024-460xx/CVE-2024-46086.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46086", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T16:15:06.160", - "lastModified": "2024-09-18T18:35:13.440", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123" + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que FrogCMS V0.9.5 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/?/plugin/file_manager/delete/123" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46362.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46362.json index 08c9c46c6cf..a45c76e949c 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46362.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46362.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46362", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-17T13:15:03.903", - "lastModified": "2024-09-17T18:35:02.140", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory" + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que FrogCMS V0.9.5 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/?/plugin/file_manager/create_directory" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46372.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46372.json index 0026cdcc661..0652b78fa92 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46372.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46372.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46372", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T21:15:13.443", - "lastModified": "2024-09-18T21:15:13.443", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module." + }, + { + "lang": "es", + "value": "DedeCMS 5.7.115 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s del cuadro de c\u00f3digo de publicidad en el m\u00f3dulo de gesti\u00f3n de publicidad." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46373.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46373.json index b822029da9d..221eba6997d 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46373.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46373.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46373", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T21:15:13.497", - "lastModified": "2024-09-19T19:35:14.767", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46374.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46374.json index 7327a796f56..5d0a416a9f4 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46374.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46374.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46374", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T21:15:13.543", - "lastModified": "2024-09-19T19:35:15.573", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46375.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46375.json index 9155b0b8f93..e58527ef7f9 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46375.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46375.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46375", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T21:15:13.587", - "lastModified": "2024-09-19T14:35:06.727", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46376.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46376.json index d73d1c7ec0b..91580bb2c97 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46376.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46376.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46376", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T21:15:13.633", - "lastModified": "2024-09-19T14:35:07.493", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46377.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46377.json index a5d56d2b632..13a3ad461a9 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46377.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46377.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46377", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T21:15:13.687", - "lastModified": "2024-09-19T15:35:09.843", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46382.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46382.json index cb0eaf82a1a..a0ee3d639e9 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46382.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46382.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46382", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-19T13:15:04.007", - "lastModified": "2024-09-19T14:35:08.243", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n SQL en linlinjava litemall 1.8.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de los par\u00e1metros goodsId, goodsSn y name en AdminGoodscontroller.java." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46394.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46394.json index b4d95ed5d2d..81dd4717901 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46394.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46394.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46394", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-19T14:15:17.373", - "lastModified": "2024-09-19T14:35:09.007", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add" + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que FrogCMS v0.9.5 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/?/user/add" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46550.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46550.json index 9d5ca39e90b..1a6ef5ac000 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46550.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46550.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46550", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:16.533", - "lastModified": "2024-09-18T15:15:16.533", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro CGIbyFieldName en chglog.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46551.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46551.json index 4be76133569..65762f35d2e 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46551.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46551.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46551", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:16.590", - "lastModified": "2024-09-18T15:15:16.590", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sBPA_Pwd en inet15.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46552.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46552.json index 33931cacdbe..71ed70f51b3 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46552.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46552.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46552", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:16.650", - "lastModified": "2024-09-18T15:15:16.650", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sStRtMskShow en ipstrt.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46553.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46553.json index 0e7005a30fb..421d16170c9 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46553.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46553.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46553", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:16.720", - "lastModified": "2024-09-18T15:15:16.720", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro ipaddrmsk%d en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46554.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46554.json index 83df62dc6a9..17a6b27e3ef 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46554.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46554.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46554", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:16.783", - "lastModified": "2024-09-18T15:15:16.783", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro profname en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46555.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46555.json index 3db5bcae42f..1855685f005 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46555.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46555.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46555", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:16.837", - "lastModified": "2024-09-18T15:15:16.837", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro pb en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46556.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46556.json index a5bf0be01b0..ea4e6bcb0a8 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46556.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46556.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46556", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:16.910", - "lastModified": "2024-09-18T15:15:16.910", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sInRCSecret0 en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46557.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46557.json index 72174bf49ff..433c0e9d2ee 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46557.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46557.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46557", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:16.983", - "lastModified": "2024-09-18T15:15:16.983", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sProfileName en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46558.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46558.json index e5c895ff29d..b6c1a3edb34 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46558.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46558.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46558", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.033", - "lastModified": "2024-09-18T15:15:17.033", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro newProname en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46559.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46559.json index ccfa8ddf34d..f0fc14af74d 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46559.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46559.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46559", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.097", - "lastModified": "2024-09-18T15:15:17.097", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sBPA_UsrNme en inet15.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46560.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46560.json index 36b8f1197ad..0f59880ce75 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46560.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46560.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46560", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.160", - "lastModified": "2024-09-18T15:15:17.160", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro pub_key en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46561.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46561.json index c6ddd0ab514..1629ae4af9a 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46561.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46561.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46561", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.210", - "lastModified": "2024-09-18T15:15:17.210", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro queryret en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46564.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46564.json index 697ae07e9da..c267cde3c1e 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46564.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46564.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46564", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.263", - "lastModified": "2024-09-18T15:15:17.263", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sProfileName en fextobj.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46565.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46565.json index fb33843956b..f004726dcc5 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46565.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46565.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46565", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.313", - "lastModified": "2024-09-18T15:15:17.313", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sSrvName en service.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46566.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46566.json index b1d22bc2976..4bc00ef5265 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46566.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46566.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46566", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.367", - "lastModified": "2024-09-18T15:15:17.367", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sAppName en sslapp.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46567.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46567.json index 2264deee500..68f68ff8769 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46567.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46567.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46567", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.420", - "lastModified": "2024-09-18T15:15:17.420", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro iProfileIdx en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46568.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46568.json index f610c97a96a..c4d15ff07af 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46568.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46568.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46568", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.480", - "lastModified": "2024-09-18T15:15:17.480", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sPeerId en vpn.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46571.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46571.json index 753c729e3ac..e49e0a97292 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46571.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46571.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46571", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.530", - "lastModified": "2024-09-18T15:15:17.530", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sPPPSrvNm en fwuser.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46580.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46580.json index cf8b34b4fe4..8f0e8a1e636 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46580.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46580.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46580", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.580", - "lastModified": "2024-09-18T15:15:17.580", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro fid en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46581.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46581.json index e6df865f95a..5730c7f07b8 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46581.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46581.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46581", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.630", - "lastModified": "2024-09-18T15:15:17.630", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sProfName en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46582.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46582.json index 90c5abe2b81..2268cd16112 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46582.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46582.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46582", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.680", - "lastModified": "2024-09-18T15:15:17.680", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sSrvAddr en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46583.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46583.json index 927c95360ba..00d4aeae8f5 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46583.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46583.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46583", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.723", - "lastModified": "2024-09-18T15:15:17.723", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro extRadSrv2 en cgiapp.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46584.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46584.json index 51ecce697d8..5925fbf531e 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46584.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46584.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46584", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.790", - "lastModified": "2024-09-18T15:15:17.790", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro AControlIp1 en acontrol.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46585.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46585.json index a7e4593a31a..dd3881d9310 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46585.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46585.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46585", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.847", - "lastModified": "2024-09-18T15:15:17.847", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at usergrp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sProfileName en usergrp.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46586.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46586.json index bfb55e656e5..27d6d994a27 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46586.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46586.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46586", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.900", - "lastModified": "2024-09-18T15:15:17.900", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sCloudPass en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46588.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46588.json index 379dda59096..47a07c360b5 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46588.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46588.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46588", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:17.957", - "lastModified": "2024-09-18T15:15:17.957", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at wizfw.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sProfileName en wizfw.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46589.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46589.json index e63d4f5f77d..2a358943e0b 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46589.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46589.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46589", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:18.007", - "lastModified": "2024-09-18T15:15:18.007", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parameter at inetipv6.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sIpv6AiccuUser en inetipv6.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46590.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46590.json index 4157f96686c..39bd812ea63 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46590.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46590.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46590", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:18.067", - "lastModified": "2024-09-18T15:15:18.067", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro ssidencrypt%d en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46591.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46591.json index 3845a7ca66f..3b65ed69390 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46591.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46591.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46591", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:18.117", - "lastModified": "2024-09-18T15:15:18.117", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sDnsPro en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46592.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46592.json index fae9a99b8a8..88990df6e4f 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46592.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46592.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46592", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:18.170", - "lastModified": "2024-09-18T15:15:18.170", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro ssidencrypt_5g%d en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46593.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46593.json index 88ef8334a89..25282b01ed6 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46593.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46593.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46593", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:18.220", - "lastModified": "2024-09-18T15:15:18.220", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro trapcomm en cgiswm.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46594.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46594.json index 592af77f512..01bb666a306 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46594.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46594.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46594", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:18.263", - "lastModified": "2024-09-18T15:15:18.263", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro saveVPNProfile en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46595.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46595.json index 47b1a2b2ca1..522b15e85a1 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46595.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46595.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46595", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:18.307", - "lastModified": "2024-09-18T15:15:18.307", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro saveitem en lan2lan.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46596.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46596.json index 0ddd5e560fe..2404ad94f86 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46596.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46596.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46596", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:18.353", - "lastModified": "2024-09-18T15:15:18.353", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sAct en v2x00.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46597.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46597.json index 390d50d8b36..9623399de3d 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46597.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46597.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46597", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:18.400", - "lastModified": "2024-09-18T15:15:18.400", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro sPubKey en dialin.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46598.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46598.json index 6502d3a5760..c876ecae835 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46598.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46598.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46598", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:18.453", - "lastModified": "2024-09-18T15:15:18.453", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Draytek Vigor 3910 v4.3.2.6 conten\u00eda un desbordamiento de b\u00fafer en el par\u00e1metro iprofileidx en dialin.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46714.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46714.json index 24055af9da5..3b4612c5767 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46714.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46714.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46714", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.060", - "lastModified": "2024-09-18T07:15:03.060", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: omitir wbscl_set_scaler_filter si el filtro es nulo. Los llamadores pueden pasar un valor nulo en el filtro (es decir, del valor devuelto por la funci\u00f3n wbscl_get_filter_coeffs_16p) y se agrega una comprobaci\u00f3n de valores nulos para garantizar que ese no sea el caso. Esto soluciona 4 problemas de NULL_RETURNS informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46715.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46715.json index 90c9a269ae9..2748431fbe6 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46715.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46715.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46715", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.130", - "lastModified": "2024-09-18T07:15:03.130", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236] vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385] ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: driver: iio: agregar comprobaciones faltantes en el acceso a la devoluci\u00f3n de llamada de iio_info Se accede a algunas devoluciones de llamadas de la estructura iio_info sin ninguna comprobaci\u00f3n, por lo que si un controlador no las implementa, intentar acceder a las entradas sysfs correspondientes produce un error de kernel como: [ 2203.527791] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 00000000 cuando se ejecuta [...] [ 2203.783416] Rastreo de llamadas: [ 2203.783429] iio_read_channel_info_avail de dev_attr_show+0x18/0x48 [ 2203.789807] dev_attr_show de sysfs_kf_seq_show+0x90/0x120 [ 2203.794181] sysfs_kf_seq_show de seq_read_iter+0xd0/0x4e4 [ 2203.798555] seq_read_iter de vfs_read+0x238/0x2a0 [ 2203.802236] vfs_read de ksys_read+0xa4/0xd4 [ 2203.805385] ksys_read de ret_fast_syscall+0x0/0x54 [ 2203.809135] Pila de excepciones (0xe0badfa8 a 0xe0badff0) [ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000 [ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000 [ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0 [ 2203.830363] C\u00f3digo: valor de PC incorrecto [ 2203.832695] ---[ fin del seguimiento 000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46716.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46716.json index ad6e5cd3b63..beceb94448d 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46716.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46716.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46716", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.183", - "lastModified": "2024-09-18T07:15:03.183", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n msgdma_free_chan_resources -> msgdma_free_descriptors ->\n msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: altera-msgdma: liberar correctamente el descriptor en msgdma_free_descriptor Eliminar la llamada list_del en msgdma_chan_desc_cleanup, esta deber\u00eda ser la funci\u00f3n de msgdma_free_descriptor. En consecuencia, reemplace list_add_tail con list_move_tail en msgdma_free_descriptor. Esto corrige la ruta: msgdma_free_chan_resources -> msgdma_free_descriptors -> msgdma_free_desc_list -> msgdma_free_descriptor que no libera correctamente los descriptores ya que los primeros nodos no se eliminaron de la lista." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46717.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46717.json index a1d881f7823..31f924cd6ea 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46717.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46717.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46717", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.237", - "lastModified": "2024-09-18T07:15:03.237", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: SHAMPO, Corregir liberaci\u00f3n de p\u00e1gina incorrecta Bajo las siguientes condiciones: 1) No se ha creado ning\u00fan skb todav\u00eda 2) header_size == 0 (no hay encabezado SHAMPO) 3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (este es el \u00faltimo fragmento de p\u00e1gina de una p\u00e1gina de encabezado SHAMPO) se forma un nuevo skb con una p\u00e1gina que NO es una p\u00e1gina de encabezado SHAMPO (es una p\u00e1gina de datos normal). M\u00e1s abajo en la misma funci\u00f3n (mlx5e_handle_rx_cqe_mpwrq_shampo()), se libera una p\u00e1gina de encabezado SHAMPO de header_index. Esto es incorrecto y lleva a que las p\u00e1ginas de encabezado SHAMPO se liberen m\u00e1s de una vez." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46718.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46718.json index 2f0f2908f13..ef083b412e4 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46718.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46718.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46718", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.303", - "lastModified": "2024-09-18T07:15:03.303", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: No sobremapear la asignaci\u00f3n de VRAM de identidad La sobremapeo de la asignaci\u00f3n de VRAM de identidad est\u00e1 provocando errores de hardware en ciertas plataformas. Utilizar 2M de p\u00e1ginas para el \u00faltimo fragmento de VRAM no alineado (a 1G). v2: - Utilizar siempre 2M de p\u00e1ginas para el \u00faltimo fragmento (Fei Yang) - interrumpir el bucle cuando se utilizan 2M de p\u00e1ginas - A\u00f1adir afirmaci\u00f3n para que usable_size est\u00e9 alineado a 2M v3: - Corregir checkpatch" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46719.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46719.json index a3349d893e8..47c4b25f66e 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46719.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46719.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46719", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.357", - "lastModified": "2024-09-18T07:15:03.357", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: ucsi: Se corrige la desreferencia del puntero nulo en el seguimiento ucsi_register_altmode comprueba IS_ERR para el puntero alt y trata NULL como v\u00e1lido. Cuando CONFIG_TYPEC_DP_ALTMODE no est\u00e1 habilitado, ucsi_register_displayport devuelve NULL, lo que provoca una desreferencia del puntero NULL en el seguimiento. En lugar de devolver NULL, llame a typec_port_register_altmode para registrar el modo alternativo de DisplayPort como un modo no controlable cuando CONFIG_TYPEC_DP_ALTMODE no est\u00e1 habilitado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46720.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46720.json index a3f1e9a6af5..9eacd1f02dc 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46720.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46720.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46720", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.420", - "lastModified": "2024-09-18T07:15:03.420", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: corrige la desreferenciaci\u00f3n despu\u00e9s de la comprobaci\u00f3n nula; comprueba la secci\u00f3n del puntero antes de usarla." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46721.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46721.json index 0080ff3a39e..6bece31b1b5 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46721.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46721.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46721", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.480", - "lastModified": "2024-09-18T07:15:03.480", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent->old' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n \n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n \nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: apparmor: se corrige la posible desreferencia del puntero NULL. profile->parent->dents[AAFS_PROF_DIR] podr\u00eda ser NULL solo si su padre se crea a partir de __create_missing_ancestors(..) y 'ent->old' es NULL en aa_replace_profiles(..). En ese caso, debe devolver un c\u00f3digo de error y el c\u00f3digo, -ENOENT representa su estado de que la ruta de su padre a\u00fan no existe. ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser No contaminado 6.8.0-24-generic #24 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 C\u00f3digo: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Seguimiento de llamadas: ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 actualizaci\u00f3n_pol\u00edtica+0xe3/0x180 carga_perfil+0xbc/0x150 ? __x64_sys_openat+0x55/0xa0 ? syscall_salir_al_modo_usuario+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 C\u00f3digo: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 M\u00f3dulos vinculados en: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev leds de entrada serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg tablas_ip tablas_x autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ fin de seguimiento 000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 C\u00f3digo: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 000000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46722.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46722.json index efaaaddec72..c725da31f33 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46722.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46722.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46722", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.547", - "lastModified": "2024-09-18T07:15:03.547", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: se corrige la advertencia de lectura fuera de los l\u00edmites de mc_data. Advertencia clara de que la lectura mc_data[i-1] puede estar fuera de los l\u00edmites." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46723.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46723.json index 038e89ef3a3..c32c39fe425 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46723.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46723.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46723", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.610", - "lastModified": "2024-09-18T07:15:03.610", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: se corrige la advertencia de lectura fuera de los l\u00edmites de ucode. Advertencia clara de que la lectura ucode[] puede estar fuera de los l\u00edmites." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46724.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46724.json index adcb76ee7ac..ad27247aee6 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46724.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46724.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46724", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.673", - "lastModified": "2024-09-18T07:15:03.673", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Se corrige la lectura fuera de los l\u00edmites de df_v1_7_channel_number. Verifique el rango fb_channel_number para evitar el error de lectura fuera de los l\u00edmites de la matriz." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46725.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46725.json index c66571ad67d..e4931b32f1a 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46725.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46725.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46725", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.733", - "lastModified": "2024-09-18T07:15:03.733", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds write warning\n\nCheck the ring type value to fix the out-of-bounds\nwrite warning" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Se corrige la advertencia de escritura fuera de los l\u00edmites Verifique el valor del tipo de anillo para corregir la advertencia de escritura fuera de los l\u00edmites" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46726.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46726.json index 4f0d95623a5..8a555e9ead0 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46726.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46726.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46726", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.787", - "lastModified": "2024-09-18T07:15:03.787", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: garantizar que el c\u00e1lculo del \u00edndice no se desborde [POR QU\u00c9 Y C\u00d3MO] Aseg\u00farese de que el c\u00e1lculo de vmid0p72_idx, vnom0p8_idx y vmax0p9_idx nunca se desborde ni supere el tama\u00f1o de la matriz. Esto soluciona 3 problemas OVERRUN y 1 INTEGER_OVERFLOW informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46727.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46727.json index f86771410a4..4f518b3f8a7 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46727.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46727.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46727", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.840", - "lastModified": "2024-09-18T07:15:03.840", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL otg_master dentro de resource_log_pipe_topology_update [Por qu\u00e9] Coverity informa una advertencia NULL_RETURN. [C\u00f3mo] Agregar comprobaci\u00f3n NULL otg_master." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46728.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46728.json index b7e483cb787..d05de2776cc 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46728.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46728.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46728", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.893", - "lastModified": "2024-09-18T07:15:03.893", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: comprobar el \u00edndice de aux_rd_interval antes de utilizar aux_rd_interval tiene un tama\u00f1o de 7 y se debe comprobar. Esto soluciona 3 problemas de OVERRUN y 1 de INTEGER_OVERFLOW informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46729.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46729.json index bb5bce50d48..e7db77603d9 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46729.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46729.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46729", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.950", - "lastModified": "2024-09-18T07:15:03.950", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Se corrige el c\u00e1lculo incorrecto del tama\u00f1o del bucle [POR QU\u00c9] fe_clk_en tiene un tama\u00f1o de 5, pero sizeof(fe_clk_en) tiene un tama\u00f1o de byte de 20, que es mayor que el tama\u00f1o de la matriz. [C\u00d3MO] Se divide el tama\u00f1o de byte 20 por el tama\u00f1o de su elemento. Esto corrige 2 problemas de OVERRUN informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46730.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46730.json index 01b468cef9f..9be711e4054 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46730.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46730.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46730", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:04.003", - "lastModified": "2024-09-18T07:15:04.003", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: garantizar que el \u00edndice de matriz tg_inst no sea -1 [POR QU\u00c9 Y C\u00d3MO] tg_inst ser\u00e1 negativo si timing_generator_count es igual a 0, lo que se debe comprobar antes de su uso. Esto soluciona 2 problemas de OVERRUN informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46731.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46731.json index fec4b31b848..c3b2b59f8ec 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46731.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46731.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46731", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:04.057", - "lastModified": "2024-09-18T07:15:04.057", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: se corrige la advertencia de lectura fuera de los l\u00edmites al usar el \u00edndice i: 1U puede superar el \u00edndice del elemento para mc_data[] cuando i = 0." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46732.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46732.json index a1e57e5938a..85770848da2 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46732.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46732.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46732", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:04.117", - "lastModified": "2024-09-18T07:15:04.117", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign linear_pitch_alignment even for VM\n\n[Description]\nAssign linear_pitch_alignment so we don't cause a divide by 0\nerror in VM environments" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Asignar linear_pitch_alignment incluso para VM [Descripci\u00f3n] Asignar linear_pitch_alignment para que no provoquemos un error de divisi\u00f3n por 0 en entornos de VM" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46733.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46733.json index 13b5e5705fa..89393f515db 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46733.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46733.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46733", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:04.170", - "lastModified": "2024-09-18T07:15:04.170", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n ------------[ cut here ]------------\n WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W 6.10.0-rc7-gab56fde445b8 #21\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n FS: 00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n Call Trace:\n \n ? close_ctree+0x222/0x4d0 [btrfs]\n ? __warn.cold+0x8e/0xea\n ? close_ctree+0x222/0x4d0 [btrfs]\n ? report_bug+0xff/0x140\n ? handle_bug+0x3b/0x70\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? close_ctree+0x222/0x4d0 [btrfs]\n generic_shutdown_super+0x70/0x160\n kill_anon_super+0x11/0x40\n btrfs_kill_super+0x11/0x20 [btrfs]\n deactivate_locked_super+0x2e/0xa0\n cleanup_mnt+0xb5/0x150\n task_work_run+0x57/0x80\n syscall_exit_to_user_mode+0x121/0x130\n do_syscall_64+0xab/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f916847a887\n ---[ end trace 0000000000000000 ]---\n BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: reparar fugas de reserva de qgroup en cow_file_range En la ruta de escritura en b\u00fafer, la p\u00e1gina sucia posee la reserva de qgroup hasta que crea una ordered_extent. Por lo tanto, cualquier error que ocurra antes de que se cree la ordered_extent debe liberar esa reserva, o de lo contrario se pierde el espacio. El fstest generic/475 ejercita varias rutas de error de E/S y puede desencadenar errores en cow_file_range donde no logramos asignar la extensi\u00f3n ordenada. Tenga en cuenta que debido a que *s\u00ed* borramos delalloc, es probable que eliminemos el inodo de la lista de delalloc, por lo que los inodos/p\u00e1ginas no tienen una llamada de invalidaci\u00f3n/lavado en ellos en la ruta de aborto de confirmaci\u00f3n. Esto genera fallas en la etapa de desmontaje de la prueba que se ven as\u00ed: BTRFS: error (dispositivo dm-8 estado EA) en cleanup_transaction:2018: errno=-5 falla de E/S BTRFS: error (dispositivo dm-8 estado EA) en btrfs_replace_file_extents:2416: errno=-5 falla de E/S Advertencia de BTRFS (dispositivo dm-8 estado EA): qgroup 0/5 tiene espacio sin liberar, tipo 0 rsv 28672 ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 3 PID: 22588 en fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs] M\u00f3dulos vinculados en: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq CPU: 3 PID: 22588 Comm: umount Kdump: cargado Tainted: GW 6.10.0-rc7-gab56fde445b8 #21 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 01/04/2014 RIP: 0010:close_ctree+0x222/0x4d0 [btrfs] RSP: 0018:ffffb4465283be00 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8 RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000 R10: 000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c R13: 000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0 Seguimiento de llamadas: ? close_ctree+0x222/0x4d0 [btrfs] ? __warn.cold+0x8e/0xea ? close_ctree+0x222/0x4d0 [btrfs] ? reportar_error+0xff/0x140 ? manejar_error+0x3b/0x70 ? exc_op_inv\u00e1lida+0x17/0x70 ? asm_exc_op_inv\u00e1lida+0x1a/0x20 ? cerrar_ctree+0x222/0x4d0 [btrfs] apagado_gen\u00e9rico_super+0x70/0x160 matar_an\u00f3nimo_super+0x11/0x40 btrfs_kill_super+0x11/0x20 [btrfs] desactivar_bloqueado_super+0x2e/0xa0 limpieza_mnt+0xb5/0x150 ejecuci\u00f3n_trabajo_tarea+0x57/0x80 salida_llamada_al_sistema_modo_usuario_+0x121/0x130 hacer_llamada_al_sistema_64+0xab/0x1a0 entrada_SYSCALL_64_despu\u00e9s_de_hwframe+0x77/0x7f RIP: 0033:0x7f916847a887 ---[ fin de seguimiento 0000000000000000 ]--- Error BTRFS (estado del dispositivo dm-8 EA): se filtr\u00f3 el espacio reservado del qgroup Los casos 2 y 3 en la ruta out_reserve pertenecen a este tipo de fuga y deben liberar los datos reservados del qgroup. Debido a que ya es una ruta de error, opt\u00e9 por no manejar los posibles errores en btrfs_free_qgroup_data." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46734.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46734.json index 3d4e8136957..cf1a027035f 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46734.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46734.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46734", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:02.980", - "lastModified": "2024-09-18T08:15:02.980", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between direct IO write and fsync when using same fd\n\nIf we have 2 threads that are using the same file descriptor and one of\nthem is doing direct IO writes while the other is doing fsync, we have a\nrace where we can end up either:\n\n1) Attempt a fsync without holding the inode's lock, triggering an\n assertion failures when assertions are enabled;\n\n2) Do an invalid memory access from the fsync task because the file private\n points to memory allocated on stack by the direct IO task and it may be\n used by the fsync task after the stack was destroyed.\n\nThe race happens like this:\n\n1) A user space program opens a file descriptor with O_DIRECT;\n\n2) The program spawns 2 threads using libpthread for example;\n\n3) One of the threads uses the file descriptor to do direct IO writes,\n while the other calls fsync using the same file descriptor.\n\n4) Call task A the thread doing direct IO writes and task B the thread\n doing fsyncs;\n\n5) Task A does a direct IO write, and at btrfs_direct_write() sets the\n file's private to an on stack allocated private with the member\n 'fsync_skip_inode_lock' set to true;\n\n6) Task B enters btrfs_sync_file() and sees that there's a private\n structure associated to the file which has 'fsync_skip_inode_lock' set\n to true, so it skips locking the inode's VFS lock;\n\n7) Task A completes the direct IO write, and resets the file's private to\n NULL since it had no prior private and our private was stack allocated.\n Then it unlocks the inode's VFS lock;\n\n8) Task B enters btrfs_get_ordered_extents_for_logging(), then the\n assertion that checks the inode's VFS lock is held fails, since task B\n never locked it and task A has already unlocked it.\n\nThe stack trace produced is the following:\n\n assertion failed: inode_is_locked(&inode->vfs_inode), in fs/btrfs/ordered-data.c:983\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/ordered-data.c:983!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 9 PID: 5072 Comm: worker Tainted: G U OE 6.10.5-1-default #1 openSUSE Tumbleweed 69f48d427608e1c09e60ea24c6c55e2ca1b049e8\n Hardware name: Acer Predator PH315-52/Covini_CFS, BIOS V1.12 07/28/2020\n RIP: 0010:btrfs_get_ordered_extents_for_logging.cold+0x1f/0x42 [btrfs]\n Code: 50 d6 86 c0 e8 (...)\n RSP: 0018:ffff9e4a03dcfc78 EFLAGS: 00010246\n RAX: 0000000000000054 RBX: ffff9078a9868e98 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff907dce4a7800 RDI: ffff907dce4a7800\n RBP: ffff907805518800 R08: 0000000000000000 R09: ffff9e4a03dcfb38\n R10: ffff9e4a03dcfb30 R11: 0000000000000003 R12: ffff907684ae7800\n R13: 0000000000000001 R14: ffff90774646b600 R15: 0000000000000000\n FS: 00007f04b96006c0(0000) GS:ffff907dce480000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f32acbfc000 CR3: 00000001fd4fa005 CR4: 00000000003726f0\n Call Trace:\n \n ? __die_body.cold+0x14/0x24\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x6a/0x90\n ? btrfs_get_ordered_extents_for_logging.cold+0x1f/0x42 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a]\n ? exc_invalid_op+0x50/0x70\n ? btrfs_get_ordered_extents_for_logging.cold+0x1f/0x42 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a]\n ? asm_exc_invalid_op+0x1a/0x20\n ? btrfs_get_ordered_extents_for_logging.cold+0x1f/0x42 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a]\n ? btrfs_get_ordered_extents_for_logging.cold+0x1f/0x42 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a]\n btrfs_sync_file+0x21a/0x4d0 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a]\n ? __seccomp_filter+0x31d/0x4f0\n __x64_sys_fdatasync+0x4f/0x90\n do_syscall_64+0x82/0x160\n ? do_futex+0xcb/0x190\n ? __x64_sys_futex+0x10e/0x1d0\n ? switch_fpu_return+0x4f/0xd0\n ? syscall_exit_to_user_mode+0x72/0x220\n ? do_syscall_64+0x8e/0x160\n ? syscall_exit_to_user_mod\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: arregla la ejecuci\u00f3n entre la escritura de E/S directa y fsync cuando se usa el mismo fd Si tenemos 2 subprocesos que usan el mismo descriptor de archivo y uno de ellos est\u00e1 haciendo escrituras de E/S directas mientras que el otro est\u00e1 haciendo fsync, tenemos una ejecuci\u00f3n en la que podemos terminar: 1) Intentar un fsync sin mantener el bloqueo del inodo, lo que desencadena fallas de aserci\u00f3n cuando las aserciones est\u00e1n habilitadas; 2) Hacer un acceso a memoria no v\u00e1lido desde la tarea fsync porque el archivo privado apunta a la memoria asignada en la pila por la tarea de E/S directa y puede ser utilizada por la tarea fsync despu\u00e9s de que la pila se haya destruido. La ejecuci\u00f3n sucede as\u00ed: 1) Un programa de espacio de usuario abre un descriptor de archivo con O_DIRECT; 2) El programa genera 2 subprocesos usando libpthread, por ejemplo; 3) Uno de los subprocesos usa el descriptor de archivo para hacer escrituras de E/S directas, mientras que el otro llama a fsync usando el mismo descriptor de archivo. 4) Llama a la tarea A, el hilo que realiza las escrituras de E/S directas, y a la tarea B, el hilo que realiza las fsyncs; 5) La tarea A realiza una escritura de E/S directa y, en btrfs_direct_write(), establece el privado del archivo en un privado asignado en la pila con el miembro 'fsync_skip_inode_lock' establecido en verdadero; 6) La tarea B ingresa a btrfs_sync_file() y ve que hay una estructura privada asociada al archivo que tiene 'fsync_skip_inode_lock' establecido en verdadero, por lo que omite el bloqueo del bloqueo VFS del inodo; 7) La tarea A completa la escritura de E/S directa y restablece el privado del archivo a NULL, ya que no ten\u00eda ning\u00fan privado anterior y nuestro privado estaba asignado en la pila. Luego, desbloquea el bloqueo VFS del inodo; 8) La tarea B ingresa a btrfs_get_ordered_extents_for_logging(), luego la aserci\u00f3n que verifica que el bloqueo VFS del inodo se mantenga falla, ya que la tarea B nunca lo bloque\u00f3 y la tarea A ya lo desbloque\u00f3. El seguimiento de la pila producido es el siguiente: aserci\u00f3n fallida: inode_is_locked(&inode->vfs_inode), en fs/btrfs/ordered-data.c:983 ------------[ corte aqu\u00ed ]------------ \u00a1ERROR del kernel en fs/btrfs/ordered-data.c:983! Ups: c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP PTI CPU: 9 PID: 5072 Comm: worker Contaminado: GU OE 6.10.5-1-default #1 openSUSE Tumbleweed 69f48d427608e1c09e60ea24c6c55e2ca1b049e8 Nombre del hardware: Acer Predator PH315-52/Covini_CFS, BIOS V1.12 28/07/2020 RIP: 0010:btrfs_get_ordered_extents_for_logging.cold+0x1f/0x42 [btrfs] C\u00f3digo: 50 d6 86 c0 e8 (...) RSP: 0018:ffff9e4a03dcfc78 EFLAGS: 00010246 RAX: 0000000000000054 RBX: ffff9078a9868e98 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff907dce4a7800 RDI: ffff907dce4a7800 RBP: ffff907805518800 R08: 0000000000000000 R09: ffff9e4a03dcfb38 R10: ffff9e4a03dcfb30 R11: 0000000000000003 R12: ffff907684ae7800 R13: 0000000000000001 R14: ffff90774646b600 R15: 0000000000000000 FS: 00007f04b96006c0(0000) GS:ffff907dce480000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f32acbfc000 CR3: 00000001fd4fa005 CR4: 00000000003726f0 Seguimiento de llamadas: ? btrfs_obtener_extensiones_ordenadas_para_registro.cold+0x1f/0x42 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a] ? exc_op_inv\u00e1lida+0x50/0x70 ? btrfs_obtener_extensiones_ordenadas_para_registro.cold+0x1f/0x42 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a] ? btrfs_obtener_extensiones_ordenadas_para_registro.cold+0x1f/0x42 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a] btrfs_archivo_de_sincronizaci\u00f3n+0x21a/0x4d0 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a] ? __seccomp_filter+0x31d/0x4f0 __x64_sys_fdatasync+0x4f/0x90 do_syscall_64+0x82/0x160 ? do_futex+0xcb/0x190 ? __x64_sys_futex+0x10e/0x1d0 ? switch_fpu_return+0x4f/0xd0 ? syscall_salir_al_modo_usuario+0x72/0x220 ? do_syscall_64+0x8e/0x160 ? syscall_salir_al_modo_usuario ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46735.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46735.json index bdea366835b..04031b9aba8 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46735.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46735.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46735", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.057", - "lastModified": "2024-09-18T08:15:03.057", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()\n\nWhen two UBLK_CMD_START_USER_RECOVERY commands are submitted, the\nfirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggers\nWARN in ublk_queue_reinit() and subsequently a NULL pointer dereference\nissue.\n\nFix it by adding the check in ublk_ctrl_start_recovery() and return\nimmediately in case of zero 'ub->nr_queues_ready'.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n Call Trace:\n \n ? __die+0x20/0x70\n ? page_fault_oops+0x75/0x170\n ? exc_page_fault+0x64/0x140\n ? asm_exc_page_fault+0x22/0x30\n ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n ublk_ctrl_uring_cmd+0x4f7/0x6c0\n ? pick_next_task_idle+0x26/0x40\n io_uring_cmd+0x9a/0x1b0\n io_issue_sqe+0x193/0x3f0\n io_wq_submit_work+0x9b/0x390\n io_worker_handle_work+0x165/0x360\n io_wq_worker+0xcb/0x2f0\n ? finish_task_switch.isra.0+0x203/0x290\n ? finish_task_switch.isra.0+0x203/0x290\n ? __pfx_io_wq_worker+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_io_wq_worker+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ublk_drv: se corrige la desreferencia de puntero NULL en ublk_ctrl_start_recovery() Cuando se env\u00edan dos comandos UBLK_CMD_START_USER_RECOVERY, el primero establece 'ubq->ubq_daemon' en NULL, y el segundo activa WARN en ublk_queue_reinit() y posteriormente un problema de desreferencia de puntero NULL. Arr\u00e9glelo agregando la comprobaci\u00f3n en ublk_ctrl_start_recovery() y regrese inmediatamente en caso de cero 'ub->nr_queues_ready'. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000028 RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180 Call Trace: ? __die+0x20/0x70 ? page_fault_oops+0x75/0x170 ? exc_page_fault+0x64/0x140 ? asm_exc_page_fault+0x22/0x30 ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180 ublk_ctrl_uring_cmd+0x4f7/0x6c0 ? pick_next_task_idle+0x26/0x40 io_uring_cmd+0x9a/0x1b0 io_issue_sqe+0x193/0x3f0 io_wq_submit_work+0x9b/0x390 io_worker_handle_work+0x165/0x360 io_wq_worker+0xcb/0x2f0 ? finish_task_switch.isra.0+0x203/0x290 ? finish_task_switch.isra.0+0x203/0x290 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork_asm+0x1a/0x30 " } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46736.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46736.json index 2a9352ae1d3..8dc5935e16b 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46736.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46736.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46736", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.113", - "lastModified": "2024-09-18T08:15:03.113", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_rename_path()\n\nIf smb2_set_path_attr() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() again as the\nreference of @cfile was already dropped by previous smb2_compound_op()\ncall." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: se corrige la doble colocaci\u00f3n de @cfile en smb2_rename_path() Si se llama a smb2_set_path_attr() con un @cfile v\u00e1lido y se devuelve -EINVAL, debemos llamar a cifs_get_writable_path() nuevamente ya que la referencia de @cfile ya fue descartada por la llamada anterior a smb2_compound_op()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46737.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46737.json index f6916ce4eb9..5b0b0df9f74 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46737.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46737.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46737", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.167", - "lastModified": "2024-09-18T08:15:03.167", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n nvmet: failed to install queue 0 cntlid 1 ret 6\n Unable to handle kernel NULL pointer dereference at\n virtual address 0000000000000008\n\nFix the bug by setting queue->nr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet-tcp: corrige el fallo del kernel si falla la asignaci\u00f3n de comandos Si la asignaci\u00f3n de comandos falla en nvmet_tcp_alloc_cmds(), el kernel se bloquea en nvmet_tcp_release_queue_work() debido a una desreferencia de puntero NULL. nvmet: no se pudo instalar la cola 0 cntlid 1 ret 6 No se puede manejar la desreferencia de puntero NULL del kernel en la direcci\u00f3n virtual 000000000000008 Corrija el error estableciendo queue->nr_cmds en cero en caso de que nvmet_tcp_alloc_cmd() falle." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46738.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46738.json index dd259457b39..ec776f2a8d7 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46738.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46738.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46738", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.233", - "lastModified": "2024-09-18T08:15:03.233", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: VMCI: Arreglar el use after free al eliminar un recurso en vmci_resource_remove() Al eliminar un recurso de vmci_resource_table en vmci_resource_remove(), la b\u00fasqueda se realiza utilizando el identificador del recurso comparando los campos de contexto y recurso. Sin embargo, es posible crear dos recursos con diferentes tipos pero el mismo identificador (mismo contexto y campos de recurso). Al intentar eliminar uno de los recursos, es posible que vmci_resource_remove() no elimine el deseado, pero el objeto a\u00fan se liberar\u00e1 como en el caso del tipo de datagrama en vmci_datagram_destroy_handle(). vmci_resource_table a\u00fan mantendr\u00e1 un puntero a este recurso liberado, lo que conduce a una vulnerabilidad de use after free. ERROR: KASAN: use after free en vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [en l\u00ednea] ERROR: KASAN: use after free en vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff88801c16d800 por la tarea syz-executor197/1592 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106 print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239 __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425 kasan_report+0x38/0x51 mm/kasan/report.c:442 vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [en l\u00ednea] vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182 ctx_free_ctx+0x473/0xbe1 controladores/misc/vmw_vmci/vmci_context.c:444 kref_put include/linux/kref.h:65 [en l\u00ednea] vmci_ctx_put controladores/misc/vmw_vmci/vmci_context.c:497 [en l\u00ednea] vmci_ctx_destroy+0x170/0x1d6 controladores/misc/vmw_vmci/vmci_context.c:195 vmci_host_close+0x125/0x1ac controladores/misc/vmw_vmci/vmci_host.c:143 __fput+0x261/0xa34 fs/file_table.c:282 task_work_run+0xf0/0x194 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [en l\u00ednea] exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187 exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220 __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [en l\u00ednea] syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313 do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x6e/0x0 Este cambio garantiza que el tipo tambi\u00e9n se verifique al eliminar el recurso de vmci_resource_table en Eliminaci\u00f3n de recursos vmci()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46739.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46739.json index 07d11820e3a..5a2528cc18d 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46739.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46739.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46739", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.293", - "lastModified": "2024-09-18T08:15:03.293", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: uio_hv_generic: Corrija la desreferencia del puntero NULL del kernel en hv_uio_rescind. Para los canales de bus de VM principales, el puntero primary_channel siempre es NULL. Este puntero solo es v\u00e1lido para los canales secundarios. Adem\u00e1s, la devoluci\u00f3n de llamada rescind est\u00e1 destinada solo para los canales principales. Corrija la desreferencia del puntero NULL recuperando el device_obj del padre para el canal principal." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46740.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46740.json index 8434099212c..c9c989ad4aa 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46740.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46740.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46740", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.377", - "lastModified": "2024-09-18T08:15:03.377", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n Hardware name: linux,dummy-virt (DT)\n Call trace:\n _raw_spin_lock+0xe4/0x19c\n binder_free_buf+0x128/0x434\n binder_thread_write+0x8a4/0x3260\n binder_ioctl+0x18f0/0x258c\n [...]\n\n Allocated by task 743:\n __kmalloc_cache_noprof+0x110/0x270\n binder_new_node+0x50/0x700\n binder_transaction+0x413c/0x6da8\n binder_thread_write+0x978/0x3260\n binder_ioctl+0x18f0/0x258c\n [...]\n\n Freed by task 745:\n kfree+0xbc/0x208\n binder_thread_read+0x1c5c/0x37d4\n binder_ioctl+0x16d8/0x258c\n [...]\n ==================================================================\n\nTo avoid this issue, let's check that the raw data copy is within the\nboundaries of the data section." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: binder: fix UAF caused by offsets overwrite Los objetos Binder se procesan y copian individualmente en el b\u00fafer de destino durante las transacciones. Tambi\u00e9n se copian todos los datos sin procesar entre estos objetos. Sin embargo, esta copia de datos sin procesar carece de una comprobaci\u00f3n de fuera de los l\u00edmites. Si los datos sin procesar superan el tama\u00f1o de la secci\u00f3n de datos, la copia sobrescribe la secci\u00f3n de compensaciones. Esto finalmente desencadena un error que intenta desenrollar los objetos procesados. Sin embargo, en este punto, las compensaciones utilizadas para indexar estos objetos ahora est\u00e1n da\u00f1adas. El desenrollado con compensaciones da\u00f1adas puede resultar en disminuciones de nodos arbitrarios y conducir a su liberaci\u00f3n prematura. Otros usuarios de dichos nodos se quedan con un puntero colgante que activa un use after free. Este problema se hace evidente en el siguiente informe de KASAN (recortado): ===================================================================== ERROR: KASAN: slab-use-after-free en _raw_spin_lock+0xe4/0x19c Escritura de tama\u00f1o 4 en la direcci\u00f3n ffff47fc91598f04 por la tarea binder-util/743 CPU: 9 UID: 0 PID: 743 Comm: binder-util No contaminado 6.11.0-rc4 #1 Nombre del hardware: linux,dummy-virt (DT) Rastreo de llamadas: _raw_spin_lock+0xe4/0x19c binder_free_buf+0x128/0x434 binder_thread_write+0x8a4/0x3260 binder_ioctl+0x18f0/0x258c [...] Asignado por la tarea 743: __kmalloc_cache_noprof+0x110/0x270 binder_new_node+0x50/0x700 binder_transaction+0x413c/0x6da8 binder_thread_write+0x978/0x3260 binder_ioctl+0x18f0/0x258c [...] Liberado por la tarea 745: kfree+0xbc/0x208 binder_thread_read+0x1c5c/0x37d4 binder_ioctl+0x16d8/0x258c [...] ======================================================================= Para evitar este problema, verifiquemos que la copia de datos sin procesar est\u00e9 dentro de los l\u00edmites de la secci\u00f3n de datos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46741.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46741.json index eda9bf797b7..c3f57d46285 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46741.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46741.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46741", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.430", - "lastModified": "2024-09-18T08:15:03.430", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix double free of 'buf' in error path\n\nsmatch warning:\ndrivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf'\n\nIn fastrpc_req_mmap() error path, the fastrpc buffer is freed in\nfastrpc_req_munmap_impl() if unmap is successful.\n\nBut in the end, there is an unconditional call to fastrpc_buf_free().\nSo the above case triggers the double free of fastrpc buf." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: Fix double free of 'buf' in error path smatch Warning: drivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf' En la ruta de error fastrpc_req_mmap(), el b\u00fafer fastrpc se libera en fastrpc_req_munmap_impl() si la anulaci\u00f3n del mapa se realiza correctamente. Pero al final, hay una llamada incondicional a fastrpc_buf_free(). Por lo tanto, el caso anterior activa la doble liberaci\u00f3n del b\u00fafer fastrpc." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46742.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46742.json index 201152df2e9..91d7f53799f 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46742.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46742.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46742", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.480", - "lastModified": "2024-09-18T08:15:03.480", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb/server: se corrige la posible eliminaci\u00f3n de referencia nula de lease_ctx_info en smb2_open(). La eliminaci\u00f3n de referencia nula de lease_ctx_info ocurrir\u00e1 cuando (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) y parse_lease_state() devuelvan NULL. Corrija esto verificando si 'lease_ctx_info' es NULL. Adem\u00e1s, elimine los par\u00e9ntesis redundantes en parse_durable_handle_context()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46743.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46743.json index a54926af58a..c65f1be6419 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46743.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46743.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46743", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.540", - "lastModified": "2024-09-18T08:15:03.540", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg=\"func of_irq_parse_* +p\"):\n\n OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n OF: intspec=4\n OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n OF: -> addrsize=3\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1\n Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n Call trace:\n dump_backtrace+0xdc/0x130\n show_stack+0x1c/0x30\n dump_stack_lvl+0x6c/0x84\n print_report+0x150/0x448\n kasan_report+0x98/0x140\n __asan_load4+0x78/0xa0\n of_irq_parse_raw+0x2b8/0x8d0\n of_irq_parse_one+0x24c/0x270\n parse_interrupts+0xc0/0x120\n of_fwnode_add_links+0x100/0x2d0\n fw_devlink_parse_fwtree+0x64/0xc0\n device_add+0xb38/0xc30\n of_device_add+0x64/0x90\n of_platform_device_create_pdata+0xd0/0x170\n of_platform_bus_create+0x244/0x600\n of_platform_notify+0x1b0/0x254\n blocking_notifier_call_chain+0x9c/0xd0\n __of_changeset_entry_notify+0x1b8/0x230\n __of_changeset_apply_notify+0x54/0xe4\n of_overlay_fdt_apply+0xc04/0xd94\n ...\n\n The buggy address belongs to the object at ffffff81beca5600\n which belongs to the cache kmalloc-128 of size 128\n The buggy address is located 8 bytes inside of\n 128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n The buggy address belongs to the physical page:\n page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n flags: 0x8000000000010200(slab|head|zone=2)\n raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n ==================================================================\n OF: -> got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: of/irq: Evitar lecturas fuera de los l\u00edmites de direcciones de dispositivos en el recorrido del mapa de interrupciones Cuando se invoca of_irq_parse_raw() con una direcci\u00f3n de dispositivo menor que el nodo padre de la interrupci\u00f3n (de la propiedad #address-cells), KASAN detecta la siguiente lectura fuera de los l\u00edmites al completar la tabla de coincidencia inicial (dyndbg=\"func of_irq_parse_* +p\"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ====================================================================== ERROR: KASAN: slab-out-of-bounds en of_irq_parse_raw+0x2b8/0x8d0 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffffff81beca5608 por la tarea bash/764 CPU: 1 PID: 764 Comm: bash Tainted: GO 6.1.67-484c613561-nokia_sm_arm64 #1 Nombre del hardware: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Rastreo de llamadas: dump_backtrace+0xdc/0x130 mostrar_pila+0x1c/0x30 dump_stack_lvl+0x6c/0x84 imprimir_informe+0x150/0x448 kasan_informe+0x98/0x140 __asan_load4+0x78/0xa0 de_irq_parse_raw+0x2b8/0x8d0 de_irq_parse_one+0x24c/0x270 analizar_interrupciones+0xc0/0x120 de_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 dispositivo_add+0xb38/0xc30 de_dispositivo_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... La direcci\u00f3n con errores pertenece al objeto en ffffff81beca5600 que pertenece al cach\u00e9 kmalloc-128 de tama\u00f1o 128 La direcci\u00f3n con errores se encuentra 8 bytes dentro de la regi\u00f3n de 128 bytes [ffffff81beca5600, ffffff81beca5680) La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: p\u00e1gina:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 \u00edndice:0x0 pfn:0x1beca4 cabeza:00000000230d3d03 orden:1 composite_mapcount:0 composite_pincount:0 indicadores: 0x8000000000010200(slab|head|zone=2) sin procesar: 800000000010200 0000000000000000 muerto000000000122 ffffff810000c300 sin procesar: 000000000000000 0000000000200020 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado Estado de la memoria alrededor de la direcci\u00f3n con errores: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ==================================================================== OF: -> \u00a1entendido! Evite la lectura fuera de los l\u00edmites copiando la direcci\u00f3n del dispositivo en un b\u00fafer de tama\u00f1o suficiente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46744.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46744.json index c72e89efb68..540992d0e8e 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46744.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46744.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46744", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.603", - "lastModified": "2024-09-18T08:15:03.603", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a \"KMSAN: uninit-value in pick_link\" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n link from disk. This assigns the corrupted value\n 3875536935 to inode->i_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n this corrupted value to the length variable, which being a\n signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n the copied bytes is less than length, which being negative means\n the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Squashfs: comprobaci\u00f3n de la integridad del tama\u00f1o del enlace simb\u00f3lico Syzkiller informa de un error \"KMSAN: uninit-value in pick_link\". Esto se debe a una p\u00e1gina no inicializada, que en \u00faltima instancia se debe a un tama\u00f1o de enlace simb\u00f3lico da\u00f1ado le\u00eddo desde el disco. La raz\u00f3n por la que el tama\u00f1o de enlace simb\u00f3lico da\u00f1ado provoca una p\u00e1gina no inicializada se debe a la siguiente secuencia de eventos: 1. Se llama a squashfs_read_inode() para leer el enlace simb\u00f3lico desde el disco. Esto asigna el valor da\u00f1ado 3875536935 a inode->i_size. 2. M\u00e1s tarde se llama a squashfs_symlink_read_folio(), que asigna este valor da\u00f1ado a la variable length, que, al ser un int con signo, se desborda produciendo un n\u00famero negativo. 3. El siguiente bucle que rellena el contenido de la p\u00e1gina comprueba que los bytes copiados sean menores que length, que, al ser negativo, significa que se omite el bucle, lo que produce una p\u00e1gina no inicializada. Este parche agrega una verificaci\u00f3n de cordura que verifica que el tama\u00f1o del enlace simb\u00f3lico no sea mayor al esperado. -- V2: corrige error ortogr\u00e1fico." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46745.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46745.json index 859032bdae6..12d4b1217c0 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46745.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46745.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46745", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.667", - "lastModified": "2024-09-18T08:15:03.667", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Entrada: uinput - rechazar solicitudes con un n\u00famero irrazonable de ranuras Al ejercitar la interfaz uinput, syzkaller puede intentar configurar el dispositivo con un n\u00famero realmente grande de ranuras, lo que provoca un error de asignaci\u00f3n de memoria en input_mt_init_slots(). Si bien este error de asignaci\u00f3n se maneja correctamente y la solicitud se rechaza, da como resultado informes de syzkaller. Adem\u00e1s, dicha solicitud puede poner una carga indebida en el sistema que intentar\u00e1 liberar una gran cantidad de memoria para una solicitud falsa. Arr\u00e9glelo limitando el n\u00famero permitido de ranuras a 100. Esto se puede ampliar f\u00e1cilmente si vemos dispositivos que pueden rastrear m\u00e1s de 100 contactos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46746.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46746.json index e1eaaba5d51..e5497c788a1 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46746.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46746.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46746", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.730", - "lastModified": "2024-09-18T08:15:03.730", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: free driver_data after destroying hid device\n\nHID driver callbacks aren't called anymore once hid_destroy_device() has\nbeen called. Hence, hid driver_data should be freed only after the\nhid_destroy_device() function returned as driver_data is used in several\ncallbacks.\n\nI observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling\nKASAN to debug memory allocation, I got this output:\n\n [ 13.050438] ==================================================================\n [ 13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]\n [ 13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3\n [ 13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479\n\n [ 13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0\n [ 13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024\n [ 13.067860] Call Trace:\n [ 13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8\n [ 13.071486] \n [ 13.071492] dump_stack_lvl+0x5d/0x80\n [ 13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)\n [ 13.078296] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n [ 13.082199] print_report+0x174/0x505\n [ 13.085776] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 13.089367] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.093255] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n [ 13.097464] kasan_report+0xc8/0x150\n [ 13.101461] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n [ 13.105802] amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n [ 13.110303] amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n [ 13.114879] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.119450] sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]\n [ 13.124097] hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n [ 13.127404] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.131925] ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n [ 13.136455] ? _raw_spin_lock_irqsave+0x96/0xf0\n [ 13.140197] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 13.143602] ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]\n [ 13.147234] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.150446] ? __devm_add_action+0x167/0x1d0\n [ 13.155061] hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n [ 13.158581] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.161814] platform_probe+0xa2/0x150\n [ 13.165029] really_probe+0x1e3/0x8a0\n [ 13.168243] __driver_probe_device+0x18c/0x370\n [ 13.171500] driver_probe_device+0x4a/0x120\n [ 13.175000] __driver_attach+0x190/0x4a0\n [ 13.178521] ? __pfx___driver_attach+0x10/0x10\n [ 13.181771] bus_for_each_dev+0x106/0x180\n [ 13.185033] ? __pfx__raw_spin_lock+0x10/0x10\n [ 13.188229] ? __pfx_bus_for_each_dev+0x10/0x10\n [ 13.191446] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.194382] bus_add_driver+0x29e/0x4d0\n [ 13.197328] driver_register+0x1a5/0x360\n [ 13.200283] ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n [ 13.203362] do_one_initcall+0xa7/0x380\n [ 13.206432] ? __pfx_do_one_initcall+0x10/0x10\n [ 13.210175] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.213211] ? kasan_unpoison+0x44/0x70\n [ 13.216688] do_init_module+0x238/0x750\n [ 13.2196\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: amd_sfh: liberar driver_data despu\u00e9s de destruir el dispositivo HID Las devoluciones de llamadas del controlador HID ya no se invocan una vez que se ha invocado hid_destroy_device(). Por lo tanto, hid driver_data deber\u00eda liberarse solo despu\u00e9s de que la funci\u00f3n hid_destroy_device() devuelta como driver_data se use en varias devoluciones de llamadas. Observ\u00e9 un fallo con el kernel 6.10.0 en mi T14s Gen 3, despu\u00e9s de habilitar KASAN para depurar la asignaci\u00f3n de memoria, obtuve este resultado: [ 13.050438] ======================================================================= [ 13.054060] ERROR: KASAN: slab-use-after-free en amd_sfh_get_report+0x3ec/0x530 [amd_sfh] [ 13.054809] psmouse serio1: trackpoint: firmware Synaptics TrackPoint: 0x02, botones: 3/3 [ 13.056432] Lectura de tama\u00f1o 8 en addr ffff88813152f408 por tarea (udev-worker)/479 [ 13.060970] CPU: 5 PID: 479 Comm: (udev-worker) No contaminado 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0 [ 13.063978] Nombre del hardware: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 21/03/2024 [ 13.067860] Seguimiento de llamadas: [ 13.069383] entrada: TPPS/2 Synaptics TrackPoint como /devices/platform/i8042/serio1/input/input8 [ [13.071486] [13.071492] dump_stack_lvl+0x5d/0x80 [13.074870] snd_hda_intel 0000:33:00.6: habilitando dispositivo (0000 -> 0002) [13.078296] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [13.082199] print_report+0x174/0x505 [13.085776] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 13.089367] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.093255] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.097464] kasan_report+0xc8/0x150 [ 13.101461] ? es: amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.105802] amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.110303] amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.114879] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.119450] sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082] [ 13.124097] hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5] [ 13.127404] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [13.143602] ? __devm_add_action+0x167/0x1d0 [13.155061] hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172] [13.158581] ? __driver_probe_device+0x18c/0x370 [ 13.171500] driver_probe_device+0x4a/0x120 [ 13.175000] __driver_attach+0x190/0x4a0 [ 13.178521] ? __pfx___driver_attach+0x10/0x10 [ 13.181771] bus_para_cada_dispositivo+0x106/0x180 [ 13.185033] ? __pfx__raw_spin_lock+0x10/0x10 [ 13.188229] ? __pfx_bus_para_cada_dispositivo+0x10/0x10 [ 13.191446] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.194382] bus_add_driver+0x29e/0x4d0 [ 13.197328] driver_register+0x1a5/0x360 [ 13.200283] ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172] [ 13.203362] hacer_una_initcall+0xa7/0x380 [ 13.206432] ? __pfx_do_one_initcall+0x10/0x10 [ 13.210175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.213211] ? kasan_unpoison+0x44/0x70 [ 13.216688] do_init_module+0x238/0x750 [ 13.2196 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46747.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46747.json index 4c5dc8bb05e..1e367ef7acb 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46747.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46747.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46747", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.790", - "lastModified": "2024-09-18T08:15:03.790", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: cougar: fix slab-out-of-bounds La lectura en cougar_report_fixup report_fixup para el teclado para juegos Cougar 500k no verificaba que el tama\u00f1o del descriptor del informe fuera correcto antes de acceder a \u00e9l." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46748.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46748.json index af582c3aed0..aa029b4bb60 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46748.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46748.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46748", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.847", - "lastModified": "2024-09-18T08:15:03.847", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cachefiles: Establezca el tama\u00f1o m\u00e1ximo de subsolicitud para escrituras de cach\u00e9 en MAX_RW_COUNT Establezca el tama\u00f1o m\u00e1ximo de una subsolicitud que escribe en cachefiles en MAX_RW_COUNT para que no sobrepasemos la escritura m\u00e1xima que podemos realizar en el sistema de archivos de respaldo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46749.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46749.json index 3087926e2e0..8dbf874d9ad 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46749.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46749.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46749", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.893", - "lastModified": "2024-09-18T08:15:03.893", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[ 54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[ 54.643398] Mem abort info:\n[ 54.646204] ESR = 0x0000000096000004\n[ 54.649964] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 54.655286] SET = 0, FnV = 0\n[ 54.658348] EA = 0, S1PTW = 0\n[ 54.661498] FSC = 0x04: level 0 translation fault\n[ 54.666391] Data abort info:\n[ 54.669273] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 54.674768] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 54.674771] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[ 54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[ 54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[ 54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[ 54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[ 54.744368] Workqueue: hci0 hci_power_on\n[ 54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 54.757249] pc : kfree_skb_reason+0x18/0xb0\n[ 54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[ 54.782921] sp : ffff8000805ebca0\n[ 54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[ 54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[ 54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[ 54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[ 54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[ 54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[ 54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[ 54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[ 54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[ 54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[ 54.857599] Call trace:\n[ 54.857601] kfree_skb_reason+0x18/0xb0\n[ 54.863878] btnxpuart_flush+0x40/0x58 [btnxpuart]\n[ 54.863888] hci_dev_open_sync+0x3a8/0xa04\n[ 54.872773] hci_power_on+0x54/0x2e4\n[ 54.881832] process_one_work+0x138/0x260\n[ 54.881842] worker_thread+0x32c/0x438\n[ 54.881847] kthread+0x118/0x11c\n[ 54.881853] ret_from_fork+0x10/0x20\n[ 54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[ 54.896410] ---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btnxpuart: corrige la desreferencia de puntero nulo en btnxpuart_flush() Esto agrega una verificaci\u00f3n antes de liberar rx->skb en las funciones flush y close para manejar el bloqueo del kernel observado al eliminar el controlador despu\u00e9s de que falla la descarga de FW o antes de que se complete la descarga de FW. dmesg log: [ 54.634586] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000080 [ 54.643398] Informaci\u00f3n de aborto de memoria: [ 54.646204] ESR = 0x0000000096000004 [ 54.649964] EC = 0x25: DABT (EL actual), IL = 32 bits [ 54.655286] SET = 0, FnV = 0 [ 54.658348] EA = 0, S1PTW = 0 [ 54.661498] FSC = 0x04: error de traducci\u00f3n de nivel 0 [ 54.666391] Informaci\u00f3n de aborto de datos: [ 54.669273] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 54.674768] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 54.674771] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 54.674775] pgtable del usuario: p\u00e1ginas de 4k, VA de 48 bits, pgdp=0000000048860000 [ 54.674780] [0000000000000080] pgd=000000000000000, p4d=0000000000000000 [ 54.703880] Error interno: Ups: 0000000096000004 [#1] PREEMPT SMP [ 54.710152] M\u00f3dulos vinculados en: btnxpuart(-) superposici\u00f3n fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 error de seguridad de caam snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core Fusible sch_fq_codel [ 54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 No contaminado 6.6.3-otbr-g128004619037 #2 [ 54.744364] Nombre del hardware: Placa EVK FSL i.MX8MM (DT) [ 54.744368] Cola de trabajo: hci0 hci_power_on [ 54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 54.757249] pc : kfree_skb_reason+0x18/0xb0 [ 54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart] [54.782921] sp: ffff8000805ebca0 [54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000 [54.782931] x26: 852400 x25: ffff377b848523c0 x24: ffff377b845e7230 [ 54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92 [ 54.782945] ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff [ 54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857 [ 54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642 [ 54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9: ffffa5c6cf19d688 [ 54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000 [ 54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac [ 54.857599] Rastreo de llamadas: [ 54.857601] kfree_skb_reason+0x18/0xb0 [ 54.863878] btnxpuart_flush+0x40/0x58 [ 54.863888] hci_dev_open_sync+0x3a8/0xa04 [ 54.872773] hci_power_on+0x54/0x2e4 [ 54.881832] proceso_uno_trabajo+0x138/0x260 [ 54.881842] subproceso_trabajador+0x32c/0x438 [ 54.881847] kthread+0x118/0x11c [ 54.881853] ret_from_fork+0x10/0x20 [ 54.896406] C\u00f3digo: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400) [ 54.896410] ---[ fin de seguimiento 0000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46750.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46750.json index e1b7f676ffe..00be45b40b4 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46750.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46750.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46750", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.947", - "lastModified": "2024-09-18T08:15:03.947", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n Call Trace:\n \n ? __warn+0x8c/0x190\n ? pci_bridge_secondary_bus_reset+0x5d/0x70\n ? report_bug+0x1f8/0x200\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? pci_bridge_secondary_bus_reset+0x5d/0x70\n pci_reset_bus+0x1d8/0x270\n vmd_probe+0x778/0xa10\n pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n bridge = pci_upstream_bridge(dev);\n if (bridge)\n pci_dev_lock(bridge);\n\nto pci_reset_function() for the \"bus\" and \"cxl_bus\" reset cases, add\npci_dev_lock() for @bus->self to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: Agregar bloqueo de puente faltante a pci_bus_lock() Uno de los verdaderos positivos que identific\u00f3 el esfuerzo de cfg_access_lock lockdep es esta secuencia: ADVERTENCIA: CPU: 14 PID: 1 en drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70 RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70 Rastreo de llamada: ? __warn+0x8c/0x190 ? pci_bridge_secondary_bus_reset+0x5d/0x70 ? report_bug+0x1f8/0x200 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? pci_bridge_secondary_bus_reset+0x5d/0x70 pci_reset_bus+0x1d8/0x270 vmd_probe+0x778/0xa10 pci_device_probe+0x95/0x120 Donde los usuarios de pci_reset_bus() est\u00e1n activando reinicios de bus secundario desbloqueados. Ir\u00f3nicamente, pci_bus_reset(), varias llamadas despu\u00e9s de pci_reset_bus(), usa pci_bus_lock() antes de emitir el reinicio que bloquea todo *excepto* el puente mismo. Por la misma motivaci\u00f3n que agregar: bridge = pci_upstream_bridge(dev); if (bridge) pci_dev_lock(bridge); Para pci_reset_function() en los casos de reinicio de \"bus\" y \"cxl_bus\", agregue pci_dev_lock() para @bus->self a pci_bus_lock(). [bhelgaas: soluci\u00f3n de bloqueo recursivo de squash de Keith Busch: https://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46751.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46751.json index d5e67cf9ac8..8209edbe58f 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46751.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46751.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46751", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.010", - "lastModified": "2024-09-18T08:15:04.010", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: no realizar BUG_ON() cuando hay 0 referencias en btrfs_lookup_extent_info() En lugar de realizar un BUG_ON(), maneje el error devolviendo -EUCLEAN, cancelando la transacci\u00f3n y registrando un mensaje de error." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46752.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46752.json index e0494d705cb..85dea0fdd39 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46752.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46752.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46752", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.057", - "lastModified": "2024-09-18T08:15:04.057", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BUG_ON() with error handling at update_ref_for_cow()\n\nInstead of a BUG_ON() just return an error, log an error message and\nabort the transaction in case we find an extent buffer belonging to the\nrelocation tree that doesn't have the full backref flag set. This is\nunexpected and should never happen (save for bugs or a potential bad\nmemory)." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: reemplazar BUG_ON() con manejo de errores en update_ref_for_cow() En lugar de un BUG_ON(), simplemente devuelva un error, registre un mensaje de error y cancele la transacci\u00f3n en caso de que encontremos un b\u00fafer de extensi\u00f3n que pertenezca al \u00e1rbol de reubicaci\u00f3n que no tenga el indicador backref completo establecido. Esto es inesperado y nunca deber\u00eda suceder (salvo por errores o una posible mala memoria)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46753.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46753.json index 7400e77d152..1d72319c5ff 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46753.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46753.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46753", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.107", - "lastModified": "2024-09-18T08:15:04.107", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is\nincorrect, we have proper error handling here, return the error." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: manejo correcto de errores de btrfs_dec_ref() En walk_up_proc() ejecutamos BUG_ON(ret) desde btrfs_dec_ref(). Esto es incorrecto, aqu\u00ed tenemos un manejo correcto de errores, devolvemos el error." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46754.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46754.json index 214a89493bd..b00a3564721 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46754.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46754.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46754", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.153", - "lastModified": "2024-09-18T08:15:04.153", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn't work since it was introduced in commit 04d4b274e2a\n(\"ipv6: sr: Add seg6local action End.BPF\"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: eliminar tst_run de lwt_seg6local_prog_ops. El syzbot inform\u00f3 que las operaciones BPF relacionadas con lwt_seg6 se pueden invocar mediante bpf_test_run() sin ingresar primero input_action_end_bpf(). Martin KaFai Lau dijo que la autoprueba para BPF_PROG_TYPE_LWT_SEG6LOCAL probablemente no funcion\u00f3 ya que se introdujo en el commit 04d4b274e2a (\"ipv6: sr: Agregar acci\u00f3n seg6local End.BPF\"). La raz\u00f3n es que la variable por CPU seg6_bpf_srh_states::srh nunca se asigna en el caso de la autoprueba, pero cada funci\u00f3n BPF lo espera. Eliminar test_run para BPF_PROG_TYPE_LWT_SEG6LOCAL." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46755.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46755.json index 26ecb70573d..cb89f633a58 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46755.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46755.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46755", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.203", - "lastModified": "2024-09-18T08:15:04.203", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()\n\nmwifiex_get_priv_by_id() returns the priv pointer corresponding to\nthe bss_num and bss_type, but without checking if the priv is actually\ncurrently in use.\nUnused priv pointers do not have a wiphy attached to them which can\nlead to NULL pointer dereferences further down the callstack. Fix\nthis by returning only used priv pointers which have priv->bss_mode\nset to something else than NL80211_IFTYPE_UNSPECIFIED.\n\nSaid NULL pointer dereference happened when an Accesspoint was started\nwith wpa_supplicant -i mlan0 with this config:\n\nnetwork={\n ssid=\"somessid\"\n mode=2\n frequency=2412\n key_mgmt=WPA-PSK WPA-PSK-SHA256\n proto=RSN\n group=CCMP\n pairwise=CCMP\n psk=\"12345678\"\n}\n\nWhen waiting for the AP to be established, interrupting wpa_supplicant\nwith and starting it again this happens:\n\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140\n| Mem abort info:\n| ESR = 0x0000000096000004\n| EC = 0x25: DABT (current EL), IL = 32 bits\n| SET = 0, FnV = 0\n| EA = 0, S1PTW = 0\n| FSC = 0x04: level 0 translation fault\n| Data abort info:\n| ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n| CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n| GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000\n| [0000000000000140] pgd=0000000000000000, p4d=0000000000000000\n| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n| Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio\n+mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs\n+imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6\n| CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18\n| Hardware name: somemachine (DT)\n| Workqueue: events sdio_irq_work\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| lr : mwifiex_get_cfp+0x34/0x15c [mwifiex]\n| sp : ffff8000818b3a70\n| x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004\n| x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9\n| x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000\n| x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000\n| x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517\n| x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1\n| x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157\n| x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124\n| x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000\n| Call trace:\n| mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex]\n| mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex]\n| mwifiex_process_sta_event+0x298/0xf0c [mwifiex]\n| mwifiex_process_event+0x110/0x238 [mwifiex]\n| mwifiex_main_process+0x428/0xa44 [mwifiex]\n| mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio]\n| process_sdio_pending_irqs+0x64/0x1b8\n| sdio_irq_work+0x4c/0x7c\n| process_one_work+0x148/0x2a0\n| worker_thread+0x2fc/0x40c\n| kthread+0x110/0x114\n| ret_from_fork+0x10/0x20\n| Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000)\n| ---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mwifiex: No devolver priv sin usar en mwifiex_get_priv_by_id() mwifiex_get_priv_by_id() devuelve el puntero priv correspondiente a bss_num y bss_type, pero sin comprobar si el priv est\u00e1 realmente en uso actualmente. Los punteros priv sin usar no tienen un wiphy adjunto a ellos, lo que puede provocar desreferencias de puntero NULL m\u00e1s abajo en la pila de llamadas. Solucione esto devolviendo solo punteros priv usados que tengan priv->bss_mode establecido en algo distinto de NL80211_IFTYPE_UNSPECIFIED. Dicha desreferencia de puntero NULL ocurri\u00f3 cuando un Accesspoint fue iniciado con wpa_supplicant -i mlan0 con esta configuraci\u00f3n: network={ ssid=\"somessid\" mode=2 frequency=2412 key_mgmt=WPA-PSK WPA-PSK-SHA256 proto=RSN group=CCMP pairwise=CCMP psk=\"12345678\" } Al esperar a que se establezca el AP, interrumpiendo wpa_supplicant con y reinici\u00e1ndolo esto sucede: | No se puede manejar la desreferencia de puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000140 | Informaci\u00f3n de aborto de memoria: | ESR = 0x0000000096000004 | EC = 0x25: DABT (EL actual), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | FSC = 0x04: error de traducci\u00f3n de nivel 0 | Informaci\u00f3n de cancelaci\u00f3n de datos: | ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 | CM = 0, WnR = 0, TnD = 0, TagAccess = 0 | GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 | pgtable del usuario: p\u00e1ginas de 4k, VA de 48 bits, pgdp=0000000046d96000 | [0000000000000140] pgd=000000000000000, p4d=0000000000000000 | Error interno: Oops: 0000000096000004 [#1] PREEMPT SMP | M\u00f3dulos vinculados en: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio +mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs +imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6 | CPU: 0 PID: 8 Comm: kworker/0:1 No contaminado 6.9.0-00007-g937242013fce-dirty #18 | Nombre del hardware: somemachine (DT) | Cola de trabajo: eventos sdio_irq_work | pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex] | lr : mwifiex_get_cfp+0x34/0x15c [mwifiex] | sp : ffff8000818b3a70 | x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004 | x26: 000000000000002c x25: 00000000000001511 x24: 00000000002e86bc9 | x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000 | x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000 | x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517 | x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c0100000ffb1 | x11: 0100000000000000 x10: 02e8ff43002c0100 x9: 0000ffb100100157 | x8: ffff000003d20000 x7: 00000000000002f1 x6: 00000000ffffe124 | x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000 | x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000 | Rastreo de llamadas: | mwifiex_get_cfp+0xd8/0x15c [mwifiex] | mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex] | mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex] | mwifiex_process_sta_event+0x298/0xf0c [mwifiex] | mwifiex_process_event+0x110/0x238 [mwifiex] | mwifiex_main_process+0x428/0xa44 [mwifiex] | mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio] | proceso_sdio_pending_irqs+0x64/0x1b8 | sdio_irq_work+0x4c/0x7c | proceso_one_work+0x148/0x2a0 | subproceso_trabajador+0x2fc/0x40c | kthread+0x110/0x114 | ret_from_fork+0x10/0x20 | C\u00f3digo: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000) | ---[ fin del seguimiento 0000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46756.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46756.json index e3f953c1e2d..412d879eba8 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46756.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46756.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46756", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.260", - "lastModified": "2024-09-18T08:15:04.260", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83627ehf) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (w83627ehf) Se corrigen los desbordamientos de l\u00ednea observados al escribir los atributos de l\u00edmite DIV_ROUND_CLOSEST() despu\u00e9s de que kstrtol() d\u00e9 como resultado un desbordamiento de l\u00ednea si el usuario proporciona un n\u00famero negativo grande, como -9223372036854775808. Se soluciona reordenando las operaciones clamp_val() y DIV_ROUND_CLOSEST()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46757.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46757.json index 480b45f409a..393d67b5b6b 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46757.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46757.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46757", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.313", - "lastModified": "2024-09-18T08:15:04.313", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (nct6775-core) Se corrigen los desbordamientos de l\u00ednea observados al escribir los atributos de l\u00edmite DIV_ROUND_CLOSEST() despu\u00e9s de que kstrtol() genere un desbordamiento de l\u00ednea si el usuario proporciona un n\u00famero negativo grande, como -9223372036854775808. Se soluciona reordenando las operaciones clamp_val() y DIV_ROUND_CLOSEST()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46758.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46758.json index 6324ab33b17..c3229fbc638 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46758.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46758.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46758", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.367", - "lastModified": "2024-09-18T08:15:04.367", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (lm95234) Se corrigen los desbordamientos de l\u00ednea observados al escribir los atributos de l\u00edmite DIV_ROUND_CLOSEST() despu\u00e9s de que kstrtol() genere un desbordamiento de l\u00ednea si el usuario proporciona un n\u00famero negativo grande, como -9223372036854775808. Se soluciona reordenando las operaciones clamp_val() y DIV_ROUND_CLOSEST()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46759.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46759.json index 95f0a64d727..8cb005f7529 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46759.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46759.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46759", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.413", - "lastModified": "2024-09-18T08:15:04.413", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (adc128d818) Se corrigen los desbordamientos de l\u00ednea observados al escribir los atributos de l\u00edmite DIV_ROUND_CLOSEST() despu\u00e9s de que kstrtol() genere un desbordamiento de l\u00ednea si el usuario proporciona un n\u00famero negativo grande, como -9223372036854775808. Se soluciona reordenando las operaciones clamp_val() y DIV_ROUND_CLOSEST()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46760.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46760.json index 6885f10ac52..7c166502112 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46760.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46760.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46760", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.470", - "lastModified": "2024-09-18T08:15:04.470", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: usb: schedule rx work after everything is set up\n\nRight now it's possible to hit NULL pointer dereference in\nrtw_rx_fill_rx_status on hw object and/or its fields because\ninitialization routine can start getting USB replies before\nrtw_dev is fully setup.\n\nThe stack trace looks like this:\n\nrtw_rx_fill_rx_status\nrtw8821c_query_rx_desc\nrtw_usb_rx_handler\n...\nqueue_work\nrtw_usb_read_port_complete\n...\nusb_submit_urb\nrtw_usb_rx_resubmit\nrtw_usb_init_rx\nrtw_usb_probe\n\nSo while we do the async stuff rtw_usb_probe continues and calls\nrtw_register_hw, which does all kinds of initialization (e.g.\nvia ieee80211_register_hw) that rtw_rx_fill_rx_status relies on.\n\nFix this by moving the first usb_submit_urb after everything\nis set up.\n\nFor me, this bug manifested as:\n[ 8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped\n[ 8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status\nbecause I'm using Larry's backport of rtw88 driver with the NULL\nchecks in rtw_rx_fill_rx_status." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtw88: usb: programar el trabajo de rx despu\u00e9s de que todo est\u00e9 configurado En este momento, es posible alcanzar la desreferencia del puntero NULL en rtw_rx_fill_rx_status en el objeto hw y/o sus campos porque la rutina de inicializaci\u00f3n puede comenzar a recibir respuestas USB antes de que rtw_dev est\u00e9 completamente configurado. El seguimiento de la pila se ve as\u00ed: rtw_rx_fill_rx_status rtw8821c_query_rx_desc rtw_usb_rx_handler ... queue_work rtw_usb_read_port_complete ... usb_submit_urb rtw_usb_rx_resubmit rtw_usb_init_rx rtw_usb_probe Entonces, mientras hacemos las cosas asincr\u00f3nicas, rtw_usb_probe contin\u00faa y llama a rtw_register_hw, que realiza todo tipo de inicializaci\u00f3n (por ejemplo, a trav\u00e9s de ieee80211_register_hw) de la que depende rtw_rx_fill_rx_status. Arregle esto moviendo el primer usb_submit_urb despu\u00e9s de que todo est\u00e9 configurado. Para m\u00ed, este error se manifest\u00f3 como: [8.893177] rtw_8821cu 1-1:1.2: banda incorrecta, paquete descartado [8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL en rtw_rx_fill_rx_status porque estoy usando el backport de Larry del controlador rtw88 con las comprobaciones NULL en rtw_rx_fill_rx_status." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46761.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46761.json index e4e6b6ed6e7..121c1721a24 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46761.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46761.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46761", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.517", - "lastModified": "2024-09-18T08:15:04.517", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pci/hotplug/pnv_php: Se soluciona el fallo del controlador hotplug en Powernv El controlador hotplug para powerpc (pci/hotplug/pnv_php.c) provoca un fallo del kernel cuando intentamos desconectar/deshabilitar en caliente el conmutador/puente PCIe del PHB. El fallo se produce porque, aunque la estructura de datos MSI se ha liberado durante la ruta de deshabilitaci\u00f3n/desconexi\u00f3n en caliente y se le ha asignado NULL, a\u00fan durante la anulaci\u00f3n del registro el c\u00f3digo estaba intentando de nuevo deshabilitar expl\u00edcitamente el MSI, lo que provoca la desreferencia del puntero NULL y el fallo del kernel. El parche corrige la comprobaci\u00f3n durante la ruta de anulaci\u00f3n del registro para evitar invocar pci_disable_msi/msix() ya que su estructura de datos ya est\u00e1 liberada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46762.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46762.json index b8482aba028..8c216d5424f 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46762.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46762.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46762", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.570", - "lastModified": "2024-09-18T08:15:04.570", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xen: privcmd: Fix possible access to a freed kirqfd instance Nada impide llamadas ioctl simult\u00e1neas a privcmd_irqfd_assign() y privcmd_irqfd_deassign(). Si eso sucede, es posible que un kirqfd creado y agregado a la irqfds_list por privcmd_irqfd_assign() pueda ser eliminado por otro hilo que ejecuta privcmd_irqfd_deassign(), mientras que el primero todav\u00eda lo est\u00e1 usando despu\u00e9s de eliminar los bloqueos. Esto puede llevar a una situaci\u00f3n en la que se puede acceder a una instancia kirqfd ya liberada y causar errores del kernel. Use el bloqueo SRCU para evitar lo mismo, como se hace para la implementaci\u00f3n de KVM para irqfds." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46763.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46763.json index 86dd545531e..44847ab6a55 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46763.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46763.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46763", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.613", - "lastModified": "2024-09-18T08:15:04.613", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host. [0]\n\nThe NULL pointer is sk->sk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk->sk_user_data could be NULL.\n\nLet's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS: 0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fou: Se ha corregido un null-ptr-deref en GRO. Observamos un null-ptr-deref en fou_gro_receive() al apagar un host. [0] El puntero NULL es sk->sk_user_data y el desplazamiento 8 es del protocolo en la estructura fou. Cuando se llama a fou_release() debido al desmantelamiento de netns o al desmantelamiento expl\u00edcito del t\u00fanel, udp_tunnel_sock_release() establece NULL en sk->sk_user_data. Luego, el socket del t\u00fanel se destruye despu\u00e9s de un \u00fanico per\u00edodo de gracia de RCU. Por lo tanto, udp4_gro_receive() en vuelo podr\u00eda encontrar el socket y ejecutar el controlador FOU GRO, donde sk->sk_user_data podr\u00eda ser NULL. Usemos rcu_dereference_sk_user_data() en fou_from_sock() y agreguemos comprobaciones NULL en los controladores FOU GRO. [0]: ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000008 PF: acceso de lectura del supervisor en modo kernel PF: error_code(0x0000) - p\u00e1gina no presente PGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0 SMP PTI CPU: 0 PID: 0 Comm: swapper/0 No contaminado 5.10.216-204.855.amzn2.x86_64 #1 Nombre del hardware: Amazon EC2 c5.large/, BIOS 1.0 16/10/2017 RIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou] C\u00f3digo: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42 RSP: 0018:ffffa330c0003d08 EFLAGS: 00010297 RAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010 RDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08 RBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 000000000000002 R10: 000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400 R13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0 FS: 0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Seguimiento de llamadas: ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259) ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420) ? no_context (arch/x86/mm/fault.c:752) ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571) ? fou_gro_receive (net/ipv4/fou.c:233) [fou] udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559) udp4_gro_receive (net/ipv4/udp_offload.c:604) inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminador 7)) dev_gro_receive (net/core/dev.c:6035 (discriminador 4)) napi_gro_receive (net/core/dev.c:6170) ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena] ena_io_poll (controladores/amazon/net/ena/ena_netdev.c:1742) [ena] napi_poll (net/core/dev.c:6847) net_rx_action (net/core/dev.c:6917) __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299) asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809) do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77) irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435) interrupci\u00f3n_com\u00fan (arch/x86/kernel/irq.c:239) interrupci\u00f3n_com\u00fan_asm (arch/x86/include/asm/idtentry.h:626) RIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575) C\u00f3digo: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 c3 cc cc cc cc e9 ser fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 RSP: 0018:ffffffffb5603e58 EFLAGS: 00000246 RAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900 RDX: ffff93daee800000 RSI: ffff93d ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46764.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46764.json index 241d67cfbef..301f73398cb 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46764.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46764.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46764", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.670", - "lastModified": "2024-09-18T08:15:04.670", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add check for invalid name in btf_name_valid_section()\n\nIf the length of the name string is 1 and the value of name[0] is NULL\nbyte, an OOB vulnerability occurs in btf_name_valid_section() and the\nreturn value is true, so the invalid name passes the check.\n\nTo solve this, you need to check if the first position is NULL byte and\nif the first character is printable." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: a\u00f1adir comprobaci\u00f3n de nombre no v\u00e1lido en btf_name_valid_section() Si la longitud de la cadena de nombre es 1 y el valor de name[0] es un byte NULL, se produce una vulnerabilidad OOB en btf_name_valid_section() y el valor de retorno es verdadero, por lo que el nombre no v\u00e1lido pasa la comprobaci\u00f3n. Para resolver esto, debe comprobar si la primera posici\u00f3n es un byte NULL y si el primer car\u00e1cter es imprimible." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46765.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46765.json index 3f8f38594c4..efc4bffa4e4 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46765.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46765.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46765", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.710", - "lastModified": "2024-09-18T08:15:04.710", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] \n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] \n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: proteger la configuraci\u00f3n de XDP con un mutex La principal amenaza a la consistencia de los datos en ice_xdp() es un posible reinicio asincr\u00f3nico de PF. Puede ser activado por un usuario o por el controlador de tiempo de espera de TX. El c\u00f3digo de configuraci\u00f3n de XDP y de restablecimiento de PF accede a los mismos recursos en las siguientes secciones: * ice_vsi_close() en ice_prepare_for_reset() - ya bloqueado en RTNL * ice_vsi_rebuild() para PF VSI - no protegido * ice_vsi_open() - ya bloqueado en RTNL Con un momento desafortunado, dichos accesos pueden resultar en un bloqueo como el siguiente: [ +1.999878] ice 0000:b1:00.0: Modelo de memoria XDP registrado MEM_TYPE_XSK_BUFF_POOL en el anillo Rx 14 [ +2.002992] ice 0000:b1:00.0: Modelo de memoria XDP registrado MEM_TYPE_XSK_BUFF_POOL en el anillo Rx 18 [15 de marzo 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: la cola de transmisi\u00f3n 14 agot\u00f3 el tiempo de espera 80692736 ms [ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001 [ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout nivel de recuperaci\u00f3n 1, txqueue 14 [ +0.394718] ice 0000:b1:00.0: restablecimiento de PTP exitoso [ +0.006184] ERROR: puntero NULL del n\u00facleo desreferencia, direcci\u00f3n: 0000000000000098 [ +0.000045] #PF: acceso de lectura de supervisor en modo kernel [ +0.000023] #PF: error_code(0x0000) - p\u00e1gina no presente [ +0.000023] PGD 0 P4D 0 [ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI [ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 No contaminado 6.8.0-rc7 #1 [ +0.000031] Nombre del hardware: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 26/08/2021 [ +0.000036] Cola de trabajo: hielo ice_service_task [hielo] [ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [hielo] [...] [ +0.000013] Rastreo de llamadas: [ +0.000016] [ +0.000014] ? __die+0x1f/0x70 [ +0.000029] ? page_fault_oops+0x171/0x4f0 [ +0.000029] ? schedule+0x3b/0xd0 [ +0.000027] ? exc_page_fault+0x7b/0x180 [ +0.000022] ? asm_exc_page_fault+0x22/0x30 [ +0.000031] ? hielo_limpio_tx_ring+0xa/0xd0 [hielo] [ +0.000194] hielo_libre_tx_ring+0xe/0x60 [hielo] [ +0.000186] hielo_destruir_xdp_rings+0x157/0x310 [hielo] [ +0.000151] hielo_vsi_decfg+0x53/0xe0 [hielo] [ +0.000180] hielo_vsi_rebuild+0x239/0x540 [hielo] [ +0.000186] hielo_vsi_rebuild_by_type+0x76/0x180 [hielo] [ +0.000145] hielo_rebuild+0x18c/0x840 [hielo] [ +0.000145] ? retraso_tsc+0x4a/0xc0 [ +0.000022] ? retraso_tsc+0x92/0xc0 [ +0.000020] hielo_do_reset+0x140/0x180 [hielo] [ +0.000886] hielo_servicio_tarea+0x404/0x1030 [hielo] [ +0.000824] proceso_una_obra+0x171/0x340 [ +0.000685] subproceso_trabajador+0x277/0x3a0 [ +0.000675] ? preempt_count_add+0x6a/0xa0 [ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50 [ +0.000679] ? La forma anterior de manejar esto mediante la devoluci\u00f3n de -EBUSY no es viable, particularmente cuando se destruye el socket AF_XDP, porque el n\u00facleo procede con la eliminaci\u00f3n de todos modos. Hay mucho c\u00f3digo entre esas llamadas y no hay necesidad de crear una gran secci\u00f3n cr\u00edtica que las cubra todas, al igual que no hay necesidad de proteger ice_vsi_rebuild() con rtnl_lock(). Agregue el mutex xdp_state_lock para proteger ice_vsi_rebuild() y ice_xdp(). Dejar secciones desprotegidas en el medio dar\u00eda como resultado dos estados que deben considerarse: 1. cuando el VSI est\u00e1 cerrado, pero a\u00fan no se reconstruye 2. cuando VSI ya se est\u00e1 reconstruyendo, pero a\u00fan no est\u00e1 abierto El \u00faltimo caso en realidad ya se maneja a trav\u00e9s del caso !netif_running(), solo necesitamos ajustar un poco la verificaci\u00f3n de indicadores. El primero no es tan trivial, porque entre ice_vsi_close() y ice_vsi_rebuild(), ocurre mucha interacci\u00f3n de hardware, esto puede hacer que agregar/eliminar anillos salga con un error. Afortunadamente, la reconstrucci\u00f3n de VSI est\u00e1 pendiente y puede aplicar una nueva configuraci\u00f3n para nosotros de manera administrada. ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46766.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46766.json index 6ddecb2f7c9..8983bbdb95f 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46766.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46766.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46766", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.760", - "lastModified": "2024-09-18T08:15:04.760", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[ +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[ +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[ +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000003] Call Trace:\n[ +0.000003] \n[ +0.000002] dump_stack_lvl+0x60/0x80\n[ +0.000007] print_report+0xce/0x630\n[ +0.000007] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ +0.000007] ? __virt_addr_valid+0x1c9/0x2c0\n[ +0.000005] ? netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000003] kasan_report+0xe9/0x120\n[ +0.000004] ? netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000004] netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000005] ice_vsi_close+0x161/0x670 [ice]\n[ +0.000114] ice_dis_vsi+0x22f/0x270 [ice]\n[ +0.000095] ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[ +0.000086] ice_prepare_for_reset+0x299/0x750 [ice]\n[ +0.000087] pci_dev_save_and_disable+0x82/0xd0\n[ +0.000006] pci_reset_function+0x12d/0x230\n[ +0.000004] reset_store+0xa0/0x100\n[ +0.000006] ? __pfx_reset_store+0x10/0x10\n[ +0.000002] ? __pfx_mutex_lock+0x10/0x10\n[ +0.000004] ? __check_object_size+0x4c1/0x640\n[ +0.000007] kernfs_fop_write_iter+0x30b/0x4a0\n[ +0.000006] vfs_write+0x5d6/0xdf0\n[ +0.000005] ? fd_install+0x180/0x350\n[ +0.000005] ? __pfx_vfs_write+0x10/0xA10\n[ +0.000004] ? do_fcntl+0x52c/0xcd0\n[ +0.000004] ? kasan_save_track+0x13/0x60\n[ +0.000003] ? kasan_save_free_info+0x37/0x60\n[ +0.000006] ksys_write+0xfa/0x1d0\n[ +0.000003] ? __pfx_ksys_write+0x10/0x10\n[ +0.000002] ? __x64_sys_fcntl+0x121/0x180\n[ +0.000004] ? _raw_spin_lock+0x87/0xe0\n[ +0.000005] do_syscall_64+0x80/0x170\n[ +0.000007] ? _raw_spin_lock+0x87/0xe0\n[ +0.000004] ? __pfx__raw_spin_lock+0x10/0x10\n[ +0.000003] ? file_close_fd_locked+0x167/0x230\n[ +0.000005] ? syscall_exit_to_user_mode+0x7d/0x220\n[ +0.000005] ? do_syscall_64+0x8c/0x170\n[ +0.000004] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? fput+0x1a/0x2c0\n[ +0.000004] ? filp_close+0x19/0x30\n[ +0.000004] ? do_dup2+0x25a/0x4c0\n[ +0.000004] ? __x64_sys_dup2+0x6e/0x2e0\n[ +0.000002] ? syscall_exit_to_user_mode+0x7d/0x220\n[ +0.000004] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? __count_memcg_events+0x113/0x380\n[ +0.000005] ? handle_mm_fault+0x136/0x820\n[ +0.000005] ? do_user_addr_fault+0x444/0xa80\n[ +0.000004] ? clear_bhb_loop+0x25/0x80\n[ +0.000004] ? clear_bhb_loop+0x25/0x80\n[ +0.000002] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ +0.000005] RIP: 0033:0x7f2033593154" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: mover netif_queue_set_napi a secciones protegidas por rtnl Actualmente, netif_queue_set_napi() se llama desde ice_vsi_rebuild() que no est\u00e1 bloqueado por rtnl cuando se llama desde el reinicio. Esto crea la necesidad de tomar rtnl_lock solo para una \u00fanica funci\u00f3n y complica la sincronizaci\u00f3n con .ndo_bpf. Al mismo tiempo, no hay necesidad real de completar la informaci\u00f3n de napi a cola en este punto exacto. Complete la informaci\u00f3n de napi a cola al abrir la VSI y l\u00edmpiela cuando se cierre la VSI. Esas rutinas ya est\u00e1n bloqueadas por rtnl. Adem\u00e1s, reescriba la asignaci\u00f3n de napi a cola de una manera que evite la inclusi\u00f3n de colas XDP, ya que esto conduce a escrituras fuera de los l\u00edmites, como la siguiente. [ +0.000004] ERROR: KASAN: slab-out-of-bounds en netif_queue_set_napi+0x1c2/0x1e0 [ +0.000012] Escritura de tama\u00f1o 8 en la direcci\u00f3n ffff889881727c80 por la tarea bash/7047 [ +0.000006] CPU: 24 PID: 7047 Comm: bash No contaminado 6.10.0-rc2+ #2 [ +0.000004] Nombre del hardware: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 26/08/2021 [ +0.000003] Seguimiento de llamadas: [ +0.000003] [ +0.000002] nivel_pila_volcado+0x60/0x80 [ +0.000007] informe_impresi\u00f3n+0xce/0x630 [ +0.000007] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ +0.000007] ? __virt_addr_valid+0x1c9/0x2c0 [ +0.000005] ? netif_queue_set_napi+0x1c2/0x1e0 [ +0.000003] informe_kasan+0xe9/0x120 [ +0.000004] ? netif_queue_set_napi+0x1c2/0x1e0 [ +0.000004] netif_queue_set_napi+0x1c2/0x1e0 [ +0.000005] ice_vsi_close+0x161/0x670 [hielo] [ +0.000114] ice_dis_vsi+0x22f/0x270 [hielo] [ +0.000095] ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [hielo] [ +0.000086] ice_preparar_para_restablecer+0x299/0x750 [hielo] [ +0.000087] pci_dev_guardar_y_deshabilitar+0x82/0xd0 [ +0.000006] pci_reset_function+0x12d/0x230 [ +0.000004] reset_store+0xa0/0x100 [ +0.000006] ? __pfx_reset_store+0x10/0x10 [ +0.000002] ? __pfx_mutex_lock+0x10/0x10 [ +0.000004] ? __check_object_size+0x4c1/0x640 [ +0.000007] kernfs_fop_write_iter+0x30b/0x4a0 [ +0.000006] vfs_write+0x5d6/0xdf0 [ +0.000005] ? kasan_save_track+0x13/0x60 [ +0.000003] ? kasan_save_free_info+0x37/0x60 [ +0.000006] ksys_write+0xfa/0x1d0 [ +0.000003] ? __pfx_ksys_write+0x10/0x10 [ +0.000002] ? __x64_sys_fcntl+0x121/0x180 [ +0.000004] ? _raw_spin_lock+0x87/0xe0 [ +0.000005] hacer_syscall_64+0x80/0x170 [ +0.000007] ? _raw_spin_lock+0x87/0xe0 [ +0.000004] ? __pfx__raw_spin_lock+0x10/0x10 [ +0.000003] ? cerrar_archivo_fd_bloqueado+0x167/0x230 [ +0.000005] ? salir_syscall_al_modo_usuario+0x7d/0x220 [ +0.000005] ? __x64_sys_dup2+0x6e/0x2e0 [ +0.000002] ? syscall_salir_al_modo_usuario+0x7d/0x220 [ +0.000004] ? do_syscall_64+0x8c/0x170 [ +0.000003] ? __count_memcg_events+0x113/0x380 [ +0.000005] ? handle_mm_fault+0x136/0x820 [ +0.000005] ? do_user_addr_fault+0x444/0xa80 [ +0.000004] ? clear_bhb_loop+0x25/0x80 [ +0.000004] ? borrar_bucle_bhb+0x25/0x80 [ +0.000002] entrada_SYSCALL_64_despu\u00e9s_de_hwframe+0x76/0x7e [ +0.000005] RIP: 0033:0x7f2033593154" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46767.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46767.json index 75a3c7bb474..9039ef9cbc6 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46767.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46767.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46767", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.810", - "lastModified": "2024-09-18T08:15:04.810", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Fix missing of_node_put() for leds\n\nThe call of of_get_child_by_name() will cause refcount incremented\nfor leds, if it succeeds, it should call of_node_put() to decrease\nit, fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: phy: Se corrige la falta de of_node_put() para LED. La llamada de of_get_child_by_name() har\u00e1 que se incremente el recuento de referencias para los LED. Si tiene \u00e9xito, deber\u00eda llamar a of_node_put() para disminuirlo y solucionarlo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46768.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46768.json index a787d5760ea..2ef22b5e54e 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46768.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46768.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46768", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.853", - "lastModified": "2024-09-18T08:15:04.853", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (hp-wmi-sensors) Check if WMI event data exists\n\nThe BIOS can choose to return no event data in response to a\nWMI event, so the ACPI object passed to the WMI notify handler\ncan be NULL.\n\nCheck for such a situation and ignore the event in such a case." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (hp-wmi-sensors) Verificar si existen datos de eventos de WMI El BIOS puede elegir no devolver datos de eventos en respuesta a un evento de WMI, por lo que el objeto ACPI que se pasa al controlador de notificaciones de WMI puede ser NULL. Verifique si existe tal situaci\u00f3n e ignore el evento en ese caso." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46769.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46769.json index 2c1a333be3d..f849eb5a7da 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46769.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46769.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46769", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.903", - "lastModified": "2024-09-18T08:15:04.903", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: intel: Add check devm_kasprintf() returned value\n\nintel_spi_populate_chip() use devm_kasprintf() to set pdata->name.\nThis can return a NULL pointer on failure but this returned value\nis not checked." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: intel: Agregar comprobaci\u00f3n del valor devuelto por devm_kasprintf() intel_spi_populate_chip() usa devm_kasprintf() para establecer pdata->name. Esto puede devolver un puntero NULL en caso de error, pero este valor devuelto no se comprueba." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46770.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46770.json index 5dd3cbf0fa1..6be7dd7bee5 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46770.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46770.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46770", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:04.957", - "lastModified": "2024-09-18T08:15:04.957", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net//device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c \n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: Agregar netif_device_attach/detach en el flujo de reinicio de PF Las devoluciones de llamadas de Ethtool se pueden ejecutar mientras el reinicio est\u00e1 en progreso e intentar acceder a los recursos eliminados, por ejemplo, obtener configuraciones de coalesce puede resultar en una desreferencia de puntero NULL que se ve a continuaci\u00f3n. Pasos de reproducci\u00f3n: Una vez que el controlador est\u00e9 completamente inicializado, active el reinicio: # echo 1 > /sys/class/net//device/reset cuando el reinicio est\u00e9 en progreso intente obtener la configuraci\u00f3n de coalesce usando ethtool: # ethtool -c ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000020 PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 11 PID: 19713 Comm: ethtool Tainted: GS 6.10.0-rc7+ #7 RIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice] RSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206 RAX: 0000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588 RBP: 000000000000000 R08: 000000000000000 R09: 0000000000000000 R10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000 R13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40 FS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000080050033 CR2: 000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0 Seguimiento de llamadas: ice_get_coalesce+0x17/0x30 [ice] coalesce_prepare_data+0x61/0x80 ethnl_default_doit+0xde/0x340 genl_family_rcv_msg_doit+0xf2/0x150 genl_rcv_msg+0x1b3/0x2c0 netlink_rcv_skb+0x5b/0x110 genl_rcv+0x28/0x40 netlink_unicast+0x19c/0x290 netlink_sendmsg+0x222/0x490 __sys_sendto+0x1df/0x1f0 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x82/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e DESCANSE EN P\u00c9RDIDA: 0033:0x7faee60d8e27 Llamar a netif_device_detach() antes del reinicio hace que el n\u00facleo de red no llame al controlador cuando se emite el comando ethtool, el intento de ejecutar un comando ethtool durante el reinicio dar\u00e1 como resultado el siguiente mensaje: error de netlink: No existe dicho dispositivo en lugar de la desreferencia de puntero NULL. Una vez que se realiza el reinicio y se ejecuta ice_rebuild(), se llama a netif_device_attach() para permitir que las operaciones de ethtool se realicen nuevamente de manera segura." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46771.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46771.json index 77c7b18cf67..b7fab0a321c 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46771.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46771.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46771", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.010", - "lastModified": "2024-09-18T08:15:05.010", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Remove proc entry when dev is unregistered.\n\nsyzkaller reported a warning in bcm_connect() below. [0]\n\nThe repro calls connect() to vxcan1, removes vxcan1, and calls\nconnect() with ifindex == 0.\n\nCalling connect() for a BCM socket allocates a proc entry.\nThen, bcm_sk(sk)->bound is set to 1 to prevent further connect().\n\nHowever, removing the bound device resets bcm_sk(sk)->bound to 0\nin bcm_notify().\n\nThe 2nd connect() tries to allocate a proc entry with the same\nname and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the\noriginal proc entry.\n\nSince the proc entry is available only for connect()ed sockets,\nlet's clean up the entry when the bound netdev is unregistered.\n\n[0]:\nproc_dir_entry 'can-bcm/2456' already registered\nWARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375\nModules linked in:\nCPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375\nCode: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48\nRSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246\nRAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002\nRBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0\nR10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec\nFS: 00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220\n bcm_connect+0x472/0x840 net/can/bcm.c:1673\n __sys_connect_file net/socket.c:2049 [inline]\n __sys_connect+0x5d2/0x690 net/socket.c:2066\n __do_sys_connect net/socket.c:2076 [inline]\n __se_sys_connect net/socket.c:2073 [inline]\n __x64_sys_connect+0x8f/0x100 net/socket.c:2073\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fbd708b0e5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d\nRDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040\nR10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098\nR13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000\n \nremove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456'" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: bcm: Eliminar entrada proc cuando dev no est\u00e1 registrado. syzkaller inform\u00f3 una advertencia en bcm_connect() a continuaci\u00f3n. [0] La repro llama a connect() a vxcan1, elimina vxcan1 y llama a connect() con ifindex == 0. Llamar a connect() para un socket BCM asigna una entrada proc. Luego, bcm_sk(sk)->bound se establece en 1 para evitar m\u00e1s connect(). Sin embargo, eliminar el dispositivo vinculado restablece bcm_sk(sk)->bound a 0 en bcm_notify(). El segundo connect() intenta asignar una entrada proc con el mismo nombre y establece NULL en bcm_sk(sk)->bcm_proc_read, filtrando la entrada proc original. Dado que la entrada proc solo est\u00e1 disponible para sockets conectados, limpiemos la entrada cuando el netdev vinculado no est\u00e9 registrado. [0]: proc_dir_entry 'can-bcm/2456' ya est\u00e1 registrado ADVERTENCIA: CPU: 1 PID: 394 en fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375 M\u00f3dulos vinculados en: CPU: 1 PID: 394 Comm: syz-executor403 No contaminado 6.10.0-rc7-g852e42cc2dd4 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 RIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375 C\u00f3digo: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48 RSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246 RAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 RBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0 R10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec FS: 00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 PKRU: 55555554 Seguimiento de llamadas: proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220 bcm_connect+0x472/0x840 net/can/bcm.c:1673 __sys_connect_file net/socket.c:2049 [en l\u00ednea] __sys_connect+0x5d2/0x690 net/socket.c:2066 __do_sys_connect net/socket.c:2076 [en l\u00ednea] __se_sys_connect net/socket.c:2073 [en l\u00ednea] __x64_sys_connect+0x8f/0x100 net/socket.c:2073 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7fbd708b0e5d C\u00f3digo: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48 RSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040 R10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098 R13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000 remove_proc_entry: elimina el directorio no vac\u00edo 'net/can-bcm', filtrando al menos '2456'" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46772.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46772.json index 1fe6cb3a17c..da1dd63452f 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46772.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46772.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46772", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.073", - "lastModified": "2024-09-18T08:15:05.073", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: comprobar el denominador crb_pipes antes de usarlo [QU\u00c9 Y C\u00d3MO] Un denominador no puede ser 0 y se comprueba antes de usarlo. Esto soluciona 2 problemas de DIVIDE_BY_ZERO informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46773.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46773.json index 290d06669fd..31be89d9914 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46773.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46773.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46773", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.123", - "lastModified": "2024-09-18T08:15:05.123", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator pbn_div before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 1 DIVIDE_BY_ZERO issue reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: comprobar el denominador pbn_div antes de usarlo [QU\u00c9 Y C\u00d3MO] Un denominador no puede ser 0 y se comprueba antes de usarlo. Esto soluciona un problema DIVIDE_BY_ZERO informado por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46774.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46774.json index 19e3dd46616..faa36368c4b 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46774.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46774.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46774", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.180", - "lastModified": "2024-09-18T08:15:05.180", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/rtas: Impedir la construcci\u00f3n del gadget Spectre v1 en sys_rtas() Smatch advierte: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() advierte: posible problema de Spectre 'args.args' [r] (cap local) Las variables locales 'nargs' y 'nret' provienen directamente de un b\u00fafer proporcionado por el usuario y se usan como \u00edndices en una peque\u00f1a matriz basada en pila y como entradas para copy_to_user() despu\u00e9s de que est\u00e9n sujetas a verificaciones de l\u00edmites. Utilice array_index_nospec() despu\u00e9s de las verificaciones de l\u00edmites para fijar estos valores para la ejecuci\u00f3n especulativa." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46775.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46775.json index 0c804466d0b..310a2dfd68f 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46775.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46775.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46775", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.240", - "lastModified": "2024-09-18T08:15:05.240", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Validar los valores devueltos por la funci\u00f3n [QU\u00c9 Y C\u00d3MO] Los valores devueltos por la funci\u00f3n deben comprobarse antes de que los datos se puedan usar en funciones posteriores. Esto soluciona 4 problemas de CHECKED_RETURN informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46776.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46776.json index 82749314689..acd76206891 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46776.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46776.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46776", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.287", - "lastModified": "2024-09-18T08:15:05.287", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: ejecutar DC_LOG_DC despu\u00e9s de comprobar link->link_enc [QU\u00c9] DC_LOG_DC debe ejecutarse despu\u00e9s de comprobar link->link_enc, no antes. Esto soluciona un problema de REVERSE_INULL informado por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46777.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46777.json index df3d0ac27a4..07a9b14ce8e 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46777.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46777.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46777", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.330", - "lastModified": "2024-09-18T08:15:05.330", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: evitar particiones de longitud excesiva Evite montar sistemas de archivos en los que la partici\u00f3n supere los 32 bits utilizados para el n\u00famero de bloque. Tambi\u00e9n reh\u00fase montar sistemas de archivos en los que la longitud de la partici\u00f3n sea tan grande que no podamos indexar bits de forma segura en un mapa de bits de bloques." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46778.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46778.json index 935399abce2..2e0628c3fb4 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46778.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46778.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46778", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.380", - "lastModified": "2024-09-18T08:15:05.380", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: comprobar el valor de UnboundedRequestEnabled CalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled es un puntero (es decir, dml_bool_t *UnboundedRequestEnabled) y, por lo tanto, if (p->UnboundedRequestEnabled) comprueba su direcci\u00f3n, no su valor booleano. Esto soluciona 1 problema de REVERSE_INULL informado por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46779.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46779.json index 022cf26000f..a304b950f94 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46779.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46779.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46779", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.430", - "lastModified": "2024-09-18T08:15:05.430", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Free pvr_vm_gpuva after unlink\n\nThis caused a measurable memory leak. Although the individual\nallocations are small, the leaks occurs in a high-usage codepath\n(remapping or unmapping device memory) so they add up quickly." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/imagination: pvr_vm_gpuva libre despu\u00e9s de la desvinculaci\u00f3n Esto provoc\u00f3 una p\u00e9rdida de memoria medible. Aunque las asignaciones individuales son peque\u00f1as, las p\u00e9rdidas se producen en una ruta de c\u00f3digo de alto uso (reasignaci\u00f3n o anulaci\u00f3n de la asignaci\u00f3n de la memoria del dispositivo), por lo que se acumulan r\u00e1pidamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46780.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46780.json index ef7fac26131..2ff89170e23 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46780.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46780.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46780", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.473", - "lastModified": "2024-09-18T08:15:05.473", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues. So, accessing them requires mutual exclusion using\nthe reader/writer semaphore \"nilfs->ns_sem\".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: protege las referencias a los par\u00e1metros de superbloque expuestos en sysfs Los b\u00faferes de superbloque de nilfs2 no solo se pueden sobrescribir en tiempo de ejecuci\u00f3n para modificaciones/reparaciones, sino que tambi\u00e9n se intercambian regularmente, se reemplazan durante el cambio de tama\u00f1o e incluso se abandonan cuando se degradan a un lado debido a problemas con el dispositivo de respaldo. Por lo tanto, acceder a ellos requiere exclusi\u00f3n mutua utilizando el sem\u00e1foro de lectura/escritura \"nilfs->ns_sem\". Algunos m\u00e9todos de demostraci\u00f3n del atributo sysfs leen este b\u00fafer de superbloque sin la exclusi\u00f3n mutua necesaria, lo que puede causar problemas con la desreferenciaci\u00f3n de punteros y el acceso a la memoria, as\u00ed que arr\u00e9glelo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46781.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46781.json index d230b7c9b50..6a93b951878 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46781.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46781.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46781", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.527", - "lastModified": "2024-09-18T08:15:05.527", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: se corrige el error de limpieza faltante en la recuperaci\u00f3n de avance En una prueba de inyecci\u00f3n de errores de una rutina para la recuperaci\u00f3n en tiempo de montaje, KASAN encontr\u00f3 un error de use after free. Result\u00f3 que si la recuperaci\u00f3n de datos se realizaba utilizando registros parciales creados por escrituras dsync, pero se produc\u00eda un error antes de iniciar el escritor de registros para crear un punto de control recuperado, los inodos cuyos datos se hab\u00edan recuperado se dejaban en la lista ns_dirty_files del objeto nilfs y no se liberaban. Solucione este problema limpiando los inodos que han le\u00eddo los datos de recuperaci\u00f3n si la rutina de recuperaci\u00f3n falla a mitad de camino antes de que se inicie el escritor de registros." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46782.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46782.json index 479a65ed92b..fb472d119fe 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46782.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46782.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46782", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.577", - "lastModified": "2024-09-18T08:15:05.577", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ila: llamar a nf_unregister_net_hooks() antes de que syzbot encuentre una lectura de uso posterior a la liberaci\u00f3n en ila_nf_input [1] El problema aqu\u00ed es que ila_xlat_exit_net() libera la tabla rhash y luego llama a nf_unregister_net_hooks(). Deber\u00eda hacerse de forma inversa, con unsynchronous_rcu(). Esta es una buena combinaci\u00f3n para un m\u00e9todo pre_exit(). [1] ERROR: KASAN: use after free en rht_key_hashfn include/linux/rhashtable.h:159 [en l\u00ednea] ERROR: KASAN: use after free en __rhashtable_lookup include/linux/rhashtable.h:604 [en l\u00ednea] ERROR: KASAN: use after free en rhashtable_lookup include/linux/rhashtable.h:646 [en l\u00ednea] ERROR: KASAN: use after free en rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff888064620008 por la tarea ksoftirqd/0/16 CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 No contaminado 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:93 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [en l\u00ednea] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 rht_key_hashfn include/linux/rhashtable.h:159 [en l\u00ednea] __rhashtable_lookup include/linux/rhashtable.h:604 [en l\u00ednea] rhashtable_lookup include/linux/rhashtable.h:646 [en l\u00ednea] rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [en l\u00ednea] ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [en l\u00ednea] ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190 nf_hook_entry_hookfn include/linux/netfilter.h:154 [en l\u00ednea] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [en l\u00ednea] NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312 __netif_receive_skb_one_core net/core/dev.c:5661 [en l\u00ednea] __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6108 __napi_poll+0xcb/0x490 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [en l\u00ednea] net_rx_action+0x89b/0x1240 net/core/dev.c:6963 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:928 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: page: refcount:0 mapcount:0 mapping:0000000000000000 \u00edndice:0x0 pfn:0x64620 indicadores: 0xfff00000000000(nodo=0|zona=1|lastcpupid=0x7ff) tipo_p\u00e1gina: 0xbfffffff(amigo) sin procesar: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000 sin procesar: 000000000000000 000000000000003 00000000bfffffff 0000000000000000 p\u00e1gina volcada porque: kasan: se detect\u00f3 un acceso incorrecto page_owner rastrea la p\u00e1gina como liberada \u00faltima p\u00e1gina asignada mediante orden 3, migrantstype inamovible, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (ejecutor del sistema), ts 73611328570, free_ts 618981657187 establecer_propietario_de_p\u00e1gina include/linux/page_owner.h:32 [en l\u00ednea] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493 preparar_nueva_p\u00e1gina mm/page_alloc.c:1501 [en l\u00ednea] obtener_p\u00e1gina_de_lista_libre+0x2e4c/0x2f10 mm/page_alloc.c:3439 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695 __alloc_pages_node_noprof include/linux/gfp.h:269 [en l\u00ednea] alloc_pages_node_noprof include/linux/gfp.h:296 [en l\u00ednea] ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103 __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130 __do_kmalloc_node mm/slub.c:4146 [en l\u00ednea] __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164 __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650 bucket_table_alloc lib/rhashtable.c:186 [en l\u00ednea] ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46783.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46783.json index e7c794ff02a..65290d2f951 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46783.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46783.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46783", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.630", - "lastModified": "2024-09-18T08:15:05.630", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: fix return value of tcp_bpf_sendmsg()\n\nWhen we cork messages in psock->cork, the last message triggers the\nflushing will result in sending a sk_msg larger than the current\nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes\nnegative at least in the following case:\n\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta); // <==== HERE\n473 return -EACCES;\n\nTherefore, it could lead to the following BUG with a proper value of\n'copied' (thanks to syzbot). We should not use negative 'copied' as a\nreturn value here.\n\n ------------[ cut here ]------------\n kernel BUG at net/socket.c:733!\n Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n Modules linked in:\n CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0\n Hardware name: linux,dummy-virt (DT)\n pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n pc : sock_sendmsg_nosec net/socket.c:733 [inline]\n pc : sock_sendmsg_nosec net/socket.c:728 [inline]\n pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745\n lr : sock_sendmsg_nosec net/socket.c:730 [inline]\n lr : __sock_sendmsg+0x54/0x60 net/socket.c:745\n sp : ffff800088ea3b30\n x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000\n x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000\n x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90\n x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001\n x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0\n x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000\n x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef\n Call trace:\n sock_sendmsg_nosec net/socket.c:733 [inline]\n __sock_sendmsg+0x5c/0x60 net/socket.c:745\n ____sys_sendmsg+0x274/0x2ac net/socket.c:2597\n ___sys_sendmsg+0xac/0x100 net/socket.c:2651\n __sys_sendmsg+0x84/0xe0 net/socket.c:2680\n __do_sys_sendmsg net/socket.c:2689 [inline]\n __se_sys_sendmsg net/socket.c:2687 [inline]\n __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49\n el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151\n el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598\n Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000)\n ---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp_bpf: se corrige el valor de retorno de tcp_bpf_sendmsg() Cuando copiamos mensajes en psock->cork, el \u00faltimo mensaje que activa el vaciado dar\u00e1 como resultado el env\u00edo de un sk_msg m\u00e1s grande que el tama\u00f1o del mensaje actual. En este caso, en tcp_bpf_send_verdict(), 'copied' se vuelve negativo al menos en el siguiente caso: 468 case __SK_DROP: 469 default: 470 sk_msg_free_partial(sk, msg, tosend); 471 sk_msg_apply_bytes(psock, tosend); 472 *copied -= (tosend + delta); // <==== HERE 473 return -EACCES; Por lo tanto, podr\u00eda generar el siguiente ERROR con un valor adecuado de 'copied' (gracias a syzbot). No deber\u00edamos usar 'copied' negativo como valor de retorno aqu\u00ed. ------------[ corte aqu\u00ed ]------------ \u00a1ERROR del kernel en net/socket.c:733! Error interno: Oops - BUG: 00000000f2000800 [#1] PREEMPT M\u00f3dulos SMP vinculados en: CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 No contaminado 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0 Nombre del hardware: linux,dummy-virt (DT) pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) pc : sock_sendmsg_nosec net/socket.c:733 [en l\u00ednea] pc : sock_sendmsg_nosec net/socket.c:728 [en l\u00ednea] pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745 lr : sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] lr : __sock_sendmsg+0x54/0x60 net/socket.c:745 sp : ffff800088ea3b30 x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000 x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000 x23: f9f0000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90 x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001 x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0 x8 : 0000000000000000 x7 : 0000000000000003f x6 : 0000000000000000 x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900 x2 : 000000000000000 x1 : 000000000000000 x0 : 00000000fffffdef Rastreo de llamadas: sock_sendmsg_nosec net/socket.c:733 [en l\u00ednea] __sock_sendmsg+0x5c/0x60 net/socket.c:745 ____sys_sendmsg+0x274/0x2ac net/socket.c:2597 ___sys_sendmsg+0xac/0x100 net/socket.c:2651 __sys_sendmsg+0x84/0xe0 net/socket.c:2680 __do_sys_sendmsg net/socket.c:2689 [en l\u00ednea] __se_sys_sendmsg net/socket.c:2687 [en l\u00ednea] __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687 __invoke_syscall arch/arm64/kernel/syscall.c:35 [en l\u00ednea] anybody_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49 el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151 el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598 C\u00f3digo: f9404463 d63f0060 3108441f 54fffe81 (d4210000) ---[ fin de seguimiento 0000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46784.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46784.json index e4ba371ed62..d6fb712baa8 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46784.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46784.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46784", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.683", - "lastModified": "2024-09-18T08:15:05.683", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n ? page_counter_cancel+0x2e/0x80\n ? do_user_addr_fault+0x2f2/0x640\n ? refill_obj_stock+0xc4/0x110\n ? exc_page_fault+0x71/0x160\n ? asm_exc_page_fault+0x27/0x30\n ? __mmdrop+0x10/0x180\n ? __mmdrop+0xec/0x180\n ? hrtimer_active+0xd/0x50\n hrtimer_try_to_cancel+0x2c/0xf0\n hrtimer_cancel+0x15/0x30\n napi_disable+0x65/0x90\n mana_destroy_rxq+0x4c/0x2f0\n mana_create_rxq.isra.0+0x56c/0x6d0\n ? mana_uncfg_vport+0x50/0x50\n mana_alloc_queues+0x21b/0x320\n ? skb_dequeue+0x5f/0x80" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mana: Se corrige el manejo de errores en la limpieza de NAPI de mana_create_txq/rxq Actualmente, napi_disable() se llama durante la limpieza de rxq y txq, incluso antes de que napi est\u00e9 habilitado y hrtimer se inicialice. Provoca p\u00e1nico del kernel. ? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46785.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46785.json index f0af10fbd47..e742e17f1e8 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46785.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46785.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46785", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.730", - "lastModified": "2024-09-18T08:15:05.730", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Use list_del_rcu() for SRCU protected list variable\n\nChi Zhiling reported:\n\n We found a null pointer accessing in tracefs[1], the reason is that the\n variable 'ei_child' is set to LIST_POISON1, that means the list was\n removed in eventfs_remove_rec. so when access the ei_child->is_freed, the\n panic triggered.\n\n by the way, the following script can reproduce this panic\n\n loop1 (){\n while true\n do\n echo \"p:kp submit_bio\" > /sys/kernel/debug/tracing/kprobe_events\n echo \"\" > /sys/kernel/debug/tracing/kprobe_events\n done\n }\n loop2 (){\n while true\n do\n tree /sys/kernel/debug/tracing/events/kprobes/\n done\n }\n loop1 &\n loop2\n\n [1]:\n [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150\n [ 1147.968239][T17331] Mem abort info:\n [ 1147.971739][T17331] ESR = 0x0000000096000004\n [ 1147.976172][T17331] EC = 0x25: DABT (current EL), IL = 32 bits\n [ 1147.982171][T17331] SET = 0, FnV = 0\n [ 1147.985906][T17331] EA = 0, S1PTW = 0\n [ 1147.989734][T17331] FSC = 0x04: level 0 translation fault\n [ 1147.995292][T17331] Data abort info:\n [ 1147.998858][T17331] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n [ 1148.005023][T17331] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n [ 1148.010759][T17331] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges\n [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP\n [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]\n [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G W ------- ---- 6.6.43 #2\n [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650\n [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020\n [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398\n [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398\n [ 1148.115969][T17331] sp : ffff80008d56bbd0\n [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000\n [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100\n [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10\n [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000\n [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0\n [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0\n [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862\n [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068\n [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001\n [ 1148.198131][T17331] Call trace:\n [ 1148.201259][T17331] eventfs_iterate+0x2c0/0x398\n [ 1148.205864][T17331] iterate_dir+0x98/0x188\n [ 1148.210036][T17331] __arm64_sys_getdents64+0x78/0x160\n [ 1148.215161][T17331] invoke_syscall+0x78/0x108\n [ 1148.219593][T17331] el0_svc_common.constprop.0+0x48/0xf0\n [ 1148.224977][T17331] do_el0_svc+0x24/0x38\n [ 1148.228974][T17331] el0_svc+0x40/0x168\n [ 1148.232798][T17\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: eventfs: Uso list_del_rcu() para la variable de lista protegida SRCU Chi Zhiling inform\u00f3: Encontramos un puntero nulo accediendo en tracefs[1], la raz\u00f3n es que la variable 'ei_child' est\u00e1 configurada en LIST_POISON1, lo que significa que la lista se elimin\u00f3 en eventfs_remove_rec. entonces, cuando se accede a ei_child->is_freed, se activa el p\u00e1nico. por cierto, el siguiente script puede reproducir este bucle de p\u00e1nico loop1 (){ while true do echo \"p:kp submission_bio\" > /sys/kernel/debug/tracing/kprobe_events echo \"\" > /sys/kernel/debug/tracing/kprobe_events done } loop2 (){ while true do tree /sys/kernel/debug/tracing/events/kprobes/ done } loop1 & loop2 [1]: [ 1147.959632][T17331] No se puede manejar la solicitud de paginaci\u00f3n del n\u00facleo en la direcci\u00f3n virtual dead000000000150 [ 1147.968239][T17331] Informaci\u00f3n de aborto de memoria: [ 1147.971739][T17331] ESR = 0x0000000096000004 [ 1147.976172][T17331] EC = 0x25: DABT (EL actual), IL = 32 bits [ 1147.982171][T17331] SET = 0, FnV = 0 [ 1147.985906][T17331] EA = 0, S1PTW = 0 [ 1147.989734][T17331] FSC = 0x04: error de traducci\u00f3n de nivel 0 [ 1147.995292][T17331] Informaci\u00f3n de cancelaci\u00f3n de datos: [ 1147.998858][T17331] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 1148.005023][T17331] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 1148.010759][T17331] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 1148.016752][T17331] [dead000000000150] direcci\u00f3n entre los rangos de direcciones del usuario y del n\u00facleo [ 1148.024571][T17331] Error interno: Oops: 0000000096000004 [#1] SMP [ 1148.030825][T17331] M\u00f3dulos vinculados en: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls puente ib_core de macvlan dummy stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [\u00faltima descarga: tls] [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Contaminado: GW ------- ---- 6.6.43 #2 [ 1148.081751][T17331] Versi\u00f3n de origen: 21b3b386e948bedd29369af66f3e98ab01b1c650 [ 1148.088783][T17331] Nombre del hardware: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 16/07/2020 [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398 [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398 [ 1148.115969][T17331] sp : ffff80008d56bbd0 [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000 [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: muerto000000000100 [ 1148.135598][T17331] x23: 0000000000000000 x22: 0000000000000000b x21: ffff800082645f10 [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 000000000000000 [ 1148.151231][T17331] x17: 000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0 [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 1148.166864][T17331] x11: 000000000000000 x10: 000000000000000 x9 : ffff8000804391d0 [ 1148.174680][T17331] x8 : 000000018000000 x7 : 0000000000000018 x6 : 0000aaab04b92862 [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068 [ 1148.190314][T17331] x2 : 00000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001 [ 1148.198131][T17331] Rastreo de llamadas: [ 1148.201259][T17331] eventfs_iterate+0x2c0/0x398 [ 1148.205864][T17331] iterar_dir+0x98/0x188 [ 1148.210036][T17331] __arm64_sys_getdents64+0x78/0x160 [ 1148.215161][T17331] invocar_llamada_al_sistema+0x78/0x108 [ 1148.219593][T17331] el0_svc_common.constprop.0+0x48/0xf0 [ 1148.224977][T17331] hacer_el0_svc+0x24/0x38 [ 1148.228974][T17331] el0_svc+0x40/0x168 [ 1148.232798][T17 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46786.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46786.json index 20f86b8fbb7..9d86fb2bdcd 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46786.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46786.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46786", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.783", - "lastModified": "2024-09-18T08:15:05.783", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF\n\nThe fscache_cookie_lru_timer is initialized when the fscache module\nis inserted, but is not deleted when the fscache module is removed.\nIf timer_reduce() is called before removing the fscache module,\nthe fscache_cookie_lru_timer will be added to the timer list of\nthe current cpu. Afterwards, a use-after-free will be triggered\nin the softIRQ after removing the fscache module, as follows:\n\n==================================================================\nBUG: unable to handle page fault for address: fffffbfff803c9e9\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855\nTainted: [W]=WARN\nRIP: 0010:__run_timer_base.part.0+0x254/0x8a0\nCall Trace:\n \n tmigr_handle_remote_up+0x627/0x810\n __walk_groups.isra.0+0x47/0x140\n tmigr_handle_remote+0x1fa/0x2f0\n handle_softirqs+0x180/0x590\n irq_exit_rcu+0x84/0xb0\n sysvec_apic_timer_interrupt+0x6e/0x90\n \n \n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\n default_idle_call+0x38/0x60\n do_idle+0x2b5/0x300\n cpu_startup_entry+0x54/0x60\n start_secondary+0x20d/0x280\n common_startup_64+0x13e/0x148\n \nModules linked in: [last unloaded: netfs]\n==================================================================\n\nTherefore delete fscache_cookie_lru_timer when removing the fscahe module." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fscache: eliminar fscache_cookie_lru_timer cuando fscache sale para evitar UAF fscache_cookie_lru_timer se inicializa cuando se inserta el m\u00f3dulo fscache, pero no se elimina cuando se elimina el m\u00f3dulo fscache. Si se llama a timer_reduce() antes de eliminar el m\u00f3dulo fscache, fscache_cookie_lru_timer se agregar\u00e1 a la lista de temporizadores de la CPU actual. Posteriormente, se activar\u00e1 un use after free en el softIRQ despu\u00e9s de quitar el m\u00f3dulo fscache, de la siguiente manera: ======================================================================== ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: fffffbfff803c9e9 PF: acceso de lectura del supervisor en modo kernel PF: error_code(0x0000) - p\u00e1gina no presente PGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Contaminado: GW 6.11.0-rc3 #855 Contaminado: [W]=ADVERTENCIA RIP: 0010:__run_timer_base.part.0+0x254/0x8a0 Rastreo de llamadas: tmigr_handle_remote_up+0x627/0x810 __walk_groups.isra.0+0x47/0x140 tmigr_handle_remote+0x1fa/0x2f0 handle_softirqs+0x180/0x590 irq_exit_rcu+0x84/0xb0 sysvec_apic_timer_interrupt+0x6e/0x90 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 default_idle_call+0x38/0x60 do_idle+0x2b5/0x300 cpu_startup_entry+0x54/0x60 start_secondary+0x20d/0x280 common_startup_64+0x13e/0x148 M\u00f3dulos vinculados en: [\u00faltima descarga: netfs] ======================================================================= Por lo tanto, elimine fscache_cookie_lru_timer al eliminar el m\u00f3dulo fscahe." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46787.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46787.json index 289b8015384..e14b3a0514c 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46787.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46787.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46787", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.833", - "lastModified": "2024-09-18T08:15:05.833", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series \"userfaultfd: fix races around pmd_trans_huge() check\", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n the right two race windows) - I've tested this in a kernel build with\n some extra mdelay() calls. See the commit message for a description\n of the race scenario.\n On older kernels (before 6.5), I think the same bug can even\n theoretically lead to accessing transhuge page contents as a page table\n if you hit the right 5 narrow race windows (I haven't tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n detecting PMDs that don't point to page tables.\n On older kernels (before 6.5), you'd just have to win a single fairly\n wide race to hit this.\n I've tested this on 6.1 stable by racing migration (with a mdelay()\n patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n to yank page tables out from under us (though I haven't tested that),\n so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n mfill_atomic other thread\n ============ ============\n \n pmdp_get_lockless() [reads none pmd]\n \n \n \n __pte_alloc [no-op]\n \n \n BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b (\"mm/pgtable: allow\npte_offset_map[_lock]() to fail\"), this can't lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can't catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no \"struct page\" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding \"struct page\" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn't crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that's redundant, we're going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: userfaultfd: corregir comprobaciones para PMD enormes Serie de parches \"userfaultfd: corregir ejecuci\u00f3ns en torno a la comprobaci\u00f3n pmd_trans_huge()\", v2. El c\u00f3digo pmd_trans_huge() en mfill_atomic() es incorrecto de tres maneras diferentes seg\u00fan la versi\u00f3n del kernel: 1. La comprobaci\u00f3n pmd_trans_huge() es r\u00e1pida y puede llevar a un BUG_ON() (si alcanza las dos ventanas de ejecuci\u00f3n correctas) - He probado esto en una compilaci\u00f3n del kernel con algunas llamadas mdelay() adicionales. Vea el mensaje de confirmaci\u00f3n para obtener una descripci\u00f3n del escenario de ejecuci\u00f3n. En kernels m\u00e1s antiguos (antes de 6.5), creo que el mismo error puede incluso te\u00f3ricamente llevar a acceder a los contenidos de la p\u00e1gina transhuge como una tabla de p\u00e1ginas si alcanza las 5 ventanas de ejecuci\u00f3n estrechas correctas (no he probado este caso). 2. Como se\u00f1al\u00f3 Qi Zheng, pmd_trans_huge() no es suficiente para detectar PMD que no apuntan a tablas de p\u00e1ginas. En kernels m\u00e1s antiguos (anteriores a 6.5), solo tendr\u00edas que ganar una \u00fanica ejecuci\u00f3n bastante amplia para alcanzar esto. He probado esto en 6.1 estable haciendo una ejecuci\u00f3n de migraci\u00f3n (con un mdelay() parcheado en try_to_migrate()) contra UFFDIO_ZEROPAGE - en mi VM x86, eso causa un error de kernel en ptlock_ptr(). 3. En kernels m\u00e1s nuevos (>=6.5), para asignaciones shmem, khugepaged puede arrancar tablas de p\u00e1ginas de debajo de nosotros (aunque no lo he probado), as\u00ed que creo que las comprobaciones BUG_ON() en mfill_atomic() son simplemente incorrectas. Decid\u00ed escribir dos correcciones separadas para estos (una correcci\u00f3n para los errores 1+2, una correcci\u00f3n para el error 3), de modo que la primera correcci\u00f3n pueda ser retroportada a kernels afectados por errores 1+2. Este parche (de 2): Esto corrige dos problemas. Descubr\u00ed que puede ocurrir la siguiente ejecuci\u00f3n: mfill_atomic other thread ============ ============ pmdp_get_lockless() [reads none pmd] __pte_alloc [no-op] BUG_ON(pmd_none(*dst_pmd)) He verificado esto experimentalmente en un kernel con llamadas mdelay() adicionales; se activa BUG_ON(pmd_none(*dst_pmd)). En los kernels m\u00e1s nuevos que el commit 0d940a9b270b (\"mm/pgtable: permitir que pte_offset_map[_lock]() falle\"), esto no puede llevar a nada peor que un BUG_ON(), ya que los ayudantes de acceso a la tabla de p\u00e1ginas est\u00e1n manipulados para lidiar con la desaparici\u00f3n simult\u00e1nea de tablas de p\u00e1ginas; pero en kernels m\u00e1s antiguos (<=6.4), creo que probablemente podr\u00edamos te\u00f3ricamente pasar por alto las dos comprobaciones de BUG_ON() y terminar tratando una p\u00e1gina enorme como una tabla de p\u00e1ginas. El segundo problema es que, como se\u00f1al\u00f3 Qi Zheng, hay otros tipos de PMD enormes que pmd_trans_huge() no puede detectar: PMD de devmap y PMD de intercambio (en particular, PMD de migraci\u00f3n). En <=6.4, esto es peor que el primer problema: si mfill_atomic() se ejecuta en un PMD que contiene una entrada de migraci\u00f3n (que solo requiere ganar una ejecuci\u00f3n \u00fanica y bastante amplia), pasar\u00e1 el PMD a pte_offset_map_lock(), que asume que el PMD apunta a una tabla de p\u00e1ginas. A continuaci\u00f3n, se produce una ruptura: primero, el n\u00facleo intenta tomar el bloqueo PTE (que se bloquear\u00e1 o tal vez ser\u00e1 peor si no hay una \"p\u00e1gina de estructura\" para los bits de direcci\u00f3n en el PMD de la entrada de migraci\u00f3n; creo que al menos en X86 no suele haber una \"p\u00e1gina de estructura\" correspondiente gracias a la mitigaci\u00f3n de inversi\u00f3n de PTE; amd64 se ve diferente). Si eso no se bloquea, el n\u00facleo intentar\u00e1 escribir un PTE en lo que cree err\u00f3neamente que es una tabla de p\u00e1ginas. Como parte de la soluci\u00f3n de estos problemas, elimine la verificaci\u00f3n de pmd_trans_huge() antes de __pte_alloc(); eso es redundante, vamos a tener que verificar eso despu\u00e9s de __pte_alloc() de todos modos. --- truncada ----" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46788.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46788.json index 201618dd381..a5df8975d99 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46788.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46788.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46788", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.893", - "lastModified": "2024-09-18T08:15:05.893", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n rtla timerlat top -u -q & PID=$!;\n sleep 5;\n kill -INT $PID;\n sleep 0.001;\n kill -TERM $PID;\n wait $PID;\n done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS: 0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n \n ? die_addr+0x40/0xa0\n ? exc_general_protection+0x154/0x230\n ? asm_exc_general_protection+0x26/0x30\n ? hrtimer_active+0x58/0x300\n ? __pfx_mutex_lock+0x10/0x10\n ? __pfx_locks_remove_file+0x10/0x10\n hrtimer_cancel+0x15/0x40\n timerlat_fd_release+0x8e/0x1f0\n ? security_file_release+0x43/0x80\n __fput+0x372/0xb10\n task_work_run+0x11e/0x1f0\n ? _raw_spin_lock+0x85/0xe0\n ? __pfx_task_work_run+0x10/0x10\n ? poison_slab_object+0x109/0x170\n ? do_exit+0x7a0/0x24b0\n do_exit+0x7bd/0x24b0\n ? __pfx_migrate_enable+0x10/0x10\n ? __pfx_do_exit+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x64/0x140\n ? _raw_spin_lock_irq+0x86/0xe0\n do_group_exit+0xb0/0x220\n get_signal+0x17ba/0x1b50\n ? vfs_read+0x179/0xa40\n ? timerlat_fd_read+0x30b/0x9d0\n ? __pfx_get_signal+0x10/0x10\n ? __pfx_timerlat_fd_read+0x10/0x10\n arch_do_signal_or_restart+0x8c/0x570\n ? __pfx_arch_do_signal_or_restart+0x10/0x10\n ? vfs_read+0x179/0xa40\n ? ksys_read+0xfe/0x1d0\n ? __pfx_ksys_read+0x10/0x10\n syscall_exit_to_user_mode+0xbc/0x130\n do_syscall_64+0x74/0x110\n ? __pfx___rseq_handle_notify_resume+0x10/0x10\n ? __pfx_ksys_read+0x10/0x10\n ? fpregs_restore_userregs+0xdb/0x1e0\n ? fpregs_restore_userregs+0xdb/0x1e0\n ? syscall_exit_to_user_mode+0x116/0x130\n ? do_syscall_64+0x74/0x110\n ? do_syscall_64+0x74/0x110\n ? do_syscall_64+0x74/0x110\n entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n \n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it \"exit\" before it actually exits.\n\nSince kthread\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing/osnoise: Utilizar una cpumask para saber qu\u00e9 subprocesos son kthreads El c\u00f3digo start_kthread() y stop_thread() no siempre se llamaba con el interface_lock mantenido. Esto significa que la variable kthread podr\u00eda cambiar inesperadamente provocando que se llamara a kthread_stop() en ella cuando no deber\u00eda haberse hecho, lo que lleva a: while true; do rtla timerlat top -u -q & PID=$!; sleep 5; kill -INT $PID; sleep 0.001; kill -TERM $PID; wait $PID; hecho Provocando el siguiente OOPS: Oops: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref en el rango [0x000000000000010-0x0000000000000017] CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 No contaminado 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 01/04/2014 RIP: 0010:hrtimer_active+0x58/0x300 C\u00f3digo: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f RSP: 0018:ffff88811d97f940 EFLAGS: 00010202 RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28 RBP: 000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60 R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28 FS: 000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0 Llamada Rastro: ? die_addr+0x40/0xa0 ? exc_general_protection+0x154/0x230 ? asm_exc_general_protection+0x26/0x30 ? hrtimer_active+0x58/0x300 ? __pfx_mutex_lock+0x10/0x10 ? __pfx_locks_remove_file+0x10/0x10 hrtimer_cancel+0x15/0x40 timerlat_fd_release+0x8e/0x1f0 ? security_file_release+0x43/0x80 __fput+0x372/0xb10 task_work_run+0x11e/0x1f0 ? _raw_spin_lock+0x85/0xe0 ? __pfx_task_work_run+0x10/0x10 ? objeto poison_slab+0x109/0x170 ? do_exit+0x7a0/0x24b0 do_exit+0x7bd/0x24b0 ? __pfx_migrate_enable+0x10/0x10 ? __pfx_do_exit+0x10/0x10 ? __pfx_read_tsc+0x10/0x10 ? ktime_get+0x64/0x140 ? _raw_spin_lock_irq+0x86/0xe0 do_group_exit+0xb0/0x220 obtener_se\u00f1al+0x17ba/0x1b50 ? vfs_read+0x179/0xa40 ? timerlat_fd_read+0x30b/0x9d0 ? __pfx_get_signal+0x10/0x10 ? __pfx_timerlat_fd_read+0x10/0x10 arch_do_signal_or_restart+0x8c/0x570 ? __pfx_arch_do_signal_or_restart+0x10/0x10 ? vfs_read+0x179/0xa40 ? ksys_read+0xfe/0x1d0 ? __pfx_ksys_read+0x10/0x10 syscall_salir_al_modo_usuario+0xbc/0x130 do_syscall_64+0x74/0x110 ? __pfx___rseq_handle_notify_resume+0x10/0x10 ? __pfx_ksys_read+0x10/0x10 ? fpregs_restore_userregs+0xdb/0x1e0 ? fpregs_restore_userregs+0xdb/0x1e0 ? syscall_salir_al_modo_usuario+0x116/0x130 ? do_syscall_64+0x74/0x110 ? do_syscall_64+0x74/0x110 ? do_syscall_64+0x74/0x110 entry_SYSCALL_64_after_hwframe+0x71/0x79 RIP: 0033:0x7ff0070eca9c C\u00f3digo: No se puede acceder a los bytes del c\u00f3digo de operaci\u00f3n en 0x7ff0070eca72. RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003 RBP: 00007ff006dffde0 R08: 000000000000000 R09: 00007ff000000ba0 R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003 R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008 M\u00f3dulos vinculados en: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core ---[ fin del seguimiento 000000000000000 ]--- Esto se debe a que llamar\u00eda por error a kthread_stop() en un hilo de espacio de usuario, lo que har\u00eda que \"salga\" antes de que realmente salga. Dado que kthread ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46789.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46789.json index bbda9cebf05..3ab52ebd7ca 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46789.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46789.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46789", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:05.957", - "lastModified": "2024-09-18T08:15:05.957", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: add check for s->flags in the alloc_tagging_slab_free_hook\n\nWhen enable CONFIG_MEMCG & CONFIG_KFENCE & CONFIG_KMEMLEAK, the following\nwarning always occurs,This is because the following call stack occurred:\nmem_pool_alloc\n kmem_cache_alloc_noprof\n slab_alloc_node\n kfence_alloc\n\nOnce the kfence allocation is successful,slab->obj_exts will not be empty,\nbecause it has already been assigned a value in kfence_init_pool.\n\nSince in the prepare_slab_obj_exts_hook function,we perform a check for\ns->flags & (SLAB_NO_OBJ_EXT | SLAB_NOLEAKTRACE),the alloc_tag_add function\nwill not be called as a result.Therefore,ref->ct remains NULL.\n\nHowever,when we call mem_pool_free,since obj_ext is not empty, it\neventually leads to the alloc_tag_sub scenario being invoked. This is\nwhere the warning occurs.\n\nSo we should add corresponding checks in the alloc_tagging_slab_free_hook.\nFor __GFP_NO_OBJ_EXT case,I didn't see the specific case where it's using\nkfence,so I won't add the corresponding check in\nalloc_tagging_slab_free_hook for now.\n\n[ 3.734349] ------------[ cut here ]------------\n[ 3.734807] alloc_tag was not set\n[ 3.735129] WARNING: CPU: 4 PID: 40 at ./include/linux/alloc_tag.h:130 kmem_cache_free+0x444/0x574\n[ 3.735866] Modules linked in: autofs4\n[ 3.736211] CPU: 4 UID: 0 PID: 40 Comm: ksoftirqd/4 Tainted: G W 6.11.0-rc3-dirty #1\n[ 3.736969] Tainted: [W]=WARN\n[ 3.737258] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\n[ 3.737875] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 3.738501] pc : kmem_cache_free+0x444/0x574\n[ 3.738951] lr : kmem_cache_free+0x444/0x574\n[ 3.739361] sp : ffff80008357bb60\n[ 3.739693] x29: ffff80008357bb70 x28: 0000000000000000 x27: 0000000000000000\n[ 3.740338] x26: ffff80008207f000 x25: ffff000b2eb2fd60 x24: ffff0000c0005700\n[ 3.740982] x23: ffff8000804229e4 x22: ffff800082080000 x21: ffff800081756000\n[ 3.741630] x20: fffffd7ff8253360 x19: 00000000000000a8 x18: ffffffffffffffff\n[ 3.742274] x17: ffff800ab327f000 x16: ffff800083398000 x15: ffff800081756df0\n[ 3.742919] x14: 0000000000000000 x13: 205d344320202020 x12: 5b5d373038343337\n[ 3.743560] x11: ffff80008357b650 x10: 000000000000005d x9 : 00000000ffffffd0\n[ 3.744231] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008237bad0 x6 : c0000000ffff7fff\n[ 3.744907] x5 : ffff80008237ba78 x4 : ffff8000820bbad0 x3 : 0000000000000001\n[ 3.745580] x2 : 68d66547c09f7800 x1 : 68d66547c09f7800 x0 : 0000000000000000\n[ 3.746255] Call trace:\n[ 3.746530] kmem_cache_free+0x444/0x574\n[ 3.746931] mem_pool_free+0x44/0xf4\n[ 3.747306] free_object_rcu+0xc8/0xdc\n[ 3.747693] rcu_do_batch+0x234/0x8a4\n[ 3.748075] rcu_core+0x230/0x3e4\n[ 3.748424] rcu_core_si+0x14/0x1c\n[ 3.748780] handle_softirqs+0x134/0x378\n[ 3.749189] run_ksoftirqd+0x70/0x9c\n[ 3.749560] smpboot_thread_fn+0x148/0x22c\n[ 3.749978] kthread+0x10c/0x118\n[ 3.750323] ret_from_fork+0x10/0x20\n[ 3.750696] ---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/slub: agregar comprobaci\u00f3n de s->flags en alloc_tagging_slab_free_hook Cuando se habilitan CONFIG_MEMCG y CONFIG_KFENCE y CONFIG_KMEMLEAK, siempre aparece la siguiente advertencia. Esto se debe a que se produjo la siguiente pila de llamadas: mem_pool_alloc kmem_cache_alloc_noprof slab_alloc_node kfence_alloc Una vez que la asignaci\u00f3n de kfence es exitosa, slab->obj_exts no estar\u00e1 vac\u00edo, porque ya se le ha asignado un valor en kfence_init_pool. Dado que en la funci\u00f3n prepare_slab_obj_exts_hook, realizamos una comprobaci\u00f3n de s->flags y (SLAB_NO_OBJ_EXT | SLAB_NOLEAKTRACE), la funci\u00f3n alloc_tag_add no se llamar\u00e1 como resultado. Por lo tanto, ref->ct permanece NULL. Sin embargo, cuando llamamos a mem_pool_free, dado que obj_ext no est\u00e1 vac\u00edo, finalmente se invoca el escenario alloc_tag_sub. Aqu\u00ed es donde se produce la advertencia. Por lo tanto, deber\u00edamos agregar las comprobaciones correspondientes en alloc_tagging_slab_free_hook. Para el caso de __GFP_NO_OBJ_EXT, no vi el caso espec\u00edfico en el que se usa kfence, por lo que no agregar\u00e9 la comprobaci\u00f3n correspondiente en alloc_tagging_slab_free_hook por ahora. [ 3.734349] ------------[ cortar aqu\u00ed ]------------ [ 3.734807] alloc_tag no se configur\u00f3 [ 3.735129] ADVERTENCIA: CPU: 4 PID: 40 en ./include/linux/alloc_tag.h:130 kmem_cache_free+0x444/0x574 [ 3.735866] M\u00f3dulos vinculados en: autofs4 [ 3.736211] CPU: 4 UID: 0 PID: 40 Comm: ksoftirqd/4 Contaminado: GW 6.11.0-rc3-dirty #1 [ 3.736969] Contaminado: [W]=WARN [ 3.737258] Nombre del hardware: QEMU KVM Virtual Machine, BIOS desconocido 2/2/2022 [ 3.737875] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.738501] pc : kmem_cache_free+0x444/0x574 [ 3.738951] lr : kmem_cache_free+0x444/0x574 [ 3.739361] sp : ffff80008357bb60 [ 3.739693] x29: ffff80008357bb70 x28: 0000000000000000 x27: 0000000000000000 [ 3.740338] x26: ffff80008207f000 x25: ffff000b2eb2fd60 x24: ffff0000c0005700 [ 3.740982] x23: ffff8000804229e4 x22: ffff800082080000 x21: ffff800081756000 [ 3.741630] x20: fffffd7ff8253360 x19: 00000000000000a8 x18: ffffffffffffffffff [ 3.742274] x17: ffff800ab327f000 x16: ffff800083398000 x15: ffff800081756df0 [ 3.742919] x14: 0000000000000000 x13: 205d344320202020 x12: 5b5d373038343337 [ 3.743560] x11: ffff80008357b650 x10: 000000000000005d x9 : 00000000ff ffffd0 [3.744231] x8: 7f7f7f7f7f7f7f7f x7: ffff80008237bad0 x6: c0000000ffff7fff [3.744907] x5: ffff80008237ba78 x4: ffff8000820bbad0 x3: 00000000000000001 [ 3.745580] x2 : 68d66547c09f7800 x1 : 68d66547c09f7800 x0 : 0000000000000000 [ 3.746255] Rastreo de llamadas: [ 3.746530] kmem_cache_free+0x444/0x574 [ 3.746931] mem_pool_free+0x44/0xf4 [ 3.747306] free_object_rcu+0xc8/0xdc [ 3.747693] rcu_do_batch+0x234/0x8a4 [ 3.748075] rcu_core+0x230/0x3e4 [ 3.748424] rcu_core_si+0x14/0x1c [ 3.748780] handle_softirqs+0x134/0x378 [ 3.749189] run_ksoftirqd+0x70/0x9c [ 3.749560] smpboot_thread_fn+0x148/0x22c [ 3.749978] kthread+0x10c/0x118 [ 3.750323] ret_from_fork+0x10/0x20 [ 3.750696] ---[ fin de seguimiento 0000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46790.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46790.json index e5b542b538b..49b7c2ddf9a 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46790.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46790.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46790", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.010", - "lastModified": "2024-09-18T08:15:06.010", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodetag: debug: mark codetags for poisoned page as empty\n\nWhen PG_hwpoison pages are freed they are treated differently in\nfree_pages_prepare() and instead of being released they are isolated.\n\nPage allocation tag counters are decremented at this point since the page\nis considered not in use. Later on when such pages are released by\nunpoison_memory(), the allocation tag counters will be decremented again\nand the following warning gets reported:\n\n[ 113.930443][ T3282] ------------[ cut here ]------------\n[ 113.931105][ T3282] alloc_tag was not set\n[ 113.931576][ T3282] WARNING: CPU: 2 PID: 3282 at ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164\n[ 113.932866][ T3282] Modules linked in: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4\n[ 113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: loaded Tainted: G W 6.11.0-rc4-dirty #18\n[ 113.943003][ T3282] Tainted: [W]=WARN\n[ 113.943453][ T3282] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\n[ 113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164\n[ 113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164\n[ 113.946706][ T3282] sp : ffff800087093a10\n[ 113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0\n[ 113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000\n[ 113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000\n[ 113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffff\n[ 113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210\n[ 113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339\n[ 113.954120][ T3282] x11: ffff800087093500 x10: 000000000000005d x9 : 00000000ffffffd0\n[ 113.955078][ T3282] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008236ba90 x6 : c0000000ffff7fff\n[ 113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001\n[ 113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000\n[ 113.957962][ T3282] Call trace:\n[ 113.958350][ T3282] pgalloc_tag_sub.part.66+0x154/0x164\n[ 113.959000][ T3282] pgalloc_tag_sub+0x14/0x1c\n[ 113.959539][ T3282] free_unref_page+0xf4/0x4b8\n[ 113.960096][ T3282] __folio_put+0xd4/0x120\n[ 113.960614][ T3282] folio_put+0x24/0x50\n[ 113.961103][ T3282] unpoison_memory+0x4f0/0x5b0\n[ 113.961678][ T3282] hwpoison_unpoison+0x30/0x48 [hwpoison_inject]\n[ 113.962436][ T3282] simple_attr_write_xsigned.isra.34+0xec/0x1cc\n[ 113.963183][ T3282] simple_attr_write+0x38/0x48\n[ 113.963750][ T3282] debugfs_attr_write+0x54/0x80\n[ 113.964330][ T3282] full_proxy_write+0x68/0x98\n[ 113.964880][ T3282] vfs_write+0xdc/0x4d0\n[ 113.965372][ T3282] ksys_write+0x78/0x100\n[ 113.965875][ T3282] __arm64_sys_write+0x24/0x30\n[ 113.966440][ T3282] invoke_syscall+0x7c/0x104\n[ 113.966984][ T3282] el0_svc_common.constprop.1+0x88/0x104\n[ 113.967652][ T3282] do_el0_svc+0x2c/0x38\n[ 113.968893][ T3282] el0_svc+0x3c/0x1b8\n[ 113.969379][ T3282] el0t_64_sync_handler+0x98/0xbc\n[ 113.969980][ T3282] el0t_64_sync+0x19c/0x1a0\n[ 113.970511][ T3282] ---[ end trace 0000000000000000 ]---\n\nTo fix this, clear the page tag reference after the page got isolated\nand accounted for." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: codetag: debug: marcar los codetags de las p\u00e1ginas envenenadas como vac\u00edos Cuando se liberan las p\u00e1ginas PG_hwpoison, se las trata de forma diferente en free_pages_prepare() y, en lugar de liberarse, se las a\u00edsla. Los contadores de etiquetas de asignaci\u00f3n de p\u00e1ginas se reducen en este punto, ya que se considera que la p\u00e1gina no est\u00e1 en uso. M\u00e1s adelante, cuando unpoison_memory() libere dichas p\u00e1ginas, los contadores de etiquetas de asignaci\u00f3n se reducir\u00e1n nuevamente y se informar\u00e1 la siguiente advertencia: [ 113.930443][ T3282] ------------[ cortar aqu\u00ed ]------------ [ 113.931105][ T3282] alloc_tag no se configur\u00f3 [ 113.931576][ T3282] ADVERTENCIA: CPU: 2 PID: 3282 en ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164 [ 113.932866][ T3282] M\u00f3dulos vinculados en: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4 [ 113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: cargado Contaminado: GW 6.11.0-rc4-dirty #18 [ 113.943003][ T3282] Contaminado: [W]=WARN [ 113.943453][ T3282] Nombre del hardware: M\u00e1quina virtual KVM QEMU, BIOS desconocido 2/2/2022 [ 113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946706][ T3282] sp : ffff800087093a10 [ 113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0 [ 113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000 [ 113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000 [ 113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffffff [ 113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210 [ 113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339 [ 113.954120][ T3282] x11: ffff800087093500 x10: 00000000000005d x9: 00000000ffffffd0 [ 113.955078][ T3282] x8: 7f7f7f7f7f7f7f7f x7: ffff80008236ba90 x6 : c0000000ffff7fff [ 113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001 [ 113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000 [ 113.957962][ T3282] Rastreo de llamadas: [ 113.958350][ T3282] pgalloc_tag_sub.part.66+0x154/0x164 [ 113.959000][ T3282] pgalloc_tag_sub+0x14/0x1c [ 113.959539][ T3282] p\u00e1gina libre sin referencia+0xf4/0x4b8 [ 113.960096][ T3282] __folio_put+0xd4/0x120 [ 113.960614][ T3282] folio_put+0x24/0x50 [ 113.961103][ T3282] memoria sin envenenar+0x4f0/0x5b0 [ 113.961678][ T3282] memoria sin envenenar+0x30/0x48 [hwpoison_inject] [ 113.962436][ T3282] escritura_attr_simple_xsigned.isra.34+0xec/0x1cc [ 113.963183][ T3282] escritura_attr_simple+0x38/0x48 [ 113.963750][ T3282] escritura_attr_debugfs+0x54/0x80 [ 113.964330][ T3282] escritura_proxy_completa+0x68/0x98 [ 113.964880][ T3282] escritura_vfs+0xdc/0x4d0 [ 113.965372][ T3282] escritura_ksys+0x78/0x100 [ 113.965875][ T3282] __arm64_sys_write+0x24/0x30 [ 113.966440][ T3282] invocar_llamada_al_sistema+0x7c/0x104 [ 113.966984][ T3282] el0_svc_common.constprop.1+0x88/0x104 [ 113.967652][ T3282] do_el0_svc+0x2c/0x38 [ 113.968893][ T3282] el0_svc+0x3c/0x1b8 [ 113.969379][ T3282] el0t_64_sync_handler+0x98/0xbc [ 113.969980][ T3282] el0t_64_sync+0x19c/0x1a0 [ 113.970511][ T3282] ---[ fin del seguimiento 0000000000000000 ]--- Para solucionar esto, borre la referencia de la etiqueta de p\u00e1gina despu\u00e9s de que la p\u00e1gina haya sido aislada y contabilizada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46791.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46791.json index 8d04d358a6b..89770eb3083 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46791.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46791.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46791", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.067", - "lastModified": "2024-09-18T08:15:06.067", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0 CPU1\n---- ----\nmcp251x_open()\n mutex_lock(&priv->mcp_lock)\n request_threaded_irq()\n \n mcp251x_can_ist()\n mutex_lock(&priv->mcp_lock)\n mcp251x_hw_wake()\n disable_irq() <-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn't matter if it's still\nrunning." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: mcp251x: soluciona el bloqueo si se produce una interrupci\u00f3n durante mcp251x_open La funci\u00f3n mcp251x_hw_wake() se llama con el mutex mpc_lock retenido y desactiva el controlador de interrupciones para que no se puedan procesar interrupciones mientras se activa el dispositivo. Si ya se produjo una interrupci\u00f3n, esperar a que se complete el controlador de interrupciones provocar\u00e1 un bloqueo porque intentar\u00e1 adquirir el mismo mutex. CPU0 CPU1 ---- ---- mcp251x_open() mutex_lock(&priv->mcp_lock) request_threaded_irq() mcp251x_can_ist() mutex_lock(&priv->mcp_lock) mcp251x_hw_wake() deshabilitar_irq() <-- bloqueo Utilice deshabilitar_irq_nosync() en su lugar porque el controlador de interrupciones hace todo mientras mantiene el mutex, por lo que no importa si todav\u00eda se est\u00e1 ejecutando." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46792.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46792.json index 99ffc59aa12..7bb8525b2c9 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46792.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46792.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46792", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.123", - "lastModified": "2024-09-18T08:15:06.123", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: misaligned: Restrict user access to kernel memory\n\nraw_copy_{to,from}_user() do not call access_ok(), so this code allowed\nuserspace to access any virtual memory address." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: misaligned: Restringe el acceso del usuario a la memoria del kernel raw_copy_{to,from}_user() no llama a access_ok(), por lo que este c\u00f3digo permit\u00eda que el espacio de usuario accediera a cualquier direcci\u00f3n de memoria virtual." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46793.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46793.json index b4f002a877c..99b8cf6281f 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46793.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46793.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46793", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.177", - "lastModified": "2024-09-18T08:15:06.177", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder\n\nSince commit 13f58267cda3 (\"ASoC: soc.h: don't create dummy Component\nvia COMP_DUMMY()\") dummy codecs declared like this:\n\nSND_SOC_DAILINK_DEF(dummy,\n DAILINK_COMP_ARRAY(COMP_DUMMY()));\n\nexpand to:\n\nstatic struct snd_soc_dai_link_component dummy[] = {\n};\n\nWhich means that dummy is a zero sized array and thus dais[i].codecs should\nnot be dereferenced *at all* since it points to the address of the next\nvariable stored in the data section as the \"dummy\" variable has an address\nbut no size, so even dereferencing dais[0] is already an out of bounds\narray reference.\n\nWhich means that the if (dais[i].codecs->name) check added in\ncommit 7d99a70b6595 (\"ASoC: Intel: Boards: Fix NULL pointer deref\nin BYT/CHT boards\") relies on that the part of the next variable which\nthe name member maps to just happens to be NULL.\n\nWhich apparently so far it usually is, except when it isn't\nand then it results in crashes like this one:\n\n[ 28.795659] BUG: unable to handle page fault for address: 0000000000030011\n...\n[ 28.795780] Call Trace:\n[ 28.795787] \n...\n[ 28.795862] ? strcmp+0x18/0x40\n[ 28.795872] 0xffffffffc150c605\n[ 28.795887] platform_probe+0x40/0xa0\n...\n[ 28.795979] ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102]\n\nReally fix things this time around by checking dais.num_codecs != 0." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: Intel: Placas: Arreglar la desreferenciaci\u00f3n del puntero NULL en las placas BYT/CHT de forma m\u00e1s dif\u00edcil Desde el commit 13f58267cda3 (\"ASoC: soc.h: no crear un componente ficticio mediante COMP_DUMMY()\"), los c\u00f3decs ficticios se declaran de esta manera: SND_SOC_DAILINK_DEF(dummy, DAILINK_COMP_ARRAY(COMP_DUMMY())); expandir a: static struct snd_soc_dai_link_component dummy[] = { }; Lo que significa que dummy es una matriz de tama\u00f1o cero y, por lo tanto, dais[i].codecs no deber\u00eda desreferenciarse *en absoluto*, ya que apunta a la direcci\u00f3n de la siguiente variable almacenada en la secci\u00f3n de datos, ya que la variable \"ficticia\" tiene una direcci\u00f3n pero no un tama\u00f1o, por lo que incluso desreferenciar dais[0] ya es una referencia de matriz fuera de l\u00edmites. Esto significa que la comprobaci\u00f3n if (dais[i].codecs->name) a\u00f1adida en el commit 7d99a70b6595 (\"ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards\") se basa en que la parte de la siguiente variable a la que se asigna el miembro name resulta ser NULL. Lo que aparentemente hasta ahora suele ser as\u00ed, excepto cuando no lo es y entonces da como resultado fallos como este: [ 28.795659] ERROR: no se puede gestionar la falla de p\u00e1gina para la direcci\u00f3n: 0000000000030011 ... [ 28.795780] Seguimiento de llamadas: [ 28.795787] ... [ 28.795862] ? strcmp+0x18/0x40 [ 28.795872] 0xffffffffc150c605 [ 28.795887] platform_probe+0x40/0xa0 ... [ 28.795979] ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102] Esta vez realmente solucione las cosas comprobando que dais.num_codecs != 0." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46794.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46794.json index 2072c196d5c..50ebe9506b4 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46794.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46794.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46794", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.230", - "lastModified": "2024-09-18T08:15:06.230", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what 'val' is used for. ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/tdx: Se corrige la fuga de datos en mmio_read() La funci\u00f3n mmio_read() realiza una TDVMCALL para recuperar datos MMIO para una direcci\u00f3n del VMM. Sean not\u00f3 que mmio_read() expone involuntariamente el valor de una variable inicializada (val) en la pila al VMM. Esta variable solo se necesita como valor de salida. No era necesario pasarla al VMM en primer lugar. No env\u00ede el valor original de *val al VMM. [ dhansen: aclare para qu\u00e9 se usa 'val'. ]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46795.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46795.json index d9044b3c793..dddd4baacc8 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46795.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46795.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46795", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.280", - "lastModified": "2024-09-18T08:15:06.280", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn->binding can\nstill remain true and generate_preauth_hash() will not set\nsess->Preauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: anular la marca de enlace de una conexi\u00f3n reutilizada Steve French inform\u00f3 de un error de desreferencia de puntero nulo de la librer\u00eda sha256. cifs.ko puede enviar solicitudes de configuraci\u00f3n de sesi\u00f3n en una conexi\u00f3n reutilizada. Si se utiliza una conexi\u00f3n reutilizada para vincular la sesi\u00f3n, conn->binding puede seguir siendo verdadero y generate_preauth_hash() no establecer\u00e1 sess->Preauth_HashValue y ser\u00e1 NULL. Se utiliza como material para crear una clave de cifrado en ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue provoca un error de desreferencia de puntero nulo de crypto_shash_update(). ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000000 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Nombre del hardware: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Cola de trabajo: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? error_p\u00e1gina_oops+0x99/0x1b0 ? error_direcci\u00f3n_usuario+0x2ee/0x6b0 ? error_p\u00e1gina_exc+0x83/0x1b0 ? error_p\u00e1gina_exc+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generar_clave+0x234/0x380 [ksmbd] generar_clave_de_cifrado_smb3+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_clave_de_cifrado+0x72/0xa0 [ksmbd] __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_de_fork_asm+0x1b/0x30 " } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46796.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46796.json index d5b772e3823..7d10c31dee8 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46796.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46796.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46796", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.340", - "lastModified": "2024-09-18T08:15:06.340", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_set_path_size()\n\nIf smb2_compound_op() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() before retrying it\nas the reference of @cfile was already dropped by previous call.\n\nThis fixes the following KASAN splat when running fstests generic/013\nagainst Windows Server 2022:\n\n CIFS: Attempting to mount //w22-fs0/scratch\n run fstests generic/013 at 2024-09-02 19:48:59\n ==================================================================\n BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200\n Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176\n\n CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40\n 04/01/2014\n Workqueue: cifsoplockd cifs_oplock_break [cifs]\n Call Trace:\n \n dump_stack_lvl+0x5d/0x80\n ? detach_if_pending+0xab/0x200\n print_report+0x156/0x4d9\n ? detach_if_pending+0xab/0x200\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? detach_if_pending+0xab/0x200\n kasan_report+0xda/0x110\n ? detach_if_pending+0xab/0x200\n detach_if_pending+0xab/0x200\n timer_delete+0x96/0xe0\n ? __pfx_timer_delete+0x10/0x10\n ? rcu_is_watching+0x20/0x50\n try_to_grab_pending+0x46/0x3b0\n __cancel_work+0x89/0x1b0\n ? __pfx___cancel_work+0x10/0x10\n ? kasan_save_track+0x14/0x30\n cifs_close_deferred_file+0x110/0x2c0 [cifs]\n ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs]\n ? __pfx_down_read+0x10/0x10\n cifs_oplock_break+0x4c1/0xa50 [cifs]\n ? __pfx_cifs_oplock_break+0x10/0x10 [cifs]\n ? lock_is_held_type+0x85/0xf0\n ? mark_held_locks+0x1a/0x90\n process_one_work+0x4c6/0x9f0\n ? find_held_lock+0x8a/0xa0\n ? __pfx_process_one_work+0x10/0x10\n ? lock_acquired+0x220/0x550\n ? __list_add_valid_or_report+0x37/0x100\n worker_thread+0x2e4/0x570\n ? __kthread_parkme+0xd1/0xf0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x17f/0x1c0\n ? kthread+0xda/0x1c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\n Allocated by task 1118:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n cifs_new_fileinfo+0xc8/0x9d0 [cifs]\n cifs_atomic_open+0x467/0x770 [cifs]\n lookup_open.isra.0+0x665/0x8b0\n path_openat+0x4c3/0x1380\n do_filp_open+0x167/0x270\n do_sys_openat2+0x129/0x160\n __x64_sys_creat+0xad/0xe0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 83:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n poison_slab_object+0xe9/0x160\n __kasan_slab_free+0x32/0x50\n kfree+0xf2/0x300\n process_one_work+0x4c6/0x9f0\n worker_thread+0x2e4/0x570\n kthread+0x17f/0x1c0\n ret_from_fork+0x31/0x60\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x30/0x50\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x29/0xe0\n __queue_work+0x5ea/0x760\n queue_work_on+0x6d/0x90\n _cifsFileInfo_put+0x3f6/0x770 [cifs]\n smb2_compound_op+0x911/0x3940 [cifs]\n smb2_set_path_size+0x228/0x270 [cifs]\n cifs_set_file_size+0x197/0x460 [cifs]\n cifs_setattr+0xd9c/0x14b0 [cifs]\n notify_change+0x4e3/0x740\n do_truncate+0xfa/0x180\n vfs_truncate+0x195/0x200\n __x64_sys_truncate+0x109/0x150\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: se corrige la doble colocaci\u00f3n de @cfile en smb2_set_path_size() Si se llama a smb2_compound_op() con un @cfile v\u00e1lido y se devuelve -EINVAL, debemos llamar a cifs_get_writable_path() antes de volver a intentarlo ya que la referencia de @cfile ya fue descartada por la llamada anterior. Esto corrige el siguiente error de KASAN al ejecutar fstests generic/013 contra Windows Server 2022: CIFS: Intentando montar //w22-fs0/scratch ejecutar fstests generic/013 a las 2024-09-02 19:48:59 ====================================================================== ERROR: KASAN: slab-use-after-free en detach_if_pending+0xab/0x200 Escritura de tama\u00f1o 8 en la direcci\u00f3n ffff88811f1a3730 por la tarea kworker/3:2/176 CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 No contaminado 6.11.0-rc6 #2 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 01/04/2014 Cola de trabajo: cifsoplockd cifs_oplock_break [cifs] Seguimiento de llamadas: dump_stack_lvl+0x5d/0x80 ? detach_if_pending+0xab/0x200 print_report+0x156/0x4d9 ? detach_if_pending+0xab/0x200 ? __virt_addr_valid+0x145/0x300 ? __phys_addr+0x46/0x90 ? detach_if_pending+0xab/0x200 kasan_report+0xda/0x110 ? detach_if_pending+0xab/0x200 detach_if_pending+0xab/0x200 timer_delete+0x96/0xe0 ? __pfx_timer_delete+0x10/0x10 ? rcu_is_watching+0x20/0x50 try_to_grab_pending+0x46/0x3b0 __cancel_work+0x89/0x1b0 ? __pfx___cancel_work+0x10/0x10 ? kasan_save_track+0x14/0x30 cifs_close_deferred_file+0x110/0x2c0 [cifs] ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs] ? __pfx_down_read+0x10/0x10 cifs_oplock_break+0x4c1/0xa50 [cifs] ? __pfx_cifs_oplock_break+0x10/0x10 [cifs] ? tipo_bloqueo_retenido+0x85/0xf0 ? marcar_bloqueos_retenidos+0x1a/0x90 proceso_una_obra+0x4c6/0x9f0 ? encontrar_bloqueo_retenido+0x8a/0xa0 ? __pfx_proceso_una_obra+0x10/0x10 ? bloqueo_adquirido+0x220/0x550 ? __lista_agregar_v\u00e1lido_o_informe+0x37/0x100 subproceso_trabajador+0x2e4/0x570 ? __pfx_kthread+0x10/0x10 ret_de_la_bifurcaci\u00f3n+0x31/0x60 ? Asignado por la tarea 1118: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 cifs_new_fileinfo+0xc8/0x9d0 [cifs] cifs_atomic_open+0x467/0x770 [cifs] lookup_open.isra.0+0x665/0x8b0 path_openat+0x4c3/0x1380 do_filp_open+0x167/0x270 do_sys_openat2+0x129/0x160 __x64_sys_creat+0xad/0xe0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Liberado por la tarea 83: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x70 poison_slab_object+0xe9/0x160 __kasan_slab_free+0x32/0x50 kfree+0xf2/0x300 process_one_work+0x4c6/0x9f0 worker_thread+0x2e4/0x570 kthread+0x17f/0x1c0 ret_from_fork+0x31/0x60 ret_from_fork_asm+0x1a/0x30 \u00daltima creaci\u00f3n de trabajo potencialmente relacionado: kasan_save_stack+0x30/0x50 __kasan_record_aux_stack+0xad/0xc0 insert_work+0x29/0xe0 __queue_work+0x5ea/0x760 queue_work_on+0x6d/0x90 _cifsFileInfo_put+0x3f6/0x770 [cifs] smb2_compound_op+0x911/0x3940 [cifs] smb2_set_path_size+0x228/0x270 [cifs] cifs_set_file_size+0x197/0x460 [cifs] cifs_setattr+0xd9c/0x14b0 [cifs] notificar_cambio+0x4e3/0x740 hacer_truncar+0xfa/0x180 vfs_truncar+0x195/0x200 __x64_sys_truncar+0x109/0x150 hacer_syscall_64+0xbb/0x1d0 entrada_SYSCALL_64_despu\u00e9s_hwframe+0x77/0x7f" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46797.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46797.json index 5b6d3d960f7..ddbad89e33e 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46797.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46797.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46797", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.403", - "lastModified": "2024-09-18T08:15:06.403", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp->count and before node->lock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the \"next\" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it's \"next\" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n --maximize --oomable --verify --syslog \\\n --metrics --times --timeout 5m\n\n watchdog: CPU 15 Hard LOCKUP\n ......\n NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n Call Trace:\n 0xc000002cfffa3bf0 (unreliable)\n _raw_spin_lock+0x6c/0x90\n raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n sched_ttwu_pending+0x60/0x1f0\n __flush_smp_call_function_queue+0x1dc/0x670\n smp_ipi_demux_relaxed+0xa4/0x100\n xive_muxed_ipi_action+0x20/0x40\n __handle_irq_event_percpu+0x80/0x240\n handle_irq_event_percpu+0x2c/0x80\n handle_percpu_irq+0x84/0xd0\n generic_handle_irq+0x54/0x80\n __do_irq+0xac/0x210\n __do_IRQ+0x74/0xd0\n 0x0\n do_IRQ+0x8c/0x170\n hardware_interrupt_common_virt+0x29c/0x2a0\n --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n ......\n NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n --- interrupt: 500\n 0xc0000029c1a41d00 (unreliable)\n _raw_spin_lock+0x6c/0x90\n futex_wake+0x100/0x260\n do_futex+0x21c/0x2a0\n sys_futex+0x98/0x270\n system_call_exception+0x14c/0x2f0\n system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n CPU0 CPU1\n ---- ----\n spin_lock_irqsave(A) |\n spin_unlock_irqrestore(A) |\n spin_lock(B) |\n | |\n \u25bc |\n id = qnodesp->count++; |\n (Note that nodes[0].lock == A) |\n | |\n \u25bc |\n Interrupt |\n (happens before \"nodes[0].lock = B\") |\n | |\n \u25bc |\n spin_lock_irqsave(A) |\n | |\n \u25bc |\n id = qnodesp->count++ |\n nodes[1].lock = A |\n | |\n \u25bc |\n Tail of MCS queue |\n | spin_lock_irqsave(A)\n \u25bc |\n Head of MCS queue \u25bc\n | CPU0 is previous tail\n \u25bc |\n Spin indefinitely \u25bc\n (until \"nodes[1].next != NULL\") prev = get_tail_qnode(A, CPU0)\n |\n \u25bc\n prev == &qnodes[CPU0].nodes[0]\n (as qnodes\n---truncated---" + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp->count and before node->lock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the \"next\" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it's \"next\" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n --maximize --oomable --verify --syslog \\\n --metrics --times --timeout 5m\n\n watchdog: CPU 15 Hard LOCKUP\n ......\n NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n Call Trace:\n 0xc000002cfffa3bf0 (unreliable)\n _raw_spin_lock+0x6c/0x90\n raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n sched_ttwu_pending+0x60/0x1f0\n __flush_smp_call_function_queue+0x1dc/0x670\n smp_ipi_demux_relaxed+0xa4/0x100\n xive_muxed_ipi_action+0x20/0x40\n __handle_irq_event_percpu+0x80/0x240\n handle_irq_event_percpu+0x2c/0x80\n handle_percpu_irq+0x84/0xd0\n generic_handle_irq+0x54/0x80\n __do_irq+0xac/0x210\n __do_IRQ+0x74/0xd0\n 0x0\n do_IRQ+0x8c/0x170\n hardware_interrupt_common_virt+0x29c/0x2a0\n --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n ......\n NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n --- interrupt: 500\n 0xc0000029c1a41d00 (unreliable)\n _raw_spin_lock+0x6c/0x90\n futex_wake+0x100/0x260\n do_futex+0x21c/0x2a0\n sys_futex+0x98/0x270\n system_call_exception+0x14c/0x2f0\n system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n CPU0 CPU1\n ---- ----\n spin_lock_irqsave(A) |\n spin_unlock_irqrestore(A) |\n spin_lock(B) |\n | |\n ? |\n id = qnodesp->count++; |\n (Note that nodes[0].lock == A) |\n | |\n ? |\n Interrupt |\n (happens before \"nodes[0].lock = B\") |\n | |\n ? |\n spin_lock_irqsave(A) |\n | |\n ? |\n id = qnodesp->count++ |\n nodes[1].lock = A |\n | |\n ? |\n Tail of MCS queue |\n | spin_lock_irqsave(A)\n ? |\n Head of MCS queue ?\n | CPU0 is previous tail\n ? |\n Spin indefinitely ?\n (until \"nodes[1].next != NULL\") prev = get_tail_qnode(A, CPU0)\n |\n ?\n prev == &qnodes[CPU0].nodes[0]\n (as qnodes\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/qspinlock: Se corrige el bloqueo en la cola MCS Si se produce una interrupci\u00f3n en queued_spin_lock_slowpath() despu\u00e9s de que incrementamos qnodesp->count y antes de que se inicialice node->lock, otra CPU podr\u00eda ver valores de bloqueo obsoletos en get_tail_qnode(). Si el valor de bloqueo obsoleto coincide con el bloqueo en esa CPU, entonces escribimos en el puntero \"siguiente\" del qnode incorrecto. Esto provoca un bloqueo ya que la CPU anterior, una vez que se convierte en la cabeza de la cola MCS, girar\u00e1 indefinidamente hasta que su puntero \"siguiente\" sea establecido por su sucesor en la cola. Al ejecutar stress-ng en una LPAR compartida de 16 n\u00facleos (16EC/16VP), se producen bloqueos ocasionales similares a los siguientes: $ stress-ng --all 128 --vm-bytes 80% --aggressive \\ --maximize --oomable --verify --syslog \\ --metrics --times --timeout 5m watchdog: CPU 15 Hard LOCKUP ...... NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490 LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90 Seguimiento de llamadas: 0xc000002cfffa3bf0 (no confiable) _raw_spin_lock+0x6c/0x90 bloqueo_de_rq_de_spin_sin_formato_anidado.parte.135+0x4c/0xd0 pendiente_programa_de_programaci\u00f3n_pendiente+0x60/0x1f0 __vaciado_cola_de_funciones_de_llamada_smp+0x1dc/0x670 smp_ipi_demux_relajado+0xa4/0x100 acci\u00f3n_ipi_muxed_xive+0x20/0x40 __controlador_evento_irq_percpu+0x80/0x240 control_evento_irq_percpu+0x2c/0x80 control_percpu_irq+0x84/0xd0 control_irq_gen\u00e9rico+0x54/0x80 __do_irq+0xac/0x210 __do_IRQ+0x74/0xd0 0x0 do_IRQ+0x8c/0x170 interrupci\u00f3n_de_hardware_virt_com\u00fan+0x29c/0x2a0 --- interrupci\u00f3n: 500 en ruta_lenta_bloqueo_de_giro_en_cola+0x4b8/0x1490 ...... NIP [c0000000000b6c28] ruta_lenta_bloqueo_de_giro_en_cola+0x4b8/0x1490 LR [c000000001037c5c] _bloqueo_de_giro_en_cola+0x6c/0x90 --- interrupci\u00f3n: 500 0xc0000029c1a41d00 (no confiable) _bloqueo_de_giro_en_cola+0x6c/0x90 futex_wake+0x100/0x260 do_futex+0x21c/0x2a0 sys_futex+0x98/0x270 system_call_exception+0x14c/0x2f0 system_call_vectored_common+0x15c/0x2ec El siguiente flujo de c\u00f3digo ilustra c\u00f3mo se produce el interbloqueo. Para abreviar, supongamos que ambos bloqueos (A y B) est\u00e1n en conflicto y llamamos a la funci\u00f3n queued_spin_lock_slowpath(). CPU0 CPU1 ---- ---- spin_lock_irqsave(A) | spin_unlock_irqrestore(A) | spin_lock(B) | | | ? | id = qnodesp->count++; | (Tenga en cuenta que nodes[0].lock == A) | | | ? | Interrupci\u00f3n | (sucede antes de \"nodes[0].lock = B\") | | | ? | spin_lock_irqsave(A) | | | ? | id = qnodesp->count++ | nodes[1].lock = A | | | ? | Cola de la cola MCS | | spin_lock_irqsave(A) ? | Cabecera de la cola MCS ? | CPU0 es la cola anterior ? | Girar indefinidamente ? (hasta que \"nodes[1].next != NULL\") prev = get_tail_qnode(A, CPU0) | ? prev == &qnodes[CPU0].nodes[0] (como qnodes ---truncados---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46798.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46798.json index d7add0f2b1a..f4c04c88c51 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46798.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46798.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46798", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.463", - "lastModified": "2024-09-18T08:15:06.463", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n - CONFIG_KASAN=y\n - CONFIG_KASAN_GENERIC=y\n - CONFIG_KASAN_INLINE=y\n - CONFIG_KASAN_VMALLOC=y\n - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n'snd_soc_pcm_runtime' object when the system is suspended, which\nleads to a use-after-free bug:\n\n[ 52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[ 52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[ 52.047785] Call trace:\n[ 52.047787] dump_backtrace+0x0/0x3c0\n[ 52.047794] show_stack+0x34/0x50\n[ 52.047797] dump_stack_lvl+0x68/0x8c\n[ 52.047802] print_address_description.constprop.0+0x74/0x2c0\n[ 52.047809] kasan_report+0x210/0x230\n[ 52.047815] __asan_report_load1_noabort+0x3c/0x50\n[ 52.047820] snd_pcm_suspend_all+0x1a8/0x270\n[ 52.047824] snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before\nmaking any access. So we need to always set 'substream->runtime' to NULL\neverytime we kfree() it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: dapm: Corregir UAF para el objeto snd_soc_pcm_runtime Cuando se usa el kernel con la siguiente configuraci\u00f3n adicional, - CONFIG_KASAN=y - CONFIG_KASAN_GENERIC=y - CONFIG_KASAN_INLINE=y - CONFIG_KASAN_VMALLOC=y - CONFIG_FRAME_WARN=4096 el kernel detecta que snd_pcm_suspend_all() accede a un objeto 'snd_soc_pcm_runtime' liberado cuando el sistema est\u00e1 suspendido, lo que conduce a un error de use after free: [ 52.047746] ERROR: KASAN: use after free en snd_pcm_suspend_all+0x1a8/0x270 [ 52.047765] Lectura de tama\u00f1o 1 en la direcci\u00f3n ffff0000b9434d50 por la tarea systemd-sleep/2330 [ 52.047785] Seguimiento de llamadas: [ 52.047787] dump_backtrace+0x0/0x3c0 [ 52.047794] show_stack+0x34/0x50 [ 52.047797] dump_stack_lvl+0x68/0x8c [ 52.047802] print_address_description.constprop.0+0x74/0x2c0 [ 52.047809] kasan_report+0x210/0x230 [ 52.047815] __asan_report_load1_noabort+0x3c/0x50 [ 52.047820] snd_pcm_suspend_all+0x1a8/0x270 [ 52.047824] snd_soc_suspend+0x19c/0x4e0 La funci\u00f3n snd_pcm_sync_stop() tiene una comprobaci\u00f3n NULL en 'substream->runtime' antes de realizar cualquier acceso. Por lo tanto, siempre debemos establecer 'substream->runtime' en NULL cada vez que lo ejecutamos con kfree()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46799.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46799.json index 7c7c5e483da..c5e5a3102f3 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46799.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46799.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46799", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.523", - "lastModified": "2024-09-18T08:15:06.523", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX\n\nIf number of TX queues are set to 1 we get a NULL pointer\ndereference during XDP_TX.\n\n~# ethtool -L eth0 tx 1\n~# ./xdp-trafficgen udp -A -a eth0 -t 2\nTransmitting on eth0 (ifindex 2)\n[ 241.135257] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030\n\nFix this by using actual TX queues instead of max TX queues\nwhen picking the TX channel in am65_cpsw_ndo_xdp_xmit()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethernet: ti: am65-cpsw: Corregir la desreferencia NULL en XDP_TX Si el n\u00famero de colas TX se establece en 1, obtenemos una desreferencia de puntero NULL durante XDP_TX. ~# ethtool -L eth0 tx 1 ~# ./xdp-trafficgen udp -A -a eth0 -t 2 Transmitiendo en eth0 (ifindex 2) [ 241.135257] No se puede manejar la desreferencia de puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000030 Solucione esto utilizando colas TX reales en lugar de colas TX m\u00e1ximas al seleccionar el canal TX en am65_cpsw_ndo_xdp_xmit()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-468xx/CVE-2024-46800.json b/CVE-2024/CVE-2024-468xx/CVE-2024-46800.json index 987661374e0..868d217f15c 100644 --- a/CVE-2024/CVE-2024-468xx/CVE-2024-46800.json +++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46800.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46800", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.573", - "lastModified": "2024-09-18T08:15:06.573", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent's\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 (\"netem: fix return value if duplicate enqueue\nfails\")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sch/netem: se corrige el use after free en netem_dequeue si netem_dequeue() pone en cola el paquete en la qdisc interna y esa qdisc devuelve __NET_XMIT_STOLEN. El paquete se descarta pero no se llama a qdisc_tree_reduce_backlog() para actualizar el q.qlen del padre, lo que lleva a un use after free similar al Commit e04991a48dbaf382 (\"netem: corrige el valor de retorno si falla la puesta en cola duplicada\") Comandos para activar KASAN UaF: ip link add type dummy ip link set lo up ip link set dummy0 up tc qdisc add dev lo parent root handle 1: drr tc filter add dev lo parent 1: basic classid 1:1 tc class add dev lo classid 1:1 drr tc qdisc add dev lo parent 1:1 handle 2: netem tc qdisc add dev lo parent 2: handle 3: drr tc filter add dev lo parent 3: basic classid 3:1 action mirred egress redirect dev dummy0 tc class add dev lo classid 3:1 drr ping -c1 -W0.01 localhost # Desencadenador de error tc class del dev lo classid 1:1 tc class add dev lo classid 1:1 drr ping -c1 -W0.01 localhost # UaF" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-468xx/CVE-2024-46801.json b/CVE-2024/CVE-2024-468xx/CVE-2024-46801.json index 8f0fb641813..b2e903b3e7e 100644 --- a/CVE-2024/CVE-2024-468xx/CVE-2024-46801.json +++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46801.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46801", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.633", - "lastModified": "2024-09-18T08:15:06.633", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix get_stashed_dentry()\n\nget_stashed_dentry() tries to optimistically retrieve a stashed dentry\nfrom a provided location. It needs to ensure to hold rcu lock before it\ndereference the stashed location to prevent UAF issues. Use\nrcu_dereference() instead of READ_ONCE() it's effectively equivalent\nwith some lockdep bells and whistles and it communicates clearly that\nthis expects rcu protection." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: libfs: fix get_stashed_dentry() get_stashed_dentry() intenta recuperar de forma optimista un dentry almacenado en cach\u00e9 desde una ubicaci\u00f3n proporcionada. Debe asegurarse de mantener el bloqueo de rcu antes de desreferenciar la ubicaci\u00f3n almacenada para evitar problemas de UAF. Use rcu_dereference() en lugar de READ_ONCE(), es efectivamente equivalente con algunas funciones adicionales de lockdep y comunica claramente que esto espera protecci\u00f3n de rcu." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46946.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46946.json index 98e8500935c..a5c6408a310 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46946.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46946.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46946", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-19T05:15:11.857", - "lastModified": "2024-09-19T14:35:09.763", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46959.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46959.json index 2434bafcc9f..922d6583c18 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46959.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46959.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46959", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T18:15:06.730", - "lastModified": "2024-09-18T18:15:06.730", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audio stream." + }, + { + "lang": "es", + "value": "runofast Indoor Security Camera for Baby Monitor tiene una contrase\u00f1a predeterminada para la cuenta ra\u00edz. Esto permite acceder a la URL /stream1 a trav\u00e9s del protocolo rtsp:// para recibir la transmisi\u00f3n de video y audio." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46970.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46970.json index f3153906c77..c3798d0f545 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46970.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46970.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46970", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-09-16T11:15:13.540", - "lastModified": "2024-09-16T15:30:28.733", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T13:23:29.700", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve@jetbrains.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024.1.0", + "matchCriteriaId": "09FF2993-4F51-4815-B69D-AE7CF5812545" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46976.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46976.json index 9f869fe6049..35e1b5cb2e3 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46976.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46976.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46976", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T21:15:12.763", - "lastModified": "2024-09-17T21:15:12.763", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Backstage es un framework abierto para crear portales para desarrolladores. Un atacante con control sobre el contenido de los dep\u00f3sitos de almacenamiento de TechDocs puede inyectar secuencias de comandos ejecutables en el contenido de TechDocs que se ejecutar\u00e1n en el navegador de la v\u00edctima cuando explore la documentaci\u00f3n o navegue hacia un enlace proporcionado por el atacante. Esto se ha solucionado en la versi\u00f3n 1.10.13 del paquete `@backstage/plugin-techdocs-backend`. Se recomienda a los usuarios que actualicen. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46978.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46978.json index dae14ad15d0..45e269bf2c9 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46978.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46978.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46978", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-18T18:15:06.800", - "lastModified": "2024-09-18T18:15:06.800", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4." + }, + { + "lang": "es", + "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. Es posible que cualquier usuario que conozca el ID de una preferencia de filtro de notificaciones de otro usuario la habilite, deshabilite o incluso elimine. El impacto es que el usuario objetivo puede comenzar a perder notificaciones en algunas p\u00e1ginas debido a esto. Esta vulnerabilidad est\u00e1 presente en XWiki desde 13.2-rc-1. Esta vulnerabilidad ha sido parcheada en XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. El parche consiste en verificar correctamente los derechos del usuario antes de realizar cualquier acci\u00f3n en los filtros. Se recomienda a los usuarios que actualicen. Es posible corregir manualmente la vulnerabilidad editando el documento `XWiki.Notifications.Code.NotificationPreferenceService` para aplicar los cambios realizados en el commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46979.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46979.json index 11c9b723734..2fb5cf8fa12 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46979.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46979.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46979", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-18T18:15:07.020", - "lastModified": "2024-09-18T18:15:07.020", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=`. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0RC1. The patch consists in checking the rights of the user when sending the data. Users are advised to upgrade. It's possible to workaround the vulnerability by applying manually the patch: it's possible for an administrator to edit directly the document `XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults` to apply the same changes as in the patch. See commit c8c6545f9bde6f5aade994aa5b5903a67b5c2582." + }, + { + "lang": "es", + "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. Es posible obtener acceso a los filtros de notificaci\u00f3n de cualquier usuario mediante una URL como `xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=`. Esta vulnerabilidad afecta a todas las versiones de XWiki desde la 13.2-rc-1. Los filtros no proporcionan mucha informaci\u00f3n (principalmente contienen referencias que son datos p\u00fablicos en XWiki), aunque parte de la informaci\u00f3n podr\u00eda utilizarse en combinaci\u00f3n con otras vulnerabilidades. Esta vulnerabilidad ha sido corregida en XWiki 14.10.21, 15.5.5, 15.10.1, 16.0RC1. El parche consiste en comprobar los derechos del usuario al enviar los datos. Se recomienda a los usuarios que actualicen la versi\u00f3n. Es posible solucionar la vulnerabilidad aplicando el parche manualmente: un administrador puede editar directamente el documento `XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults` para aplicar los mismos cambios que en el parche. Consulte el commit c8c6545f9bde6f5aade994aa5b5903a67b5c2582." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46982.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46982.json index 0a112e7871e..008194d32bc 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46982.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46982.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46982", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-17T22:15:02.273", - "lastModified": "2024-09-17T22:15:02.273", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not. There are no official or recommended workarounds for this issue, we recommend that users patch to a safe version." + }, + { + "lang": "es", + "value": "Next.js es un framework React para crear aplicaciones web full-stack. Al enviar una solicitud HTTP manipulada, es posible envenenar el cach\u00e9 de una ruta renderizada del lado del servidor no din\u00e1mica en el enrutador de p\u00e1ginas (esto no afecta al enrutador de aplicaciones). Cuando se env\u00eda esta solicitud manipulada, podr\u00eda obligar a Next.js a almacenar en cach\u00e9 una ruta que no debe almacenarse en cach\u00e9 y enviar un encabezado `Cache-Control: s-maxage=1, stale-while-revalidate` que algunas CDN ascendentes tambi\u00e9n pueden almacenar en cach\u00e9. Para verse potencialmente afectado, se deben aplicar todas las siguientes condiciones: 1. Next.js entre 13.5.1 y 14.2.9, 2. Usar el enrutador de p\u00e1ginas y 3. Usar rutas renderizadas del lado del servidor no din\u00e1micas, por ejemplo, `pages/dashboard.tsx` no `pages/blog/[slug].tsx`. Esta vulnerabilidad se resolvi\u00f3 en Next.js v13.5.7, v14.2.10 y posteriores. Recomendamos actualizar independientemente de si se puede reproducir el problema o no. No existen workarounds oficiales ni recomendadas para este problema, recomendamos que los usuarios instalen el parche a una versi\u00f3n segura." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46983.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46983.json index 49cf45d2c50..b941d70acb9 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46983.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46983.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46983", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-19T23:15:11.920", - "lastModified": "2024-09-19T23:15:11.920", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. This issue is fixed by an update to the blacklist, users can upgrade to sofahessian version 3.5.5 to avoid this issue. Users unable to upgrade may maintain a blacklist themselves in the directory `external/serialize.blacklist`." + }, + { + "lang": "es", + "value": "sofa-hessian es una versi\u00f3n interna mejorada de Hessian3/4 desarrollada por Ant Group CO., Ltd. El protocolo SOFA Hessian utiliza un mecanismo de lista negra para restringir la deserializaci\u00f3n de clases potencialmente peligrosas para la protecci\u00f3n de la seguridad. Pero hay una cadena de gadgets que puede eludir el mecanismo de protecci\u00f3n de lista negra de SOFA Hessian, y esta cadena de gadgets solo se basa en JDK y no depende de ning\u00fan componente de terceros. Este problema se soluciona con una actualizaci\u00f3n de la lista negra; los usuarios pueden actualizar a la versi\u00f3n 3.5.5 de sofahessian para evitar este problema. Los usuarios que no puedan actualizar pueden mantener una lista negra ellos mismos en el directorio `external/serialize.blacklist`." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46984.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46984.json index 81bced8ed04..da60945b895 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46984.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46984.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46984", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-19T23:15:12.107", - "lastModified": "2024-09-19T23:15:12.107", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to `XML External Entities` attack due to insecure defaults of the used Woodstox WstxInputFactory. A malicious XML resource can lead to network requests issued by referencevalidator and thus to a `Server Side Request Forgery` attack. The vulnerability impacts applications which use referencevalidator to process XML resources from untrusted sources. The problem has been patched with the 2.5.1 version of the referencevalidator. Users are strongly recommended to update to this version or a more recent one. A pre-processing or manual analysis of input XML resources on existence of DTD definitions or external entities can mitigate the problem." + }, + { + "lang": "es", + "value": "El validador de referencia es una herramienta para realizar una validaci\u00f3n avanzada de recursos FHIR para aplicaciones TI y est\u00e1ndares de interoperabilidad. La rutina de ubicaci\u00f3n de perfil en el paquete commons referencevalidator es vulnerable al ataque de \"Entidades externas XML\" debido a valores predeterminados inseguros del WstxInputFactory de Woodstox utilizado. Un recurso XML malicioso puede provocar solicitudes de red emitidas por referencevalidator y, por lo tanto, un ataque de \"Server Side Request Forgery\". La vulnerabilidad afecta a las aplicaciones que utilizan referencevalidator para procesar recursos XML de fuentes no confiables. El problema se ha solucionado con la versi\u00f3n 2.5.1 de referencevalidator. Se recomienda encarecidamente a los usuarios que actualicen a esta versi\u00f3n o a una m\u00e1s reciente. Un preprocesamiento o un an\u00e1lisis manual de los recursos XML de entrada en busca de definiciones de DTD o entidades externas puede mitigar el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46986.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46986.json index 7dea57b9e84..03f0deab58b 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46986.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46986.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46986", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-18T18:15:07.223", - "lastModified": "2024-09-18T18:15:07.223", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Camaleon CMS es un sistema de gesti\u00f3n de contenido din\u00e1mico y avanzado basado en Ruby on Rails. Una vulnerabilidad de escritura de archivos arbitrarios accesible a trav\u00e9s del m\u00e9todo de carga de MediaController permite a los usuarios autenticados escribir archivos arbitrarios en cualquier ubicaci\u00f3n del servidor web en el que se ejecuta Camaleon CMS (seg\u00fan los permisos del sistema de archivos subyacente). Por ejemplo, esto puede provocar una ejecuci\u00f3n de c\u00f3digo remoto retrasada en caso de que un atacante pueda escribir un archivo Ruby en la subcarpeta config/initializers/ de la aplicaci\u00f3n Ruby on Rails. Este problema se ha solucionado en la versi\u00f3n de lanzamiento 2.8.2. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46987.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46987.json index 6a88c47ef95..b9a4b4b2484 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46987.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46987.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46987", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-18T18:15:07.440", - "lastModified": "2024-09-18T18:15:07.440", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Camaleon CMS es un sistema de gesti\u00f3n de contenido din\u00e1mico y avanzado basado en Ruby on Rails. Una vulnerabilidad de path traversal accesible a trav\u00e9s del m\u00e9todo download_private_file de MediaController permite a los usuarios autenticados descargar cualquier archivo en el servidor web en el que se ejecuta Camaleon CMS (seg\u00fan los permisos de archivo). Este problema puede provocar una divulgaci\u00f3n de informaci\u00f3n. Este problema se ha solucionado en la versi\u00f3n 2.8.2. Se recomienda a los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46989.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46989.json index def1553bff7..72d00c6fe73 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46989.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46989.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46989", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-18T18:15:07.650", - "lastModified": "2024-09-18T18:15:07.650", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resource has multiple groups, and each group is caveated, it is possible for the returned permission to be \"no permission\" when permission is expected. Permission is returned as NO_PERMISSION when PERMISSION is expected on the CheckPermission API. This issue has been addressed in release version 1.35.3. Users are advised to upgrade. Users unable to upgrade should not use caveats or avoid the use of caveats on an indirect subject type with multiple entries." + }, + { + "lang": "es", + "value": "spicedb es una base de datos de permisos de c\u00f3digo abierto inspirada en Google Zanzibar que permite una autorizaci\u00f3n detallada para las aplicaciones de los clientes. Varias advertencias sobre el mismo tipo de sujeto indirecto en la misma relaci\u00f3n pueden provocar que no se devuelva ning\u00fan permiso cuando se espera que s\u00ed. Si el recurso tiene varios grupos y cada grupo tiene advertencias, es posible que el permiso devuelto sea \"sin permiso\" cuando se espera que s\u00ed. El permiso se devuelve como NO_PERMISSION cuando se espera PERMISSION en la API CheckPermission. Este problema se ha solucionado en la versi\u00f3n de lanzamiento 1.35.3. Se recomienda a los usuarios que actualicen la versi\u00f3n. Los usuarios que no puedan actualizar no deben utilizar advertencias o evitar el uso de advertencias en un tipo de sujeto indirecto con varias entradas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46990.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46990.json index 8b1c026b2e6..13436f87ab2 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46990.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46990.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46990", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-18T17:15:19.687", - "lastModified": "2024-09-18T17:15:19.687", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using other registered loopback devices (like `127.0.0.2` - `127.127.127.127`). This issue has been addressed in release versions 10.13.3 and 11.1.0. Users are advised to upgrade. Users unable to upgrade may block this bypass by manually adding the `127.0.0.0/8` CIDR range which will block access to any `127.X.X.X` ip instead of just `127.0.0.1`." + }, + { + "lang": "es", + "value": "Directus es una API en tiempo real y un panel de control de aplicaciones para administrar el contenido de la base de datos SQL. Cuando se conf\u00eda en bloquear el acceso al host local mediante el filtro predeterminado `0.0.0.0`, un usuario puede omitir este bloqueo mediante el uso de otros dispositivos de bucle invertido registrados (como `127.0.0.2` - `127.127.127.127`). Este problema se ha solucionado en las versiones de lanzamiento 10.13.3 y 11.1.0. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden bloquear esta omisi\u00f3n agregando manualmente el rango CIDR `127.0.0.0/8` que bloquear\u00e1 el acceso a cualquier IP `127.XXX` en lugar de solo `127.0.0.1`." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46999.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46999.json index bd30e5acc0c..a75fba8be3e 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46999.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46999.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46999", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-20T00:15:03.350", - "lastModified": "2024-09-20T00:15:03.350", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management and auth API always returned the state as active or did not provide any information about the state. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised to upgrade. Users unable to upgrade may explicitly remove the user grants to make sure the user does not get access anymore." + }, + { + "lang": "es", + "value": "Zitadel es una plataforma de gesti\u00f3n de identidad de c\u00f3digo abierto. El mecanismo de desactivaci\u00f3n de concesiones de usuario de ZITADEL no funcionaba correctamente. Las concesiones de usuario desactivadas se segu\u00edan proporcionando en token, lo que pod\u00eda provocar un acceso no autorizado a aplicaciones y recursos. Adem\u00e1s, la API de gesti\u00f3n y autenticaci\u00f3n siempre devolv\u00eda el estado como activo o no proporcionaba ninguna informaci\u00f3n sobre el estado. Se han publicado las versiones 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8 y 2.54.10 que solucionan este problema. Se recomienda a los usuarios que actualicen la versi\u00f3n. Los usuarios que no puedan actualizar pueden eliminar expl\u00edcitamente las concesiones de usuario para asegurarse de que el usuario ya no obtenga acceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47000.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47000.json index d1f7f3bbf7e..45fb86fb67e 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47000.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47000.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47000", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-20T00:15:03.550", - "lastModified": "2024-09-20T00:15:03.550", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized access to applications and resources. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised t upgrade. Users unable to upgrade may instead of deactivating the service account, consider creating new credentials and replacing the old ones wherever they are used. This effectively prevents the deactivated service account from being utilized. Be sure to revoke all existing authentication keys associated with the service account and to rotate the service account's password." + }, + { + "lang": "es", + "value": "Zitadel es una plataforma de gesti\u00f3n de identidad de c\u00f3digo abierto. El mecanismo de desactivaci\u00f3n de cuentas de usuario de ZITADEL no funcionaba correctamente con las cuentas de servicio. Las cuentas de servicio desactivadas conservaban la capacidad de solicitar tokens, lo que pod\u00eda provocar un acceso no autorizado a aplicaciones y recursos. Se han publicado las versiones 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8 y 2.54.10 que solucionan este problema. Se recomienda a los usuarios que actualicen la versi\u00f3n. Los usuarios que no puedan actualizar la versi\u00f3n pueden, en lugar de desactivar la cuenta de servicio, considerar la posibilidad de crear nuevas credenciales y reemplazar las antiguas dondequiera que se utilicen. Esto evita de forma eficaz que se utilice la cuenta de servicio desactivada. Aseg\u00farese de revocar todas las claves de autenticaci\u00f3n existentes asociadas con la cuenta de servicio y de rotar la contrase\u00f1a de la cuenta de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47001.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47001.json index e0ddff31bc9..647f871f26b 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47001.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47001.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47001", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-09-18T07:15:04.220", - "lastModified": "2024-09-18T16:35:16.540", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings." + }, + { + "lang": "es", + "value": "Un problema de funcionalidad oculta en varias grabadoras de video digitales proporcionadas por TAKENAKA ENGINEERING CO., LTD. permite que un atacante remoto autenticado ejecute un comando de sistema operativo arbitrario en el dispositivo o altere la configuraci\u00f3n del dispositivo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47047.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47047.json index de87b992211..0fdaeb7b38d 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47047.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47047.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47047", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-17T14:15:17.790", - "lastModified": "2024-09-17T14:15:17.790", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms persisted by the extension. The fixed versions are 7.5.1, 8.5.1, 10.9.1, and 12.4.1." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en la extensi\u00f3n Powermail hasta la versi\u00f3n 12.4.0 para TYPO3. No se puede validar el par\u00e1metro de correo de createAction, lo que genera una referencia directa a objetos insegura (IDOR) en algunas configuraciones. Un atacante no autenticado puede usar esto para mostrar los datos enviados por el usuario de todos los formatos que la extensi\u00f3n conserva. Las versiones corregidas son 7.5.1, 8.5.1, 10.9.1 y 12.4.1." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47049.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47049.json index baab94a852a..c0da81cc829 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47049.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47049.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47049", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-17T14:15:17.877", - "lastModified": "2024-09-17T14:15:17.877", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files." + }, + { + "lang": "es", + "value": "El paquete czim/file-handling anterior a 1.5.0 y 2.x anterior a 2.3.0 (usado con PHP Composer) no valida correctamente las URL dentro de makeFromUrl y makeFromAny, lo que genera SSRF y un directory traversal para la lectura de archivos locales." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47050.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47050.json index 80f9c3f02a9..fd5594a65b5 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47050.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47050.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47050", "sourceIdentifier": "security@mautic.org", "published": "2024-09-18T21:15:13.743", - "lastModified": "2024-09-18T21:15:13.743", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable." + }, + { + "lang": "es", + "value": "Antes de que se aplicara este parche, el seguimiento de Mautic era vulnerable a Cross-Site Scripting a trav\u00e9s de la variable Page URL." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47058.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47058.json index 30dc59b38cf..d7fabd4911b 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47058.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47058.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47058", "sourceIdentifier": "security@mautic.org", "published": "2024-09-18T21:15:13.923", - "lastModified": "2024-09-18T21:15:13.923", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session." + }, + { + "lang": "es", + "value": "Con acceso para editar un formulario de Mautic, el atacante puede agregar Cross-Site Scripting Almacenado en el archivo html. Esto podr\u00eda usarse para robar informaci\u00f3n confidencial de la sesi\u00f3n actual del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47059.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47059.json index 480ba519b2b..c742b0f2105 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47059.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47059.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47059", "sourceIdentifier": "security@mautic.org", "published": "2024-09-18T22:15:04.650", - "lastModified": "2024-09-19T20:15:06.953", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47060.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47060.json index 3a187bed973..ab548f2fd08 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47060.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47060.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47060", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-20T00:15:03.767", - "lastModified": "2024-09-20T00:15:03.767", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other organizations can still log in and access through these applications, leading to unauthorized access. Additionally, if a project was deactivated access to applications was also still possible. The issue stems from the fact that when an organization is deactivated in Zitadel, the applications associated with it do not automatically deactivate. The application lifecycle is not tightly coupled with the organization's lifecycle, leading to a situation where the organization or project is marked as inactive, but its resources remain accessible. This vulnerability allows for unauthorized access to projects and their resources, which should have been restricted post-organization deactivation. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised to upgrade. Users unable to upgrade may explicitly disable the application to make sure the client is not allowed anymore." + }, + { + "lang": "es", + "value": "Zitadel es una plataforma de gesti\u00f3n de identidades de c\u00f3digo abierto. En Zitadel, incluso despu\u00e9s de que se desactiva una organizaci\u00f3n, los proyectos asociados y sus aplicaciones permanecen activos. Los usuarios de otras organizaciones a\u00fan pueden iniciar sesi\u00f3n y acceder a trav\u00e9s de estas aplicaciones, lo que genera acceso no autorizado. Adem\u00e1s, si se desactiva un proyecto, tambi\u00e9n se puede acceder a las aplicaciones. El problema surge del hecho de que cuando se desactiva una organizaci\u00f3n en Zitadel, las aplicaciones asociadas a ella no se desactivan autom\u00e1ticamente. El ciclo de vida de la aplicaci\u00f3n no est\u00e1 estrechamente vinculado con el ciclo de vida de la organizaci\u00f3n, lo que genera una situaci\u00f3n en la que la organizaci\u00f3n o el proyecto se marcan como inactivos, pero sus recursos siguen siendo accesibles. Esta vulnerabilidad permite el acceso no autorizado a los proyectos y sus recursos, que deber\u00edan haber estado restringidos despu\u00e9s de la desactivaci\u00f3n de la organizaci\u00f3n. Se han publicado las versiones 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8 y 2.54.10 que solucionan este problema. Se recomienda a los usuarios que actualicen la versi\u00f3n. Los usuarios que no puedan actualizar la versi\u00f3n pueden deshabilitar expl\u00edcitamente la aplicaci\u00f3n para asegurarse de que el cliente ya no est\u00e9 autorizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47085.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47085.json index e72616d2926..4f5de2391d1 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47085.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47085.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47085", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-09-19T06:15:02.960", - "lastModified": "2024-09-19T07:15:02.050", - "vulnStatus": "Received", + "lastModified": "2024-09-20T13:15:18.703", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters \u201ccCdslClicentcode\u201d and \u201ccLdClientCode\u201d in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users." + "value": "This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users." + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Apex Softcell LD DP Back Office debido a la validaci\u00f3n incorrecta de ciertos par\u00e1metros \u201ccCdslClicentcode\u201d y \u201ccLdClientCode\u201d en el endpoint de la API. Un atacante remoto autenticado podr\u00eda aprovechar esta vulnerabilidad manipulando los par\u00e1metros en el cuerpo de la solicitud de la API, lo que provocar\u00eda la exposici\u00f3n de informaci\u00f3n confidencial perteneciente a otros usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47086.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47086.json index aba2960c996..1c3f509079b 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47086.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47086.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47086", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-09-19T06:15:03.227", - "lastModified": "2024-09-19T07:15:02.273", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response. \n\nSuccessful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts." + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Apex Softcell LD DP Back Office debido a la implementaci\u00f3n incorrecta del mecanismo de validaci\u00f3n OTP en ciertos endpoints de API. Un atacante remoto autenticado podr\u00eda aprovechar esta vulnerabilidad proporcionando un valor OTP arbitrario para la autenticaci\u00f3n y, posteriormente, modificando su respuesta de API. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante eludir la verificaci\u00f3n OTP para otras cuentas de usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47087.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47087.json index ce60278de34..d226d58dcc2 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47087.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47087.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47087", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-09-19T07:15:02.360", - "lastModified": "2024-09-19T07:15:02.360", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users." + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Apex Softcell LD Geo debido a una validaci\u00f3n incorrecta de ciertos par\u00e1metros (ID de cliente, DPID o BOID) en el endpoint de la API. Un atacante remoto autenticado podr\u00eda aprovechar esta vulnerabilidad manipulando los par\u00e1metros en el cuerpo de la solicitud de la API, lo que provocar\u00eda la exposici\u00f3n de informaci\u00f3n confidencial perteneciente a otros usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47088.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47088.json index b0dc5e41b0e..8d1c11db534 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47088.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47088.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47088", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-09-19T07:15:02.507", - "lastModified": "2024-09-19T07:15:02.507", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts." + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Apex Softcell LD Geo debido a la falta de restricciones para los intentos de autenticaci\u00f3n fallidos excesivos en su inicio de sesi\u00f3n basado en API. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad realizando un ataque de fuerza bruta en el OTP de inicio de sesi\u00f3n, lo que podr\u00eda dar lugar a un acceso no autorizado a otras cuentas de usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47089.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47089.json index 59a40cfb89f..45a81ed1511 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47089.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47089.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47089", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-09-19T07:15:02.657", - "lastModified": "2024-09-19T07:15:02.657", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users." + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Apex Softcell LD Geo debido a una validaci\u00f3n incorrecta del ID del token de transacci\u00f3n en el endpoint de la API. Un atacante remoto autenticado podr\u00eda aprovechar esta vulnerabilidad manipulando el ID del token de transacci\u00f3n en la solicitud de API, lo que provocar\u00eda un acceso no autorizado y la modificaci\u00f3n de transacciones pertenecientes a otros usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47159.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47159.json index a3e55763a04..8152d468f92 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47159.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47159.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47159", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-09-19T18:15:09.803", - "lastModified": "2024-09-19T18:15:09.803", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project" + }, + { + "lang": "es", + "value": "En JetBrains YouTrack anterior a 2024.3.44799, el usuario sin los permisos adecuados pod\u00eda restaurar flujos de trabajo adjuntos a un proyecto" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47160.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47160.json index aece354defb..f4b368bbb17 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47160.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47160.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47160", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-09-19T18:15:10.013", - "lastModified": "2024-09-19T18:15:10.013", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible" + }, + { + "lang": "es", + "value": "En JetBrains YouTrack antes de 2024.3.44799 era posible acceder a los datos de configuraci\u00f3n de la aplicaci\u00f3n global sin los permisos adecuados" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47162.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47162.json index 65486da11f1..1fbe4625486 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47162.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47162.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47162", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-09-19T18:15:10.227", - "lastModified": "2024-09-19T18:15:10.227", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page" + }, + { + "lang": "es", + "value": "En JetBrains YouTrack antes de 2024.3.44799, el token podr\u00eda revelarse en la p\u00e1gina Importaciones" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5170.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5170.json index d1468fff8de..a142c796205 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5170.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5170.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5170", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-17T06:15:02.310", - "lastModified": "2024-09-17T15:35:12.693", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-56xx/CVE-2024-5682.json b/CVE-2024/CVE-2024-56xx/CVE-2024-5682.json index 18abc0be804..27ef2581937 100644 --- a/CVE-2024/CVE-2024-56xx/CVE-2024-5682.json +++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5682.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5682", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-09-18T12:15:03.100", - "lastModified": "2024-09-18T14:35:06.033", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation.This issue affects Yordam Library Automation System: before 20.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de restricci\u00f3n inadecuada de intentos excesivos de autenticaci\u00f3n en Yordam Information Technology Yordam Library Automation System permite la manipulaci\u00f3n de la interfaz. Este problema afecta al sistema de automatizaci\u00f3n de la librer\u00eda Yordam: anterior a 20.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-59xx/CVE-2024-5958.json b/CVE-2024/CVE-2024-59xx/CVE-2024-5958.json index 161f36dbbd0..ca8255b1cbd 100644 --- a/CVE-2024/CVE-2024-59xx/CVE-2024-5958.json +++ b/CVE-2024/CVE-2024-59xx/CVE-2024-5958.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5958", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-09-18T15:15:18.510", - "lastModified": "2024-09-18T15:15:18.510", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection.This issue affects Panel: before v2.3.24." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Eliz Software Panel permite la ejecuci\u00f3n de la l\u00ednea de comandos a trav\u00e9s de la inyecci\u00f3n SQL. Este problema afecta al Panel: antes de v2.3.24." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-59xx/CVE-2024-5959.json b/CVE-2024/CVE-2024-59xx/CVE-2024-5959.json index 21f1a15a8ab..84cc2bd95cf 100644 --- a/CVE-2024/CVE-2024-59xx/CVE-2024-5959.json +++ b/CVE-2024/CVE-2024-59xx/CVE-2024-5959.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5959", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-09-18T15:15:18.623", - "lastModified": "2024-09-18T15:15:18.623", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Stored XSS.This issue affects Panel: before v2.3.24." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Eliz Software Panel permite XSS almacenado. Este problema afecta al Panel: antes de v2.3.24." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-59xx/CVE-2024-5960.json b/CVE-2024/CVE-2024-59xx/CVE-2024-5960.json index 6e8a2edb847..8a4d8e4e44f 100644 --- a/CVE-2024/CVE-2024-59xx/CVE-2024-5960.json +++ b/CVE-2024/CVE-2024-59xx/CVE-2024-5960.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5960", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-09-18T15:15:18.740", - "lastModified": "2024-09-18T15:15:18.740", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24." + }, + { + "lang": "es", + "value": "La vulnerabilidad de almacenamiento de texto plano de una contrase\u00f1a en Eliz Software Panel permite: el uso de credenciales de dominio conocidas. Este problema afecta al Panel: antes de la versi\u00f3n v2.3.24." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-59xx/CVE-2024-5998.json b/CVE-2024/CVE-2024-59xx/CVE-2024-5998.json index 04a7140a976..cdc2fdc5c8a 100644 --- a/CVE-2024/CVE-2024-59xx/CVE-2024-5998.json +++ b/CVE-2024/CVE-2024-59xx/CVE-2024-5998.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5998", "sourceIdentifier": "security@huntr.dev", "published": "2024-09-17T12:15:02.977", - "lastModified": "2024-09-17T12:15:02.977", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n FAISS.deserialize_from_bytes de langchain-ai/langchain permite la deserializaci\u00f3n de datos no confiables mediante pickle. Esto puede provocar la ejecuci\u00f3n de comandos arbitrarios a trav\u00e9s de la funci\u00f3n os.system. El problema afecta a la \u00faltima versi\u00f3n del producto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6406.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6406.json index d062e2a09a8..1b78e948b1c 100644 --- a/CVE-2024/CVE-2024-64xx/CVE-2024-6406.json +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6406.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6406", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-09-18T12:15:03.370", - "lastModified": "2024-09-18T12:15:03.370", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data.This issue affects Mobile Library Application: before 5.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en la aplicaci\u00f3n de librer\u00eda m\u00f3vil de Yordam Information Technology permite recuperar datos confidenciales integrados. Este problema afecta a la aplicaci\u00f3n de librer\u00eda m\u00f3vil: anterior a 5.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6641.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6641.json index 8d982979c64..0ec0f30d1f8 100644 --- a/CVE-2024/CVE-2024-66xx/CVE-2024-6641.json +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6641.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6641", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-18T06:15:02.490", - "lastModified": "2024-09-18T06:15:02.490", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Hardening \u2013 Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the \"Stop User Enumeration\" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames." + }, + { + "lang": "es", + "value": "El complemento WP Hardening \u2013 Fix Your WordPress Security para WordPress es vulnerable a la omisi\u00f3n de funciones de seguridad en todas las versiones hasta la 1.2.6 incluida. Esto se debe al uso de una expresi\u00f3n regular incorrecta dentro de la funci\u00f3n \"Detener enumeraci\u00f3n de usuarios\". Esto permite que atacantes no autenticados eludan las restricciones de seguridad previstas y expongan los nombres de usuario del sitio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6685.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6685.json index 7ad6675d5b8..e9ad4f1ca97 100644 --- a/CVE-2024/CVE-2024-66xx/CVE-2024-6685.json +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6685.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6685", "sourceIdentifier": "cve@gitlab.com", "published": "2024-09-16T22:15:20.917", - "lastModified": "2024-09-16T22:15:20.917", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en GitLab CE/EE que afectaba a todas las versiones desde la 16.7 anterior a la 17.1.7, la 17.2 anterior a la 17.2.5 y la 17.3 anterior a la 17.3.2, donde la informaci\u00f3n de los ejecutores del grupo se divulgaba a miembros del grupo no autorizados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-68xx/CVE-2024-6877.json b/CVE-2024/CVE-2024-68xx/CVE-2024-6877.json index 2e8bc381be3..7e0ea067cb2 100644 --- a/CVE-2024/CVE-2024-68xx/CVE-2024-6877.json +++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6877.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6877", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-09-18T15:15:18.860", - "lastModified": "2024-09-18T15:15:18.860", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Reflected XSS.This issue affects Panel: before v2.3.24." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Eliz Software Panel permite XSS reflejado. Este problema afecta al Panel: antes de v2.3.24." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-68xx/CVE-2024-6878.json b/CVE-2024/CVE-2024-68xx/CVE-2024-6878.json index b8beedcb3b6..8572eabbc1d 100644 --- a/CVE-2024/CVE-2024-68xx/CVE-2024-6878.json +++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6878.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6878", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-09-18T15:15:18.970", - "lastModified": "2024-09-18T18:35:14.400", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.This issue affects Panel: before v2.3.24." + }, + { + "lang": "es", + "value": "La vulnerabilidad de archivos o directorios accesibles a partes externas en Eliz Software Panel permite recopilar datos de ubicaciones de recursos comunes. Este problema afecta al Panel: antes de v2.3.24." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-69xx/CVE-2024-6948.json b/CVE-2024/CVE-2024-69xx/CVE-2024-6948.json index da3e738bf62..36b67898ef1 100644 --- a/CVE-2024/CVE-2024-69xx/CVE-2024-6948.json +++ b/CVE-2024/CVE-2024-69xx/CVE-2024-6948.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6948", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-21T10:15:02.697", - "lastModified": "2024-07-22T13:00:31.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T13:41:59.217", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -109,6 +129,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,22 +150,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gargaj:wuhu:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2024-02-10", + "matchCriteriaId": "88025A9B-31B9-4905-8A77-9535063F81A9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE4-1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.272070", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.272070", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.374846", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-69xx/CVE-2024-6949.json b/CVE-2024/CVE-2024-69xx/CVE-2024-6949.json index 9659da00f67..f42192b9f6a 100644 --- a/CVE-2024/CVE-2024-69xx/CVE-2024-6949.json +++ b/CVE-2024/CVE-2024-69xx/CVE-2024-6949.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6949", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-21T10:15:04.023", - "lastModified": "2024-07-22T13:00:31.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T13:39:10.090", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,22 +140,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gargaj:wuhu:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2024-02-10", + "matchCriteriaId": "88025A9B-31B9-4905-8A77-9535063F81A9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE4-2.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.272071", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.272071", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.375146", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-72xx/CVE-2024-7207.json b/CVE-2024/CVE-2024-72xx/CVE-2024-7207.json index 9059bfbf571..064a9d788e1 100644 --- a/CVE-2024/CVE-2024-72xx/CVE-2024-7207.json +++ b/CVE-2024/CVE-2024-72xx/CVE-2024-7207.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7207", "sourceIdentifier": "secalert@redhat.com", "published": "2024-09-19T23:15:12.337", - "lastModified": "2024-09-19T23:15:12.337", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to internal-only services or arbitrary external systems. This is a regression of the fix for CVE-2023-27487." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Envoy. Es posible modificar o manipular encabezados de clientes externos cuando se utilizan rutas de paso para la puerta de enlace de entrada. Este problema podr\u00eda permitir que un usuario malintencionado falsifique lo que Envoy registra como ruta solicitada y hacer que el proxy de Envoy realice solicitudes a servicios internos \u00fanicamente o a sistemas externos arbitrarios. Esta es una regresi\u00f3n de la correcci\u00f3n para CVE-2023-27487." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-72xx/CVE-2024-7254.json b/CVE-2024/CVE-2024-72xx/CVE-2024-7254.json index 4f118a79a2d..5af6711e645 100644 --- a/CVE-2024/CVE-2024-72xx/CVE-2024-7254.json +++ b/CVE-2024/CVE-2024-72xx/CVE-2024-7254.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7254", "sourceIdentifier": "cve-coordination@google.com", "published": "2024-09-19T01:15:10.963", - "lastModified": "2024-09-19T01:15:10.963", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Any project that parses untrusted Protocol Buffers data\u00a0containing an arbitrary number of nested groups / series of SGROUP\u00a0tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker." + }, + { + "lang": "es", + "value": "Cualquier proyecto que analice datos de Protocol Buffers no confiables que contengan una cantidad arbitraria de grupos anidados o series de etiquetas SGROUP puede corromperse si se excede el l\u00edmite de la pila, es decir, StackOverflow. Analizar grupos anidados como campos desconocidos con DiscardUnknownFieldsParser o el analizador Java Protobuf Lite, o contra campos de mapa Protobuf, crea recursiones ilimitadas que pueden ser utilizadas de forma abusiva por un atacante." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-73xx/CVE-2024-7387.json b/CVE-2024/CVE-2024-73xx/CVE-2024-7387.json index 5b14a1ac6b2..719724e1f94 100644 --- a/CVE-2024/CVE-2024-73xx/CVE-2024-7387.json +++ b/CVE-2024/CVE-2024-73xx/CVE-2024-7387.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7387", "sourceIdentifier": "secalert@redhat.com", "published": "2024-09-17T00:15:52.757", - "lastModified": "2024-09-19T20:15:07.277", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-77xx/CVE-2024-7736.json b/CVE-2024/CVE-2024-77xx/CVE-2024-7736.json index edec63681b0..fa3b88b075d 100644 --- a/CVE-2024/CVE-2024-77xx/CVE-2024-7736.json +++ b/CVE-2024/CVE-2024-77xx/CVE-2024-7736.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7736", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2024-09-19T16:15:05.520", - "lastModified": "2024-09-19T16:15:05.520", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-site Scripting (XSS) Reflejado que afecta a ENOVIA Collaborative Industry Innovator desde la versi\u00f3n 3DEXPERIENCE R2022x hasta la versi\u00f3n 3DEXPERIENCE R2024x permite a un atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en la sesi\u00f3n del navegador del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-77xx/CVE-2024-7737.json b/CVE-2024/CVE-2024-77xx/CVE-2024-7737.json index 0f84be32473..82f0840bf01 100644 --- a/CVE-2024/CVE-2024-77xx/CVE-2024-7737.json +++ b/CVE-2024/CVE-2024-77xx/CVE-2024-7737.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7737", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2024-09-19T16:15:05.727", - "lastModified": "2024-09-19T16:15:05.727", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-site Scripting (XSS) almacenado que afecta a 3DSwym en 3DSwymer desde la versi\u00f3n 3DEXPERIENCE R2022x hasta la versi\u00f3n 3DEXPERIENCE R2024x permite a un atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en la sesi\u00f3n del navegador del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-77xx/CVE-2024-7785.json b/CVE-2024/CVE-2024-77xx/CVE-2024-7785.json index b4c85133d35..48e3e252b38 100644 --- a/CVE-2024/CVE-2024-77xx/CVE-2024-7785.json +++ b/CVE-2024/CVE-2024-77xx/CVE-2024-7785.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7785", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-09-19T14:15:17.583", - "lastModified": "2024-09-19T14:15:17.583", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting (XSS).This issue affects Electronic Ticket System: before 2024.08." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Ece Software Electronic Ticket System permite XSS reflejado, Cross-Site Scripting (XSS). Este problema afecta al sistema de tickets electr\u00f3nicos: antes de 2024.08." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-77xx/CVE-2024-7788.json b/CVE-2024/CVE-2024-77xx/CVE-2024-7788.json index 9250f9d57e7..a239c12eb00 100644 --- a/CVE-2024/CVE-2024-77xx/CVE-2024-7788.json +++ b/CVE-2024/CVE-2024-77xx/CVE-2024-7788.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7788", "sourceIdentifier": "security@documentfoundation.org", "published": "2024-09-17T15:15:14.413", - "lastModified": "2024-09-17T15:15:14.413", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Digital Signature Invalidation\u00a0 vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de invalidaci\u00f3n de firma digital incorrecta en el modo de reparaci\u00f3n zip de The Document Foundation LibreOffice permite vulnerabilidad de falsificaci\u00f3n de firma en LibreOfficeEste problema afecta a LibreOffice: desde 24.2 hasta < 24.2.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7873.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7873.json index 84cafce6882..42591410e0d 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7873.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7873.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7873", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-09-17T13:15:04.003", - "lastModified": "2024-09-17T13:15:04.003", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order allows Stored XSS, Cross-Site Scripting (XSS), Exploit Script-Based APIs, XSS Through HTTP Headers.This issue affects Veribase Order: before v4.010.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting'), codificaci\u00f3n o escape inadecuados de la salida, CWE - 83 Vulnerabilidad de neutralizaci\u00f3n inadecuada de la secuencia de comandos en los atributos de una p\u00e1gina web en Veribilim Software Veribase Order permite XSS almacenado, cross site scripting (XSS), explotaci\u00f3n de API basadas en secuencias de comandos, XSS a trav\u00e9s de encabezados HTTP. Este problema afecta a Veribase Order: antes de v4.010.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8043.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8043.json index 195cd536411..2a1f8c8d6fd 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8043.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8043.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8043", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-17T06:15:02.467", - "lastModified": "2024-09-17T15:35:12.877", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8044.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8044.json index 31eb2972a30..aed7a802a5d 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8044.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8044.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8044", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-17T06:15:02.550", - "lastModified": "2024-09-17T15:35:13.050", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8047.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8047.json index 47226c21676..2969710f1a9 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8047.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8047.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8047", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-17T06:15:02.617", - "lastModified": "2024-09-17T15:35:13.230", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8051.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8051.json index 63f4243dfdc..da08959d3ca 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8051.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8051.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8051", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-17T06:15:02.690", - "lastModified": "2024-09-17T15:35:13.407", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8052.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8052.json index 6d9f03fe81e..fab276d994d 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8052.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8052.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8052", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-17T06:15:02.780", - "lastModified": "2024-09-17T15:35:13.577", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8091.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8091.json index f162d978bf4..db3492d7328 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8091.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8091.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8091", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-17T06:15:02.850", - "lastModified": "2024-09-17T15:35:13.860", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8092.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8092.json index d65f630379e..7017a497d63 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8092.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8092.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8092", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-17T06:15:02.920", - "lastModified": "2024-09-17T15:35:14.573", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8093.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8093.json index e89a29f9032..7ecdfc4eab0 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8093.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8093.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8093", "sourceIdentifier": "contact@wpscan.com", "published": "2024-09-17T06:15:02.977", - "lastModified": "2024-09-17T14:35:33.057", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-81xx/CVE-2024-8110.json b/CVE-2024/CVE-2024-81xx/CVE-2024-8110.json index 03fd7b05421..2cf5ef0617e 100644 --- a/CVE-2024/CVE-2024-81xx/CVE-2024-8110.json +++ b/CVE-2024/CVE-2024-81xx/CVE-2024-8110.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8110", "sourceIdentifier": "7168b535-132a-4efe-a076-338f829b2eb9", "published": "2024-09-17T02:15:49.523", - "lastModified": "2024-09-17T02:15:49.523", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer.\nIf a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart.\nIf both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en Dual-redundant Platform for Computer. Si un equipo en el que est\u00e1 instalado el producto afectado recibe una gran cantidad de paquetes de difusi\u00f3n UDP en un per\u00edodo breve, es posible que ocasionalmente dicho equipo se reinicie. Si tanto el equipo activo como el de reserva se reinician al mismo tiempo, la funcionalidad de ese equipo puede no estar disponible temporalmente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8287.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8287.json index 7f0236b5e61..d3637356d30 100644 --- a/CVE-2024/CVE-2024-82xx/CVE-2024-8287.json +++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8287.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8287", "sourceIdentifier": "security@ubuntu.com", "published": "2024-09-18T19:15:41.073", - "lastModified": "2024-09-18T19:15:41.073", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this." + }, + { + "lang": "es", + "value": "El servicio de administraci\u00f3n de Anbox, en las versiones 1.17.0 a 1.23.0, no valida el certificado TLS que le proporciona el agente de transmisi\u00f3n de Anbox. Un atacante debe poder acceder a Anbox Stream Agent desde una red interna antes de intentar aprovechar esta ventaja." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-83xx/CVE-2024-8354.json b/CVE-2024/CVE-2024-83xx/CVE-2024-8354.json index 057b42b4977..4a3d3ae8e12 100644 --- a/CVE-2024/CVE-2024-83xx/CVE-2024-8354.json +++ b/CVE-2024/CVE-2024-83xx/CVE-2024-8354.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8354", "sourceIdentifier": "secalert@redhat.com", "published": "2024-09-19T11:15:10.440", - "lastModified": "2024-09-19T11:15:10.440", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en QEMU. Se produjo un error de aserci\u00f3n en la funci\u00f3n usb_ep_get() en hw/net/core.c al intentar obtener el endpoint USB de un dispositivo USB. Esta falla puede permitir que un usuario invitado malintencionado y sin privilegios bloquee el proceso QEMU en el host y provoque una condici\u00f3n de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-83xx/CVE-2024-8364.json b/CVE-2024/CVE-2024-83xx/CVE-2024-8364.json index 49252c8e34e..e805f8c7ff7 100644 --- a/CVE-2024/CVE-2024-83xx/CVE-2024-8364.json +++ b/CVE-2024/CVE-2024-83xx/CVE-2024-8364.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8364", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-19T04:15:06.270", - "lastModified": "2024-09-19T04:15:06.270", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WP Custom Fields Search para WordPress es vulnerable aCross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado wpcfs-preset del complemento en todas las versiones hasta la 1.2.35 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-83xx/CVE-2024-8375.json b/CVE-2024/CVE-2024-83xx/CVE-2024-8375.json index 48fa83a195c..ede0d1e7e44 100644 --- a/CVE-2024/CVE-2024-83xx/CVE-2024-8375.json +++ b/CVE-2024/CVE-2024-83xx/CVE-2024-8375.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8375", "sourceIdentifier": "cve-coordination@google.com", "published": "2024-09-19T16:15:06.023", - "lastModified": "2024-09-19T16:15:06.023", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "There exists a use after free vulnerability in Reverb.\u00a0Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance. Afterwards, Reverb copies the content in tensor_content\u00a0to the previously mentioned pre-allocated memory, which results in the bytes in tensor_content\u00a0overwriting the vtable pointers of all the objects which were previously allocated.\u00a0Reverb exposes 2 relevant gRPC endpoints: InsertStream and SampleStream. The attacker can insert this stream into the server\u2019s database, then when the client next calls SampleStream they will unpack the tensor into RAM, and when any method on that object is called (including its destructor) the attacker gains control of the Program Counter. We recommend upgrading past git commit\u00a0 https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de use after free en Reverb. Reverb admite el tipo de datos VARIANT, que se supone que representa un objeto arbitrario en C++. Cuando se descomprime un prototipo de tensor de tipo VARIANT, primero se asigna memoria para almacenar el tensor completo y se llama a un ctor en cada instancia. Luego, Reverb copia el contenido en tensor_content a la memoria preasignada mencionada anteriormente, lo que hace que los bytes en tensor_content sobrescriban los punteros de vtable de todos los objetos que se asignaron previamente. Reverb expone 2 endpoints gRPC relevantes: InsertStream y SampleStream. El atacante puede insertar este flujo en la base de datos del servidor, luego, cuando el cliente vuelva a llamar a SampleStream, descomprimir\u00e1 el tensor en la RAM y, cuando se llame a cualquier m\u00e9todo en ese objeto (incluido su destructor), el atacante obtendr\u00e1 el control del contador de programa. Recomendamos actualizar el commit de Git anterior https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8490.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8490.json index f96d260cd29..f3dd3987359 100644 --- a/CVE-2024/CVE-2024-84xx/CVE-2024-8490.json +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8490.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8490", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-17T08:15:02.227", - "lastModified": "2024-09-17T08:15:02.227", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento PropertyHive para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.0.19 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n 'save_account_details'. Esto permite que atacantes no autenticados editen el nombre, la direcci\u00f3n de correo electr\u00f3nico y la contrase\u00f1a de una cuenta de administrador a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8651.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8651.json index 7aab248de7f..3162974cbcd 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8651.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8651.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8651", "sourceIdentifier": "vulnerability@kaspersky.com", "published": "2024-09-19T17:15:15.173", - "lastModified": "2024-09-19T17:15:15.173", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en NetCat CMS permite a un atacante enviar una solicitud http especialmente manipulada que puede utilizarse para comprobar si un usuario existe en el sistema, lo que podr\u00eda ser la base para futuros ataques. Este problema afecta a NetCat CMS v. 6.4.0.24126.2 y posiblemente a otros. Aplicar el parche del proveedor https://netcat.ru/ https://netcat.ru/] . Las versiones 6.4.0.24248 y posteriores tienen el parche." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8652.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8652.json index b53439bf71a..65b509db3b6 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8652.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8652.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8652", "sourceIdentifier": "vulnerability@kaspersky.com", "published": "2024-09-19T17:15:15.360", - "lastModified": "2024-09-19T17:15:15.360", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en NetCat CMS permite a un atacante ejecutar c\u00f3digo JavaScript en el navegador de un usuario cuando visita una ruta espec\u00edfica en el sitio. Este problema afecta a NetCat CMS v. 6.4.0.24126.2 y posiblemente a otros. Aplicar el parche del proveedor https://netcat.ru/ https://netcat.ru/]. Las versiones 6.4.0.24248 y posteriores tienen el parche." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8653.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8653.json index 8cc7cfe6f06..4ef73a48c87 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8653.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8653.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8653", "sourceIdentifier": "vulnerability@kaspersky.com", "published": "2024-09-19T17:15:15.503", - "lastModified": "2024-09-19T17:15:15.503", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en NetCat CMS permite a un atacante ejecutar c\u00f3digo JavaScript en el navegador de un usuario cuando visita rutas espec\u00edficas en el sitio. Este problema afecta a NetCat CMS v. 6.4.0.24126.2 y posiblemente a otros. Aplicar el parche del proveedor https://netcat.ru/ https://netcat.ru/]. Las versiones 6.4.0.24248 y posteriores tienen el parche." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8660.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8660.json index 6f6d4046f58..add0ba60fac 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8660.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8660.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8660", "sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "published": "2024-09-17T19:15:28.953", - "lastModified": "2024-09-17T19:15:28.953", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Concrete CMS versions 9.0.0 through 9.3.3 are affected by a\nstored XSS vulnerability in the \"Top Navigator Bar\" block.\nSince the \"Top Navigator Bar\" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6\nwith vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . This\ndoes not affect versions below 9.0.0 since they do not have the Top\nNavigator Bar Block. Thanks, Chu Quoc Khanh for reporting." + }, + { + "lang": "es", + "value": "Las versiones 9.0.0 a 9.3.3 de Concrete CMS se ven afectadas por una vulnerabilidad XSS almacenado en el bloque \"Barra de navegaci\u00f3n superior\". Dado que la salida de la \"Barra de navegaci\u00f3n superior\" no se desinfect\u00f3 lo suficiente, un administrador malintencionado podr\u00eda agregar una carga maliciosa que podr\u00eda ejecutarse cuando los usuarios objetivo visitaran la p\u00e1gina de inicio. El equipo de seguridad de Concrete CMS le dio a esta vulnerabilidad una puntuaci\u00f3n CVSS v4 de 4,6 con el vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . Esto no afecta a las versiones anteriores a la 9.0.0, ya que no tienen el bloque de la barra de navegaci\u00f3n superior. Gracias, Chu Quoc Khanh, por informarnos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8661.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8661.json index 3352a7f3fe0..cdef8909838 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8661.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8661.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8661", "sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "published": "2024-09-16T18:15:54.583", - "lastModified": "2024-09-17T19:15:29.053", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8698.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8698.json index 1312086fc41..2e24a0d5755 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8698.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8698.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8698", "sourceIdentifier": "secalert@redhat.com", "published": "2024-09-19T16:15:06.177", - "lastModified": "2024-09-19T20:15:07.560", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks." + }, + { + "lang": "es", + "value": "Existe una falla en el m\u00e9todo de validaci\u00f3n de firma SAML dentro de la clase XMLSignatureUtil de Keycloak. El m\u00e9todo determina incorrectamente si una firma SAML es para el documento completo o solo para afirmaciones espec\u00edficas seg\u00fan la posici\u00f3n de la firma en el documento XML, en lugar del elemento Reference utilizado para especificar el elemento firmado. Esta falla permite a los atacantes crear respuestas manipuladas que pueden eludir la validaci\u00f3n, lo que puede provocar ataques de suplantaci\u00f3n o escalada de privilegios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8761.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8761.json index ff1c2566831..362e8f0006a 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8761.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8761.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8761", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-17T09:15:03.060", - "lastModified": "2024-09-17T09:15:03.060", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action." + }, + { + "lang": "es", + "value": "El complemento Share This Image para WordPress es vulnerable a Open Redirect en todas las versiones hasta la 2.03 incluida. Esto se debe a una validaci\u00f3n insuficiente en la URL de redireccionamiento proporcionada a trav\u00e9s del par\u00e1metro de enlace. Esto hace posible que atacantes no autenticados redirijan a los usuarios a sitios potencialmente maliciosos si logran enga\u00f1arlos para que realicen una acci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8766.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8766.json index c042cdd3458..7da768c07ba 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8766.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8766.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8766", "sourceIdentifier": "security@acronis.com", "published": "2024-09-16T20:15:47.600", - "lastModified": "2024-09-16T20:15:47.600", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235." + }, + { + "lang": "es", + "value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect Cloud Agent (Windows) antes de la compilaci\u00f3n 38235." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8767.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8767.json index 5640c2bf55b..68e293479c8 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8767.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8767.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8767", "sourceIdentifier": "security@acronis.com", "published": "2024-09-17T09:15:03.423", - "lastModified": "2024-09-17T09:15:03.423", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:31:20.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147." + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n y manipulaci\u00f3n de datos confidenciales debido a la asignaci\u00f3n innecesaria de privilegios. Los siguientes productos se ven afectados: complemento de Acronis Backup para cPanel y WHM (Linux) anterior a la compilaci\u00f3n 619, extensi\u00f3n de Acronis Backup para Plesk (Linux) anterior a la compilaci\u00f3n 555, complemento de Acronis Backup para DirectAdmin (Linux) anterior a la compilaci\u00f3n 147." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8768.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8768.json index 0b7e9c274cb..d26d782651e 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8768.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8768.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8768", "sourceIdentifier": "secalert@redhat.com", "published": "2024-09-17T17:15:11.100", - "lastModified": "2024-09-17T17:15:11.100", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en la librer\u00eda vLLM. Una solicitud de API de finalizaci\u00f3n con un mensaje vac\u00edo bloquear\u00e1 el servidor de API de vLLM, lo que provocar\u00e1 una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8796.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8796.json index 84bb99c5573..db9a5bae6a1 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8796.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8796.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8796", "sourceIdentifier": "disclosure@synopsys.com", "published": "2024-09-17T18:15:05.443", - "lastModified": "2024-09-17T18:15:05.443", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an attacker to guess the shared secret and generate valid TOTP codes." + }, + { + "lang": "es", + "value": "Con la configuraci\u00f3n predeterminada, las versiones de Devise-Two-Factor >= 2.2.0 y < 6.0.0 generan secretos compartidos TOTP de 120 bits en lugar del m\u00ednimo de 128 bits definido por RFC 4226. El uso de un secreto compartido m\u00e1s corto que el m\u00ednimo para generar un c\u00f3digo de autenticaci\u00f3n multifactor podr\u00eda facilitar que un atacante adivine el secreto compartido y genere c\u00f3digos TOTP v\u00e1lidos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8850.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8850.json index 7064c19ba1f..49bc1407613 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8850.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8850.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8850", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-19T04:15:06.557", - "lastModified": "2024-09-19T04:15:06.557", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento MC4WP: Mailchimp para WordPress es vulnerable a ataques de Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro 'email' cuando se utiliza un marcador de posici\u00f3n como {email} para el campo en las versiones 4.9.9 a 4.9.15 debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8853.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8853.json index aacea19d9f2..4acf357a250 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8853.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8853.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8853", "sourceIdentifier": "security@wordfence.com", "published": "2024-09-20T08:15:11.493", - "lastModified": "2024-09-20T08:15:11.493", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8883.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8883.json index 8dc6724bfa1..4f1406fc20c 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8883.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8883.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8883", "sourceIdentifier": "secalert@redhat.com", "published": "2024-09-19T16:15:06.403", - "lastModified": "2024-09-19T20:15:07.687", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla de configuraci\u00f3n incorrecta en Keycloak. Este problema puede permitir que un atacante redirija a los usuarios a una URL arbitraria si una \"URI de redireccionamiento v\u00e1lida\" est\u00e1 configurada en http://localhost o http://127.0.0.1, lo que permite que informaci\u00f3n confidencial, como c\u00f3digos de autorizaci\u00f3n, quede expuesta al atacante, lo que puede llevar al secuestro de la sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8887.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8887.json index 73bfe65d47a..08557a7088c 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8887.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8887.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8887", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-09-18T11:15:10.530", - "lastModified": "2024-09-18T11:15:10.530", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device." + }, + { + "lang": "es", + "value": "CIRCUTOR Q-SMT en su versi\u00f3n de firmware 1.0.4, podr\u00eda verse afectado por un ataque de denegaci\u00f3n de servicio (DoS) si un atacante con acceso al servicio web evita los mecanismos de autenticaci\u00f3n en la p\u00e1gina de login, permitiendo al atacante utilizar todas las funcionalidades implementadas a nivel web que permiten interactuar con el dispositivo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8888.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8888.json index d11d1093ccd..d42ba9c296f 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8888.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8888.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8888", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-09-18T12:15:03.520", - "lastModified": "2024-09-18T12:15:03.520", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc." + }, + { + "lang": "es", + "value": "Un atacante con acceso a la red donde se encuentra CIRCUTOR Q-SMT en su versi\u00f3n de firmware 1.0.4, podr\u00eda robar los tokens utilizados en la web, ya que estos no tienen fecha de caducidad para acceder a la aplicaci\u00f3n web sin restricciones. El robo de tokens puede tener su origen en diferentes m\u00e9todos como capturas de red, informaci\u00f3n web almacenada localmente, etc." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8889.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8889.json index 3fa3110c392..6e5df93f3c1 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8889.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8889.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8889", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-09-18T12:15:03.710", - "lastModified": "2024-09-18T12:15:03.710", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle." + }, + { + "lang": "es", + "value": "Vulnerabilidad en la versi\u00f3n de firmware 1.3b de CIRCUTOR TCP2RS+, que podr\u00eda permitir a un atacante modificar cualquier valor de configuraci\u00f3n, incluso si el equipo tiene habilitada la opci\u00f3n de autenticaci\u00f3n de usuario/contrase\u00f1a, sin autenticaci\u00f3n mediante el env\u00edo de paquetes a trav\u00e9s del protocolo UDP y el puerto 2000, desconfigurando el equipo y deshabilitando as\u00ed su uso. Este equipo se encuentra al final de su ciclo de vida \u00fatil." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8890.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8890.json index dc796e0be33..dfbb6965f29 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8890.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8890.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8890", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-09-18T13:15:03.620", - "lastModified": "2024-09-18T13:15:03.620", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being established." + }, + { + "lang": "es", + "value": "Un atacante con acceso a la red donde se encuentra el CIRCUTOR Q-SMT en su versi\u00f3n de firmware 1.0.4, podr\u00eda obtener credenciales leg\u00edtimas o robar sesiones debido a que el dispositivo \u00fanicamente implementa el protocolo HTTP. Este hecho impide que se establezca un canal de comunicaci\u00f3n seguro." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8891.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8891.json index 576b18b7d38..cfa68f97d68 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8891.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8891.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8891", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-09-18T14:15:20.187", - "lastModified": "2024-09-18T14:15:20.187", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4." + }, + { + "lang": "es", + "value": "Un atacante sin conocimiento de los usuarios actuales en la aplicaci\u00f3n web, podr\u00eda construir un diccionario de usuarios potenciales y comprobar las respuestas del servidor, ya que indica si el usuario est\u00e1 presente o no en CIRCUTOR Q-SMT en su versi\u00f3n de firmware 1.0.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8892.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8892.json index e2f504fe125..a4d3c7a6450 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8892.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8892.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8892", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-09-18T13:15:03.907", - "lastModified": "2024-09-18T13:15:03.907", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle." + }, + { + "lang": "es", + "value": "Vulnerabilidad en la versi\u00f3n de firmware 1.3b de CIRCUTOR TCP2RS+, que podr\u00eda permitir a un atacante modificar cualquier valor de configuraci\u00f3n, incluso si el equipo tiene habilitada la opci\u00f3n de autenticaci\u00f3n de usuario/contrase\u00f1a, sin autenticaci\u00f3n mediante el env\u00edo de paquetes a trav\u00e9s del protocolo UDP y el puerto 2000, desconfigurando el equipo y deshabilitando as\u00ed su uso. Este equipo se encuentra al final de su ciclo de vida \u00fatil." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8897.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8897.json index 40eb211cb9f..f9c1ac98865 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8897.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8897.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8897", "sourceIdentifier": "security@mozilla.org", "published": "2024-09-17T13:15:04.423", - "lastModified": "2024-09-17T13:15:04.423", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1." + }, + { + "lang": "es", + "value": "En determinadas circunstancias, un atacante con la capacidad de redirigir a los usuarios a un sitio malicioso mediante una redirecci\u00f3n abierta en un sitio de confianza puede falsificar el contenido de la barra de direcciones. Esto puede hacer que un sitio malicioso parezca tener la misma URL que el sitio de confianza. *Este error solo afecta a Firefox para Android. Otras versiones de Firefox no se ven afectadas.* Esta vulnerabilidad afecta a Firefox para Android < 130.0.1." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8900.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8900.json index b11357689da..0bf54dcf6c1 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8900.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8900.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8900", "sourceIdentifier": "security@mozilla.org", "published": "2024-09-17T19:15:29.163", - "lastModified": "2024-09-17T19:15:29.163", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129." + }, + { + "lang": "es", + "value": "Un atacante podr\u00eda escribir datos en el portapapeles del usuario, sin tener en cuenta la solicitud de usuario, durante una determinada secuencia de eventos de navegaci\u00f3n. Esta vulnerabilidad afecta a Firefox anterior a la versi\u00f3n 129." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8904.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8904.json index 96abfad00db..3810445f195 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8904.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8904.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8904", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-17T21:15:12.980", - "lastModified": "2024-09-18T16:35:17.877", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8905.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8905.json index c9fe2e6ea1e..a63809a2213 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8905.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8905.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8905", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-17T21:15:13.080", - "lastModified": "2024-09-18T16:35:18.640", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8906.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8906.json index f21fdcfc749..f530d2f0aaf 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8906.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8906.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8906", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-17T21:15:13.140", - "lastModified": "2024-09-17T21:15:13.140", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)" + }, + { + "lang": "es", + "value": "La interfaz de seguridad incorrecta en Descargas en Google Chrome anterior a la versi\u00f3n 129.0.6668.58 permit\u00eda que un atacante remoto que convenciera a un usuario para que realizara gestos espec\u00edficos de la interfaz de usuario realizara una suplantaci\u00f3n de la interfaz de usuario a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: media)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8907.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8907.json index ffafe31249d..05eecd83a5f 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8907.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8907.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8907", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-17T21:15:13.193", - "lastModified": "2024-09-17T21:15:13.193", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)" + }, + { + "lang": "es", + "value": "La validaci\u00f3n de datos insuficiente en Omnibox en Google Chrome en Android anterior a la versi\u00f3n 129.0.6668.58 permiti\u00f3 que un atacante remoto convenciera a un usuario para que realizara gestos de IU espec\u00edficos para inyectar secuencias de comandos arbitrarias o HTML (XSS) a trav\u00e9s de un conjunto de gestos de IU manipulados. (Gravedad de seguridad de Chromium: media)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8908.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8908.json index 8f247df6b1a..834a3de149f 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8908.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8908.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8908", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-17T21:15:13.247", - "lastModified": "2024-09-17T21:15:13.247", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)" + }, + { + "lang": "es", + "value": "Una implementaci\u00f3n inadecuada de Autocompletar en Google Chrome anterior a la versi\u00f3n 129.0.6668.58 permiti\u00f3 que un atacante remoto suplantara la interfaz de usuario a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: baja)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8909.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8909.json index f652c14c88c..42b33c221fa 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8909.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8909.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8909", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-17T21:15:13.313", - "lastModified": "2024-09-17T21:15:13.313", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)" + }, + { + "lang": "es", + "value": "Una implementaci\u00f3n inadecuada en la interfaz de usuario de Google Chrome en iOS anterior a la versi\u00f3n 129.0.6668.58 permiti\u00f3 que un atacante remoto suplantara la interfaz de usuario a trav\u00e9s de una p\u00e1gina HTML manipulada espec\u00edficamente. (Gravedad de seguridad de Chromium: baja)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8939.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8939.json index 76904333ede..4fa11dee35c 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8939.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8939.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8939", "sourceIdentifier": "secalert@redhat.com", "published": "2024-09-17T17:15:11.327", - "lastModified": "2024-09-17T17:15:11.327", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of parameter to return the best completion from several options. When this parameter is set to a large value, the API does not handle timeouts or resource exhaustion properly, allowing an attacker to cause a DoS by consuming excessive system resources. This leads to the API becoming unresponsive, preventing legitimate users from accessing the service." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en el componente de servicio de modelos ilab, donde el manejo inadecuado del par\u00e1metro best_of en la API web JSON vllm puede provocar una denegaci\u00f3n de servicio (DoS). La API utilizada para completar oraciones o chats basados en LLM acepta un par\u00e1metro best_of para devolver la mejor opci\u00f3n de varias opciones. Cuando este par\u00e1metro se establece en un valor alto, la API no maneja los tiempos de espera o el agotamiento de recursos de manera adecuada, lo que permite que un atacante provoque una denegaci\u00f3n de servicio al consumir recursos excesivos del sistema. Esto hace que la API deje de responder, lo que impide que los usuarios leg\u00edtimos accedan al servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8944.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8944.json index 65dcc5a4fb9..ec4518d71f1 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8944.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8944.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8944", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-17T18:15:05.690", - "lastModified": "2024-09-17T18:15:05.690", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Hospital Management System 1.0. Afecta a una parte desconocida del archivo check_availability.php. La manipulaci\u00f3n del argumento email provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8945.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8945.json index 62a802e3199..880e6c4150c 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8945.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8945.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8945", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-17T18:15:06.023", - "lastModified": "2024-09-17T18:15:06.023", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en CodeCanyon RISE Ultimate Project Manager 3.7.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /index.php/dashboard/save. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se recomienda actualizar el componente afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8946.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8946.json index 5e875212ea4..b8562745bc6 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8946.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8946.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8946", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-17T19:15:29.220", - "lastModified": "2024-09-17T19:15:29.220", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en MicroPython 1.23.0. Se ha clasificado como cr\u00edtica. Se ve afectada la funci\u00f3n mp_vfs_umount del archivo extmod/vfs.c del componente VFS Unmount Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer basado en el mont\u00f3n. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y se puede utilizar. El nombre del parche es 29943546343c92334e8518695a11fc0e2ceea68b. Se recomienda aplicar un parche para solucionar este problema. En el proceso de desmontaje de VFS, la comparaci\u00f3n entre la cadena de ruta montada y la cadena solicitada de desmontaje se basa \u00fanicamente en la longitud de la cadena de desmontaje, lo que puede provocar una lectura de desbordamiento del b\u00fafer del mont\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8947.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8947.json index eadbfa6b937..0384c54b0bb 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8947.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8947.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8947", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-17T19:15:29.483", - "lastModified": "2024-09-17T19:15:29.483", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en MicroPython 1.22.2. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo py/objarray.c. La manipulaci\u00f3n conduce a un uso despu\u00e9s de la liberaci\u00f3n. El ataque se puede lanzar de forma remota. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece ser dif\u00edcil. La actualizaci\u00f3n a la versi\u00f3n 1.23.0 puede solucionar este problema. El identificador del parche es 4bed614e707c0644c06e117f848fa12605c711cd. Se recomienda actualizar el componente afectado. En el componente objarray de micropython, cuando se cambia el tama\u00f1o de un objeto de bytes y se copia en s\u00ed mismo, puede hacer referencia a la memoria que ya se ha liberado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8948.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8948.json index 0ea5de88049..31d35859c9b 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8948.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8948.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8948", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-17T19:15:29.747", - "lastModified": "2024-09-17T19:15:29.747", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en MicroPython 1.23.0. Se ha calificado como cr\u00edtica. Este problema afecta a la funci\u00f3n mpz_as_bytes del archivo py/objint.c. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer en el mont\u00f3n. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El parche se identifica como 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. Se recomienda aplicar un parche para solucionar este problema. En el componente objint de micropython, la conversi\u00f3n de cero de int a bytes provoca un desbordamiento del b\u00fafer en el mont\u00f3n en mpz_as_bytes." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8949.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8949.json index 33fb3bd7618..ee0aaaf62ef 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8949.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8949.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8949", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-17T19:15:30.017", - "lastModified": "2024-09-17T19:15:30.017", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cart_id/id leads to improper ownership management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Online Eyewear Shop 1.0. Afecta a una parte desconocida del archivo /classes/Master.php del componente Cart Content Handler. La manipulaci\u00f3n del argumento cart_id/id provoca una gesti\u00f3n incorrecta de la propiedad. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8951.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8951.json index f8a94a7ccd5..b47df1725ba 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8951.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8951.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8951", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-17T20:15:07.020", - "lastModified": "2024-09-17T20:15:07.020", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_fee.php. The manipulation of the argument toview leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en SourceCodester Resort Reservation System 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo manage_fee.php. La manipulaci\u00f3n del argumento toview provoca cross site scripting. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8956.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8956.json index ef06bd3438c..0661acc4f13 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8956.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8956.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8956", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-09-17T20:15:07.287", - "lastModified": "2024-09-17T20:15:07.287", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file." + }, + { + "lang": "es", + "value": "Las c\u00e1maras PTZOptics PT30X-SDI/NDI-xx anteriores al firmware 6.3.40 son vulnerables a un problema de autenticaci\u00f3n insuficiente. La c\u00e1mara no aplica correctamente la autenticaci\u00f3n en /cgi-bin/param.cgi cuando se env\u00edan solicitudes sin un encabezado de autorizaci\u00f3n HTTP. El resultado es que un atacante remoto y no autenticado puede filtrar datos confidenciales, como nombres de usuario, hashes de contrase\u00f1as y detalles de configuraci\u00f3n. Adem\u00e1s, el atacante puede actualizar valores de configuraci\u00f3n individuales o sobrescribir todo el archivo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8957.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8957.json index 2887da61a0e..6e3e05f2b7f 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8957.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8957.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8957", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-09-17T21:15:13.423", - "lastModified": "2024-09-17T21:15:13.423", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices." + }, + { + "lang": "es", + "value": "PTZOptics PT30X-SDI/NDI-xx anterior al firmware 6.3.40 es vulnerable a un problema de inyecci\u00f3n de comandos del sistema operativo. La c\u00e1mara no valida suficientemente el valor de configuraci\u00f3n ntp_addr, lo que puede provocar la ejecuci\u00f3n de comandos arbitrarios cuando se inicia ntp_client. Cuando se combina con CVE-2024-8956, un atacante remoto y no autenticado puede ejecutar comandos arbitrarios del sistema operativo en los dispositivos afectados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8963.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8963.json index a5180ff8dbb..c8bae15d6ac 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8963.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8963.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8963", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-09-19T18:15:10.600", - "lastModified": "2024-09-20T01:00:01.427", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "cisaExploitAdd": "2024-09-19", "cisaActionDue": "2024-10-10", @@ -13,6 +13,10 @@ { "lang": "en", "value": "Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality." + }, + { + "lang": "es", + "value": "Path Traversal en Ivanti CSA anterior al parche 4.6 519 permite que un atacante remoto no autenticado acceda a funcionalidad restringida." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8969.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8969.json index 34c09a0a665..662b9cf8a46 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8969.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8969.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8969", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-09-18T07:15:04.657", - "lastModified": "2024-09-18T07:15:04.657", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:51.220", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators." + }, + { + "lang": "es", + "value": "OMFLOW de The SYSCOM Group tiene una vulnerabilidad que implica la exposici\u00f3n de datos confidenciales. Esto permite a atacantes remotos que hayan iniciado sesi\u00f3n en el sistema obtener hashes de contrase\u00f1as de todos los usuarios y administradores." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8986.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8986.json index d4d2c3392ed..7cb71e3e145 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8986.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8986.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8986", "sourceIdentifier": "security@grafana.com", "published": "2024-09-19T11:15:10.913", - "lastModified": "2024-09-19T11:15:10.913", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`.\n \nIf credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials." + }, + { + "lang": "es", + "value": "El SDK del complemento Grafana incluye metadatos de compilaci\u00f3n en los binarios que compila; estos metadatos incluyen el URI del repositorio para el complemento que se est\u00e1 compilando, tal como se obtiene al ejecutar `git remote get-url origin`. Si se incluyen credenciales en el URI del repositorio (por ejemplo, para permitir la obtenci\u00f3n de dependencias privadas), el binario final contendr\u00e1 el URI completo, incluidas dichas credenciales." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9001.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9001.json index 15445bcc4d2..58ba70d12ad 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9001.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9001.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9001", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-19T20:15:07.810", - "lastModified": "2024-09-19T20:15:07.810", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en TOTOLINK T10 4.1.8cu.5207. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n setTracerouteCfg del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del comando argument provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 primeramente con el proveedor sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9003.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9003.json index 264d92df960..5d69874a384 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9003.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9003.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9003", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-19T21:15:16.143", - "lastModified": "2024-09-19T21:15:16.143", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFile_Load.do of the component Attachment Handler. The manipulation of the argument oid leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Jinan Chicheng Company JFlow 2.0.0. Se ha calificado como problem\u00e1tica. Este problema afecta a la funci\u00f3n AttachmentUploadController del archivo /WF/Ath/EntityMutliFile_Load.do del componente Attachment Handler. La manipulaci\u00f3n del argumento oid genera controles de acceso inadecuados. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9004.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9004.json index 11683f0a429..f06454c78e6 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9004.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9004.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9004", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-19T21:15:16.383", - "lastModified": "2024-09-19T21:15:16.383", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en D-Link DAR-7000 hasta el 20240912. Se ve afectada una funci\u00f3n desconocida del archivo /view/DBManage/Backup_Server_commit.php. La manipulaci\u00f3n del argumento host provoca la inyecci\u00f3n de comandos del sistema operativo. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9006.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9006.json index 2fd4143edd0..36529bdab6c 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9006.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9006.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9006", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-19T23:15:12.570", - "lastModified": "2024-09-19T23:15:12.570", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file config/config_invt1.php. The manipulation of the argument PASSOx leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as f4a8c748ec436e5a79f91ccb6a6f73752b336aa5. It is recommended to apply a patch to fix this issue." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en jeanmarc77 123solar 1.8.4.5. Se ha calificado como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo config/config_invt1.php. La manipulaci\u00f3n del argumento PASSOx provoca la inyecci\u00f3n de c\u00f3digo. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El parche se identifica como f4a8c748ec436e5a79f91ccb6a6f73752b336aa5. Se recomienda aplicar un parche para solucionar este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9007.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9007.json index 158d1318837..67b695a4a7b 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9007.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9007.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9007", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-19T23:15:12.830", - "lastModified": "2024-09-19T23:15:12.830", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the argument date1 leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named 94bf9ab7ad0ccb7fbdc02f172f37f0e2ea08d48f. It is recommended to apply a patch to fix this issue." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en jeanmarc77 123solar 1.8.4.5. Afecta a una parte desconocida del archivo /detailed.php. La manipulaci\u00f3n del argumento date1 provoca ataques de cross site scripting. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El parche se llama 94bf9ab7ad0ccb7fbdc02f172f37f0e2ea08d48f. Se recomienda aplicar un parche para solucionar este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9008.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9008.json index 740ab1beaf5..1692bbe5249 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9008.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9008.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9008", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-19T23:15:13.100", - "lastModified": "2024-09-19T23:15:13.100", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Best Online News Portal 1.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /news-details.php del componente Comment Section. La manipulaci\u00f3n del nombre del argumento conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9009.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9009.json index 9c585edadc6..55d0fb53f80 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9009.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9009.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9009", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-20T00:15:03.997", - "lastModified": "2024-09-20T00:15:03.997", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in code-projects Online Quiz Site 1.0. This issue affects some unknown processing of the file showtest.php. The manipulation of the argument subid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Online Quiz Site 1.0. Este problema afecta a algunos procesos desconocidos del archivo showtest.php. La manipulaci\u00f3n del argumento subid provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9011.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9011.json index b91ad899003..c76a067a185 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9011.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9011.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9011", "sourceIdentifier": "cna@vuldb.com", "published": "2024-09-20T01:15:10.550", - "lastModified": "2024-09-20T01:15:10.550", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0. Affected is an unknown function of the file updata.php. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Crud Operation System 1.0. Se trata de una funci\u00f3n desconocida del archivo updata.php. La manipulaci\u00f3n del argumento sid provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9030.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9030.json new file mode 100644 index 00000000000..557693287ec --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9030.json @@ -0,0 +1,133 @@ +{ + "id": "CVE-2024-9030", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-09-20T12:15:05.663", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/{note_id}/note. The manipulation of the argument notes leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://bytium.com/stored-xss-vulnerabilities-in-crmgo-sass-version-7-2/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.278200", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.278200", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9031.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9031.json new file mode 100644 index 00000000000..091c6d12b81 --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9031.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-9031", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-09-20T12:15:06.073", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/{task_id}/show. The manipulation of the argument comment leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://bytium.com/stored-xss-vulnerabilities-in-crmgo-sass-version-7-2/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.278201", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.278201", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.410565", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9032.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9032.json new file mode 100644 index 00000000000..e073d57d1f3 --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9032.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-9032", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-09-20T13:15:20.637", + "lastModified": "2024-09-20T13:25:34.283", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.278202", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.278202", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.410976", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.shawroot.cc/2804.html", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9043.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9043.json index 6585cacca88..a2588130a45 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9043.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9043.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9043", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-09-20T11:15:13.280", - "lastModified": "2024-09-20T11:15:13.280", - "vulnStatus": "Received", + "lastModified": "2024-09-20T12:30:17.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/README.md b/README.md index 935a12d78fa..88d13a314c0 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-20T12:00:19.201621+00:00 +2024-09-20T14:00:59.046271+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-20T11:15:13.280000+00:00 +2024-09-20T13:59:01.117000+00:00 ``` ### Last Data Feed Release @@ -33,25 +33,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -263485 +263488 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -- [CVE-2024-9043](CVE-2024/CVE-2024-90xx/CVE-2024-9043.json) (`2024-09-20T11:15:13.280`) +- [CVE-2024-9030](CVE-2024/CVE-2024-90xx/CVE-2024-9030.json) (`2024-09-20T12:15:05.663`) +- [CVE-2024-9031](CVE-2024/CVE-2024-90xx/CVE-2024-9031.json) (`2024-09-20T12:15:06.073`) +- [CVE-2024-9032](CVE-2024/CVE-2024-90xx/CVE-2024-9032.json) (`2024-09-20T13:15:20.637`) ### CVEs modified in the last Commit -Recently modified CVEs: `5` +Recently modified CVEs: `550` -- [CVE-2022-0550](CVE-2022/CVE-2022-05xx/CVE-2022-0550.json) (`2024-09-20T11:15:12.240`) -- [CVE-2022-0551](CVE-2022/CVE-2022-05xx/CVE-2022-0551.json) (`2024-09-20T11:15:12.710`) -- [CVE-2023-29245](CVE-2023/CVE-2023-292xx/CVE-2023-29245.json) (`2024-09-20T11:15:12.980`) -- [CVE-2023-32649](CVE-2023/CVE-2023-326xx/CVE-2023-32649.json) (`2024-09-20T11:15:13.117`) -- [CVE-2024-3044](CVE-2024/CVE-2024-30xx/CVE-2024-3044.json) (`2024-09-20T10:15:02.620`) +- [CVE-2024-8907](CVE-2024/CVE-2024-89xx/CVE-2024-8907.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8908](CVE-2024/CVE-2024-89xx/CVE-2024-8908.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8909](CVE-2024/CVE-2024-89xx/CVE-2024-8909.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8939](CVE-2024/CVE-2024-89xx/CVE-2024-8939.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8944](CVE-2024/CVE-2024-89xx/CVE-2024-8944.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8945](CVE-2024/CVE-2024-89xx/CVE-2024-8945.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8946](CVE-2024/CVE-2024-89xx/CVE-2024-8946.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8947](CVE-2024/CVE-2024-89xx/CVE-2024-8947.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8948](CVE-2024/CVE-2024-89xx/CVE-2024-8948.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8949](CVE-2024/CVE-2024-89xx/CVE-2024-8949.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8951](CVE-2024/CVE-2024-89xx/CVE-2024-8951.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8956](CVE-2024/CVE-2024-89xx/CVE-2024-8956.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8957](CVE-2024/CVE-2024-89xx/CVE-2024-8957.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8963](CVE-2024/CVE-2024-89xx/CVE-2024-8963.json) (`2024-09-20T12:30:17.483`) +- [CVE-2024-8969](CVE-2024/CVE-2024-89xx/CVE-2024-8969.json) (`2024-09-20T12:30:51.220`) +- [CVE-2024-8986](CVE-2024/CVE-2024-89xx/CVE-2024-8986.json) (`2024-09-20T12:30:17.483`) +- [CVE-2024-9001](CVE-2024/CVE-2024-90xx/CVE-2024-9001.json) (`2024-09-20T12:30:17.483`) +- [CVE-2024-9003](CVE-2024/CVE-2024-90xx/CVE-2024-9003.json) (`2024-09-20T12:30:17.483`) +- [CVE-2024-9004](CVE-2024/CVE-2024-90xx/CVE-2024-9004.json) (`2024-09-20T12:30:17.483`) +- [CVE-2024-9006](CVE-2024/CVE-2024-90xx/CVE-2024-9006.json) (`2024-09-20T12:30:17.483`) +- [CVE-2024-9007](CVE-2024/CVE-2024-90xx/CVE-2024-9007.json) (`2024-09-20T12:30:17.483`) +- [CVE-2024-9008](CVE-2024/CVE-2024-90xx/CVE-2024-9008.json) (`2024-09-20T12:30:17.483`) +- [CVE-2024-9009](CVE-2024/CVE-2024-90xx/CVE-2024-9009.json) (`2024-09-20T12:30:17.483`) +- [CVE-2024-9011](CVE-2024/CVE-2024-90xx/CVE-2024-9011.json) (`2024-09-20T12:30:17.483`) +- [CVE-2024-9043](CVE-2024/CVE-2024-90xx/CVE-2024-9043.json) (`2024-09-20T12:30:17.483`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 243e9abceba..6761dc9048a 100644 --- a/_state.csv +++ b/_state.csv @@ -172857,9 +172857,9 @@ CVE-2021-27911,0,0,63453bc44e6b819da248bb6ae5fe3d8b3964709f36e8394f2204e3db47f4d CVE-2021-27912,0,0,19148a6b4be6511067ebb8120b362588e1573f54967fc3540726b708fba4e179,2021-09-03T16:45:06.903000 CVE-2021-27913,0,0,167d05a43c4b8a3a9a5f9095ae1170cc5f9466459db5849cf91ef768c53d596c,2021-09-03T16:43:47.267000 CVE-2021-27914,0,0,675b39026c04fc757a33b18eab7c2aa058775623331c1d7c9d085c842a052b1d,2022-06-08T18:45:22.737000 -CVE-2021-27915,0,0,e6739f668561cdef24a58498daa5751df6c86b3626a27c94b75427a7bc117641,2024-09-17T14:15:14.100000 -CVE-2021-27916,0,0,11da46d91d7831a39cadc8f3c45f95d106ba722e4c9b9cdef6174a228a6f2a61,2024-09-17T15:15:11.967000 -CVE-2021-27917,0,0,23dead4ea77fb9410df1ea9d3711c69d5086413d1ee79c8228aff3d570f0bdd2,2024-09-18T22:15:03.577000 +CVE-2021-27915,0,1,42170d064d1b01652cdc11eb30f626387eda85d27a5f861e99cddbeae26cfb9b,2024-09-20T12:30:51.220000 +CVE-2021-27916,0,1,17a56e0b9e95a77b85369601e6daab8e12801e4f3a1e07f75ef096207d8313df,2024-09-20T12:30:51.220000 +CVE-2021-27917,0,1,91b2b1a67d397df9112f7f1e87e1fdf982c5590731c372073735b88709378af9,2024-09-20T12:30:17.483000 CVE-2021-27918,0,0,0518da32da0b62ea5fcb12a67bfb4a45de87702f6745ca2fb1540144faa372aa,2022-12-13T16:28:13.860000 CVE-2021-27919,0,0,ff72fa8dcdbe5235ea458afc8e87af812a5a4a7f37cb1ded6eeda83ce3037733,2023-11-07T03:32:02.603000 CVE-2021-27921,0,0,b11f4653b3d8f81de77297ff4168966513573360c29446471f5cf2f2df9fb5e0,2023-11-07T03:32:02.670000 @@ -187969,8 +187969,8 @@ CVE-2022-0545,0,0,5f8a902dafd6159ee1d3d3abd2a4f5b604bb9b4301573e6f3b22aad99ae5d3 CVE-2022-0546,0,0,110cebfdd6ff13b7140a9f3862078ce3df8bb49e7dcbf8ed64d7ab7bfd8aac29,2023-11-07T03:41:22.280000 CVE-2022-0547,0,0,b87b8392b3086ad91a3af0001d2269bbce828f61152c5d8341fb948ac5e5345a,2023-11-07T03:41:22.420000 CVE-2022-0549,0,0,c8f2d7aed0ece1e7b596fa13ddc848f0d71a04920cd68f4bdcce9ec0950f53e7,2022-04-04T19:20:43.360000 -CVE-2022-0550,0,1,a0c8b7edb7cbce39e0d777c3bda74069fa0c147dacadcf789b1ee438f4cae601,2024-09-20T11:15:12.240000 -CVE-2022-0551,0,1,4ff57a2b595221d06aa6dc5f20d03e0d7e4718d56501ec37e0d6929ec2e8b4ac,2024-09-20T11:15:12.710000 +CVE-2022-0550,0,0,a0c8b7edb7cbce39e0d777c3bda74069fa0c147dacadcf789b1ee438f4cae601,2024-09-20T11:15:12.240000 +CVE-2022-0551,0,0,4ff57a2b595221d06aa6dc5f20d03e0d7e4718d56501ec37e0d6929ec2e8b4ac,2024-09-20T11:15:12.710000 CVE-2022-0552,0,0,183966929729f1900aeaee14e729366e475542a470c3c6adf97292b1287b8219,2023-02-12T22:15:20.927000 CVE-2022-0553,0,0,eed26d5cca99613afef4048e1fbd59fc96d9663c11ef0875849b479a57848b49,2023-07-21T17:13:15.200000 CVE-2022-0554,0,0,0eb14a07a96409838a6e7dedeed6bfe6613c4cc8748340c9ac1a656a21845e81,2023-11-07T03:41:22.640000 @@ -194664,15 +194664,15 @@ CVE-2022-25763,0,0,f36a89526be5572d2d9c611d221dd3b3c258194aac38cd956d5c0a334ae80 CVE-2022-25765,0,0,bc5460bb4643fd4c858b78ef1f90248807fe33e394e3b9ca3e1285b35c5a0727,2023-11-07T03:44:49.920000 CVE-2022-25766,0,0,9c9eff15468e46e0d8fd364a8a8ff59474a4c5800e69ce89b7195191e92ce00f,2023-08-08T14:21:49.707000 CVE-2022-25767,0,0,9c7e47a7f32ad24819f31562ff54850c26f7314d814cab84c6713ce436000d52,2022-05-11T16:19:05.967000 -CVE-2022-25768,0,0,2f471eb3838e4e5cd6d600ba0852b92e4b7ebd1fb0df798e844f5f3255c1a409,2024-09-18T21:15:12.860000 -CVE-2022-25769,0,0,49c2fe6bbcc4dd18d3ac4c13713a4ad2cfb810bf9c9a1e9e202814edcb46964d,2024-09-18T15:15:13.060000 +CVE-2022-25768,0,1,39328cc46a7e45147f714adaa6aeaee757a592e7665a3d543dfdcaa6a51e547a,2024-09-20T12:30:17.483000 +CVE-2022-25769,0,1,79bac75ac2032bd03a72d1165ef99fe57dbcc3d6dde05c7f30a89c7730bb1a4f,2024-09-20T12:30:17.483000 CVE-2022-2577,0,0,87c803484cf61dec9e54055b4599e6f4b1ddfe755fed9fabbd2408fb332046f5,2023-11-07T03:46:40.493000 -CVE-2022-25770,0,0,61d36750ec580fc71c548d57cb5cb4888c2713fab3b6031919aa08220b34c305,2024-09-18T22:15:03.827000 +CVE-2022-25770,0,1,26726cd6619dd406e11abd4510e22d8873fd91ccae476c9e3a36b8fe1a60ec6e,2024-09-20T12:30:17.483000 CVE-2022-25772,0,0,95d681186a9c51133bf3638b33bba1dd8f63cdc4f434660afa0e726ca2c437ec,2023-05-09T19:15:11.413000 -CVE-2022-25774,0,0,d128421aa7601ab16044dac15490c25c6c2e690412ad3801950f706eb5056b33,2024-09-18T15:15:13.253000 -CVE-2022-25775,0,0,2d1d71ffaee7c477f923babb3051dba7e000633b4437cb8d189bac24751d255c,2024-09-18T15:15:13.440000 -CVE-2022-25776,0,0,9fbe8029aae3d5b21da2ffbfb3fcbb3c0b1cccf869457ebde978fe0e2ec23da5,2024-09-18T15:15:13.620000 -CVE-2022-25777,0,0,49e0e38926654b75fb3f04a59e2899d0c331df0eddbdcebb6c3062ad4ede895e,2024-09-18T16:15:04.980000 +CVE-2022-25774,0,1,8d3904f648b5a8f403d33d7ccceac240ec9fda1db8d81455d41763dd01967f4e,2024-09-20T12:30:17.483000 +CVE-2022-25775,0,1,b8eff290d609671f2d971299558a9b960537211f8eb08303b76045b051d484d6,2024-09-20T12:30:17.483000 +CVE-2022-25776,0,1,da9b9d89b467df468b6e2a33a8a9d44c8fb088fbda6f8d67c18644d303de17aa,2024-09-20T12:30:17.483000 +CVE-2022-25777,0,1,4c65ec963469e7435f82a3d28d44251d27aea65eeee72308dac7bd8a3bb10f52,2024-09-20T12:30:17.483000 CVE-2022-25778,0,0,d33a6c464736dc83925f8894577efd1831139b6d537692d92f0faae224736b0b,2022-05-11T18:44:34.810000 CVE-2022-25779,0,0,4cc25f73bf46ee90d0c51c55921c8d5948f913da4b37f33496b30f1a0b932974,2022-05-11T18:46:38.337000 CVE-2022-2578,0,0,b5c8c05b6b5124894234e43a50f3c3ee7f866a667a1b26bbcfea5883e5cf23dd,2022-08-05T15:57:17.487000 @@ -205297,7 +205297,7 @@ CVE-2022-39064,0,0,12a3dbbf728a982dd312cc0d5d9ff9657f0bdfb214dd42709048b34b79d2d CVE-2022-39065,0,0,cd584a75aec5300c6e9a9a671fc8c9b43a6618931ca91f50e33f6d7044185186,2022-10-18T14:08:59.637000 CVE-2022-39066,0,0,67c65566bd21096c72fb54e751efd5c2676353abb951d0c6b56e3cf4f5a67339,2022-11-30T13:32:37.447000 CVE-2022-39067,0,0,c358196114540dd22595661fab8f7d8d626092ee22ba6d47c3469536ad018e02,2022-11-30T13:38:39.770000 -CVE-2022-39068,0,0,168dfc388f40b556940d299cc9092e97de99b115f32c6711a9f4ca99876599ca,2024-09-18T02:15:09.690000 +CVE-2022-39068,0,1,196733977692b6e39b527069798354749867091cc424e37913f17633b1d19a3c,2024-09-20T12:30:51.220000 CVE-2022-39069,0,0,8ff28daec3354122720c8cb16c1caccdcaa79dbb867529cb1094311244bf3a64,2022-11-09T16:44:17.623000 CVE-2022-3907,0,0,d1aebbc42b807c6a07b40a31bb83639d938c2e22546d709be343b2e421af6dd9,2023-11-07T03:51:56.857000 CVE-2022-39070,0,0,1055429b8a4d59edcc42ecb196a96188940cd00259c634d98da73157d4e25d30,2022-11-28T19:29:32.380000 @@ -209914,7 +209914,7 @@ CVE-2022-45320,0,0,86332dd85b2cfbe963629398e0cf08bee0d12d85c646f1ab6ad9a2add7bda CVE-2022-45326,0,0,fe6a2e80df3508e3c963b0fb62f4bbda18000e14d7327c7cdf358306d46dda13,2022-12-08T16:34:51.260000 CVE-2022-45328,0,0,ba18c1e472ebe99fbb3cd9ab39fc2adf0e31fdeca86523f982b6d9dc58b6709e,2022-12-01T23:22:07.887000 CVE-2022-45329,0,0,6b07a09d463fac7037e5691e5599cc792bb7a8dcfcb831831de8c1f2261aee8a,2022-11-30T04:58:16.687000 -CVE-2022-4533,0,0,76d3999274721037b83ac75c5bb59467ac305675ed61a3c60d327eee8a16b28b,2024-09-19T04:15:05.860000 +CVE-2022-4533,0,1,cb909550f4b96ea2cc15bb2ea36cbb129a354423c09cf0aea327cdae2a7893c0,2024-09-20T12:30:17.483000 CVE-2022-45330,0,0,cd98ddc24a4f7a2a8b2e81c2a45252ce58f305bbc00492852d07bcbfa4fd87c9,2022-11-23T16:04:50.373000 CVE-2022-45331,0,0,d56f749377ee32baee9704d453f5cd7e14fbd7458db161db1deffebffb365eef,2022-11-23T16:04:58.820000 CVE-2022-45332,0,0,94e4da01e7f2e9d6ba2c8e99622553188f4f4167cbc35169367dcc156794dbb9,2022-12-02T16:00:13.253000 @@ -216587,7 +216587,7 @@ CVE-2023-22374,0,0,1a4e502b8e0386f61aeab8675b1eb99d03794155857f0d7678773320093e9 CVE-2023-22375,0,0,e3e3bb54d710b958b7446744bfcd42cb175b03a6560d20efd047c827e425ffa1,2024-08-02T10:15:57.170000 CVE-2023-22376,0,0,5f77166ec52ee481f3f13dc00a4527cc3ff862e7a717a24036ddd07aab863f81,2024-08-02T10:15:57.247000 CVE-2023-22377,0,0,474884dd1a09476b7b4dd4133dbefd32510d640c3aad027c5f39bc3de4ced6c3,2023-02-23T18:15:28.777000 -CVE-2023-22378,0,0,540a5d76962f06073c55d7271b0de534349a7aca3f36b088158bac7f4521bc93,2024-05-28T13:15:08.783000 +CVE-2023-22378,0,1,a30cff56be04282cd241b3f4d46e4b889d9f7578d493fa5f5c08445e6920fc62,2024-09-20T12:15:02.750000 CVE-2023-22379,0,0,a854314508ceba6f521c183c34ec8ac284ac914dadb9ee630d16d2176493d1df,2023-11-07T04:06:52.157000 CVE-2023-22380,0,0,5b0549d59b87de4f680c09067e099283d749c055ad2df650083bbf514294419b,2023-11-07T04:06:52.313000 CVE-2023-22381,0,0,2638f0ec9ef459ec9a8200d31478e5ddb3b875c486b8d21dc687bf73da099710,2023-11-07T04:06:52.397000 @@ -216997,7 +216997,7 @@ CVE-2023-2284,0,0,75ba5ba7af26bfbb1fc492417b63fd596374e7763cb2f9fdbd798745d30e39 CVE-2023-22840,0,0,1f1b272cfb278fcff2217410fbf284f5428c132f7f3d9528dc3c82edb5d2b847,2023-11-08T03:10:49.553000 CVE-2023-22841,0,0,16b04e0da9b02c104d1c486e38313d10e1566582fdebe4743cd1f3860a8729eb,2023-11-07T04:07:27.757000 CVE-2023-22842,0,0,51561093b22cd284492b3a6fb6ff0d9a7c4e47b403a882a103c37babfe7b620b,2023-11-07T04:07:27.970000 -CVE-2023-22843,0,0,ad8adcf7298a51b73ea88bf96e20a1322cd43c8d2f2fd3bade46eeb095840e05,2024-05-28T13:15:08.937000 +CVE-2023-22843,0,1,923d42e539ce5949e5c2fdd902d3c2c70b409b33440b33f90dee03241d8bb93c,2024-09-20T12:15:03.493000 CVE-2023-22844,0,0,9f317de85823ed06761d9a78a45b6ed458126e22af9fd7359df7bf8e54e47575,2023-07-13T17:21:55.650000 CVE-2023-22845,0,0,14be039ff213a3d18757ba7ac946f3d22dd764d18ce6cd8b47de41211c1c2b55,2023-04-05T13:39:14.847000 CVE-2023-22846,0,0,68ee63a6bcfae95eafaa56475436f7471d2e77a8f5bf094917056c6d391f6fc6,2023-05-02T01:32:29.167000 @@ -217470,7 +217470,7 @@ CVE-2023-23570,0,0,34f43d73f90c49f764b81e997892fd78dd337c97fb1148b24d8e32f1e47e6 CVE-2023-23571,0,0,4b5d57468b0e0f6068ca1be84d1957d7fa69a135a66e59bb39d39000117da5a4,2023-07-17T14:15:09.677000 CVE-2023-23572,0,0,b46b7512903e7f49f58188b1516e5c59dccee6524ae44e74bf2d1686b17145a6,2023-08-24T13:33:32.147000 CVE-2023-23573,0,0,d839cffdfa00da742eae7d304e41472753b06c66c5d31c59bec83f449da372d5,2023-11-07T04:07:46.417000 -CVE-2023-23574,0,0,206c186a96ab6221b997ee27e668fe577646574fae2bdb52c98afdb957e6292e,2024-05-28T13:15:09.070000 +CVE-2023-23574,0,1,b67f66b5b65ad0e62ebcfed6bda90888bacb4029f43603b7f3756c633a76866b,2024-09-20T12:15:03.747000 CVE-2023-23575,0,0,023ca3e7364edc16a58f52ccb2e6b5d9fc2383841c194afcc25ab1d7eefe38cb,2023-04-18T19:36:02.697000 CVE-2023-23576,0,0,9b16ed66ee4707fb622123e163d2115347cbc9be42696ade7dc9624d77214e54,2024-01-05T19:32:36.870000 CVE-2023-23577,0,0,f94aa6f01f8e228592ebd011e08981a573e21add09f0acea4f77a15299f4b462,2023-11-07T04:07:46.600000 @@ -217786,7 +217786,7 @@ CVE-2023-2390,0,0,d8c9efd41ed58c9bda7173dbc3cdf3c4fdff0003337f5c2250528e3228bfeb CVE-2023-23900,0,0,4a9a9dad572dc14c005a8198761232e0acf0f159e24f4d684821e3379c3a3a30,2023-08-15T12:51:30.800000 CVE-2023-23901,0,0,b404c4d9219eebcd5d9e657ffc96fc39988fe3d1cce11319b574a4a843a3ff27,2023-05-17T16:08:29.533000 CVE-2023-23902,0,0,c8a8104b6d3022f8d00edfea767d75b2cf1ef46c07dd4d5dd9ee1a9afe747272,2023-07-13T18:31:44.900000 -CVE-2023-23903,0,0,fccf327800a1ff965c99f03b583ab054122977d0941f22c4eafef035f92c6e81,2024-05-28T13:15:09.210000 +CVE-2023-23903,0,1,3d9f5a120fb1e8586bb978cfffbb5b8385027dd7fdd6c765c5ee33c626f9a4e9,2024-09-20T12:15:04.187000 CVE-2023-23904,0,0,1073dcac3090b6c3ec8ffc3cdf8179f350d5171319ef4b19c5e4d802a78b6cf7,2024-09-16T18:03:16.707000 CVE-2023-23906,0,0,ecbad8f7470fe791c8d121d19e6d0b6ce2455ac668d25663f92ccec3da4757b5,2023-05-17T16:51:00.670000 CVE-2023-23907,0,0,6b01042e288083ef8ae13ac98b90ca33e3377b10f46b85df69a956945cc9f097,2023-07-13T17:22:44.253000 @@ -217890,7 +217890,7 @@ CVE-2023-24008,0,0,60434e83807ea113d2544d2b831fcd4bb4044d81c3bf977a63469d6423f79 CVE-2023-24009,0,0,83bb6270361e00407c77d06b177e7711ec21b475a97b6c45c95921a42f20b4a8,2023-08-15T12:51:20.067000 CVE-2023-2401,0,0,847c06ef400eb38531db20297f019bc63c492b56634b7049546cfc5cf01a8f18,2023-11-07T04:12:36.290000 CVE-2023-24014,0,0,eb88af82c14dce294c5afd8b71cf99d2f5dad118b3a06c3207d448e597874308,2023-06-14T12:56:34.443000 -CVE-2023-24015,0,0,ffd8e410b6c3026ec61a4d4e4853d43a65e70799e9cc8d9f994ddf94bec5345d,2024-05-28T13:15:09.340000 +CVE-2023-24015,0,1,39f9877fc6dc249f356b9d8ddce3553505a2ce3cbfa0ab1578e025a9048a82b5,2024-09-20T12:15:04.520000 CVE-2023-24016,0,0,8ac29699bd14f62d6bd2fe373468604e6fed0e7bbe0ce28c642dcb0a97da0f44,2023-11-07T04:08:14.393000 CVE-2023-24018,0,0,a171dde389a350e74f9af83099f24a5c0d8146bfdf2398523ea36679a38c7894,2023-10-30T19:44:52.387000 CVE-2023-24019,0,0,8b9c88cc0c4c14b2b07a14699a9fa70ad51bec4efb3a82efdd9131420f13bf6b,2023-08-02T15:34:21.127000 @@ -218219,7 +218219,7 @@ CVE-2023-24473,0,0,b370c8439284eb589a7381f5a8e0afab9057bdbcc9436302c5450befd9b62 CVE-2023-24474,0,0,c89433afd7a562ae845dcb397c9e9fbccdca040c4e8493ff807f7c3a2a359c1e,2023-07-25T15:06:34.040000 CVE-2023-24475,0,0,fc23673baae024fc57792907eeb2f3479b196a8b840c72a9ab1d29515ec03989,2023-11-07T04:08:29.593000 CVE-2023-24476,0,0,82d203fd139a99cad24748a551f8c29291ff548ef8b0f2fef37920a9acf7c87a,2023-06-15T17:25:11.497000 -CVE-2023-24477,0,0,5fb30106ec729ad587445bfae815d46bfd9fd0eb8615881097b6b060bb74de49,2024-05-28T13:15:09.593000 +CVE-2023-24477,0,1,3f32777f965177231e0bd93abf48dc68e6bbcdbe731c40fe89d84d2f674f458e,2024-09-20T13:15:04.357000 CVE-2023-24478,0,0,2854da322060ae3aa5136cdc270dd3e7cfe41b008077c5f73f7fb78201ae3689,2023-11-07T04:08:29.797000 CVE-2023-24479,0,0,7211e9c69437501b3a8e7b9a9efd614e2106314128fbf7e75fec6228445328c8,2023-10-12T22:25:43.207000 CVE-2023-2448,0,0,698462a131ff71655a9da6cdc5a6c28ccc47ebf9f4d9a3e2f8a3a28a96eadbbf,2023-12-04T17:38:31.713000 @@ -219176,7 +219176,7 @@ CVE-2023-25666,0,0,9329c20086df1831926a3d2e836ad1ca87c7bb2663c4ea7cdae2a6734ae13 CVE-2023-25667,0,0,7efac3cc2cf288d0d8e0a72f036945bd8b16cbb151e78b88bc2043e1daf07bf8,2023-11-07T04:09:05.913000 CVE-2023-25668,0,0,17439808d191e9d44412ac88f372c453c6a7b56282c541fb77ca790d79d2e1ed,2023-03-31T14:20:18.307000 CVE-2023-25669,0,0,5799ebe4de7eb86bb31a13c40b7ed1678b85cc77d9d0682764a3dc5f4ed2efc7,2023-11-07T04:09:06.053000 -CVE-2023-2567,0,0,d1a60179d764b82eed2b7916aab9e41ababb84c65c188bb2c7159001a932b71a,2024-05-28T13:15:09.857000 +CVE-2023-2567,0,1,1ac6dd29861dbb570da7adf048c6c8e790afe63d2025eedd15e58909c01c9f1c,2024-09-20T13:15:07.067000 CVE-2023-25670,0,0,f9dcbb1f04ff7ba5a0a0fa2adf10e56474b48ef8789523af5d66cd9e89898c31,2023-11-07T04:09:06.160000 CVE-2023-25671,0,0,bfda7816a898010b5e3dbd370222e6fd7e36489c44c161a898b17a01a4e734a7,2023-11-07T04:09:06.280000 CVE-2023-25672,0,0,4c5551dc36d4bc66e02de852d1385936cf6c50fc7a1b7ca7662ba9486274e753,2023-11-07T04:09:06.410000 @@ -220673,7 +220673,7 @@ CVE-2023-27580,0,0,49adfe72e2abd2b9132f8e9f105c54c3095346080a8c8fdc9db68f8615c86 CVE-2023-27581,0,0,3be21d9e38984ab40cfdf16e35bd0ec94bf38f82166aa990fa09b019ce7d31db,2023-03-17T16:05:39.477000 CVE-2023-27582,0,0,1a1817c890efe2e9cb7f9b5758e04dfd44298e130771f54319db300ecaa127b3,2023-03-17T16:20:47.580000 CVE-2023-27583,0,0,485632ece7b84277edc8c6c8e35a35af799ce3f1829dea2d8e24153e4ca28fa0,2023-11-07T04:10:00.917000 -CVE-2023-27584,0,0,20e78435f76029903f48059f26b5f8c86fa8a9a56a3b8703ee41388a1af5366f,2024-09-19T23:15:11.233000 +CVE-2023-27584,0,1,167ce088bd8f9c80da4e6d625fe319f047d2a9162f0ce98f9401931fcf08cdbd,2024-09-20T12:30:17.483000 CVE-2023-27585,0,0,0445bd17c5084701b2dbcf65f77e303187fa2b90831341ed725bac756a8cffd0,2023-08-30T01:15:37.417000 CVE-2023-27586,0,0,72de1619c31b9c2ff4ad09f40e3b9c53d6bc1c9f49761fe93846248e8881b816,2023-03-23T18:23:58.923000 CVE-2023-27587,0,0,ff84401de0a75d958d75bc60aaf34fc3791f8b67e0e2909ed4ac19eca27c4613,2023-03-17T16:26:13.203000 @@ -221448,11 +221448,11 @@ CVE-2023-28447,0,0,6367186976f27827261c19bd8919f6ea82651685bddf6890d58adc5cfc17d CVE-2023-28448,0,0,ebc63ef0aa5992d3b1b222c457f8387f360915a33d538a72c217fd6a5a4cb59f,2023-11-07T04:10:37.130000 CVE-2023-2845,0,0,0fa9122be7638e783829920da4cebd575a75f9f5dbfa9888210728f2e9226a90,2023-05-30T21:57:09.587000 CVE-2023-28450,0,0,5c2253d4a287fe441625ee366deb367c57e306635c3cd3c5dc9109a263b491de,2023-11-07T04:10:37.277000 -CVE-2023-28451,0,0,8279752440516283e0f82d3f1f34143381833496695a0469053a512c113a55c1,2024-09-18T19:35:05.387000 -CVE-2023-28452,0,0,75ad47e85685d8552bee5909bb140451cfae4a0b1e8874a03a2dc5e39b6b73ec,2024-09-18T15:15:13.957000 -CVE-2023-28455,0,0,5d9dc0a1e3dd3761dc39c0ec499b0abfdf50462b1bd728dd33a43154387daed7,2024-09-18T18:35:01.490000 -CVE-2023-28456,0,0,30ac109970f777d2caa1aef3f1690c9199451186ec48919800655341b8ed7274,2024-09-18T18:35:02.367000 -CVE-2023-28457,0,0,779c00b1fb09fef4ef22b12b7a5b0586e5eb976cb589856710c590af55b54c99,2024-09-18T18:35:03.190000 +CVE-2023-28451,0,1,02077ec90308f3e10469b10deaf63c0d2ebe2477fc443a25917d0309e16e6145,2024-09-20T12:30:17.483000 +CVE-2023-28452,0,1,5247748a4963e83effa31c74ed9e77374ac610f0f8b3a6982711b705bead2134,2024-09-20T12:30:17.483000 +CVE-2023-28455,0,1,f787fb2c5855f2ef8a0ef687381494c982efeb5bd0d85c2360e1231605ce1999,2024-09-20T12:30:17.483000 +CVE-2023-28456,0,1,8378b0b76e7ed1fe6b97cc185749129d97a08e1cd047126cdda55e3b5f77f944,2024-09-20T12:30:17.483000 +CVE-2023-28457,0,1,206d728c18e532fdde6c3e8fb8a9670565345ef4220c0484509d83c640353a93,2024-09-20T12:30:17.483000 CVE-2023-28458,0,0,ef73a1fa781dc427433a4344f064cf2c5d295719475229911a534302acd48e97,2023-05-04T12:38:48.727000 CVE-2023-28459,0,0,ff6d9b0d2a61636a2216f5ca3eebb22b60bf4cdf2177e93c8efd3097129af8b8,2023-05-04T12:38:31.430000 CVE-2023-2846,0,0,9aab683976373505e029cb617089a2ec5cce34a049b1b52d471de12eae663bf2,2023-07-10T18:51:01.550000 @@ -222157,7 +222157,7 @@ CVE-2023-29241,0,0,0332e7b930ff4304668a7a896000a21892f2828fad91c89c531554546ff13 CVE-2023-29242,0,0,b61b510d1f58b7f0d5a338add68b354218b1c2308336d527a49331a9e2d27196,2023-11-07T04:11:07.910000 CVE-2023-29243,0,0,8725de0b480e293af5f5e87a983092ba629b47c9b3a192ae1fceec5139111ba1,2023-11-07T04:11:08.053000 CVE-2023-29244,0,0,fd105b38b3d195c238b5968b40ac7f34e4f4dc15ba8cf11199615ee5ac2d2d49,2024-01-30T15:17:47.337000 -CVE-2023-29245,0,1,36663441326991b70a4a638f7835ab4b96bdc7534da1afdff5817a73607c1710,2024-09-20T11:15:12.980000 +CVE-2023-29245,0,0,36663441326991b70a4a638f7835ab4b96bdc7534da1afdff5817a73607c1710,2024-09-20T11:15:12.980000 CVE-2023-29246,0,0,66dc05c67373539e60513d12bb8d5ea5cbab81162146e8ad3ad6542b8a2951e0,2023-05-22T14:55:15.440000 CVE-2023-29247,0,0,bb0e3571a900cf515f84f932527ebb6318ef77da20d3db85fc0074ca4d75811e,2023-05-11T23:24:54.837000 CVE-2023-2925,0,0,6dfd7b78d36e2a725703c314ea807457e2096a4bbbc04df212c7a1d27031a788,2024-05-17T02:23:22.303000 @@ -222910,7 +222910,7 @@ CVE-2023-30458,0,0,48c15acc8080e55dcad253897d98be087ef3a613a48400bab015ca689a5a0 CVE-2023-30459,0,0,5203c98e26586eb418e577e0ae073865f5b068c7334ca2353e2b79f21ee05326,2023-04-25T15:56:57.943000 CVE-2023-3046,0,0,ecac07b94baf4825a77ca2376c60e7599fadef86a6e35f7199431d4839633975,2023-07-31T18:10:15.423000 CVE-2023-30463,0,0,578403456f513186915a79f10d80ead6b521f986e8efcb462d3b4f5fdfe361bc,2023-04-28T18:49:31 -CVE-2023-30464,0,0,3aae22a2e0f43047e68f03e1c3bca7b8e0d56717d49f06b096746b3b526617e7,2024-09-19T19:35:01.113000 +CVE-2023-30464,0,1,2219fe2a351a90ed5b4baf0c5b582d478e2ecc8c75596249eb60867c38157102,2024-09-20T12:30:17.483000 CVE-2023-30465,0,0,03cb642b9d155b8fc540b2b5aab3b36429c8caf9db77ee091c34798766c54d43,2023-04-18T19:30:08.003000 CVE-2023-30466,0,0,a09f27d23c57f262101e1beba7bf30085bba339c92bf87babd3fd4546142e636,2023-05-05T17:27:07.267000 CVE-2023-30467,0,0,1f60c7af1fdcdbc8eac29b20ae332e43dda1d16453ce8a587bb1e16e4fb9ef03,2023-05-05T17:57:32.067000 @@ -224670,7 +224670,7 @@ CVE-2023-32644,0,0,a354953f4dc4989b7b46cb55cf08179c3a1e29618db34fa29ce42ae9c36e2 CVE-2023-32645,0,0,857d6cc902eefc1d9512ca3bece7549ec7eef38c002db86a230c5d650c8de20d,2023-10-12T22:27:09.257000 CVE-2023-32646,0,0,f6b1530f5a486f7b373de01025884669df82841c6297142c889d164b769a0a22,2024-02-14T15:01:51.137000 CVE-2023-32647,0,0,4e49ef2dce5500c3745634f186eda67b3ba6efb3ab14954d1408922ffebd0d1b,2024-02-14T15:01:51.137000 -CVE-2023-32649,0,1,22b9514becd10eb679dd28ac11c5883dd073215affaee5996a16965af56cdacc,2024-09-20T11:15:13.117000 +CVE-2023-32649,0,0,22b9514becd10eb679dd28ac11c5883dd073215affaee5996a16965af56cdacc,2024-09-20T11:15:13.117000 CVE-2023-3265,0,0,471c4818cf3d140a8514e2ffc1948be656fcb1771a62c82080073ff1643bcfa6,2023-08-22T16:20:24.977000 CVE-2023-32650,0,0,bebe035dcd601dd36e4c165904cd4a21f7ee809614ac45add18da3be91ede908,2024-04-09T21:15:08.027000 CVE-2023-32651,0,0,e84751d5182835b1a5435aa440dd49d94cb9c7b164bddde42f31052d1248666d,2024-02-14T15:01:51.137000 @@ -231448,9 +231448,9 @@ CVE-2023-41603,0,0,7eae02bcb404653f8cf9e28340ec8a561b47a402fdb727d540cee5e43f7a6 CVE-2023-41605,0,0,c09977e342b3399cb054a02d7c15a161158f613f02f666ee1f6dfa3b4009a9cb,2023-11-07T04:21:00.217000 CVE-2023-41609,0,0,3bd4e736f9f83dbe7ac5c6a636f09e590cb9ec36b1af4f2b64690d67593848e4,2023-09-14T17:58:35.633000 CVE-2023-4161,0,0,7df03f1cfebd5d12fb7dd64830212873f12e24a1c77995358c2ceb34fcbbcca9,2023-11-07T04:22:12.317000 -CVE-2023-41610,0,0,b7f7a34d68344fcacda56f897b769d9e1f77b8f6d7295930f14e3658a166c532,2024-09-19T02:35:17.530000 -CVE-2023-41611,0,0,ef3eb69758db1d9b28c7123b9952141b7f86bac3088be654c4225e15336606c4,2024-09-18T18:15:05.750000 -CVE-2023-41612,0,0,77598d5263c6c419dc4441eae8cb7f6904d208d828905d2cbf9e1bd7873a6842,2024-09-18T18:15:05.803000 +CVE-2023-41610,0,1,51f6b90285f8d509b54f5a55657396e90fb4869a02c7f6edccbed71ebffe01ea,2024-09-20T12:30:17.483000 +CVE-2023-41611,0,1,e185c685ab592a1712950af6d6852ade10f48dbd058a0bbaa6327af6374cea18,2024-09-20T12:30:17.483000 +CVE-2023-41612,0,1,f81e135992d31dcc8c1b4cb7694118b65507ac0a31b06a896da10750a65a9b4f,2024-09-20T12:30:17.483000 CVE-2023-41613,0,0,14a8003db8756e22aa6e34184a53a524c8848112d2658b820d2d53e6d4a30f92,2023-12-07T21:08:08.163000 CVE-2023-41614,0,0,800f55cf7fcdb99df81dd721b47d50fd8bdb42500fe162978ce716d3e60ac044,2024-01-21T02:14:33.077000 CVE-2023-41615,0,0,9e3b6cba4b67acfbe6486851fe7daec432b9c66a87b8a1c79ccef36619967361,2023-12-28T16:23:14.277000 @@ -234328,7 +234328,7 @@ CVE-2023-45850,0,0,54f0aa089c8ebefba26fc84db9cc11c8567f61a11232a6923c6e132d5e43b CVE-2023-45851,0,0,a3947611dcf22f6805d628e99aaae522253196bfe6bc115a5e6e07eee5573efb,2023-11-06T14:33:29.510000 CVE-2023-45852,0,0,9f9928a73d27493bd16960e42e3753b817edb53bf0a279e8c73f0394583e4b85,2023-10-18T21:02:05.847000 CVE-2023-45853,0,0,6503429cbf2e1e20ebf7ebe132f95a8b90c44cef1beb7aaa8cc28ef474dcc45b,2024-08-01T13:44:58.990000 -CVE-2023-45854,0,0,394313462a2368ea2f30526af8413d92e9573e06a35e5469bc30af67d449c491,2024-09-17T21:35:02.480000 +CVE-2023-45854,0,1,fd1b599fb467628f9bb2341124630f6a56ef04897dcdb698cc71199c6ed3520b,2024-09-20T12:31:20.110000 CVE-2023-45855,0,0,912d651ace420e3e306dbd306a33a1e9381017090da4aa2e9ea6f83c20cb2d32,2023-10-19T12:47:29.590000 CVE-2023-45856,0,0,9549076e6d0a6fd1b223e9b67c01e74b49d52dd52325c68b86809e5c56a367bc,2023-10-19T12:51:51.217000 CVE-2023-45857,0,0,73cdaec7d516e0e7ed8e90335cf635a85ba7d5cc487bbd7bc0e61ce086b2cacc,2024-06-21T19:15:29.593000 @@ -235256,7 +235256,7 @@ CVE-2023-47100,0,0,ff970e0bbee0da60d74f669b9fb5cb216763ce026187e12f8579e05200812 CVE-2023-47101,0,0,8e6edd25cda6a591046fe983528e0a18fc64caa5bb33128c51155cd1de08a87e,2024-09-09T21:35:04.033000 CVE-2023-47102,0,0,bb32c5cb2274f695bb77b1dcabc1de081035b480bea1daa5bd9c69bcfd55cd77,2024-09-05T15:35:18.967000 CVE-2023-47104,0,0,a37a236519348a3781a21a1de0f9441014abbe03c8d36d3b50f8a015a7854ef5,2024-09-09T21:35:05.027000 -CVE-2023-47105,0,0,5cf15f1266a0b31eb246a6910002d8705e4ec03226bb3c929ea366f22d33975f,2024-09-18T19:35:09.023000 +CVE-2023-47105,0,1,edcf662d43aa3d9823a1d03df7b3e4f5568870abec6d51b508c7f6f17eb7cc58,2024-09-20T12:30:17.483000 CVE-2023-47106,0,0,274f9f8003b54fe6ff33410b194e51c238d7f0e1d1e6019e27d3ee23d36974d3,2023-12-07T21:01:57.647000 CVE-2023-47107,0,0,62b3eb30757fd38e881b6505c45a9191d7dd7c665bbdd43f636c7f315820da31,2023-11-16T14:27:03.320000 CVE-2023-47108,0,0,e1878aaf9ec42eaeb46d72dc6612bfb6a1c8ce4d93ded369cdc526dd853945a6,2023-11-20T19:34:26.493000 @@ -236630,7 +236630,7 @@ CVE-2023-48986,0,0,3e86c09b0154a3f7dde95b5c3b4eedd1d2835b8042a082e2efbc1932611a9 CVE-2023-48987,0,0,69f8cd3ccf34bf1acd15c51cf7cea475714364b5987485d3965e6a533c756bfc,2024-08-29T20:35:36.787000 CVE-2023-4899,0,0,eb486be781bffe6ff31a97fcc088dbcce85803354e744e3957cc030f754ccde4,2023-09-13T03:51:29.183000 CVE-2023-4900,0,0,f0591399d5883c000e9e3ad8cfca3d7c8c638b7753578d037335773e46d02fc3,2024-01-31T17:15:16.900000 -CVE-2023-49000,0,0,b457ecf3b1b7f590b4ca8d5cf092120ecbf2663c80d718b7d553ba87b44842e3,2024-01-04T18:45:41.737000 +CVE-2023-49000,0,1,2a8a5d950edbd0f69efca13121d43d091c05f99a50774ae2da5f2523bb7026bf,2024-09-20T13:15:13.783000 CVE-2023-49001,0,0,898da6d17685ec06799efaf7e4fc2846ce279af74325c8b68866ce0d5f79b02a,2024-09-09T21:35:06.213000 CVE-2023-49002,0,0,3a5fa695802dfc4730d9238349110678bdc918c3d2dcadc5153ac8113a41bccd,2024-01-05T16:29:01.827000 CVE-2023-49003,0,0,d76460499f56de14dda7be2ed52a57abf894e3689c15eb032e4523f5a4792f0e,2024-01-04T18:36:38.453000 @@ -236788,7 +236788,7 @@ CVE-2023-49195,0,0,239193d980cfd4324773344b0a932e91919adfb3eac7f01f4cac2dbd41501 CVE-2023-49197,0,0,87fee8cafa9bc5eebe7f1b14f5bce64e09cfb3c60a34a1183c07dca6faf91be6,2023-12-21T17:26:04.913000 CVE-2023-49198,0,0,ac19da202070e70cbe33e0e7f0d8ec06a1ef23f683cbf1d8c569adca8420cbd3,2024-08-23T16:56:50.683000 CVE-2023-4920,0,0,750757ff4ce213882eeb3b1cbdf16aac49f85b0688b4847bcc0bc2036d6471f3,2023-11-07T04:23:10.193000 -CVE-2023-49203,0,0,88a31a8718672d5a37324674732d432a3eef562259f0dbe7bf88ecdcaee1d5e1,2024-09-18T19:35:09.870000 +CVE-2023-49203,0,1,fc29cf05ff76e5367604e1e666f9ac85d5057682dd6c2383d793c69bbccd03f7,2024-09-20T12:30:17.483000 CVE-2023-49208,0,0,2a9e047f121c5391d797b355b9800029d03397ffa5606d306303c89458886565,2023-11-30T20:47:45.190000 CVE-2023-4921,0,0,f6caa99aaa8bd9b77f1b8ba6041c425c337fb5660ab8fed5a711e5fb5a689b43,2024-08-26T16:06:55.377000 CVE-2023-49210,0,0,9b911dd5ab2028f37c1c50f777fb24f7d718b5c731a8746dbf32546fd1c0fe16,2024-08-02T22:16:01.363000 @@ -239008,7 +239008,7 @@ CVE-2023-52526,0,0,c6fbf7011a1abc82768cc9ac1147f4717798ea758f4066f00d5ed475fb6cc CVE-2023-52527,0,0,69feac5279ad296f8c62382461ed563ed5c37ec9a4e9995105c7b03fe18dc87c,2024-03-04T13:58:23.447000 CVE-2023-52528,0,0,939a0919c11a416fb09ccd94fbb4242c3c2cc2c0f74810e24bf07ad99dd62190,2024-03-04T13:58:23.447000 CVE-2023-52529,0,0,6fb710ab675e24c4b60b90f8d390bdf0e7583f3fe7abc5ad6111bd5320ab77c9,2024-03-04T13:58:23.447000 -CVE-2023-5253,0,0,9935f6a6b8e92edb9e114189fa7123fe931ded952ed5940f64cfe41c8b279d8e,2024-05-28T13:15:10.223000 +CVE-2023-5253,0,1,c4802b58efe25a55292e2d6161746d1a3fe4c3cf13d24e9ae30c1e6051f46d20,2024-09-20T12:15:04.893000 CVE-2023-52530,0,0,92deaf22bd1278e0428c06b19fd2bd9609a93de213a14e64c9814336868387bd,2024-03-04T13:58:23.447000 CVE-2023-52531,0,0,139c545d33ba10eb3343fe2ebed8bb6f85f222cd821926b67d690a1cf30ff498,2024-03-04T13:58:23.447000 CVE-2023-52532,0,0,299d7cb56f6a6c17487eae201e2d466d368011ffa4a3b859f2f2a268babbfcfe,2024-03-04T13:58:23.447000 @@ -240034,7 +240034,7 @@ CVE-2023-5931,0,0,b863132c78f405b95b156ce10d8c8834f739198b1c22c39b9039317e3d10cf CVE-2023-5933,0,0,c27c7c124bf6f24d3d8bc7e7a234b7a69636f1470ba62f1e7eea002c9235b309,2024-01-31T20:31:37.367000 CVE-2023-5935,0,0,5c9977e4cef0a3205c3f3d4f198081c4011f07f7c29f57925421bad8856254a5,2024-05-28T13:15:10.383000 CVE-2023-5936,0,0,0e9b40f540294b22c62111188a98b7a7dfd5997f71ba7b235855df30f7a2ea6b,2024-05-28T13:15:10.503000 -CVE-2023-5937,0,0,52ad43a3f599af757b6a12d4f4f7017cca7db8c6feae18744ea900ac31e390d2,2024-05-28T13:15:10.607000 +CVE-2023-5937,0,1,ed630a63c6e25b72f867c0d3951f442f9c3482ac513542b40354f9dbd13afb09,2024-09-20T12:15:05.110000 CVE-2023-5938,0,0,d8e5d8fa354d1c0e0f7bfd4c516f904ddecec9837270a6a3e8261535681b5f51,2024-05-28T13:15:10.700000 CVE-2023-5939,0,0,86826e61786240ab39565830a51baf97bbdcc30061503025ecb4335740f9f493,2024-01-04T18:41:13.330000 CVE-2023-5940,0,0,3b88cbfe906c0f96bfeb07d7ebff4455834e84bc3a2aa915a7a575c431817030,2023-12-13T17:39:17.437000 @@ -240884,7 +240884,7 @@ CVE-2023-6911,0,0,3b948d5f872db714f3250cf86c16bcb3947e28b3af758f14411aa4054fb490 CVE-2023-6912,0,0,0c7c8a8fdda34532f8d0f2c2f0016bf6d87695a56bebd5f73611b86e52817bd6,2024-08-28T08:15:06.777000 CVE-2023-6913,0,0,582c1fa576b104bc8739a2f437e166c37625ad213b8160fbe777dd72899ac35c,2023-12-28T19:03:17.600000 CVE-2023-6915,0,0,a5f83b46b46abf0b1e3fae799ec74bd5ff4ee1ecb73825d304d5e09ff244d3c5,2024-09-14T00:15:14.743000 -CVE-2023-6916,0,0,c182dc0daff9f87110b40dc2a62d63a04b074ffa411317adde0864834413da45,2024-05-28T13:15:10.800000 +CVE-2023-6916,0,1,7cc1921bcea1efa8445e66ad12a4a44a89ece6f8964d7175739630429c94f43d,2024-09-20T12:15:05.307000 CVE-2023-6917,0,0,c225753f977c7d24eb498c809335a7661f5126f91a0be658b35ba6cfd8590e38,2024-04-30T14:15:13.417000 CVE-2023-6918,0,0,d12edd2a2681e2552b6c70402cbe47c74b9710e33ec89a2bf68c72bb879285a2,2024-09-16T18:15:53.620000 CVE-2023-6919,0,0,2189cbdc051629cd609df5e97eae90f8023275da95ae4626ab9311de639182b4,2024-02-01T19:43:35.653000 @@ -241352,7 +241352,7 @@ CVE-2024-0212,0,0,55633d7b7ec7ba7e84254b5a30e5b01e93ea2bd6509b4168107ffb9474880a CVE-2024-0213,0,0,ef8dedf28245d0ae70f87f9258cca3afbaed6e2552d830f8b4c80ab4eca40572,2024-01-12T19:27:52.903000 CVE-2024-0216,0,0,5db0150a6defe94c534ea06b438d3680a2481b7203149642bcafa6eeb47bddb6,2024-04-30T13:11:16.690000 CVE-2024-0217,0,0,dff0ee3a755b5789dbb3bda1883ae669fffbc3624903a03817fe2262041b1ae5,2024-02-02T15:20:25.843000 -CVE-2024-0218,0,0,e0f7082bfe7bdb2b72e28d6537974d07e10b08637004dd51d50eee8295bc543b,2024-05-28T13:15:10.927000 +CVE-2024-0218,0,1,9f0e6b4bea52be157f1330e24432134b3c5d506400c5c6badfb630af4d1fd0fb,2024-09-20T13:15:16.733000 CVE-2024-0219,0,0,b7044527e6312a645cfd11fb721216b84cfeb88504d813d0c3eb89e1835d8e0b,2024-02-09T17:15:31.870000 CVE-2024-0220,0,0,4478b53c04077624854d5b69c9fe95d675429fc1d7fab33a90dc864a1050bb80,2024-09-19T18:15:05 CVE-2024-0221,0,0,50e4123bdd9330b9856aaead23e8d95b6f2e4b19cc54edeb2503c031d7426fb8,2024-02-13T18:48:37.837000 @@ -242631,7 +242631,7 @@ CVE-2024-1574,0,0,72feffe42c72d6830d032663fa96f8a42adaa592b8140c7ff86296f6edebc0 CVE-2024-1575,0,0,72640f5ac75448b4b5509a8cb432003a1dfdf54ba22e8912d56e4943fbc2b8dd,2024-07-24T12:55:13.223000 CVE-2024-1576,0,0,5444101344581d3589e93ce2d526b43d94d0797d9cd912b65660866715706816,2024-08-14T13:55:57.477000 CVE-2024-1577,0,0,7287d7da4767d738b846ccf37b2518c0176c0362f66596066c97cf866de98fa1,2024-08-14T13:56:31.627000 -CVE-2024-1578,0,0,f604547740c32337d2378275a5347ef1939f5c4a24bcf2b01dc5ce3c9a80771a,2024-09-16T15:35:14.853000 +CVE-2024-1578,0,1,f7c0a10797014cacf1afbd31b461c3ce267d847c10d35e1667b0f8fb68933b8a,2024-09-20T13:53:31.657000 CVE-2024-1579,0,0,b6d8173dad7692a86ca6531cf14391459a611253254c72b5260cedefe5ac123a,2024-04-30T13:11:16.690000 CVE-2024-1580,0,0,07aeb5360f5558bb119a373ba7800ece8f428995a9df074cddda9448e0dd7d45,2024-03-27T18:15:09.063000 CVE-2024-1582,0,0,ed01326ea86a5aee79953e4017f8aa9f576ef158252fee7ae361d02c65156e29,2024-03-13T12:33:51.697000 @@ -243820,7 +243820,7 @@ CVE-2024-21141,0,0,f6351581c68c52a0fcae66a77dd601ef15127184835385b5e0479a9d14461 CVE-2024-21142,0,0,f819d3a8ba6f5d3f6da22376ee3aac7e9c1012257d5ae28b11f63731d1547f92,2024-07-17T13:34:20.520000 CVE-2024-21143,0,0,00d3158bf58fdef1b0ea359eb4fd1877d407a38c8141a35ed2d92f7d5fd7ff90,2024-07-17T13:34:20.520000 CVE-2024-21144,0,0,47e09fd5fcc37ec82730b14b6c143601a9e80d79dcae6217efe43cc12a904fd4,2024-09-18T15:15:42.963000 -CVE-2024-21145,0,0,a189157c8426d8ad6971ad9843f06a52e2ba533f8f4d8f95883f50413386394e,2024-09-18T15:16:36.450000 +CVE-2024-21145,0,1,0f20eb889de8290fa5c2ea280bb176cf511605c155717bdaded7ab58008b835d,2024-09-20T13:46:53.830000 CVE-2024-21146,0,0,c75b160e4e3c99880ff62d36e7e801ade0e912daea3b1e5430c44ac99095338a,2024-07-17T13:34:20.520000 CVE-2024-21147,0,0,d581db22cc70629aa91eb51c988684be29e1ff1430ebd94500067b05edd568f0,2024-08-13T00:49:47.367000 CVE-2024-21148,0,0,5e054bb367a8e9656b43550b5962eaa7f739f26520f7472e3f916549fb13304b,2024-08-28T16:56:18.687000 @@ -244253,7 +244253,7 @@ CVE-2024-2174,0,0,69f2854ef3602f6c241fc54636cb33b9aa524ada04f0df9d9cfac3f6048da2 CVE-2024-21740,0,0,578e6e77253937b45696dc5f6043eefe34a835f238564d1fe1369311381e46c2,2024-07-11T15:05:22.467000 CVE-2024-21741,0,0,abad64de70c0fef6bdf30dcd2634a39b659714e71a96cc61f74db71b448be2aa,2024-07-03T01:46:46.537000 CVE-2024-21742,0,0,fae1ce375f3fcebe0111b56738c6b02117d77d438c12e42f2ce0251b9cb2427c,2024-02-29T01:44:04.040000 -CVE-2024-21743,0,0,ee2cc92bac68cd39c37407c4897474e85e2309d633c448e1da65171ed678403d,2024-09-17T14:15:16.900000 +CVE-2024-21743,0,1,0796f228a255a8494ca4bcb581e49158cafa8b24400e4f1dc60b4a4d36771963,2024-09-20T12:30:51.220000 CVE-2024-21744,0,0,2932a891b0379b8b90b4b42aa5b769696f0f306f989668b0b1182de9207b4937,2024-01-11T18:45:53.040000 CVE-2024-21745,0,0,43ff797785c9c7f395ec98aed207e377746f20cca00e9af0fc8532ca30f21956,2024-01-11T18:45:19.053000 CVE-2024-21746,0,0,71b367edf262d30b7091359190b87e54a7e9349e34c251cedb156f53143414f1,2024-05-17T18:36:05.263000 @@ -244440,7 +244440,7 @@ CVE-2024-22009,0,0,b5b916a7d5e03fc859dbc7dc76ad79ca7e20552b5b212df09fe8f4b48b2af CVE-2024-22010,0,0,48bb31cd9fda5132d6bf173e5f25a90e9963e9143797f12960e4a1affd5276cd,2024-03-12T12:40:13.500000 CVE-2024-22011,0,0,f1daed51c903d88d263d46bfaefe467f13d6b47a3368a8cc0e99c1a391f6eea9,2024-03-12T12:40:13.500000 CVE-2024-22012,0,0,dc6a18ae7accb379105ae5b8c9fe53def4787e4dcb1f5ed3397b80bba457789c,2024-03-12T21:15:57.953000 -CVE-2024-22013,0,0,d8bc1fb3dd56651aaae9c44e91eebcfa5e63bd288cd0c305a7264204f48dc1fe,2024-09-16T20:15:45.743000 +CVE-2024-22013,0,1,7f532e6900797141a60e66fca5bd8ac368c382be95753f2e15222fe6285acb11,2024-09-20T12:31:20.110000 CVE-2024-22014,0,0,c5bff26c435087f5079304a805aa4d4c0115cfcca173e494a6205154db70b18c,2024-08-22T21:35:02.417000 CVE-2024-22015,0,0,ab9198a00b8902f553a18672e99e37367cbd733d408a460d3e69564e986f708c,2024-07-03T01:46:59.010000 CVE-2024-22016,0,0,80ed0ed1953eb9bc819815a69c5782ab91648798b066ce1586fe70786fbfbdf5,2024-02-07T17:33:12.727000 @@ -244704,7 +244704,7 @@ CVE-2024-2230,0,0,81b726a6e768be79a74c3dcd4be2a480a2104236725fc7bffdeb7f2fbcd260 CVE-2024-22300,0,0,2ccc2ed7d49a64132a7983e9a20d1608e44be91faa8ac853f3fc7e5537921096,2024-03-27T12:29:30.307000 CVE-2024-22301,0,0,6ea04ba8fe9617b0d51c2fd6df44a496f80ce215c2c4f5fff80486be4006a269,2024-01-30T17:44:59.847000 CVE-2024-22302,0,0,362c5a4f749f18001b8a7dcb225bccd5bc460dbdebe5d9a9ec96a1e36f826c38,2024-02-06T15:03:44.550000 -CVE-2024-22303,0,0,3ab68abfec960ade621ea6958db0aaa547822c3bbfbf77888a1521bdd83d91f5,2024-09-17T14:15:17.123000 +CVE-2024-22303,0,1,d94975eba9e8b4d178a20cfe3a46d69a48b8fa089f3152af218f7ef6ad604ab4,2024-09-20T12:30:51.220000 CVE-2024-22304,0,0,d67aadb9e2f2a8922ce3f2329d1d83c880e9db8ed9775a858536276b6d2b71fb,2024-02-03T00:21:59.163000 CVE-2024-22305,0,0,3299523f3b75290f8ab4191f513bdb6256b216a4956cb61206392c7121abdf41,2024-02-05T20:42:22.943000 CVE-2024-22306,0,0,e9e637b40676dc8271792a0690b94850a032bacff223625bec6ea440280c18af,2024-02-06T18:20:46.017000 @@ -245219,7 +245219,7 @@ CVE-2024-23233,0,0,313670ac068b12d9fa516d4a3c082e80e45b5e5dbe4efd3c4e89ac3ce5144 CVE-2024-23234,0,0,cf9cee47c5ddf4443c90581bef409e0907a72ec2106ee4166332684023ebc090,2024-08-27T16:35:08.620000 CVE-2024-23235,0,0,8475456fe966a8434d45c9ecd97011b49e7b6d9a91cff5dc02bc68aaf295e889,2024-08-01T13:47:09.287000 CVE-2024-23236,0,0,35e1e8394e7b9f6ad4331abd77ccd4bc245703e2c3f094e21b2b9f6f0cc432ae,2024-07-03T01:47:39.753000 -CVE-2024-23237,0,0,d896aaf12dac493d5ff493612b646e4298fecc872e7b7f5bd7c05264d4c4761e,2024-09-17T00:15:47.670000 +CVE-2024-23237,0,1,be8457b0156b53d9d7deb7899bbe8762e49b8f8b91c0d7e8fa974d8218e14f01,2024-09-20T12:31:20.110000 CVE-2024-23238,0,0,fd48b8741b126bfeb7cfbf18403f943f7768e37b33d158371b746f6d71b99a91,2024-08-05T20:35:04.390000 CVE-2024-23239,0,0,17a811a7a40ab6626263a25969f3b0683f14fcd51c6df6a2a6c4fb1d83529ebc,2024-03-13T22:15:09.947000 CVE-2024-2324,0,0,a32ac9b03f44a6b6199f75f2e494024d5620e1a8d468eb3441202d4c5501e3ef,2024-05-02T18:00:37.360000 @@ -245560,7 +245560,7 @@ CVE-2024-23653,0,0,729d8336dfde52c72f03e8fc94e725c0c3a5e90a0b3aba20b0e12cf7f9da9 CVE-2024-23654,0,0,9ecd45317c97d36c93e90c2ebcdfa37332dfab3e029543bb4f6a5d681a9723ef,2024-02-22T19:07:27.197000 CVE-2024-23655,0,0,491b8ad2e500c9cf71ce64deb76954b49968b71e2fd3c6127f27a91b23ca31a5,2024-01-31T23:26:33.637000 CVE-2024-23656,0,0,20fe993862b99786db71d598b727f6c1300b7f6f6562d1b1e5adc84696a356a5,2024-01-31T23:26:14.650000 -CVE-2024-23657,0,0,5e511f44f2f7777cbd8fb4a3b775744570ee148be59e675f23d4ebd5723093ac,2024-08-06T16:30:24.547000 +CVE-2024-23657,0,1,3c3aa05887b7fe323f19a9fa638c5fbf359a00a778a239ba1721b064a63115ff,2024-09-20T12:49:35.743000 CVE-2024-23658,0,0,10beca2216f16f0be3e501bbd136f2857304d574c44e8f95ff0af4b783ec494c,2024-04-08T18:48:40.217000 CVE-2024-23659,0,0,00fc339e96cf90505d259821db8c42ecca98975cfcf7d7475d9e6c3b75152cbd,2024-01-25T14:58:22.470000 CVE-2024-2366,0,0,490db5028d325a3e3270a4bc51ed933daf1eb90560331895c813986c8416aa30,2024-05-16T13:03:05.353000 @@ -245802,8 +245802,8 @@ CVE-2024-23911,0,0,fdddcb19f4466c54e569787b1df836a5978efd401f095a2d3642663fd0df9 CVE-2024-23912,0,0,210cf35daf58146f5a2ec254acd74292d26b1663729ba2d0483f8b346b0042f9,2024-05-03T12:48:41.067000 CVE-2024-23913,0,0,32316a55a8e1da81d9abb95b33e0db8e8724ab28f77e16dfed40dc690a6cb334,2024-05-03T12:48:41.067000 CVE-2024-23914,0,0,ef84d8471f9b2e6f74b964fa20e89b8542f1e03d544d051711757b2a10104df2,2024-05-03T12:48:41.067000 -CVE-2024-23915,0,0,bfaf13cc3d81ee197c7c42941f9ada8654f71cd3575d80c6205f4892fac909df,2024-09-18T14:15:12.580000 -CVE-2024-23916,0,0,e0f51db3387bcf7f07716f24446a7c339e129071ba14113b232fe38f391ff77d,2024-09-18T14:15:12.790000 +CVE-2024-23915,0,1,c86037473fb83281cdd161a09e8f79326fb2cb16ba83357dd2e74c444debd52c,2024-09-20T12:30:51.220000 +CVE-2024-23916,0,1,1ef3c30066d7ba54ee6ba6cef7d807a2440ec221705ee717ee8f7b7b07e16b4e,2024-09-20T12:30:51.220000 CVE-2024-23917,0,0,f3236f3886ac3a298029762564187aed866f84d01e9365abb654a21b0d966829,2024-02-09T01:05:22.180000 CVE-2024-2392,0,0,a1f238224b889878ea8101bb03eb85f7363cbe3f032b78dbb59584257d093c6d,2024-03-22T12:45:36.130000 CVE-2024-2393,0,0,df74eedb2cf97a7cc02bf0873514b7acec290c6b3a77795cc7def5200bf6c3d3,2024-05-17T02:38:12.530000 @@ -246836,7 +246836,7 @@ CVE-2024-25657,0,0,4b43facfdcb326ebfd5828d4d462b595cdd46fa54d1b75d686b3ce7b78fb3 CVE-2024-2566,0,0,087689b93c35b2d23260489bf51254e9dbbd90f4e3c3903cdc8f028cf28ab7f4,2024-05-17T02:38:19.710000 CVE-2024-25662,0,0,731e4a5b21d04f93342e67f003659a0e732cf91f4619ab2aeea54741b462d915,2024-05-14T16:13:02.773000 CVE-2024-2567,0,0,894c1cbf5b078d66a72f8e7a485b38287a781715f51ccca3dd4b9958cfc1e069,2024-08-01T20:15:15.443000 -CVE-2024-25673,0,0,81e639b1f7fbf8754b4e267411fcc130c67ff83ee62eb8538403064c33f649ae,2024-09-19T19:15:24.093000 +CVE-2024-25673,0,1,aed80796d7a3374c0acda4eabef794fd88f4890380e50c588005bdbf57b8834a,2024-09-20T12:30:17.483000 CVE-2024-25674,0,0,a93e87559f3310a2a7f0b0950089f8e58e9cb97b1d3ba4777163ca1197a89f40,2024-08-26T19:35:20.977000 CVE-2024-25675,0,0,557139e6badf2f7cbea8b1e635432a1b7bfe50ad3cd4ea09e589187f2a0848c5,2024-02-12T14:30:28.640000 CVE-2024-25676,0,0,a08186e93b8e72e7d0fccd86e2d99f3ceb03caa74e9fe0fb3ce31f97ab303d23,2024-05-02T13:27:25.103000 @@ -248291,7 +248291,7 @@ CVE-2024-27361,0,0,e36b02dee6138d8db49ead5ecd9bf32ca156e68e27cc50daa8adffe6cb1ea CVE-2024-27362,0,0,9d431a1116edfb20ae4c799537e5e9f5d11ebb0847e9e8bdd27f35d143873f1d,2024-07-12T14:58:02.413000 CVE-2024-27363,0,0,f6352d5e26499e6478b31ffa535bfa444a95ad102dd84d5e4c2e7b2372cfbda9,2024-07-11T13:06:13.187000 CVE-2024-27364,0,0,02f27164deb200afca4b1d38ab76500f16a864bcb06855698108ffe4aad28278,2024-09-11T15:27:12.647000 -CVE-2024-27365,0,0,3c959fdfdd9e8166116c2ac74f821743ca7ac0cc5d7f5e3ebb169f667a654fd9,2024-09-10T12:09:50.377000 +CVE-2024-27365,0,1,486c823f710be44bd9d30a95d68535c0e2eeb066109a41b6323dad52b9bd207b,2024-09-20T13:09:31.330000 CVE-2024-27366,0,0,30a861f840063626e8e849d7d5555680b22c82c5cce090a6de789e44c30ea096,2024-09-11T15:26:58.437000 CVE-2024-27367,0,0,71b3ea1c40f6af3adfb6c571db5463e76d68459fe590eb2bd8e09817fe6fb217,2024-09-11T15:26:42.500000 CVE-2024-27368,0,0,41f719760ea2cb29c517e06027ad9c630fb4c688c70b168de9fccd0f230b5e48,2024-09-11T15:25:46.313000 @@ -248539,7 +248539,7 @@ CVE-2024-27791,0,0,09b0597ca715a1f6ef86184b931742440fb3c3b5a01efc19b59894d859d87 CVE-2024-27792,0,0,5345289bd8f4293904ad0762af292089a06622d6b9d4e901e6eb8d83abe37af6,2024-06-12T18:02:45.480000 CVE-2024-27793,0,0,1b6a23c11a935c27256b2d5a9880463f95ce349dd6e5eaa7f6bfd705591d7421,2024-07-03T01:50:49.173000 CVE-2024-27794,0,0,b75d2039b6158a4929ffa606a51b07ea3ce814d9da4d930322d189103f2032cd,2024-07-03T01:50:49.393000 -CVE-2024-27795,0,0,705e9e121b2881b46d63d0d824e970d121974bfac0f97a10667c22b8d9bc8e8e,2024-09-17T00:15:47.740000 +CVE-2024-27795,0,1,5cb50db423768bc8778bbab47e2202d8255edb2f8dbb29d93142dacadb87e0bd,2024-09-20T12:31:20.110000 CVE-2024-27796,0,0,4b7279c3feb336e34123ba67ded6045e38a903dedab1f07b2afe52f0d873a234,2024-07-03T01:50:50.207000 CVE-2024-27798,0,0,82fb7799e96354c0f89159fa55ea2c14e42659da5f82d211634e1e90a7c00835,2024-08-01T13:48:46.017000 CVE-2024-27799,0,0,884ab3b726e34f80c319ede5bd0049a4beba35406e34d8151ad3d9e6a79e3ee6,2024-07-02T13:38:10.830000 @@ -248603,26 +248603,26 @@ CVE-2024-27852,0,0,9c516bed02a09c2aff2aa4b9ea5d528517ae4b8f02f5b13e3e44ea400df8e CVE-2024-27853,0,0,883bb6d3fa0a8c26652b1f3a1d11e0d0aae3b4d2023d0960134066c2e88301e8,2024-08-12T15:13:14.897000 CVE-2024-27855,0,0,e4901bc850a7c0f79eade81e1de0a193a7e166d4d71678ff74681ab03b5418a8,2024-08-01T13:48:51.967000 CVE-2024-27857,0,0,b12d57be271aa438e5d4c668c7f18ead13afc3b08569565d9c95a215938e9ba2,2024-07-03T15:43:17.007000 -CVE-2024-27858,0,0,523aa38780657b9985ab888fe4eaed2e14f348f660360ee9cc2bafac16cff8e6,2024-09-17T00:15:47.797000 +CVE-2024-27858,0,1,5eaa8d773a9d978d4e8ff2981c029820f2cd7ffcd1becf784f85e2358fe864e0,2024-09-20T12:31:20.110000 CVE-2024-2786,0,0,8ed89c394db0a4298af6ad355228ba4ef878fdf7e45e835968fbe7eb06ba76d1,2024-04-10T13:23:38.787000 -CVE-2024-27860,0,0,f66e16c6015b93b742acaad9b24ed945903a721148ae75cae6ca0cecffe77117,2024-09-17T00:15:47.847000 -CVE-2024-27861,0,0,581f76bb10513bf36e61c3c28dba8360eeb4c4b6228aeea50291ba2abe2ab1f0,2024-09-17T00:15:47.897000 +CVE-2024-27860,0,1,ab7223db9b108f5a83f042283fb082d31ed60d6806a96d9fd265108df0594684,2024-09-20T12:31:20.110000 +CVE-2024-27861,0,1,0efb1b1c86153fc13ad51f6b68699fcbed628108d163ae19f3e786941fcb2dab,2024-09-20T12:31:20.110000 CVE-2024-27862,0,0,6a1c629c4e6507b4b49035253caa6ee93e62b8be69739e75e90d1bcc9a884e42,2024-08-01T14:35:05.210000 CVE-2024-27863,0,0,508019dee070d0b71d963cf0aca914f810083800bc171b0f57fa8f39de1cbc93,2024-08-12T15:07:03.157000 CVE-2024-27867,0,0,c8c0bef10450917c014bb0f5b8c10be2f4bd90c5c93e6cf14274f5f577a33a76,2024-07-04T05:15:15.540000 -CVE-2024-27869,0,0,ada2004e7ba0b6f62a98b6fdc774abb776f3d59ddb71f72d754001ab6ac2a166,2024-09-17T21:35:03.670000 +CVE-2024-27869,0,1,ab86b588e6108c96e921287e926d0b0e0be022111ca064fae2e3a77e61276c34,2024-09-20T12:31:20.110000 CVE-2024-2787,0,0,2d4ec32358f3e4fff4e28d01c0d898cc511d2c65fccc3f39ec557fb8f116ac98,2024-04-10T13:23:38.787000 CVE-2024-27871,0,0,aa889bfaf64951ad81b8eaff6e3ebab3a984b1a00b69f7afbb60904dbe5078f9,2024-08-12T15:03:12.533000 CVE-2024-27872,0,0,37b3013a393e2a4da5a8cab81b2aba84fb318151ed1cc07ffcd36e54f42e134f,2024-08-12T14:57:41.280000 CVE-2024-27873,0,0,7729d99677f493b1646015ca9c6f3b42e2f48da1b219729ff59f6f38e1d663c8,2024-08-12T14:49:15.007000 -CVE-2024-27874,0,0,ecbd43c545a940e09f7bc08a9ff43e87770070e6218e7cb0f491733ba69001a4,2024-09-17T15:35:06.550000 -CVE-2024-27875,0,0,65d7774ea7046d1c2ffd52f7fb12ac73d091d641a1a51116bc36079c520a4fe3,2024-09-17T00:15:48.063000 -CVE-2024-27876,0,0,1bad73d880adabe99d8bedc08933eb4d0b97ae05d6168b4c2cf58b6f87f1d76b,2024-09-17T20:35:05.790000 +CVE-2024-27874,0,1,faa6466c43e9ecbd289e04c0cef8825ec987606c6f0b1e67acb00cf0dfce63e6,2024-09-20T12:31:20.110000 +CVE-2024-27875,0,1,837456bd7f5f6cd606934a2a2d8430181ce641dd30f777d1cf78374c8b0aeb12,2024-09-20T12:31:20.110000 +CVE-2024-27876,0,1,80666934b22ea56f64d110ca490ba4d80150c46cc4af2aa9846aa73779bca376,2024-09-20T12:31:20.110000 CVE-2024-27877,0,0,f267e4e9b2c15ea5212cd96d8b790eca5b3bdc1ce3ab48286d7c0d66eea29c1a,2024-08-09T17:02:19.750000 CVE-2024-27878,0,0,0c018d0060dfa2d1e866f6f95570e39bac870f1d62334bf4a576f22fb4e08910,2024-08-01T14:35:06.007000 -CVE-2024-27879,0,0,4df0bb60b45ddcffea4439007b5ee5dbc3d5ac2fbad1db1dec4c26fcd4e04a1c,2024-09-17T20:35:06.640000 +CVE-2024-27879,0,1,254e8be6ba8a43e047f04cd80464022737a7bf42d0a4ef2248a263ff6e0ff3c7,2024-09-20T12:31:20.110000 CVE-2024-2788,0,0,fae17eccf9cd9e59e0540a9ad532e11d3f58404c6459f605cc04b4c55f908408,2024-04-10T13:23:38.787000 -CVE-2024-27880,0,0,55bc30865392b74c61625a9f4aa842c0b9edfc53af79a96ef7ccb89f05888202,2024-09-17T00:15:48.250000 +CVE-2024-27880,0,1,ac8ff9f100ef3b0009620d9bcbca4901a88d263dbfa6f42818749dbd5f47bb38,2024-09-20T12:31:20.110000 CVE-2024-27881,0,0,ecd3b41ffcf84a1b769c2ce9b805a207566f7e84b913888f092b35189f2e87e8,2024-08-16T17:37:25.757000 CVE-2024-27882,0,0,5ddf2334142d0bee4ddfa2f398cb632ecb7d93b8ecf3478fdf0f165645bf7677,2024-08-20T15:05:39.703000 CVE-2024-27883,0,0,5c8407bb3533667d9c8babdd5f7216ed0bdeb839d4e78b45e22424db69d8306d,2024-08-20T15:06:34.580000 @@ -250423,7 +250423,7 @@ CVE-2024-30436,0,0,f0e2a7c55294659d9b68ad5c141c1d73e6db3e952470b7608d93d70ce69e7 CVE-2024-30437,0,0,d5da299b996b0ba716b2584fb41394a98fe95a89809181bf72c09bf7480a74ba,2024-04-01T01:12:59.077000 CVE-2024-30438,0,0,97ea6b8f8aa80291648f1edf6ecedc8ad2b8831adb55a9f2824704b938eeb386,2024-04-01T01:12:59.077000 CVE-2024-30439,0,0,bb9a23babf5241450e44866fbe0fadf27f92acd779b0e6450c3ad24b3dc56aa0,2024-04-01T01:12:59.077000 -CVE-2024-3044,0,1,0af519ef5bb67073d6c106a5182120b4e7df2c752508af2031107535842b59b3,2024-09-20T10:15:02.620000 +CVE-2024-3044,0,0,0af519ef5bb67073d6c106a5182120b4e7df2c752508af2031107535842b59b3,2024-09-20T10:15:02.620000 CVE-2024-30440,0,0,1faf88fa48a4f6cc8c516503e0314d6e98ae7ec825707099ef9873385afd611f,2024-04-01T01:12:59.077000 CVE-2024-30441,0,0,89b66b83bf93700c5885e6ba0fffb52aebbf8ef8fe82baeb737af3c7229b04d6,2024-04-01T01:12:59.077000 CVE-2024-30442,0,0,000be18b759c476ecf3dd48b77b6402af1ae7c1591716e0862d0f031f46eccb8,2024-04-01T01:12:59.077000 @@ -250887,44 +250887,44 @@ CVE-2024-31160,0,0,df48ab606466bd66cd539890b6337283ccfce4c5ec6123b8878b9c85f80b7 CVE-2024-31161,0,0,e2a703e9c6723f5d19e07dd73456c0b2e468812b0ceb5c32a330b1990e29f3ea,2024-08-16T20:25:11.357000 CVE-2024-31162,0,0,927e844bb935e8a83ed32cc3c84a6f15334c1e57e0cf01b6b414adaae6ba411c,2024-06-17T12:42:04.623000 CVE-2024-31163,0,0,4c747f1ff7fba8b05c1cafd42ad5f820c8955e2e4c4106c43c9e7bc300a75bf4,2024-06-17T12:42:04.623000 -CVE-2024-31164,0,0,c31b82645418851da3e0edabc7e4d5071eabe5f845fbd8f4f6b205109747c4b6,2024-09-18T14:15:12.967000 -CVE-2024-31165,0,0,9d05742e13e78115d4d423bb99553d2fe3001a9e5466a8b01f0828e634ebacd7,2024-09-18T14:15:13.147000 -CVE-2024-31166,0,0,4bea6bd1219047d024cc0579e0b9437ed45429ed986b56a128972b83fbbc9f2b,2024-09-18T14:15:13.327000 -CVE-2024-31167,0,0,15a65f49b8557ea77743da49f4df4c0dc27f1439a2be849fb2c9af7d7f116de2,2024-09-18T14:15:13.507000 -CVE-2024-31168,0,0,540cfb1c83f1df566d69c3293f51799c1b055bd30a97afbddbbe0c9121df35e5,2024-09-18T14:15:13.683000 -CVE-2024-31169,0,0,af81bab79f7fabeaef003625021ed74f5891103d1fe91b0ecbf45dc1e74e94a6,2024-09-18T14:15:13.860000 +CVE-2024-31164,0,1,4b077c9114e111967c95ef69de4b1df3e60d7e3ee6fc28bede7724e08021d527,2024-09-20T12:30:51.220000 +CVE-2024-31165,0,1,71eccaf434186e0e3ae344eddc807fc25a1140dd9aa31a4bcf0f21b2a97d5077,2024-09-20T12:30:51.220000 +CVE-2024-31166,0,1,cfdbb58b2a4285238c3b7fb8a07098d2d7dcc4d64c00dd57954cc0c319c2dbde,2024-09-20T12:30:17.483000 +CVE-2024-31167,0,1,f4ca56c806c677f257bc5ebc1f6de60afb89fbef829781aa8ba7e0a67dd7825b,2024-09-20T12:30:17.483000 +CVE-2024-31168,0,1,30d2c29c6cf02dc367dbea70e9ced68fd33f716275ff39a0bfda25b32d560974,2024-09-20T12:30:17.483000 +CVE-2024-31169,0,1,f198db5b34a3437b9601f380e9e6d95ee6b931860c79be774a7f454f5d47e3e2,2024-09-20T12:30:17.483000 CVE-2024-3117,0,0,35e12b7e221f89a241b3455a68aa778ef5d3a027d9a06e657b81a15f70aaf730,2024-05-17T02:39:43.503000 -CVE-2024-31170,0,0,ca418f5911b1e212ec8914bce681c4686729e9c3db178f57fec894c541a1840b,2024-09-18T14:15:14.037000 -CVE-2024-31171,0,0,d768219951f605bd690e1e7d362d130553932e51a761b64fc6d5a7dbab9a2760,2024-09-18T14:15:14.210000 -CVE-2024-31172,0,0,01c25fc4a52950f8612e98e64d2b01a58f3b33c5aa8f48f4c31bdf2c4705584f,2024-09-18T14:15:14.387000 -CVE-2024-31173,0,0,4a949cd93d1a79573ff33bf547957ff75f4ecffdaf5b2a19916f002234bb2062,2024-09-18T14:15:14.557000 -CVE-2024-31174,0,0,d27a64f748aeadd7bfe99d4647b6e68131695ff559348e3b46a20768f7159d5d,2024-09-18T14:15:14.730000 -CVE-2024-31175,0,0,6cde8b626cae2eb202493369da7ff4bbbe87b3b81dde198d24fbae8afe4345f5,2024-09-18T14:15:14.927000 -CVE-2024-31176,0,0,b8a95593f7db06f8652a428962955cffc0e1a960bf44c175d377ef6605d8618c,2024-09-18T14:15:15.100000 -CVE-2024-31177,0,0,51670217cf9d2ae9f802d269dc598f80bf1f0f2ba1915d8ba50dd6275d98c0bf,2024-09-18T14:15:15.283000 -CVE-2024-31178,0,0,9d0f2245d96562f70f54ac79257cfc07d1f77e249c9ed1d245c44226a6cae37c,2024-09-18T14:15:15.460000 -CVE-2024-31179,0,0,70619dc93c7aede9d3ae9833f26080d27bca0532d07260995432933a0d055494,2024-09-18T14:15:15.633000 +CVE-2024-31170,0,1,47d209f572679f14d5984eb7d48362c8105fad68ce6424747cd70a9fc70bc29e,2024-09-20T12:30:17.483000 +CVE-2024-31171,0,1,e0c5248397994b825e1c73ddabad76cbe0c7be299c19fb4cbb63c5749ee54840,2024-09-20T12:30:17.483000 +CVE-2024-31172,0,1,02ef97c233923f0496334529731f0443f3b427db112e00cf7a151fb67b903b72,2024-09-20T12:30:17.483000 +CVE-2024-31173,0,1,ee6d76c175184dd7e08279d5b29e03a84a86669cd70461fbb4b6281ea950e62b,2024-09-20T12:30:17.483000 +CVE-2024-31174,0,1,0db8b9851a74f3ce029e60e71ebe6ce295105268cd1757a2b141bcaa86bd578f,2024-09-20T12:30:17.483000 +CVE-2024-31175,0,1,87b0d1f37948efa2c386f67a538f42da0d1aeb9a876abc3d62c86e15a8655c04,2024-09-20T12:30:17.483000 +CVE-2024-31176,0,1,b5984cffc4722053b87281a933d1240f8e7cec18fbe7bd3b2a168b737240df88,2024-09-20T12:30:17.483000 +CVE-2024-31177,0,1,50c49761f7faa3d4b079dde55a723dabd3b99df6e80e5e427d43cdec29a570d1,2024-09-20T12:30:17.483000 +CVE-2024-31178,0,1,257d8ba6f2ba1a3c6bc72bae84d6d11cd3887982d1d4befb4b7d96c6af374909,2024-09-20T12:30:17.483000 +CVE-2024-31179,0,1,9d149bef7a829e6aff414b3cf7b70b34d309849954de297764790e3aa78b3601,2024-09-20T12:30:17.483000 CVE-2024-3118,0,0,b601d08053b91d1b775fc21940190bf1fa2c378ab81a4eb84232fb172e159127,2024-05-17T02:39:43.597000 -CVE-2024-31180,0,0,cfacdba32ba604792dde61ea5192bd3f0a68f3fbb29ed64cf58dfe7831d1f419,2024-09-18T14:15:15.820000 -CVE-2024-31181,0,0,835c2c118ecc75a224ce2ae148955df018fed2deac0092ed030ea33c2a75721d,2024-09-18T14:15:16 -CVE-2024-31182,0,0,c950fadc93e3ea16ef98cfe6a331915a214b53e804ba89a6f7ab843515de72d6,2024-09-18T14:15:16.193000 -CVE-2024-31183,0,0,35c375a6d68274d7c3eb49021a7356a3af376af0ffc335c06845584d31d29b26,2024-09-18T14:15:16.377000 -CVE-2024-31184,0,0,b7c59920550422dd2bd0d8e2e7ffe3978ae0b9d37ba35120d4fca1e99fe9546a,2024-09-18T14:15:16.550000 -CVE-2024-31185,0,0,11d4d1e3baafe683ba9ec71aae73f9602dfc15b6d6ba9731880b66695bd26581,2024-09-18T14:15:16.727000 -CVE-2024-31186,0,0,3dfad5d77e47c755381a80fcf6aef35eccd2a92f4143249975a0b864eebf2297,2024-09-18T14:15:16.953000 -CVE-2024-31187,0,0,826688efd6bf65a94bf2ee884e30740211a6e5f630a046477f540511e2f38366,2024-09-18T14:15:17.173000 -CVE-2024-31188,0,0,13bd237d18c099469e9d00bce8c8a046b9f3c5286d7ad8a0cd9a1cc0397c165e,2024-09-18T14:15:17.403000 -CVE-2024-31189,0,0,6858f5708e98abf5595fb2684a87eb00c16f0ed553e5fd3ffcbc43256f89c04e,2024-09-18T14:15:17.593000 +CVE-2024-31180,0,1,7d1801f614dfaeb29da038eabf15beaaab4fd3c0a76a3414f7d958a8ea1ea82c,2024-09-20T12:30:17.483000 +CVE-2024-31181,0,1,e3fe4b0e893b3c9cc40b5d94c096e1dc49ac84d300d2cb2bc200a4c18fd0f995,2024-09-20T12:30:17.483000 +CVE-2024-31182,0,1,b3524263392a3e86a753cfd0ec3be2548060329410b748d97c0904e15859be71,2024-09-20T12:30:17.483000 +CVE-2024-31183,0,1,bd3cdbd35a876dbe5fcb52001b25fbea85e23e5a0e3dc629f7cab8139f0fc663,2024-09-20T12:30:17.483000 +CVE-2024-31184,0,1,810feb29cd327319c82289bd9c39ece0a7aa2090a1cdf0185b5a3f35a4d9add9,2024-09-20T12:30:17.483000 +CVE-2024-31185,0,1,72064b90c267110d9218943fdd782caa1ec83c28b0089d8fcfa70572368c4a16,2024-09-20T12:30:17.483000 +CVE-2024-31186,0,1,03757518aff555998ab1b2c7a26e2cfc52d27a2d194b0a5e872f16eb011dc704,2024-09-20T12:30:17.483000 +CVE-2024-31187,0,1,819e43a031acc7091cacac396dc16fb7629f32396fcb9e1aabd1133d4e9eebd1,2024-09-20T12:30:17.483000 +CVE-2024-31188,0,1,1f59371fe46fb124df3f7bcc177c232412dee13a1839c1676122d5832d60210b,2024-09-20T12:30:17.483000 +CVE-2024-31189,0,1,16cac826cd74cd885013823c0646c1013013e9fc74e03a65d18a8deee3cd0a08,2024-09-20T12:30:17.483000 CVE-2024-3119,0,0,16d9b0b62041b85fa76fcca7b5e07a91c83d46800d8aa92445727479f196ac02,2024-04-10T13:23:38.787000 -CVE-2024-31190,0,0,ce0c3e890053515769f29fa22e74a8de151d8da0147f071125c0db25f36d69dc,2024-09-18T14:15:18.017000 -CVE-2024-31191,0,0,a4d10ca4c696a3db04b0edfc419cdbca368aaa4b4c78e9ba6c345dff8f10a6a9,2024-09-18T14:15:18.290000 -CVE-2024-31192,0,0,289f5e2d106293ea39c4810610d87921d25d6ab088db17fe30bd25565068942d,2024-09-18T14:15:18.470000 -CVE-2024-31193,0,0,7ab06ff6e25bfd3f3867ff9470327d461530eb5f3894616027e85a54b55e94de,2024-09-18T14:15:18.647000 -CVE-2024-31194,0,0,3fc4e91387ff8533e1fa478f0f6bd1752499fcbcddbae2a0d9a2149c2752f6b2,2024-09-18T14:15:18.827000 -CVE-2024-31195,0,0,15b3500d03e4e5504f75e47d8733a1e8bcd30b5d1408093425f409afc2d48fe4,2024-09-18T14:15:19 -CVE-2024-31196,0,0,9382617c194e077793340f8ac2054c713e5a71348db2cce2af098cd753f9cb51,2024-09-18T14:15:19.190000 -CVE-2024-31197,0,0,7680017e7ce340cf67fbf325ac8633257516c0b4e2c22c2a148f3f99845bc099,2024-09-18T14:15:19.367000 -CVE-2024-31198,0,0,71ac53ff8bb624763e7a7bc93361d32bf31ce4455cab897dd0f84546125b6a01,2024-09-18T14:15:19.550000 +CVE-2024-31190,0,1,0d51a3e8687abf5863aaf90172a092fcaab3034b406c33c66825e12d2c74e2e5,2024-09-20T12:30:17.483000 +CVE-2024-31191,0,1,027c5a7733b14adbe04b7e4679344e35d188787f7673de083ac171ac76d8fd7c,2024-09-20T12:30:17.483000 +CVE-2024-31192,0,1,4cfcf9db92cc80e09a8fe459f9da7bb6077b8447b743f71f1c533cf2bbb926a2,2024-09-20T12:30:17.483000 +CVE-2024-31193,0,1,c48b53e0c144c644858d373c86ea66256fb7419a7a075c702f39b58e24a36c8e,2024-09-20T12:30:17.483000 +CVE-2024-31194,0,1,9a6effd8e6bbfe77c6a65a5780e79d55d481aff0a9f1a5128ae82eedfad93f9f,2024-09-20T12:30:17.483000 +CVE-2024-31195,0,1,426562866f9261bffd9d658e082ef24c1389250371875fb14c13a377c9a206f8,2024-09-20T12:30:17.483000 +CVE-2024-31196,0,1,8eb444233a8be3eff5f79c830457d09273d27d6e4b20d93ecf9ad6e752164eee,2024-09-20T12:30:17.483000 +CVE-2024-31197,0,1,0d7037eb155ca82035e7dc31bcff12e1335135607be50054d92e97ebe4539053,2024-09-20T12:30:17.483000 +CVE-2024-31198,0,1,70de9bd9963983f1926142e25a233e0523a4b8217f3f2c3b91a17d9cc45881a8,2024-09-20T12:30:17.483000 CVE-2024-31199,0,0,f3513dbb2e38c737351617d6df9633ea3366e0b40c895fa30b09af179d75918a,2024-08-12T18:21:54.667000 CVE-2024-3120,0,0,d7f7bfc68dc8954b2db64a2bd8494c9672b3ed1aa5b73de4b1ce504de0f2d9cd,2024-04-10T13:23:38.787000 CVE-2024-31200,0,0,3e257c032de46c54255a51950a6b372e410cf7a344a9022e8fd6b6600c793cf5,2024-08-12T18:25:44.547000 @@ -251239,7 +251239,7 @@ CVE-2024-31507,0,0,11838ac73f4b8ea141494dda45bb54b02e15aae2460bddcbc7e30ae4080ff CVE-2024-3151,0,0,fc3a1e9307fa41cbb3a17517dc43b84b5831b8d6ca8f41e4ebe4bed1f34c8048,2024-05-17T02:39:45.290000 CVE-2024-31510,0,0,2ab08923e55b765ff03b9ec06ce50479208e1bb469f6adf849509f8193855a50,2024-07-03T01:55:05.800000 CVE-2024-3152,0,0,d2b4599c6af8d31eb382b97662107a83ad159f77d5188696950d6fb31b3dd36c,2024-06-07T14:56:05.647000 -CVE-2024-3153,0,0,88654a51fbd835de6bc724caf6216b0601b696526f55d2c055a36a060ad806bb,2024-06-07T14:56:05.647000 +CVE-2024-3153,0,1,1ede64fb1f2e34455de0a666adfb2ce94ebfc12327391a56f67af2fd7f7aa971,2024-09-20T13:15:04.307000 CVE-2024-3154,0,0,87d31064f84d0b49c9b2bbb21741023fe7a0e7567d9fcfe0214d10223259ff02,2024-06-05T17:15:13.777000 CVE-2024-31544,0,0,2535e66e98db21a02bea52017d819e1d7e0893ffb53b2843edb9987a766eaf9f,2024-07-03T01:55:06.580000 CVE-2024-31545,0,0,990dd1804a5ee198d0f0887e154e925827e322f01f4e785463356ec825b7f751,2024-07-03T01:55:07.333000 @@ -251251,7 +251251,7 @@ CVE-2024-31552,0,0,0858b0a24a58ed1b7ceca30a28b8a4da432490c7becdeaa833c16bdd5d9db CVE-2024-31556,0,0,284801355e37e5d2bb66f70abf65c157c874bd86154c46b8086826ccbf00b836,2024-07-03T01:55:10.450000 CVE-2024-3156,0,0,51decfaeced6eef599bb2d824f817b3e8faaceb41748738897303b173f7baed8,2024-08-01T13:56:20.987000 CVE-2024-3157,0,0,60480b33efb0aa6d09d95f483f38fea3bacba0ec338d2c533afa6497c687e787,2024-07-03T02:06:02.227000 -CVE-2024-31570,0,0,302362516937afe00aad1ae54e1b06de52069ec662fa4dedeb63a6ddae2290c9,2024-09-19T17:15:12.623000 +CVE-2024-31570,0,1,d09cb37a46e56930822d2a2bf6df925fbe4c46513a95e08624f72163bfaa1112,2024-09-20T12:30:17.483000 CVE-2024-31574,0,0,9d49c3d810249e7fdec3d7ec5acd27e5dbf702e0786215525f0f8c041faf71ea,2024-04-25T17:24:59.967000 CVE-2024-31576,0,0,5516a552c9c9455eff9be85911cca0846e5ef96c3e87d0189e8480595497f956,2024-04-15T16:15:07.270000 CVE-2024-31578,0,0,6e50b0fb4096fdf1e9e4bd343bba1497d28778deb9cd70cc171baa5af3c65f3a,2024-07-03T01:55:11.213000 @@ -251528,7 +251528,7 @@ CVE-2024-32028,0,0,b956f2cb35d2eb76bf21787d66d076dfbdef597d363f9d56fcb9f1f9516d5 CVE-2024-32029,0,0,ec00582208fdbdbc31ad232b1ff8828b057f2b25e4f7f9338f4ce73ccf6c8240,2024-05-30T16:15:10.050000 CVE-2024-3203,0,0,078a888f044955ee21dac38b13cc5d17738d27cb49253338ebf5634d7de667ed,2024-05-17T02:39:46.670000 CVE-2024-32030,0,0,0cc5188210738d2bd5e371d19b9d5b90c9344f382557d9aac3c440080c3c707c,2024-06-20T12:43:25.663000 -CVE-2024-32034,0,0,8daeca9aae31c93116246949253cc49b3a69bc5432a3a6c5bf65f48203e30d10,2024-09-16T19:16:10.300000 +CVE-2024-32034,0,1,b5467d4e9f409b5fe03470ce7d0cc45e72b58deccaaefaf4e42c193f9b601d08,2024-09-20T12:31:20.110000 CVE-2024-32035,0,0,b52417dbe80b989e0254fdafa0c50f4c29942daacf259a60ac52b3e43909ce9a,2024-04-16T13:24:07.103000 CVE-2024-32036,0,0,f57c3cf4854e4cca51b91980c87b3c03c374ee26c761ceba488b1d3e6ee9aad5,2024-04-16T23:15:09.173000 CVE-2024-32038,0,0,62fa4dc9f26e7546b622776b845348b59460be296c28e06c3ae9322bf565dba7,2024-04-19T16:19:49.043000 @@ -252360,7 +252360,7 @@ CVE-2024-3309,0,0,86d23734c08e91abb9c54fe3adc839130d817cf111a237c0656262c25ce176 CVE-2024-33101,0,0,02c41b74667ba4c6c855c7f8be761695b1033ca3ebd54d33f4c74ffe5c076663,2024-07-03T01:57:25.600000 CVE-2024-33102,0,0,5913737ef9c2cdea9d03e524178ff2c4a07bc37811d823721759d56c1627f7bb,2024-07-03T01:57:26.367000 CVE-2024-33103,0,0,a36bb540d060154b2c500281aeebe1e440c6921a98c2ffcc128ad329bcfc7117,2024-08-22T19:35:25.357000 -CVE-2024-33109,0,0,623840b47a3d2080ddfa6fe372db92281baacbad134dc7e3c1b1fb9648b17803,2024-09-19T19:15:24.170000 +CVE-2024-33109,0,1,9dc2db966fba43ebdbe87975b9f487800fa917451d9874ff1eb20b4521b9eed8,2024-09-20T13:35:02.703000 CVE-2024-3311,0,0,6e298bee2f64a50081e2cbf2a03ac8b7d3c6b0b9fd9ec2176921cbd680375d90,2024-06-04T19:20:19.213000 CVE-2024-33110,0,0,cadaede73d3a0da5440547f9c49768ef66978382531070a9c510181ac9abc5a8,2024-07-03T01:57:27.130000 CVE-2024-33111,0,0,b6aa79d7fa96972383b596dcb7f242edbb816eac6eafb7be06fed5f14d30b343,2024-05-06T16:00:59.253000 @@ -252928,7 +252928,7 @@ CVE-2024-34010,0,0,e5242e4e175689c741a04991b05d676f9e3bda064e1a681e08ea1b95446de CVE-2024-34011,0,0,1cdf95201b7c3fac8642eb93e0c0ec77c02ae32f22e51c68db8a6f76ced93031,2024-04-30T13:11:16.690000 CVE-2024-34012,0,0,5230526342507ce0f85dd47c2323d42603a1fbec4e476f393dfaf1722db209eb,2024-08-07T15:33:46.150000 CVE-2024-34013,0,0,31f555436f56628c9b80feda54af6c121f0002b6c021c0928728c76ed328d68f,2024-07-19T13:01:44.567000 -CVE-2024-34016,0,0,b0ea74281d15d6fdd092762638a4876df17f85a24d3286af7cb56d9aef864260,2024-09-16T20:15:46.087000 +CVE-2024-34016,0,1,0c2a3147a84e04c06db0d6af075b8e16276b7cf9e5f22acd81f74dbeca1a1c49,2024-09-20T12:31:20.110000 CVE-2024-34017,0,0,379da20aff6514952cc55653119ad0cbc16efa57414348c26e21b9e45ed9a8a1,2024-09-12T17:16:09.890000 CVE-2024-34018,0,0,85758f76e2c70fa3c1ddd863e0fd37888b91679fea3b3a22992906144958936b,2024-09-12T17:17:20.873000 CVE-2024-34019,0,0,ff720c73d7b799cb466f79ed87b9acbf36d22c868dd2f8e93b3f0bc554584400,2024-09-12T17:18:07.163000 @@ -252937,7 +252937,7 @@ CVE-2024-34020,0,0,c4663f98778b76c33582b9d015039d06540b400c550bf7c9ee3e5b98d9ff4 CVE-2024-34021,0,0,ba9a52b25c7a77dfa7bf1a07f5ab53755e56e707c7456547716a3d28e95401ca,2024-08-01T14:35:09.920000 CVE-2024-34024,0,0,0a0d832c0db4d58a70ccecce54b6344b3f181daaf3ed5285ed66313a40334a22,2024-06-20T12:44:01.637000 CVE-2024-34025,0,0,edd2792f368696b38d90328f1c1ccaaade65bc2e70f896834331ba779fb27dd0,2024-05-16T13:03:05.353000 -CVE-2024-34026,0,0,58ee2841a850b4e76f28c7c90f2fd356dc26d929a71043daf3fbccab680e8ad9,2024-09-18T15:15:14.623000 +CVE-2024-34026,0,1,90436f837db465dc12cd806dcaf76a99cae6f33f1bc596622c6a9c5fc5ae454f,2024-09-20T12:30:17.483000 CVE-2024-34027,0,0,a46473315ff7fae435c2b21f290e2c9550c38dfa46dbd2afc2165efc005d2aa6,2024-06-24T19:26:47.037000 CVE-2024-34029,0,0,f5d25bd32468c541a51740035f23234d8d5f3f16a79d2529894430e4831fa01a,2024-05-28T12:39:28.377000 CVE-2024-3403,0,0,b6e0e9c5c8bbba14526747c5960a7a5699ede8dea782a1ab2b3e6a77206d4587,2024-05-16T13:03:05.353000 @@ -252957,7 +252957,7 @@ CVE-2024-3405,0,0,1a36e7936640d8ee3b950dcf5e1524049898a441fb6f4e16f7e747a8431e73 CVE-2024-34050,0,0,44c48f4071fada74be495a02e6832030ef2b56f478d8d3c41b6b32ec804128b6,2024-08-01T13:52:14.410000 CVE-2024-34051,0,0,a8120ee635d56801294cebdedb69db5ed1626c2ec52a245c57ea4ea12a675bfb,2024-08-20T16:35:10.510000 CVE-2024-34055,0,0,7427a319dd0c198f833560a21a2edb42d0df57c5ad7676dbca6086efaa896fb1,2024-06-14T06:15:11.650000 -CVE-2024-34057,0,0,4df8063474a769a3d79ad28c13b416ba155d3c791d34069cad81e4978d3aa1cf,2024-09-19T15:35:09.077000 +CVE-2024-34057,0,1,2a8ecfe7c44315b491d127002756bfaceeb0ba27dfdb08a9c26d894f51c73964,2024-09-20T12:30:17.483000 CVE-2024-34058,0,0,cfbb8590d55f48cefc143414c8f3d439d56763f898de84d852e391cab57a6cc6,2024-07-03T01:59:19.210000 CVE-2024-3406,0,0,43419e68856488b4b180d817f6df1b0507098cc5d23fc41e4c9ff5a45a3194f6,2024-08-12T19:35:11.330000 CVE-2024-34060,0,0,2c26fe7958cdb41774953e3a2b34d9d42eff17a3a4c0aa9130168786a97a1825,2024-05-24T01:15:30.977000 @@ -253199,7 +253199,7 @@ CVE-2024-34392,0,0,95f700dedff586182f66d1ca5e7da764d337c16226845e0ee1ec7b84b40d6 CVE-2024-34393,0,0,9d61a4306d036e5052fc5d8b364b63a626c2cc9af434ed24e38ecec71df608d5,2024-05-03T12:50:34.250000 CVE-2024-34394,0,0,9d971c1ec9518d2a1ce0c68b603eddff6cf55abad02bc9ebdbbffcbdf77796e3,2024-05-03T12:50:34.250000 CVE-2024-34397,0,0,16b5c41784e4f3ba325a2b1735509d7fce68bb2c9a1b2765d2c61257921c1fa2,2024-06-10T18:15:34.863000 -CVE-2024-34399,0,0,c520724abdd9728fa82d7b1bf030315fdf7490cb3ec788229b32264ba692a73b,2024-09-18T19:35:11.240000 +CVE-2024-34399,0,1,b575bfaa23d53510470a68bea01ab071e8876f6597cd9250405e7f9141fb6390,2024-09-20T12:30:17.483000 CVE-2024-3440,0,0,534ad01cc4d99b7aec93fa9eb5959ed4cc5d68a1c33a8c467ae485dbc87a6451,2024-05-17T02:39:56.370000 CVE-2024-34400,0,0,1bca49bc8c0dee071844795fcbc00247b784cd5c7eae97a5694b29753f6686dd,2024-06-26T12:44:29.693000 CVE-2024-34401,0,0,27b9367da2f161e981b1286c7a0adf44c7e4e274412f5e7a72f3e98a3426afa2,2024-05-03T12:50:34.250000 @@ -253902,7 +253902,7 @@ CVE-2024-3551,0,0,66b014d685e7b98f0edafdd7cdd0ca69eb0c14e102cb460567e00480c77071 CVE-2024-35510,0,0,caaffeb522a9243cb4a1bb41637eced11d63455c55d5f889189d39467161eb6a,2024-07-03T02:01:46.810000 CVE-2024-35511,0,0,0925e571054fff897af51a6c91c2579c2749b26c74104183a16b37d4fa6c6517,2024-07-03T02:01:47.583000 CVE-2024-35512,0,0,b896e4527afcecfdf8ee8b9a5d8645a7997efcebb8181c42302f1215247b04ab,2024-08-22T21:35:05.483000 -CVE-2024-35515,0,0,cdc9359a842ad64a9193b3c4c3a3196b69458c7bf981dda18419934c17c92bbb,2024-09-18T18:35:08.403000 +CVE-2024-35515,0,1,0a6259433dc8b772a7751534ecb780dbd399dd4b702a82474be04ca505d614d4,2024-09-20T12:30:17.483000 CVE-2024-3552,0,0,b573d704f72bfadd96d903b41988b7617b9a930535c0b223b9c260b4778dcd0d,2024-07-02T14:45:34.543000 CVE-2024-35526,0,0,45f791392c66ed8c499767ccc3e4221d8293b29407aac62d7317c3cd0f64f171,2024-06-26T12:44:29.693000 CVE-2024-35527,0,0,72600462defbad3d94b9b914561cd106abcd4f14940c552d4d0bd67292ce0acb,2024-08-12T19:35:08.817000 @@ -255000,8 +255000,8 @@ CVE-2024-36977,0,0,2fe5f328cd77d8e3e2ff7d8822b2b0f7e95a6c6361c8a1a46715f250c7c3d CVE-2024-36978,0,0,dcc0f04e3fc2821d8402c617b55b3d37be597fffff7df9cf9ec9b8398c9978a0,2024-08-19T18:31:13.670000 CVE-2024-36979,0,0,74019e1aa595a3039a2ef9ada77a4c2c93d1adcdba69fbae833dd0529f479347,2024-08-26T12:48:19.597000 CVE-2024-3698,0,0,1636f30943e700f62090e4fa161d7d9dd9aa51f3d552ed312bd5146a81f86c91,2024-05-17T02:40:04.800000 -CVE-2024-36980,0,0,d87fcd7202fe440666e3cf046b80bfe9a91078ba660326153ae920da5896640b,2024-09-18T15:15:14.903000 -CVE-2024-36981,0,0,29a4084fb1d51ae1956ba3b6937f0912bb9fb3b3053c7e9358f1e243c79a81fe,2024-09-18T15:15:15.110000 +CVE-2024-36980,0,1,33c10010afb0a99165fb810bb4dc3bc24fa4156e02a03818a986ba88886c0921,2024-09-20T12:30:17.483000 +CVE-2024-36981,0,1,55f1a84fa27f8d53dcdbb6bfb93a779d48f139c00ceadd8e10d55f25898434a0,2024-09-20T12:30:17.483000 CVE-2024-36982,0,0,aa7c6f6fb5fb0c2be2ff96348e0ea696169b845aaba61abec5ab8d5dad3d35cc,2024-08-02T15:27:14.607000 CVE-2024-36983,0,0,e2f2eb32ae3cfffdff5d7dfbfdef5f12a2b42788ca5c6f7f7a02f6e1986f58cd,2024-07-08T14:18:39.520000 CVE-2024-36984,0,0,e0e9241900a224e3ad6fe1ba063f84bef1aef3bc909574846a1878b8e10e5d08,2024-07-03T02:03:57.773000 @@ -255334,7 +255334,7 @@ CVE-2024-37399,0,0,308e730bcc199d112d6cfe8bdbdbf7120fa96451bfff020b7962dbf1afddf CVE-2024-3740,0,0,cf4cd6bcfe639a4f771a19ddc36f820864da86f0d9d9f91c68694d8633fab251,2024-05-17T02:40:06.170000 CVE-2024-37403,0,0,82a2fe28b07e6e9fe5e86dff02fa8c242d19ac626eea029ca875aeaf76338b4d,2024-08-12T18:55:15.890000 CVE-2024-37405,0,0,a7f42023569aa18cbb4863def372451bd6a310533c03fc36f82684a5a0e2908a,2024-08-01T13:53:37.273000 -CVE-2024-37406,0,0,1a319ce61872fdc37ee12774ec992bddfe6c1554330beed1146de25274a4d651,2024-09-19T14:35:05.393000 +CVE-2024-37406,0,1,0fc96b9728d7b33874b8b927ffcfbb0aa2fa093e9dd7d9d9f4b8cbcdc1f0c64f,2024-09-20T12:30:17.483000 CVE-2024-37407,0,0,b2071e78ac73cfcd8ee3f67daccfb5fa834666925d4b4867e66acc10a01216e8,2024-07-17T20:16:52.400000 CVE-2024-37408,0,0,31eb8b44dab60578fd668270e5d026543c06afc296d259b359783119f5ef7a55,2024-09-06T19:35:25.460000 CVE-2024-37409,0,0,82c50e49bf5ddfbe2b556ca4db6eaf6873d58da7b8ce0001c708890dc09405da,2024-07-24T02:51:28.287000 @@ -255664,7 +255664,7 @@ CVE-2024-3798,0,0,0b85fa9696a9b911425afa5f1da8b23352f77c3b644e418948a0e7e7520035 CVE-2024-37980,0,0,70458b75bacf19393793b89d35eb3b322f8d4d2f01c38ded10361b8e8312542e,2024-09-10T17:43:14.410000 CVE-2024-37981,0,0,21e2c6f93736909ccf452ff971bb58314fc8d03f8877901219941882d1cdb65e,2024-07-16T16:38:46.800000 CVE-2024-37984,0,0,795bbd0d983da96a0e51622d507b54846875127f8b996aff715bb2b9778cfcc2,2024-07-17T15:48:09.993000 -CVE-2024-37985,0,0,3ecafe20c64b90da8359418af81f7c4b4beea8ceb42f4063f03f8b50f4e7476f,2024-09-17T23:15:14.913000 +CVE-2024-37985,0,1,39cc4c1144685243c81d5c05e5e6e5a1b46cf144b37a676dd13932a70cd88958,2024-09-20T12:30:51.220000 CVE-2024-37986,0,0,2487af021a0226ccec4882899dac83c56eac5cd7eeb2fa0beb7fe3b7d12bbdce,2024-07-12T18:59:41.357000 CVE-2024-37987,0,0,f4bc331a9b09a336ebf69cac5128f3ddb41a4064b564c097fc6645464fecd53a,2024-07-12T18:51:17.253000 CVE-2024-37988,0,0,c86291a0f061c05259fe7a7336e8616b7d2b496dae2d1e3292124af3161a49e9,2024-07-12T19:01:50.753000 @@ -255687,7 +255687,7 @@ CVE-2024-38011,0,0,dfdf39bbdcd434b41a8000e4746e5893d04cf4219e333c27df414f4801f5d CVE-2024-38013,0,0,0a18606eaff9f516ff72b6e0417c94b62f282527a7fb5284ff29917a0162ad77,2024-07-11T16:17:38.197000 CVE-2024-38014,0,0,667a2ca3aa42729c9c1f636c1bc19b21cfc3cbfc4eb15603accaad3e335421c5,2024-09-12T01:00:01.133000 CVE-2024-38015,0,0,5b1426585b115ad720503cf293b548c59cb7459bc19ab9bc440800c3121fe7f4,2024-07-11T16:18:10.113000 -CVE-2024-38016,0,0,b2d3139c2c71c4856b736470c4446e549feac25fb459136c9a56122bc3ca8899,2024-09-19T17:15:12.947000 +CVE-2024-38016,0,1,049a05fb67df9e5d8f266bec24d4a9e75faefb5ee73ec5b670306337b5468ba8,2024-09-20T12:30:17.483000 CVE-2024-38017,0,0,b2da9df045e49b65d6e2e15b7cfe34dfa17f558263037e08e7692bad9d214937,2024-07-11T16:20:51.827000 CVE-2024-38018,0,0,60b7566e82c4496b0dca7d4fdef697c13c6221141b8468138e42395de75492a1,2024-09-18T15:04:58.240000 CVE-2024-38019,0,0,da6757aee92bad96249ea36fde1018805a15808ac2fa25fa1dd2f958ebdbe19f,2024-07-11T16:21:19.367000 @@ -255847,7 +255847,7 @@ CVE-2024-38178,0,0,0718359cc65b3baa799d5e8ed6ced3acf1847c46f13cc5a862a0cd0e4acf4 CVE-2024-3818,0,0,b4c982a18364880791124fa7ba25840b7eb37a53aa1551fa23324d948b6ddd3f,2024-04-19T13:10:25.637000 CVE-2024-38180,0,0,c5dfb48533b21a7d3d27760cc36627a61099c548597a405684dc960c3bc70967,2024-08-16T19:20:22.853000 CVE-2024-38182,0,0,a7e7d48d119dbb99a3d726dc4a8acec7a776a49bc59985c5f0bc4c0a335c69d9,2024-08-13T23:15:19.657000 -CVE-2024-38183,0,0,c9bf42da849b887b2241034644a0d2a2d134b2b93908b9b79049be509ed6b764,2024-09-17T19:15:25.737000 +CVE-2024-38183,0,1,4383c9cbaba559402e12770cc73e963bf15d96424141ece53554655c7ef26700,2024-09-20T12:30:51.220000 CVE-2024-38184,0,0,a4b0c622cbd7fe170fe8fa6173164bdeb90bf3a239ad5abeac2cfb454c573553,2024-08-16T18:54:52.153000 CVE-2024-38185,0,0,a7ebd4af2d05d039a88b9936442ba2ec7acafc1c3a5c5484818b2da4665672e1,2024-08-16T19:00:43.227000 CVE-2024-38186,0,0,a42ad31f77f79ac64608d2cfa2f4435f933f607446c5df5a3958a02cae1ebd2e,2024-08-16T19:01:01.663000 @@ -255883,7 +255883,7 @@ CVE-2024-38218,0,0,d8154113c709876f61605539852c344572b202f6d86619699565b8c3f572b CVE-2024-38219,0,0,34502e067fd7412232e3cff9d01123fa667f329fff13204df696956cac257c32,2024-08-29T14:45:17.383000 CVE-2024-3822,0,0,51b0f82a9028abb2f3a6ab312236a4c8392000a211092257ada320c541b18cc9,2024-05-15T16:40:19.330000 CVE-2024-38220,0,0,a9016c861c2695b31a1ce105f60c8a7497ab86c35f7fba294238a213f50a54ec,2024-09-17T16:59:37.167000 -CVE-2024-38221,0,0,c11d02241d3df8f0ad7af5e6e5110f6528d057248017e3ad1628ab6e372ebeb2,2024-09-19T21:15:13.933000 +CVE-2024-38221,0,1,0a2f07123f4174e68ee47dc8f001c6aaa90a89fc06a98fa0b20f05dfd8204d9e,2024-09-20T12:30:17.483000 CVE-2024-38222,0,0,a5db0f4814eda956702b6863c4d614a7079e45a1c9850c93f259b800f2bd30ac,2024-09-18T19:01:22.527000 CVE-2024-38223,0,0,bc14ce3f021016f5d7fdf26984192d7afd912fddeb21523c067e8db2fe7a06a5,2024-08-15T20:18:28.240000 CVE-2024-38225,0,0,a8f1d15f2be1c40a6f29c5f7c1fea9920ae59300774a3c9a21af35434dbe2539,2024-09-17T16:58:39.197000 @@ -255997,7 +255997,7 @@ CVE-2024-38374,0,0,b039c6889e3b25105130cda3cb4d6252830c58349362eac54e70e39939e4b CVE-2024-38375,0,0,626cc37017b5b99d342165d2bf910513bdb2fdf5a18a0e825a4ce243860e1792,2024-06-27T12:47:19.847000 CVE-2024-38379,0,0,24d3b7135776280dd8cbf565222ffc49917d8846e2a67b6430e1fef8b4588944,2024-09-19T16:46:38.287000 CVE-2024-3838,0,0,19b80bb7728999ff8307a96193e2751434e29b0f17864fd13990588a7832d07b,2024-08-06T19:35:06.410000 -CVE-2024-38380,0,0,627f70dd365a9409327379c2bf73f222a1302e203d88da4a7b50dd6bb1c7485f,2024-09-17T18:15:03.680000 +CVE-2024-38380,0,1,d54b9ea4a194c7e75c9a76b46f7da8535a5455c0b303a381a5a906be74a1e2c4,2024-09-20T12:30:51.220000 CVE-2024-38381,0,0,5a68653a08804721325cf4b769157d8413d44196c0ae824bb1098e9e93c70b8a,2024-09-09T13:37:39.093000 CVE-2024-38382,0,0,5eb9605172a2cc2881cc14a987b3697e7a685364bc9cd84ed64848cef9c33fdc,2024-09-04T17:10:56.497000 CVE-2024-38384,0,0,ae2be85d9f39947f564fb161f1fe1f488208e4ae714d2807653ca1b96b2300ca,2024-07-03T02:04:57.820000 @@ -256349,8 +256349,8 @@ CVE-2024-38808,0,0,53d74bad70081ff05a1300457357e667e449199d0759115b64cb9ca097eee CVE-2024-3881,0,0,3699310594a82ce285b52bf9c21755fa8173160a66408c76064512e538b3fcc8,2024-05-17T02:40:10.360000 CVE-2024-38810,0,0,a8d05ba61ad79ab8e573251f3391c7e33071f14ecb67883defa939520cad5b0a,2024-08-20T15:44:20.567000 CVE-2024-38811,0,0,7963530e20965c3e978de3e3d7e692a26c21382a2c5c912f03ba846ab4c56eb4,2024-09-17T13:33:32.957000 -CVE-2024-38812,0,0,41546b64be2607ad2e2faa73d70efbfa5cf304a2244d8a5f27568630e47e0e24,2024-09-17T18:15:03.920000 -CVE-2024-38813,0,0,76b43c6b19fa6b583cb98801f91c6de1e1ee63de52da25e510bb5573ec81ad1f,2024-09-17T18:15:04.127000 +CVE-2024-38812,0,1,3bc0ffcb92946e8904680ce14e0254b1ad43552ea6c763feb1e9d771a6d16872,2024-09-20T12:30:51.220000 +CVE-2024-38813,0,1,ddced8c489af2896395c3cc23a08db07cfe477208de5fa8478ab485bc0fc2ea8,2024-09-20T12:30:51.220000 CVE-2024-38816,0,0,6659455d4c0832fae3abce29bdd91d446a380e8317fc9229e602957b66269232,2024-09-13T14:06:04.777000 CVE-2024-3882,0,0,8cf286ca42c3a62eccb821d9ac0678dabad594eee248c127390ddaf169987d46,2024-05-17T02:40:10.457000 CVE-2024-3883,0,0,e6bda202b9fd54c10f25f29dd8ae0cebb83b1538aee636944c2fd66bf4045fff,2024-05-02T13:27:25.103000 @@ -256360,7 +256360,7 @@ CVE-2024-38857,0,0,857bbf4d5ee889c68ec1450930f0cf323232ab2d5a162824c8153ee668a7e CVE-2024-38858,0,0,c2e046d5d75320cc690e509cc93285ebeb3c1c26a8f79c6f003385d5db961fad,2024-09-04T14:39:10.203000 CVE-2024-38859,0,0,de323bde3647e4f305c3b46157fa86379bf5b570b3bfbebf89dea8495917b5d3,2024-08-26T15:15:23.727000 CVE-2024-3886,0,0,637917caac7fdeed5913d854d310583d9de4da2bf7f910a461c6efc8f1bacf15,2024-09-03T18:48:14.927000 -CVE-2024-38860,0,0,3336be8b4b0403076f984d64aa6c3d192530b425ec6e10e9c682a9a8b0969c55,2024-09-17T14:15:17.347000 +CVE-2024-38860,0,1,266a5ea7baf50ab92e42d7685db3a6cf2803dcca1365001a34024abb32b3b89e,2024-09-20T12:30:51.220000 CVE-2024-38867,0,0,0587553b0e73bb3d7fb83caa644dbd7ff748ca26af84fce237e8ae38fe20168b,2024-08-13T08:15:10.817000 CVE-2024-38868,0,0,f5122b748e151420a9f3845d24af4920bd437f9bfb8619e2cdc643a0cfcffcd9,2024-09-04T19:13:29.983000 CVE-2024-38869,0,0,c0f887639cd5f8290b163362347e9df211e2de0bfae6dfee57ed54004469d16e,2024-08-30T18:15:07.150000 @@ -256464,7 +256464,7 @@ CVE-2024-3907,0,0,60bf8190dbda2edec5350cbb8e8b6403fcf0516c947d67022ad2b560cf30b6 CVE-2024-39071,0,0,195ebf652ba5fdec3966b79507d582422df3145f15e690eeba2499c0a1d26f77,2024-07-11T15:06:07.560000 CVE-2024-39072,0,0,59efd5c73004670f8c574450bf52f5ef6a3e1b857b7881899bb9399c029104b4,2024-08-01T13:55:22.510000 CVE-2024-3908,0,0,42c7c9b2b31f61816d945d69672e5e24b20e282cc849fd87286a4170779d810f,2024-06-04T19:20:26.660000 -CVE-2024-39081,0,0,8b2b4e7e422c554909306a37995905327ab813ab04e65228f24375905f38d918,2024-09-18T14:15:19.757000 +CVE-2024-39081,0,1,b990518b62d7ecbf854a4d2d20913da2e2e1b1b0676d394a25936266a5a34c19,2024-09-20T12:30:17.483000 CVE-2024-3909,0,0,ea272c17ff869087d9799ba3efa606456d1ea78a711f72e5984479fd9f006e55,2024-06-04T19:20:26.763000 CVE-2024-39090,0,0,4ea45c01dc94b6a5905ea4f25d30b677051f8a6abd6f770805bb3d0f6dca7071,2024-08-01T13:55:23.317000 CVE-2024-39091,0,0,f4a8f0933c6d25f598eacdb963a85c2dcd7a3357118123548313549391b5d7d0,2024-08-13T21:35:02.617000 @@ -256586,7 +256586,7 @@ CVE-2024-39331,0,0,e27921e016dec51173f86ad420de9e9174de4baa540da3f53e6e1157ef72a CVE-2024-39334,0,0,94cae5ba65ec50bed6d17b2b54650000947aeee42b8249838d1ebdc24642a191,2024-06-24T12:57:36.513000 CVE-2024-39337,0,0,ae96e6e5658ac679eff4c9acfa518814cd5ee8874dd941939a565173aee28094,2024-06-24T12:57:36.513000 CVE-2024-39338,0,0,224e3a3c09358e014697d42ae118e958b11cd83a92fda65e581c38eeeb8c28af,2024-08-23T18:35:36.313000 -CVE-2024-39339,0,0,95806ffb5f1069857b78448fe4b5c30e506a5bd110dae51c7eda35d35d785058,2024-09-18T20:15:03.197000 +CVE-2024-39339,0,1,fe161151f8e005b87f748c729f84f5d922c0d07dafc4c5760d37acbd5c309b7f,2024-09-20T12:30:17.483000 CVE-2024-3934,0,0,3e23cb8746110c86130adc40e1a1911de8a168d18836a34bacdc1437f4453cac,2024-07-22T13:00:53.287000 CVE-2024-39340,0,0,5ebdab5b5b68a92db4ff353d7a08162224794f82acef11835fd7731e9f604ef2,2024-08-01T13:55:49.473000 CVE-2024-39344,0,0,e818a000a36da13fc4fe8918e0aa5d488785b27901618777d7233d703b03f419,2024-08-26T16:35:10.110000 @@ -256793,9 +256793,9 @@ CVE-2024-39582,0,0,6ec9b04450f9c5ce2a1563682764e2f7b34da0f9eb482017ce73088ac186f CVE-2024-39583,0,0,ac1320c69e7204d43ee10370ec071062ec88b9a1106bd39584f09ed060befd2b,2024-09-16T15:42:06.347000 CVE-2024-39584,0,0,1d0a6aff0073f4836d9654764326ceeb368acd09f92344e463ab3214871c70e5,2024-08-28T12:57:27.610000 CVE-2024-39585,0,0,b162f39d96cc79baeee026e4bc649d0b5cf545dfb2bc7af993a786e27782c34f,2024-09-17T02:15:49.397000 -CVE-2024-39589,0,0,4dda280d459f2c83fb515eb738c1769721cc7bda40bbc4958283b700ad43213e,2024-09-18T15:15:15.333000 +CVE-2024-39589,0,1,898e08014e07ab9c96f39e4f4da6cf3d257273eecec672759c705db48267fec2,2024-09-20T12:30:17.483000 CVE-2024-3959,0,0,1ce1302f5c536ae0ba1596a30e53c3274b88d91eb780326b1103788329e8cf86,2024-06-28T13:21:52.223000 -CVE-2024-39590,0,0,417ce99ee91588e3028d6edcab9748cbf8e9952d8643590fbef8107932c73210,2024-09-18T15:15:15.540000 +CVE-2024-39590,0,1,5e8c851baa08d30ed6ce7e1285d0e92bdb85947960867b51c2e2a6756a94b879,2024-09-20T12:30:17.483000 CVE-2024-39591,0,0,7234f5f72639a034d956dd5df541035bcac3a09d36d7ba9ed10f23ab4dd7d7f9,2024-09-12T13:29:47.207000 CVE-2024-39592,0,0,541b14c1914f7693bac69344218050bd21bf7511f9226d6471041f73dd5bbff5,2024-08-29T19:25:41.740000 CVE-2024-39593,0,0,f64d4a9107e758157cf94d8020a15d87354768c39cc9030a607faa8c819f82ce,2024-08-29T19:08:19.200000 @@ -256810,7 +256810,7 @@ CVE-2024-39601,0,0,7691c6b30f5986c79e8398298f8afaed5e766d08eb3fdbaa17ee23cfa6227 CVE-2024-39607,0,0,82ab1f90403a4f0d3b9e21e2a488cd41b34ece370e96146e9e8729444d740066,2024-08-01T15:35:17.240000 CVE-2024-3961,0,0,7859b6a2f8e5a01656e72fd209a53f5adaf23f278f08a55d207894f918e1fda9,2024-07-17T13:32:37.647000 CVE-2024-39612,0,0,029b5e043f8fa9387c1e935fd25a69e218f8fd7196fe19845233dbfcda84d17e,2024-09-04T16:38:56.383000 -CVE-2024-39613,0,0,b28f65118c4f5c5a1e58558bf5d119efc666ea0ee80f5869de256fe7a0ee7864,2024-09-16T15:30:28.733000 +CVE-2024-39613,0,1,a01eb288198c1ee98f509a48683a6028690d03e91539f0fa22857619bc4ca335,2024-09-20T13:59:01.117000 CVE-2024-39614,0,0,80fda44b15f74076f020f7bfc25c89db880e93067c83790f059fc3bf750e00f8,2024-08-01T13:55:55.837000 CVE-2024-39619,0,0,eba9a3263593a35724815600925b04c780a0fc23aea386d231775aed259a1e52,2024-08-02T12:59:43.990000 CVE-2024-3962,0,0,48687fe56cf9bd40f5a5971493143104fa6812806c2dc18cc2c914079c1544b9,2024-04-26T12:58:17.720000 @@ -257010,8 +257010,8 @@ CVE-2024-39896,0,0,aac3b3aa468382be89710a9d4924b439b2a50e399515ea32a798074da07af CVE-2024-39897,0,0,38f11367ba3345f659ee85a48448fecd8dec6f5b40a44a93fa8c3972047a7c01,2024-07-11T13:06:13.187000 CVE-2024-39899,0,0,b9c786cfcd500686022cf562103fb3c46b8e02e37e407feef62bff9a568df94c,2024-07-11T13:06:13.187000 CVE-2024-3990,0,0,4df49f2d1a20d6484a35480ddf93415ea905230fdfd638f023a4d51fb9f2296c,2024-05-14T16:11:39.510000 -CVE-2024-39900,0,0,e5fa3498f347fb7ae36ea3c567d86ef714b8b4ea1b9fce0392081ed142cad041,2024-07-11T13:05:54.930000 -CVE-2024-39901,0,0,2e70a8f9f46cc19984c51f63370a0f8333bfb1ff58b809a78b0486415e619ed2,2024-07-18T15:15:03.243000 +CVE-2024-39900,0,1,87d854f9a44b913fd63da1fb61f8d6b72ce255978de09a63623cf40df7652433,2024-09-20T12:40:20.277000 +CVE-2024-39901,0,1,f0a1c89651c7631383a7b108de1037b5002ac934071bd18298a6190b1cd2ca46,2024-09-20T12:33:09.673000 CVE-2024-39902,0,0,155ca5aa0932cd5e0c0d95f40d78b8f94c26287cf5e699a0e85b11c2bd47887d,2024-07-24T12:55:13.223000 CVE-2024-39903,0,0,935910cac822f79a3bb483747c1709796e1f1686797cd50661d012bb05061bf3,2024-07-12T16:34:58.687000 CVE-2024-39904,0,0,12dfcb7489fbbc04166f8899b5558b4641d719eb33eca1dcad68903cd7888843,2024-07-11T18:09:58.777000 @@ -257021,7 +257021,7 @@ CVE-2024-39907,0,0,df8abc1aeb07f373ea5308560b353f7fd53a1185320b5683a20eb2e5a3415 CVE-2024-39908,0,0,08d14bdaf18f2ed74e9b6ee71dfe514c41d48f98781bfe1f038503cd39467df4,2024-07-17T13:34:20.520000 CVE-2024-39909,0,0,fbbc093407091179e71e1918858815533e9fcbe1a27be8ba832d91f8904f5c32,2024-07-12T16:34:58.687000 CVE-2024-3991,0,0,8fc5cec164b75a61473f46907d411f1d06a3bf1fdc70a00ae47e8c931a83fb1a,2024-05-02T18:00:37.360000 -CVE-2024-39910,0,0,37972085f964d9a599ec16b9e54e3ba162729f2389670ffd9a5294a7f8fe1bdd,2024-09-16T19:16:10.540000 +CVE-2024-39910,0,1,d67276b705ffdb142dd572c0388b8819ed0afed9b3219c6aae07b50ad62baec0,2024-09-20T12:31:20.110000 CVE-2024-39911,0,0,bbacd25e95749fef59927280207e8bffc7f13800b5a9f14e2561979475bf47e1,2024-09-10T19:12:28.007000 CVE-2024-39912,0,0,4436d60855b958a3375758a6aab42c07e9fab81e2780af44769632fe57f2c7e5,2024-07-16T13:43:58.773000 CVE-2024-39914,0,0,02387d67ec6b5ae42576fd903e8c611ccc330a426fa97d240f1f6c354444a7e1,2024-07-12T16:34:58.687000 @@ -257090,7 +257090,7 @@ CVE-2024-40111,0,0,1a3d3f73f416ea4e786f4d30c6c4afa24719f06341ce4e72c0f952d62f0ca CVE-2024-40116,0,0,eb70c9a9b1b545c9ad476d8d1542c9445241ad3bd4f0dd5767e3b25e7e8e8497,2024-08-01T13:56:51.153000 CVE-2024-40117,0,0,c995513fc31f8c8ab9b7343003983d62c093f801640bdaede808c210dab8c1f8,2024-08-01T13:56:51.860000 CVE-2024-40119,0,0,684af900644d0baaaf3eeabc10aa1cf28b30369a49ccf90f61c5cecb4e42879b,2024-08-01T13:56:52.650000 -CVE-2024-40125,0,0,89da09b2b86f7e45dc420e5b270e874f7af016931cd8f2c8372f6127cc1d7390,2024-09-19T20:35:24.513000 +CVE-2024-40125,0,1,a476dbd3f3f206651d575570cacc18ab6c935953de90db456d4691dc8d2c83c8,2024-09-20T13:35:05.043000 CVE-2024-40129,0,0,094db6b1cc5f6ee95fab428762b39a3d67f29eab1863c6c2fa082d03f389b949,2024-08-21T18:59:09.703000 CVE-2024-4013,0,0,3586550d51b92b0f462ebc695cf4afe7e9f245d08490f98716812b60f3625af2,2024-06-07T14:56:05.647000 CVE-2024-40130,0,0,093b1fad643c93b0a06c31b2bb9b67d52d3d511f6e3c5e9dbb0e8432db230090,2024-08-21T19:00:56.183000 @@ -257209,7 +257209,7 @@ CVE-2024-40554,0,0,975eaaed007d6b505cb8ba22ce57b12be37e7b3d2ebcc8a575de58b8f5a20 CVE-2024-40555,0,0,44ce04ab9d418b7756770fd44203b58128b20e8dfc6428e77d2706cc77d9f460,2024-07-16T13:43:58.773000 CVE-2024-4056,0,0,7c25f0a1764fd01965b39ebc13bb94a8ae53607d9ce0dfc30a27083c9e919722,2024-08-27T11:15:04.430000 CVE-2024-40560,0,0,08dc0b5066047c5e119a09d69ea20c085f8549859adcaecbbf38995d7d2e2e54,2024-08-01T13:57:50.440000 -CVE-2024-40568,0,0,293cc67ac7cb929d50728436658796c25ce534bf9199331065d8c719678bb7f3,2024-09-19T19:35:13.880000 +CVE-2024-40568,0,1,4e89eb42d593339b238d1e440516cb2ccd3f5095fd163b21c19673544e39a248,2024-09-20T12:30:17.483000 CVE-2024-4057,0,0,26b46aa52b04f4ef8890033772544e5e99ad730f84e9e0e97b479cd36cf89ace,2024-07-03T02:07:02.197000 CVE-2024-40575,0,0,267280fd6d1dce9620611aeb1f0d6276db3825fa55e9f5e7fc538f4804a7f026,2024-07-25T17:35:28.913000 CVE-2024-40576,0,0,8423823b913f3d1284aae2224b689bfefe0b7a1b018e49f904fd4948fdba6a99,2024-08-01T13:57:51.520000 @@ -257323,7 +257323,7 @@ CVE-2024-40764,0,0,1e75ed57cfb3afa3fa923571a9717a22e138728f5cce910126d5f1cc9418f CVE-2024-40766,0,0,9ffdda3005aa6c238f823c6e65a3a89594c21a379fd17878a86615d17b31de27,2024-09-16T19:48:30.827000 CVE-2024-40767,0,0,0f0f227d49db4f76a18af060eeadd57ea0ca5da0ccc7bd26ef12905f9453740a,2024-07-30T19:19:40.767000 CVE-2024-4077,0,0,d4f08c4fa42913c8d00f3fecbe96233f1448e9383bf97ebcbeca4cc0f2c8ae2b,2024-04-25T13:18:02.660000 -CVE-2024-40770,0,0,04a6ceda0f472a2f7ef4a90057da0858b6461ef16b45a4a2d222bac3b9e4d21d,2024-09-17T00:15:48.310000 +CVE-2024-40770,0,1,58115060998e6667e6114f175f538d53d9ac7cf53746f544c1fb0da67eaaf840,2024-09-20T12:31:20.110000 CVE-2024-40774,0,0,20f4c2f88088010929acd58158f18d58b2de8f6cd0c1c18a2a116c0b40766ad5,2024-08-20T15:16:40.210000 CVE-2024-40775,0,0,8aef9d109dbb0d780ec4813a97b4bf6f73e438a8664a8d41daaf0d3da2c64c66,2024-08-20T15:17:36.110000 CVE-2024-40776,0,0,bde28e5ce522100b1947b28e83fe26259fd8f81a796b9faa3009da5263d3ba0d,2024-08-20T15:19:59.547000 @@ -257342,18 +257342,18 @@ CVE-2024-40787,0,0,e7872c59114f8bc6e1d61059bacac8cf94d2c897fdc9c325ee9cdaea3ebee CVE-2024-40788,0,0,51328768774901f71a8cfa9e0731eec2a8688c92707f2ca0771dadf5f755cde3,2024-08-26T17:49:39.517000 CVE-2024-40789,0,0,d0cba5a2db3863932e9e1a9c379737076ce24b22d2521d505090b6fa80e9acdf,2024-08-23T15:38:01.380000 CVE-2024-4079,0,0,bb93991a44f221a491ad95feb924066985bee7115b17c98782fedf8bbd66c067,2024-09-05T17:12:19.830000 -CVE-2024-40790,0,0,6b3a9c798d2fea1c1f2b369caf381810ebc3ff18148759c3548510e63477be52,2024-09-17T00:15:48.380000 -CVE-2024-40791,0,0,88491387c8e8a9cd873bd6e380c104324abc773228198e14ef25d4ef28040a7b,2024-09-17T00:15:48.430000 +CVE-2024-40790,0,1,2eb1137cff3c199b306682cb07b76535cb91087264e205c5503f4e6d27272b16,2024-09-20T12:31:20.110000 +CVE-2024-40791,0,1,13cc28bb70bc56d2de96a97e786515239720a03ff78493f2e50fd0a799380c7b,2024-09-20T12:31:20.110000 CVE-2024-40793,0,0,e270b48bbfb7457af71d2df8b98374cdb1521bf4ad146ca87a93b5903c957504,2024-08-23T15:55:17.410000 CVE-2024-40794,0,0,0846f939e0e7c288e34ad63bc25a9b5387bb5773e036a49319e63c41d5246c45,2024-08-23T15:18:40.450000 CVE-2024-40795,0,0,ecb3737fc9c1d9258aa88dabfa79d9f92976c4e445700e54c3486854d82d2502,2024-08-23T15:23:45.990000 CVE-2024-40796,0,0,167dda6d5b53df5808d22d86ff64345a4ddef11147328dbbb9b5e6428b829c22,2024-08-23T15:11:50.193000 -CVE-2024-40797,0,0,4ab7a7c15d5d28f9d8fa4280519c80c6c73e8341498ee51eb1f9d83c9e7877b0,2024-09-17T00:15:48.490000 +CVE-2024-40797,0,1,b696b229481f13806862bfb4ac9625c7f0312de1db299772c7b1989973c6cb0c,2024-09-20T12:31:20.110000 CVE-2024-40798,0,0,6d1152787dcea537c7e301ba90812de2a5fee24ebce973ba886712a223c78f27,2024-08-23T15:10:16.290000 CVE-2024-40799,0,0,30d98ec87bf2d9634952ceda39a0df401d585b86f88feda233e1fd632794577c,2024-08-23T15:08:08.647000 CVE-2024-4080,0,0,3208a4e2c1701a8955389b97eb99ba9a08ddab88da9fab5dc755bfee24643da9,2024-09-05T17:16:23.233000 CVE-2024-40800,0,0,8982c6397894b1dc7853d99d7f7ed84917fd2baa65d0f955e452134c8e783d29,2024-08-01T13:58:06.780000 -CVE-2024-40801,0,0,cab005bdbe09e34da5d303b0db7eda00b73612887ffecfa8e230dd131fc8e1a1,2024-09-17T00:15:48.547000 +CVE-2024-40801,0,1,0014bc35df3115e56c0637070c1d72de8318f656b2c61bb4426aaa0bba5a1d7c,2024-09-20T12:31:20.110000 CVE-2024-40802,0,0,2f077053b399c3f7f7833d620863c41648e3e5560dfd43fbc619d567c4540b58,2024-08-01T13:58:07.597000 CVE-2024-40803,0,0,250e23643ab70825c88d787d0aaf9fc9eb4a1612199960dbb1b65e0a8601ad01,2024-08-23T15:04:55.627000 CVE-2024-40804,0,0,ab46704977e6768d85f2dbf53139c4a03d68e4040dbba0cf9e68285274f4f021,2024-08-23T14:54:40.643000 @@ -257375,44 +257375,44 @@ CVE-2024-40821,0,0,487abc636b37954dfecb8c888cfc309cb83072f61f6b16a4997ec310f3270 CVE-2024-40822,0,0,bb4dda0f197923f13f28883f6d166542a31444c99bd5734a02cac506a8ead59e,2024-08-15T17:06:23.417000 CVE-2024-40823,0,0,67c48af0288d424c08a10899b8005bb32663e89913418e94f646262e5d0a3bd0,2024-08-15T17:08:03.857000 CVE-2024-40824,0,0,f7238499f6070a1c6bcd15f8bf3e89f1de8d2d27cbbecc98c8a027de77cf1ec1,2024-08-01T13:58:12.907000 -CVE-2024-40825,0,0,11920ee67c7d7542729a23fab913c24e490a0265532315a425cc9c75dc6a2d0c,2024-09-17T20:35:08.457000 -CVE-2024-40826,0,0,2af114ae23007635d6813c41af8210981dea3c82561a06728199376b7fe4d206,2024-09-17T00:15:48.653000 +CVE-2024-40825,0,1,6f6f3762e022c594a5f40c0504ec47abf561af57a3fc10c24631ad007a9ed578,2024-09-20T12:31:20.110000 +CVE-2024-40826,0,1,d3642e90408b20028dc76934ecce6d5018dae736f6c471ec3d77d6868abee272,2024-09-20T12:31:20.110000 CVE-2024-40827,0,0,e7fe54c2477a039a62b334045d9b6bcf45e92847d1542e12e0d01f314b633ab2,2024-08-23T14:53:49.367000 CVE-2024-40828,0,0,fb7cd21b5df82c55cfc24f9118f5ae0e27252cbbe3373763d0e4e9ed672ae982,2024-08-01T13:58:13.833000 CVE-2024-40829,0,0,c1ac2731b87d00e7ad818e3a3bfad11d13fdebdc78388d402863b6006e9d6596,2024-08-01T13:58:14.633000 CVE-2024-4083,0,0,1cd1c6384007aa9a5a8af9731386deec2b0818df508019e87115186ced7033b5,2024-05-02T18:00:37.360000 -CVE-2024-40830,0,0,732ae8a9b09558aed93873de2ffde12bb4081187ff505f826ebad847d20f1b5a,2024-09-17T00:15:48.700000 -CVE-2024-40831,0,0,0c40a6f31a0a64358a55b474d5b21109f4218fb1eab2ec1e4336f6e44e44a1f1,2024-09-17T00:15:48.753000 +CVE-2024-40830,0,1,a6dd546d3e3276e64e1905f6de17bc7219c77c75302c48ddd65f958e2de272fc,2024-09-20T12:31:20.110000 +CVE-2024-40831,0,1,e3ad49983397fcbf0b80034db7c7bb2881f4ebaa6f1b74d9d85f8b3c7f8609e1,2024-09-20T12:31:20.110000 CVE-2024-40832,0,0,1f6fcc675c8b2967b77c036f65ff3a56745eca986c0523a4ea05d59ab0b0970b,2024-08-23T14:52:21.567000 CVE-2024-40833,0,0,4f90ec4b62ff58c653ca95f4d7c03b5c77830d8dfff362eaa61fcfa6fd51a05d,2024-08-23T14:50:31.313000 CVE-2024-40834,0,0,7e20f67bc8b08fc4adc47071793a554467422544bba4ba726067a06c6b9b9ed7,2024-08-23T14:40:52.523000 CVE-2024-40835,0,0,ffa2d0f502e7a09e89b4898498fc215520bfece3735d19b72358067234b3c222,2024-08-23T14:39:03.070000 CVE-2024-40836,0,0,3f8d294ac16d143cb335a801addaeae273151ae88e0d093a406c7dfedffe62dd,2024-08-01T13:58:15.220000 -CVE-2024-40837,0,0,858a55edadf2a22c167dd5f445c17f85172077ed8087e4b4b947e53525f2239a,2024-09-17T00:15:48.800000 -CVE-2024-40838,0,0,9c938aefff6679c39ccd59570572d143b7f46c78b3de6d614ae9288f2086ce6b,2024-09-17T00:15:48.853000 +CVE-2024-40837,0,1,86580b440067ab443cf02eaa7c66c1b7f63270ecea7d2afded1cea8fadc493ea,2024-09-20T12:31:20.110000 +CVE-2024-40838,0,1,ea75880f64ff7d123e05b02ff724ba26aa62c0c8ce55d78d668e510b3e5ff9ec,2024-09-20T12:31:20.110000 CVE-2024-4084,0,0,aed2355093521159d48a9084a5a18f34499717e2daefb72a4c03148c5f7b9d24,2024-06-11T16:44:49.090000 -CVE-2024-40840,0,0,19a422ecd520df982517061912931902908bf992a738b898916be4889b691cc0,2024-09-17T00:15:48.907000 -CVE-2024-40841,0,0,7207884c407ccd33c0061c69db7864f065933fd2f94da0d5acf3cccdd051aac1,2024-09-17T15:35:07.623000 -CVE-2024-40842,0,0,3fd5e3dab2a512b010d5dafa3cd452202e2656be070a5bef20503e8871fc692b,2024-09-17T00:15:49.013000 -CVE-2024-40843,0,0,38aae67d015fc5ca4f27903f39201251e035556d159284bde1f9b52f050c5d58,2024-09-17T00:15:49.060000 -CVE-2024-40844,0,0,5f0123a17a12234c44acf328e6aeba47f7a91b1931203ec7ebc0bdef3b537b0f,2024-09-17T00:15:49.130000 -CVE-2024-40845,0,0,eb55c264bc0c5819d9a257d6f1c266f341d14a83e70898a06866024ca0736d17,2024-09-17T00:15:49.180000 -CVE-2024-40846,0,0,5627266be8859fae114cf93f623d554da72bee0a73ffd90ca54d438e6be625eb,2024-09-17T00:15:49.230000 -CVE-2024-40847,0,0,fdf98464ee54ca13813e261fc850e95e05f1cddd4db0b997c36dc7b1a889d157,2024-09-17T00:15:49.277000 -CVE-2024-40848,0,0,f40644e11eec9e881157edbab44b83be3947bb8f62fed2225227bb96bed2be60,2024-09-17T00:15:49.330000 +CVE-2024-40840,0,1,5e34a232df19c586251cf91538c4a202969b10a4d2f3a98a453d52aac010eb9d,2024-09-20T12:31:20.110000 +CVE-2024-40841,0,1,7e2ae925fab3d81814eaf43566b8461aa33db3e07f1b71490d71856e29358264,2024-09-20T12:31:20.110000 +CVE-2024-40842,0,1,6da3e65f17e5d4abe70b6c815d01c13d639e604af67ef76b6cc9e174162bfce4,2024-09-20T12:31:20.110000 +CVE-2024-40843,0,1,408bf4287cea090c558beae0751497690c75a0f2915fe18b3724c1cec085710f,2024-09-20T12:31:20.110000 +CVE-2024-40844,0,1,c69907e86440badab803071a0acf2795814812cd55df061abd146c83b71d2528,2024-09-20T12:31:20.110000 +CVE-2024-40845,0,1,c7ef31851346ff0d04d79c8647247507ba0129710c697bcaf0e6a6acfc115327,2024-09-20T12:31:20.110000 +CVE-2024-40846,0,1,89dd81ddbd1019b256bad60633bfc8dbe0726d0c8006a195faab39c2f758ae38,2024-09-20T12:31:20.110000 +CVE-2024-40847,0,1,b2d61606ec4c69a86896e949dccdd1de883f9f753412cfe3d5a04d343adfa168,2024-09-20T12:31:20.110000 +CVE-2024-40848,0,1,48469331bc8a878e3da3e79640a4c02dcca25d00c3bb3b452d41d9ea6dea8443,2024-09-20T12:31:20.110000 CVE-2024-4085,0,0,7aad6a4056b6c332cceb43166a488ef1c1b3002f44d4bee7dddba365a66e15ea,2024-05-02T18:00:37.360000 -CVE-2024-40850,0,0,450e4fbea156a70661d2bf10204ea7ed4942fb0bb33e014b56ce80a45c3a79e5,2024-09-17T00:15:49.383000 -CVE-2024-40852,0,0,cd99ba2e40cbcdd338e05933f74f607a83d605745a78d88facf9ab01a8c45efa,2024-09-17T14:35:28.813000 -CVE-2024-40856,0,0,62d459def475fd255d8f8ec0c15a20f9133290e903c90a52d071fb054cd74e40,2024-09-17T00:15:49.490000 -CVE-2024-40857,0,0,2145fe20a339208a011c3be95fe2d6edda5992ab6569365e32752cef1d2ee695,2024-09-17T00:15:49.537000 -CVE-2024-40859,0,0,e916e4b7db6a9dfa2ed076989768bd728e51b7d2e72afe8840855cec7e5b414f,2024-09-17T00:15:49.590000 +CVE-2024-40850,0,1,25c2a262240f3a86bf23982a27787bcbd18d1d214482b9bb1e8e13a292e5089f,2024-09-20T12:31:20.110000 +CVE-2024-40852,0,1,3de957ce6dc717c4eca0b29db3655ade9659ced84b056b000601bcd50e3e4584,2024-09-20T12:31:20.110000 +CVE-2024-40856,0,1,c53b64bcb96ffb53e7c5a3c98eae693333efe12e0fd41b0de336502a91b09e8c,2024-09-20T12:31:20.110000 +CVE-2024-40857,0,1,49afbef84ab3139bba403d8137a9332468e61958e86197138141f0362c1b3d27,2024-09-20T12:31:20.110000 +CVE-2024-40859,0,1,56ff8a71fc1080c85aebac00fe264344c4a3b5265604dfa8f40034d2c880aeb4,2024-09-20T12:31:20.110000 CVE-2024-4086,0,0,4591112164bebe25a6e3755e5f7d7b3acd1442e1405281bbc9f49b1286c02b38,2024-05-02T18:00:37.360000 -CVE-2024-40860,0,0,e36dab9e833d088b935ab68c9a151e9f1fa4c0b43f03d6bb0621ce4e4428b44e,2024-09-17T00:15:49.640000 -CVE-2024-40861,0,0,d87cf92bd694c19d1e4d3aca5f00c6e43dee289f9de1a39f0fc2b781db69db0f,2024-09-17T15:35:08.583000 -CVE-2024-40862,0,0,41adab65858c72ffe5166360c0c7d08451acfb072731fac3b645799d62b8fb88,2024-09-18T08:35:48.760000 -CVE-2024-40863,0,0,8102a55f22f39834a5de79e8de0f022b089678ae9882643f5ee65b65c051fabf,2024-09-17T00:15:49.793000 +CVE-2024-40860,0,1,95ecf460e2c86924b53fb7d3aa5f8264e4519b36b6fe383f1caae112d3199182,2024-09-20T12:31:20.110000 +CVE-2024-40861,0,1,7204d4c395d904aba2687d268d077938e2cf1cd101497574171fb4f0b590be98,2024-09-20T12:31:20.110000 +CVE-2024-40862,0,1,0525786495a6d1734dd38aea7fe1aa5e14f710766343f641e193e4a65abe834e,2024-09-20T12:31:20.110000 +CVE-2024-40863,0,1,6d19988e7f98214ad02b31d8b0b7ea2f69e12db56e9a0545de8d6a7e8a3a5527,2024-09-20T12:31:20.110000 CVE-2024-40865,0,0,86a860e5905b6728c79a2b0220fe6fe620623c98d110f80f056e40b418685ee4,2024-09-19T17:58:37.370000 -CVE-2024-40866,0,0,ffb4d4555ccfaa65df4084c4704bde934d69f675e3f09339fb6d0f4bf47c0770,2024-09-17T00:15:49.840000 +CVE-2024-40866,0,1,7804a731da61a2d5edd0ed92c509085f01d704f1c7f9a17206bb04685f829403,2024-09-20T12:31:20.110000 CVE-2024-4087,0,0,559dc8fcb531eb7d96e390fa33463b50a20c5a688e8dbefeb3187bf1d2c5f774,2024-06-03T14:46:24.250000 CVE-2024-40872,0,0,61b6054f8d04261e92c08a44feec16dc1d8422a97543a2162e5dea5f0a6c8f9d,2024-07-26T12:38:41.683000 CVE-2024-40873,0,0,6df1707815f9f38105b50cd71b6fad1bdaf7a6f3e3c945bc399ab848fdd0a9bf,2024-08-02T19:57:17.407000 @@ -257927,7 +257927,7 @@ CVE-2024-41718,0,0,7651686104923551937c1bf922db9a37da5f3ad1631e564fe3c0dca9a6e79 CVE-2024-41719,0,0,9153c34983715c653b1c300082bd1504f28f779a4622f52f1934f7c462bf8faf,2024-08-19T18:40:35.203000 CVE-2024-4172,0,0,ae5cefdd41ee745a5f3463347f20f3f77110439c81ed1ad285dedf4b40da1c57,2024-06-04T19:20:32.077000 CVE-2024-41720,0,0,2d7bee1f981165f1c9cbab9643ce597269a916a15ed0d381724ec0dadf39a971,2024-08-30T17:49:42.047000 -CVE-2024-41721,0,0,fbe947beac5451084e31ee7ef479c810f14ce86ff43bb34bde8771ee906b776f,2024-09-20T08:15:11.323000 +CVE-2024-41721,0,1,42575c08c5afedca8b3b24d013b21f0bd8aba20761148a924bfd321cab30bd62,2024-09-20T12:30:17.483000 CVE-2024-41723,0,0,2fd6c172462641b542f047f7ff3bf2247bdc5b8b5f34ce988c43b2bfe1795c68,2024-08-20T19:26:24.033000 CVE-2024-41726,0,0,e325c72cd77b10fa79a0c73cd0bce9d67f9472d40dd3ab04f6437f9f2b06b815,2024-08-01T13:59:09.707000 CVE-2024-41727,0,0,f64de623c1f3cae418235db50af8da33c1315446224a7b8505bd8fc5343d1bad,2024-08-20T19:25:12.490000 @@ -258056,7 +258056,7 @@ CVE-2024-41924,0,0,06cc2d8c551d8fd39f4e2ff31447bb4070ddde2d992cf8f0c8cb1b0035280 CVE-2024-41926,0,0,d7564816d433232552fda23a5f10a79963d6c502f628c4841f8484c17aa4f54f,2024-09-04T16:55:35.570000 CVE-2024-41927,0,0,28b0e861c649b30f117a5ffa21dceff5e2eb3f40c9e49c2283b3efe64f1c3671,2024-09-19T15:10:57.793000 CVE-2024-41928,0,0,fac45a5eba953351f64e8420aefaa828221c1e8b109e75da05d07c8ee7a8c443,2024-09-06T17:35:13.400000 -CVE-2024-41929,0,0,f66edb594830fee28d517259603e349f287170e8380c3a0dd626c454c5a95631,2024-09-18T16:35:07.527000 +CVE-2024-41929,0,1,7547305bee5f10749b150ea9e1b86a9a69192b8070c36c448e7faebd542862fc,2024-09-20T12:30:51.220000 CVE-2024-4193,0,0,4d4f4fcde78b01b33e30a077c434c1714d01a9ac9cd58d916bc86b963b6ddbd7,2024-05-14T16:11:39.510000 CVE-2024-41936,0,0,d330b2a32a604797fc4eb94f395ba3140911090caf0d19e4d7603d421735298b,2024-08-20T16:26:54.663000 CVE-2024-41937,0,0,17d01be9af92612ee6b4d89126a811836507d3fbf35417e172928be42551212a,2024-08-23T16:21:21.893000 @@ -258082,7 +258082,7 @@ CVE-2024-41954,0,0,12ebe240a4a0966847a3fede7a35454b626561fae59f5ff3a5c94f1913b7c CVE-2024-41955,0,0,5ad0263667cf66f8813b7d99a3968b8a2424832b6c51b00aba139fada06ab3c1,2024-08-15T14:10:40.157000 CVE-2024-41956,0,0,b72cd1a22a28d2303229b868afdc5fd2adbef42d25416f48e13276835bed80e5,2024-08-02T12:59:43.990000 CVE-2024-41957,0,0,f207a653c0f0f9d782c3e5585f7eb5df8054bd1cd710ccb1397440f0e840612a,2024-08-09T14:14:01.190000 -CVE-2024-41958,0,0,ac2d465ee5b5b310612655a7cc0163ff8c5d740ff2b286b950528d6c8e63af4d,2024-08-06T16:30:24.547000 +CVE-2024-41958,0,1,2861801cda115ee7382f084a10fb9020f2b354246da5f5420f7e70df0377739e,2024-09-20T12:58:23.553000 CVE-2024-41959,0,0,a5b77d1b2d0820e47ed535354d7a0a4c8217a01fe56712ebcb48a9d560e6791a,2024-09-19T20:14:02.963000 CVE-2024-4196,0,0,2bee927395e72028cfccdf65300c6a2b8979e20b943a96185278ab936245f10e,2024-06-25T12:24:17.873000 CVE-2024-41960,0,0,67871a0d9bc1f8c7c6fdefc078d06d3de9e3801e3a530c569352ce3e295b7c6a,2024-09-19T20:01:58.633000 @@ -258437,7 +258437,7 @@ CVE-2024-42398,0,0,ecec97745a6273f6b5e5720bfa1d0ff4b8e46532c92273931272e35e326b7 CVE-2024-42399,0,0,b2d8d291d138c04491424e6796bb04940f5bfb5f03fc0a00b681faa84689b158,2024-08-23T15:06:13.350000 CVE-2024-4240,0,0,c278b752586c1bf53091999087140c7ddb924945ab9e2c19f82d090171b2b4e6,2024-06-04T19:20:33.263000 CVE-2024-42400,0,0,bada445f5210525c2b124a846736c128f6bdefeabff1b80f8c8c07a166ac65a5,2024-08-23T15:06:00 -CVE-2024-42404,0,0,c3d405c66f64f609aeb5baff872af9267b9c990f0513561cef9ea13fa0b12c83,2024-09-18T16:35:08.267000 +CVE-2024-42404,0,1,258bbe9a8fc30a08f303346ac087df8a3b0eda2e13e09e67b46abeb3b548974a,2024-09-20T12:30:51.220000 CVE-2024-42408,0,0,4d58de4373d6b44540fc0d8799a258082f4b72e8c10ed3de4134395815aaf808,2024-08-29T14:22:45.603000 CVE-2024-4241,0,0,1e8cfaace7e8ae3194846b1351a77e14aef6cd3a07b429e780198fa55ccad7c3,2024-05-17T02:40:19.957000 CVE-2024-42411,0,0,3fcf900cd705b45045cb94d8edb3d48eeb6b58809490fd9c74760d8ca62aa9ff,2024-08-23T16:04:26.227000 @@ -258504,9 +258504,9 @@ CVE-2024-42495,0,0,ec6874fdfc9b12ec8ef1020de6e62e8d7226ab1ffee9b169624f6e5854e00 CVE-2024-42497,0,0,262b8d15cef13f44f6c11c9732e86216b599547f262ceb2ec772c87233738fc0,2024-08-23T16:18:28.547000 CVE-2024-4250,0,0,29d8096febeb47af7a705b5c5f44b0e0121b5483d3074c39ff1bff1155e9a3a5,2024-06-04T19:20:34.200000 CVE-2024-42500,0,0,f0bcaea9090b49f77db24a21554ec397886059105966434018e3d2adca5c9151,2024-09-10T12:09:50.377000 -CVE-2024-42501,0,0,55667a47577b4f33bade3778f805c6b25ee72bbe08adc8c60302f0e4a051bbca,2024-09-18T15:35:05.747000 -CVE-2024-42502,0,0,286a9e13771c1363a765da26fcc8ddd07276a18a92df69ef87a1dce41a5bad6c,2024-09-18T15:35:06.550000 -CVE-2024-42503,0,0,e6317a3d02a192c10f37b8028a1025f7e876d341b9032ffb250619df7d81df4d,2024-09-18T15:35:10.277000 +CVE-2024-42501,0,1,2d6a46c355be0708ff7db2c58107fc669881111adf034802ab42261dde0a7bbe,2024-09-20T12:30:51.220000 +CVE-2024-42502,0,1,dc558fbcb98c4923828f8e84e6ebec0b3f2c4f3485c85f0b247c32accde91e11,2024-09-20T12:30:51.220000 +CVE-2024-42503,0,1,e0dc0159de5f49231357dfa2934c139a99d8affdbb90e51a7bb34e8b710af689,2024-09-20T12:30:51.220000 CVE-2024-4251,0,0,4911c8bef2a1e60ace7e3694403733ed66cd48ed80870211c4240e0e24584389,2024-06-04T19:20:34.297000 CVE-2024-4252,0,0,9237a844d9d9b4c175441eb52c39ce07fc14167f47531df4616e5c1079e2e93b,2024-05-17T02:40:21.053000 CVE-2024-42520,0,0,64dffe6569e4f4099d9df2249ffa95a5cd3b2fdfe3c5c543c43632b62f26d14c,2024-08-13T15:35:16.110000 @@ -258673,10 +258673,10 @@ CVE-2024-42790,0,0,62118f0a801ee0dae7272364dcdda1568011ac510014c09979b48bfde8c76 CVE-2024-42791,0,0,873fa7cb6896c8581c416ecabe3256bd4629f0e8a1bc57f85a270c46751d9e00,2024-08-26T19:35:30.910000 CVE-2024-42792,0,0,3d5171455e36c62db86c3f1d03eab38bfdac82c0ed4f595e590432a1180621b9,2024-09-05T18:35:24.220000 CVE-2024-42793,0,0,c34b0c01a33da3f3b96951729540996987faac6763a3b4211067000d740419d1,2024-08-30T15:56:51.510000 -CVE-2024-42794,0,0,1df1638ff4dabbfe989ee926f8729ef1517b50da93188e5a13b8b93f31eb97b2,2024-09-18T19:35:12.550000 -CVE-2024-42795,0,0,1d997e9d14176ef254b42c361912cf5551190a9f849a5555e9c4177c4c0cc790,2024-09-18T16:35:09.097000 -CVE-2024-42796,0,0,16f5cd05439d1b237921448aa907dc570179b25700b07d315993f5965c2c174a,2024-09-18T16:35:09.880000 -CVE-2024-42798,0,0,768baaf558340f9c8a5ae318b32d8a63bdf51ca24716c46c177a94e6fed69da4,2024-09-18T16:35:10.637000 +CVE-2024-42794,0,1,078b2957de8a35c65586039ca9ab74a458698d8bc4d4ec12b37065255629c6f4,2024-09-20T12:31:20.110000 +CVE-2024-42795,0,1,61b68997726d0e892987e4bf9ae86a4f07fc499530715b5093fcabaa3217783d,2024-09-20T12:31:20.110000 +CVE-2024-42796,0,1,63c246fbcee0907c7c8e75d03c3772b477d1cc4b98e6822b21c03a396347c1c4,2024-09-20T12:31:20.110000 +CVE-2024-42798,0,1,68babf70e14ff8990491ab0b6e91e013a701f9cc0e2160ba92b41cfc564ee267,2024-09-20T12:31:20.110000 CVE-2024-4280,0,0,f46c38f13eff52b4d020fb374e18f92e6528a4bade2042627b2165ccf7b62772,2024-05-14T16:11:39.510000 CVE-2024-4281,0,0,cb48c26c252b1c83fb4810210335ce05e1fcbd94e5804419418b4f73b9d5c028,2024-05-08T13:15:00.690000 CVE-2024-42812,0,0,d754a1b3fa22845b1ec28a5e3b423343f3a09420e9ed62b3cb19e2fa117c33b2,2024-08-20T15:44:20.567000 @@ -258684,7 +258684,7 @@ CVE-2024-42813,0,0,ac2ce0206860ac49c7a00dc981456912113a83f39c5bd8ad9fc9aeb5495f6 CVE-2024-42815,0,0,fa939825da2520b0805320da8ef3bf06e37d61d20e773887864a50a3aa224eef,2024-09-03T21:15:16.197000 CVE-2024-42816,0,0,8dd1ae8820cfa39b8949229a5b0a0fd0a511af977924a1929a9dcb8553f95dec,2024-08-27T14:35:07.077000 CVE-2024-42818,0,0,694f268c461684854315b7e46e53659be0c6525c36cb73fb82a2ea42f888fdd3,2024-08-26T19:10:18.890000 -CVE-2024-4283,0,0,a6fcc7bbbaca3c7645edb58f70010e839b06e720c0bebeb9050a1e6c009431ba,2024-09-16T22:15:20.650000 +CVE-2024-4283,0,1,baf3cbd821644f9f4035d22abd23efde2b2b5d204b1af246bf546479f82358d0,2024-09-20T12:31:20.110000 CVE-2024-4284,0,0,4fbe27a80563712e41b6422ac48754a31c657da862cab89b959335ecaf13d90e,2024-05-20T13:00:04.957000 CVE-2024-42843,0,0,147a94e278dd08ceb9ff0b00f505eb868d7a1e59c01ddecc9d1420e344e9ec86,2024-08-19T19:35:09.180000 CVE-2024-42845,0,0,f506b40591f84fe588a1ebf10f79903d4e58b530d7a712a8d7ac529b24aba892,2024-08-28T16:35:23.650000 @@ -258766,8 +258766,8 @@ CVE-2024-4301,0,0,218172685a71d9dc14b7de60ac62731c757d7801c2c506799e72286e245e5c CVE-2024-43011,0,0,a1a7726f53e21e3beb63c25ff5d202a0a16dad76f49dffd4b60f93fe1759157a,2024-08-19T14:35:10.893000 CVE-2024-4302,0,0,3989b291497fea424d341ee8d50afc238ccc795cfb4606a4430491f615d9ea6b,2024-04-29T12:42:03.667000 CVE-2024-43022,0,0,650f9fb8ccee75912422917c17fa309113c9ea3a4d5a4e724d337f4fa0323626,2024-08-21T18:35:09.733000 -CVE-2024-43024,0,0,d24259981e421f47a81a1246820916c45dcc7ee992c9d490ebc50bc74bd6bd03,2024-09-18T20:15:03.270000 -CVE-2024-43025,0,0,591b67ecc38ef1980acedf13b800cd3303b323b1cbc573d8d731ea74056c5e09,2024-09-18T20:15:03.343000 +CVE-2024-43024,0,1,491b0835c9b439fa900b3e57aa8e4200a5875728f3b9f6ed49afd24b747a30c9,2024-09-20T12:30:17.483000 +CVE-2024-43025,0,1,b566850b05b768408f71443b6361d266b221de02db5c6109d8f382336ddfdb35,2024-09-20T12:30:17.483000 CVE-2024-43027,0,0,0604ae83aadfc055c804f63006999d0d70f480945a963fa75a913e2db2c243a3,2024-08-23T18:35:06.387000 CVE-2024-4303,0,0,83a712aebf2d4281174fc319c5a3b5ed1f6b2a8b7c1590974611c884faeb0657,2024-04-29T12:42:03.667000 CVE-2024-43031,0,0,c3ec426a9c2d322dc356eb4fe356a9e19c60505e16e054c91bc62d391f4483d2,2024-08-23T18:15:07.490000 @@ -258838,7 +258838,7 @@ CVE-2024-43168,0,0,dda21c5c2e3bbeaf5d69baa1c2ddcb5d63c7d6cc03584943a831db0d376f9 CVE-2024-4317,0,0,2ab51635ebb5a78f9093ee7220532c2f98c47bcb30186dfa33cf412783a7fe8e,2024-05-14T16:11:39.510000 CVE-2024-4318,0,0,7b0a62dc8691f5e6f2210e7e19a78c6d4d5c9f053f662e7593a96cdc8c097afb,2024-05-16T13:03:05.353000 CVE-2024-43180,0,0,a63c1e5ba53951469b912040e5742c0e8fcb6212c54bf0c2665065107e0fdfdb,2024-09-13T14:06:04.777000 -CVE-2024-43188,0,0,05634f801075a732930f77077b6e9c5090d74f8b9521ae24e7330489d4069a7d,2024-09-18T12:15:02.867000 +CVE-2024-43188,0,1,9732a41401c8278fa7c84a534007c5d2780a3c65fc89d9cce5c3453fd30c05ae,2024-09-20T12:30:51.220000 CVE-2024-4319,0,0,7ca0245a01df3d5ced472265b32f90c6f6a22a37af3715d5589379ecac1f6a24,2024-06-11T13:54:12.057000 CVE-2024-43199,0,0,94150f8459e19abf18625a946d8a507867275817cd3d9928084030fcb7fa8330,2024-08-12T12:59:48.253000 CVE-2024-4320,0,0,f21f873c3bfeb896c071276000f6bbe2ae4420d2f2c3184178334c98a666705b,2024-06-07T14:56:05.647000 @@ -259031,7 +259031,7 @@ CVE-2024-43455,0,0,7effa4d2d49733857a939b9c56001fb62c3a8618d5be7fb4155055d0a4466 CVE-2024-43457,0,0,2d39da1954a904290cdb655f8413466318bc2fb9e79e95d1239baead98599e5b,2024-09-17T16:25:03.037000 CVE-2024-43458,0,0,d510a08722ad4b01e3bd416a3ff1688485cee9b82fed026222465a1f7268669b,2024-09-17T16:24:06.837000 CVE-2024-4346,0,0,9d7617b39f85e35f3b425bc36c01c8cc51c24d84e65ff0d34bf4ea7488f000ec,2024-05-07T13:39:32.710000 -CVE-2024-43460,0,0,225ea15c3e8295f9543f2bcecd686c86948b7400ecfe4305a23f6741e2037cd2,2024-09-17T19:15:27.500000 +CVE-2024-43460,0,1,c3d4412469bb0b5d7f72a370d0747f93a4ff5eaadb537f7e0665b7751011c808,2024-09-20T12:30:51.220000 CVE-2024-43461,0,0,f99d1573520331446defc217a57faaa313e0a37923c807afd46dd8502623f146,2024-09-17T11:17:22.597000 CVE-2024-43463,0,0,82ed3b86032aeae7f20effff7ac01fc984a98742e5e7914a0bb7560978dad83f,2024-09-17T16:08:58.350000 CVE-2024-43464,0,0,42956114f68b1d67be14842639914b420d38d850d63203f2075370bc159d7270,2024-09-13T14:48:05.247000 @@ -259050,12 +259050,12 @@ CVE-2024-43479,0,0,313bbcabdd9b44fdcc219a1bba9045a367d02f58a01b8953aabace95c227c CVE-2024-4348,0,0,6e86bc5560fea8dde0d2ebca4133582cb5d1167a5aec18ad6c6b9b23741c69df,2024-06-04T19:20:36.223000 CVE-2024-43482,0,0,d8f402bc0f3ce251083854e9d472514518876444465b9e6fddf99899cdf432df,2024-09-18T14:11:50.303000 CVE-2024-43487,0,0,b1bbbe6f3eeb8f594d4cca9a1e5f97347bd8ae24b6674c21dd2e36175fe4aaad,2024-09-18T14:10:20.320000 -CVE-2024-43489,0,0,ee2cf49c9fa4e936e04e2f7bfcd600b32597e40e3de91a382a9221f1a4d38319,2024-09-19T21:15:15.677000 +CVE-2024-43489,0,1,e51dc42001cf40c79c3d982937bc7d3e2c842180dcd38151636674f33c7634c7,2024-09-20T12:30:17.483000 CVE-2024-4349,0,0,a8b03025f36b8713c52951e7ebcf312d165d904bb8cd188665520ff04ec5e58b,2024-06-04T19:20:36.340000 CVE-2024-43491,0,0,66848b924ef1e3bbbd3e0b208cbe28d68dfcc77f6e79bf211914ea2a59716ae8,2024-09-12T01:00:01.133000 CVE-2024-43492,0,0,af0e73844988f19d42832ecb20006b5ce23817c5aa51bd592ac57ea711827c4a,2024-09-18T13:57:22.880000 CVE-2024-43495,0,0,d2a8d4c3f203ea859641059613f0257436e0f701c3b0d8de8a57b0ddb10ca75e,2024-09-18T13:55:07.100000 -CVE-2024-43496,0,0,6c8a4591d0b7199a042f60aa1c605bcf500cf2ea49ccf6fb4e85f680cab14ad9,2024-09-19T21:15:15.917000 +CVE-2024-43496,0,1,ce9fb3c433aec4bf3d2e3d01a5a24801b7d583675a11b7f3c03cd71db9801f41,2024-09-20T12:30:17.483000 CVE-2024-4350,0,0,064be752b5def38b2ae127a671a2419b00cbe1db7bc8e8e49beca0c95658f61b,2024-08-30T18:18:37.130000 CVE-2024-4351,0,0,1afa7cdd2b07ed7f6c7d4fd33431ae4e847e5055e80de2c2ff284dbdde180a83,2024-05-16T13:03:05.353000 CVE-2024-4352,0,0,83fde2dc0fb70bd9398ce4f7dc00180654ce0fb46c0f63d8091186b07c4c5ecb,2024-05-16T13:03:05.353000 @@ -259097,7 +259097,7 @@ CVE-2024-43773,0,0,8c0c6d6cc6b93c34cfa09ef3705fb324f136fe885f1952674b354433c7d54 CVE-2024-43774,0,0,8a1a7395e0266f26fabce42b3d201bdd365872f3bb986b16a4813718545afbb5,2024-09-04T12:26:42.387000 CVE-2024-43775,0,0,386009b272e00dd7e320eaa82eec20a93bfce64d4bcdb8a26930d34c6fe0dc22,2024-09-04T12:27:22.670000 CVE-2024-43776,0,0,27e4419e8ce01901c27e76cb21d9618c21e34d6a14d012499c61adf6cf980a12,2024-09-04T12:27:40.113000 -CVE-2024-43778,0,0,7561834736f08cf1293ccbd41f2cf3fda7ff5c7b5aaf1c8e3860ee5f6b05470f,2024-09-18T15:35:11.213000 +CVE-2024-43778,0,1,617cbe6e8002aeb0554b4bf09608badf395689487ff5457209c7f93a3188bb1a,2024-09-20T12:30:51.220000 CVE-2024-4378,0,0,09f9e04bae659373b82712486e7efa4baa3211e21ee904b68f572ef978953753,2024-05-24T01:15:30.977000 CVE-2024-43780,0,0,5217ce0351fcb75bd7982f01c3d436316e02e5a2bb3d0e7b3ad2fd10f4519787,2024-08-23T16:18:28.547000 CVE-2024-43781,0,0,fe4ff27a41c5a2d11128d539a346b2aa7ff5522b07e03c5290a837b9cf154eca,2024-09-10T12:09:50.377000 @@ -259253,7 +259253,7 @@ CVE-2024-43931,0,0,e4b487ce16111f7507cab3f7997c98054a40435c39d10d2eeeecf16baa2d6 CVE-2024-43934,0,0,4e14707da9cba5c30b08d1fee5b95a63503f58541a5f170f7bdf2957916e0033,2024-09-03T15:17:36.507000 CVE-2024-43935,0,0,507740bb6b2ff7008debdb7eb0a31d10ff2310284bc85a28c8516e97f01a540f,2024-09-03T15:19:13.313000 CVE-2024-43936,0,0,13ff2ee8ac37d656ed3cfb9bac7c332b5831e52f7ec68739f3804a7d224b4b07,2024-09-03T15:20:22.557000 -CVE-2024-43938,0,0,47bd5aa1c071cc007c1d00c270027de83c84c7236d6fb57a01057b0f8da1b8ce,2024-09-17T23:15:18.037000 +CVE-2024-43938,0,1,5e9169e33c88931e03e9584f8dd6045106ac6535eb479b624633cc85c5233f81,2024-09-20T12:30:51.220000 CVE-2024-43939,0,0,038f7625de6a8661e4d4e3d67a6a9205d36179299b716c94d45c48dbdde60e93,2024-08-30T16:29:15.177000 CVE-2024-43940,0,0,e2807b5b7542484ae9ed35e04d622dfaaddf93a950c2f3af8ce19e39df4a53a6,2024-08-30T16:27:22.270000 CVE-2024-43941,0,0,65eb65a5b19127de85b2ed3f09e3f3a2fc43c5d3fc64b0022b1df003f93a2eb1,2024-09-04T13:40:41.620000 @@ -259280,45 +259280,45 @@ CVE-2024-43964,0,0,a296e79bf666a02822318fa0afa97e1b25cabc20d3cd08936c2b6152e8d8f CVE-2024-43965,0,0,878d660798d5f5ce29d081268f89e41be6b018fcbed5e4625677b64fd6bbb9af,2024-09-04T16:02:57.427000 CVE-2024-43966,0,0,2901acb1eb63b7a55cb46d133ca8742f966f34bb1db4feb1259a3cd63030f204,2024-09-13T16:01:42.997000 CVE-2024-43967,0,0,efb5ab215f4087a53f8dcd252d52ef141005b5764a5e2b6c3ee9faa1675f0e1c,2024-09-18T17:00:57.497000 -CVE-2024-43969,0,0,e26f311e05eb6990dcc6348fd6e980e4dcceb0042db2094a3923d85c868f6220,2024-09-17T23:15:18.253000 +CVE-2024-43969,0,1,1a95b579d41eb8faee65f3858dc0c26a2595ef0cb4c3d2f4551a96318123fd7f,2024-09-20T12:30:51.220000 CVE-2024-4397,0,0,e58140e99ddfaf8bde684cb5f7b842244f11804dcdfb8070d80437acbcb292f3,2024-05-14T16:11:39.510000 -CVE-2024-43970,0,0,c88394c37ec2dcfe0730bc24e755f0a41287abbc542ba8a5971f52b1fece2bd4,2024-09-18T00:15:06.683000 -CVE-2024-43971,0,0,246735f2a1d0baea8573774019001e504513d732f8adbab6700d981b5ac8fd63,2024-09-18T00:15:06.937000 -CVE-2024-43972,0,0,778e249974dce16930d62d5e247435b6f991f94ed07923018428ebabfcd06e97,2024-09-18T00:15:07.157000 -CVE-2024-43975,0,0,3bf1ce9c8b3c939d979c7ab5a4cca853de26d47a9abba2a3b9d491d1d1b2f1b6,2024-09-18T00:15:07.360000 -CVE-2024-43976,0,0,27b2727ce03169152704486288c2dfcbcdadb5e4553bf4b3371da31f2c996ce9,2024-09-17T23:15:18.450000 -CVE-2024-43977,0,0,2c63d47d9a73a29dc22bfd4860abfb6da62e1ccf79f4dfec31d1480a2bee45c8,2024-09-17T23:15:18.647000 -CVE-2024-43978,0,0,a489a0cc2522b21a9304e5412dbb704dcc8e818c12140083d4bbb0a661d29509,2024-09-17T23:15:18.837000 +CVE-2024-43970,0,1,eb63732798152f8124074a55ee3aa3a4bd2bd176d6febbd091cb7ebc3fc9aa1b,2024-09-20T12:30:51.220000 +CVE-2024-43971,0,1,34472b5ac709ce9a3f1abe23b8eaa963797fcce9e53b661d070b799ddc85f7ac,2024-09-20T12:30:51.220000 +CVE-2024-43972,0,1,4fddac4919273fee7376e45e0057a4cc10abb7819b09ddabafb76ef0ea1017ac,2024-09-20T12:30:51.220000 +CVE-2024-43975,0,1,977229ee6f21ff44b2f4c2cb7deb0207c9f2f611ad753dcecfedffb4a8442761,2024-09-20T12:30:51.220000 +CVE-2024-43976,0,1,38755d453c1baa179b478cdf8be31933896e83365bd823e10cf9163ccde821a1,2024-09-20T12:30:51.220000 +CVE-2024-43977,0,1,9dc13a044aaf4c90e341701952fdc8a28870c07dcda98939ff30632b53700c56,2024-09-20T12:30:51.220000 +CVE-2024-43978,0,1,a0610a5bfc135fc086d82321c6cc13a7f10730162727ebf94c0544b4e5a28259,2024-09-20T12:30:51.220000 CVE-2024-4398,0,0,fee297010492d7a9d0bd198f00369fbc7ee85eff508879444e062d535e0abd54,2024-05-14T16:11:39.510000 -CVE-2024-43983,0,0,550e7bf557069796f44b84d252d1827ca06d140b1648c728d230624692328555,2024-09-18T00:15:07.563000 -CVE-2024-43985,0,0,15dd13fc460f6cceaa61200e7f29fdfe36d95164375ca054b826fa36eaf5592c,2024-09-17T23:15:19.037000 +CVE-2024-43983,0,1,1129654801fd3266f7fe50d30c14628ba8e34277b02cfc392393ce4aaa513f92,2024-09-20T12:30:51.220000 +CVE-2024-43985,0,1,aa1c4ff43ee665dbdf84e97752be7025182a4441fda6e53b1528cb3015c4fd6e,2024-09-20T12:30:51.220000 CVE-2024-43986,0,0,9478adfda55868d7b94f2eea7c2c936b95469666be97191a74de84a03c2187a9,2024-08-29T13:25:27.537000 -CVE-2024-43987,0,0,890e274b9ccee15eea56675301a3387d36571651865bf5fbd9e24f6e7784f12b,2024-09-18T00:15:07.760000 -CVE-2024-43988,0,0,0191ac1a47e435df2cd7bf0452a7456f7ec3aa634b0280319b4b58fc106f226c,2024-09-18T00:15:07.953000 +CVE-2024-43987,0,1,5f2ad565a5d32bae37360bc37876e8a6cdef75055ca9a1d57a5047cb69a7250c,2024-09-20T12:30:51.220000 +CVE-2024-43988,0,1,58810a59167a152a28df3aac148f6a81b7e962eeb8f36cca2c04029c80f728ba,2024-09-20T12:30:51.220000 CVE-2024-4399,0,0,037b40419d6c617c61ec971c9e0affd6b35920b718c94b9e88ff7a43f16d3faf,2024-07-03T02:07:31.827000 -CVE-2024-43991,0,0,13798b7e94c6d33e070ba6673c8284e1c6a2c3194fd3dbb70e6e89621a7a3d37,2024-09-18T00:15:08.147000 -CVE-2024-43992,0,0,a249f3d1ca8591d52f11d559146a6a54dc5645f4481e4bbfc76cf73a11347a80,2024-09-18T00:15:08.343000 -CVE-2024-43993,0,0,06c464e30d752c82959b0364247eeea9b036ff79c0edbfc8f31b7fbb18e843a9,2024-09-18T00:15:08.530000 -CVE-2024-43994,0,0,e9a5cbbca678a1f5d234bda1df39fbfc2beb8f82f5c9fefc0ff8ed7055127c2d,2024-09-18T00:15:08.720000 -CVE-2024-43995,0,0,340fba255f394c730217825a8e018e277c3b627e0fbc2dcd3a889c89af5c8345,2024-09-18T00:15:08.923000 -CVE-2024-43999,0,0,3c044ca1f08f65e4be30bd787347eeeaae2d53df183d0788ed631e24f0c00c15,2024-09-18T00:15:09.110000 +CVE-2024-43991,0,1,dda8dfaf96eadcbed1e5201447898b359abd71dadd4fa20fb8b97e3a369fa7a3,2024-09-20T12:30:51.220000 +CVE-2024-43992,0,1,ce482abec0688eb2a57431414e5c7c14ed21653accf87cc53624b71f8332ee14,2024-09-20T12:30:51.220000 +CVE-2024-43993,0,1,8429fddc72b66938c1cabc2c62cfe7b55cdfd9517ee1a2cff304c65b1cd15c63,2024-09-20T12:30:51.220000 +CVE-2024-43994,0,1,92a57f752ce2faa73917c46fd03cd7058c3f4fe6668ac24e011d5cce000e100c,2024-09-20T12:30:51.220000 +CVE-2024-43995,0,1,d2bc15228a0936c9d52925ee78d8f61fa4f243d84362a990cf6cd93f080ed156,2024-09-20T12:30:51.220000 +CVE-2024-43999,0,1,dcffc3404e52a7bbf6440f499137f398cedd785c7ad8508e3c67849b85d16eca,2024-09-20T12:30:51.220000 CVE-2024-4400,0,0,387fe642c8f26702c425b79a01d9b1ba308ec0bd188f1564ff2c490875133119,2024-05-16T13:03:05.353000 -CVE-2024-44001,0,0,8c87029b24746d14a90befef5bf2fc0c77b6d5a2f8d4f10045ea5373360ac884,2024-09-18T00:15:09.297000 -CVE-2024-44002,0,0,13a83f0058b5831b246b76e2c807846827ce50a7383a3fb6f806495e4c8736d2,2024-09-18T00:15:09.503000 -CVE-2024-44003,0,0,54e12bbd2a38a90a1240a20a4898c6c7f1ba764cbb4bac36ef2353a58b1825e2,2024-09-18T00:15:09.697000 -CVE-2024-44004,0,0,8fdea8b2485ba244b493f0cfebf273a15cdfa259125ddb319ebe8f26029d6432,2024-09-17T23:15:19.230000 -CVE-2024-44005,0,0,a567e2b2cef5b16c735168f71b7e7e02953f3be9acf731781642fa9a44afe87d,2024-09-18T00:15:09.887000 -CVE-2024-44007,0,0,753a12cc95ac2937f01bcf420e3f38cff2803caf67491b4a60aa756759cbf769,2024-09-17T23:15:19.423000 -CVE-2024-44008,0,0,fb2eef83b449915682450ef7b09368e0602ee6384298b4ea39f030fb18db93a6,2024-09-17T23:15:19.617000 -CVE-2024-44009,0,0,a4a5b3044dfd0cdce3d24515f4e5c950490d84dec42d04909f89c618641bf5c5,2024-09-17T23:15:19.810000 +CVE-2024-44001,0,1,43db0f88c3e640d31c1ced26a25fee31b35f13afe37712fdf24ec0f8f0863bb5,2024-09-20T12:30:51.220000 +CVE-2024-44002,0,1,78aabec616bf445add31137b546b3614b9511be8a441ab676da5dce9d6232c6b,2024-09-20T12:30:51.220000 +CVE-2024-44003,0,1,2744e27ce4993c02a8ad8b34984a99e1a86eb64e2a65d6dacdbd3f08ce311e94,2024-09-20T12:30:51.220000 +CVE-2024-44004,0,1,b99a13d77777e37b259313f217514c0ca7d604751c8fe558b73fc3da3d8258d6,2024-09-20T12:30:51.220000 +CVE-2024-44005,0,1,74a6df6258e6dee55074c5cdcb40f2b7a2782c98a0852d6f9e6d353d86509cf5,2024-09-20T12:30:51.220000 +CVE-2024-44007,0,1,25399a4387c6e910f1e31a22ecd7376eca59f06b5a84938f46c283649da686d9,2024-09-20T12:30:51.220000 +CVE-2024-44008,0,1,fab9f9caf57c4b8932c925160fa367471e20ceb27bb77110cf5e92702d0ff579,2024-09-20T12:30:51.220000 +CVE-2024-44009,0,1,769ffff48929be54a2d5b9f19e0eb89fc9c039c6a4ccda642670b187da7709bb,2024-09-20T12:30:51.220000 CVE-2024-4401,0,0,48f8e641129f81284635fb93c6fe88c5c5fc547b585fa75e650b46a3bc3c0b8f,2024-09-04T14:33:01.807000 CVE-2024-4403,0,0,07b387e13ed3d47c920433d5f499100d4d5e53ffefe1712d98753a4da5408fe2,2024-06-10T18:06:22.600000 CVE-2024-4404,0,0,3ae3ea086edb9bd484931090d5df4b9ee138a4bfd155faf3c535f115da6a15de,2024-06-17T12:42:04.623000 -CVE-2024-44047,0,0,f5310b42432716ab0eb586cf21ec036c95d1600db7f36b3d0c930ea835532186,2024-09-17T23:15:19.983000 -CVE-2024-44049,0,0,b2a6dbb3531bd2a9915754cfe59a39b1eddd56dfdf5d9ada583ad69549ed10e6,2024-09-17T23:15:20.170000 +CVE-2024-44047,0,1,3ca711a1cc653b9579857c6add0767ada92d30fe1275f98c949f2f854d5179a0,2024-09-20T12:30:51.220000 +CVE-2024-44049,0,1,ef748edf1617fabb389d566975f7c0a6eac60a167e3cd5f1bcd1e2cc72bf4851,2024-09-20T12:30:51.220000 CVE-2024-4405,0,0,45cc63f187ac8ca241b3f6f4ea8115546cfb9789c95e5b84e970d2850f40bb92,2024-05-02T18:00:37.360000 -CVE-2024-44050,0,0,112e5de368d7bb55d757925d6c83de468cec9a8853d13686826b3f2a2c1d56e7,2024-09-17T23:15:20.363000 -CVE-2024-44051,0,0,21ef55b7e973e2cb5e9927cb54ad9cf52e06b6e6d1cd1dc9e53e7965543bdb0d,2024-09-17T23:15:20.567000 +CVE-2024-44050,0,1,1ff55ac869ad3ea12c7c7d98e92859a501ab18429c03f30696257b4b773cae5c,2024-09-20T12:30:51.220000 +CVE-2024-44051,0,1,d5a5f3e8af9c33f5b11591ec0e2d61a7340ff242f47d4bc0a7f2607734b47292,2024-09-20T12:30:51.220000 CVE-2024-44053,0,0,83d8923ba60cf9279e6750cc431daaab1e1e350d146e3f688dad663630566e4b,2024-09-16T15:30:28.733000 CVE-2024-44054,0,0,aac6ee4842c7130587f73f4ed7c6e96f84a7c00d827a149adaa8654efd7c1333,2024-09-16T15:30:28.733000 CVE-2024-44056,0,0,c99585cd0dcda5c81c68a8c27fe2576a5ab4d77342f1c34b32b44751c11dcc8b,2024-09-16T15:30:28.733000 @@ -259329,7 +259329,7 @@ CVE-2024-4406,0,0,4d2edf89174eefb11c1e35948c69459d7b4d6dd1a09c10eb7a0704c1561ef9 CVE-2024-44060,0,0,ea289f0bdc9789c9ec67d1508aa08afeb9f803f52099e34e6af184526da44eb7,2024-09-16T15:30:28.733000 CVE-2024-44062,0,0,14538aba5f6d0cee1fffe23d891617a033aae9a8c2411d6855777f0a1a7aba3c,2024-09-16T15:30:28.733000 CVE-2024-44063,0,0,d642b3fb89950affe44ef0b88153cbec24d22c27c53a8da8ab9d205a291c0668,2024-09-16T15:30:28.733000 -CVE-2024-44064,0,0,cc532be85a29c3897f823999317e0fedeef91fc2f6e2412ab4193e7866cc9f8b,2024-09-17T23:15:20.753000 +CVE-2024-44064,0,1,2e5fb8d8b878db7db7ccf389ea4db3eaa76fdd1d43affb3324675a60f4935082,2024-09-20T12:30:51.220000 CVE-2024-44067,0,0,f6acc392be4d580c3750239c741db14e9e0b23cb38f1820ef772266e93e1673a,2024-08-20T20:35:34.497000 CVE-2024-44069,0,0,2eb956dd06d71bb925b0fe816cbe078cd7c5c9a8647e07e8d081256cc543fa9f,2024-08-19T12:59:59.177000 CVE-2024-44070,0,0,897c04ba9a67e5ea511bddee651919522720d2ac02cb9c6411d8cfecd25984e1,2024-08-30T16:19:49.587000 @@ -259361,60 +259361,60 @@ CVE-2024-44116,0,0,e864e012d0e5d96cbfc054f4369e58e067ed8cb636bcf383d653a5b759dea CVE-2024-44117,0,0,f5e51fd4c1c072e4ebc183a03cfbd5abdf4c1e3554f96913f31f5eae6bad0fb1,2024-09-10T12:09:50.377000 CVE-2024-44120,0,0,e512bb8c5b42763893890ed03b7785da148b231d68bd53abc475cbbb6b528a5f,2024-09-10T12:09:50.377000 CVE-2024-44121,0,0,bad946f7ab72ac1b9d199f1a920dd1390631dbfc9489b17da06c05da204a16aa,2024-09-10T12:09:50.377000 -CVE-2024-44124,0,0,582bf1991eaeb84a403f740f2048a2dc33fe01e4444fcaf40e4ae1bca0174b14,2024-09-17T00:15:49.890000 -CVE-2024-44125,0,0,0782f07f14d07ce33765c50e5505da563e36b58c0af4d323c377c793bc2fc014,2024-09-17T00:15:49.940000 -CVE-2024-44127,0,0,9b4adb64cc0b1c4c0ca02afb9b62601aa20276049e081be1443efbf14fff669b,2024-09-18T18:35:10.113000 -CVE-2024-44128,0,0,dc55bdb4f3e37660f0bb1e03ff07a6a7e719bd0fb28a4018c639865348a12921,2024-09-17T00:15:50.040000 -CVE-2024-44129,0,0,80d6bfe9f589639c6b37cf4bc9d9a0337225f91fda36e2734cbcf804c1050466,2024-09-17T00:15:50.090000 +CVE-2024-44124,0,1,44c7ca8146afbbf39c096f933ced467146f947fcf582f4483eb2ab72de8f0e4d,2024-09-20T12:31:20.110000 +CVE-2024-44125,0,1,9e664118d2ae4edc8a767eed4bd017c05d52d36e00239c51040c0b095af7ae9c,2024-09-20T12:31:20.110000 +CVE-2024-44127,0,1,dd0c6b9721104380f6a5b85cab540e81cef5152e26883b5789fde70c5e555690,2024-09-20T12:31:20.110000 +CVE-2024-44128,0,1,0d066e39a9d2e85c653bba4cb69edb057d90c1a06e2e2de543fb82ec551e1666,2024-09-20T12:31:20.110000 +CVE-2024-44129,0,1,e53a9ce09955a665419f7026ace3914c7b269c25d0abbbe77b9d291ebff0baa1,2024-09-20T12:31:20.110000 CVE-2024-4413,0,0,63e6df043fde5eb9cf937a1f1c34414009dec10f116b4c7a5421dbd8a403038d,2024-05-14T16:11:39.510000 -CVE-2024-44130,0,0,8b7bac72cd82930fe473fab5aac1053d3c9017a18ce274bcfb0126f6015fb62e,2024-09-17T00:15:50.147000 -CVE-2024-44131,0,0,b267a6183213b9af680517d98dadaf8ee8254ca3d098b903aee17731bb751574,2024-09-17T00:15:50.200000 -CVE-2024-44132,0,0,768650c39f2465579333f2ffdb38dd2bade832eda43a93b5312bf7febc840788,2024-09-17T20:35:10.567000 -CVE-2024-44133,0,0,2342efabdfb486acbd84b01a67b4429c3f220894b32420494f740a374a8b7a02,2024-09-17T00:15:50.300000 -CVE-2024-44134,0,0,08861eb717240c3274a4b430984ab8105b0dbbf7f1f275826256555a7a05b703,2024-09-17T00:15:50.350000 -CVE-2024-44135,0,0,87bd09056774a11e5987bc31387cce2c52820c19b2c6c0364c242beae92f1a3f,2024-09-17T00:15:50.393000 -CVE-2024-44139,0,0,c299925983c65f2e26a7798504cbbda7a625fbce15c976febf2bc0ac7bb8406b,2024-09-17T00:15:50.443000 -CVE-2024-44146,0,0,1f2a036a8dbaa5d598b4fbe6193635f3f5057bfa2ca7c38643cbb9301a82cc97,2024-09-17T00:15:50.523000 -CVE-2024-44147,0,0,71c0555157b8db6b40c6d1f045db2be66c75602c52b1f0ab309ad8440f19a1d0,2024-09-17T16:35:18.863000 -CVE-2024-44148,0,0,cca2c64591ea75746af500e35c65aadd66c8b456febe5d09b9cddebe0ce9bc67,2024-09-17T00:15:50.617000 -CVE-2024-44149,0,0,b71db0af392da6c0d42cb7599215cbd3495651504596dd55f8f72b8dcfd492b0,2024-09-17T00:15:50.663000 -CVE-2024-44151,0,0,edf179a9fe6968d1994b58335f4d878a2fba6d1b34597f26770368895afee69a,2024-09-17T00:15:50.717000 -CVE-2024-44152,0,0,e99c4b4317febfc411cc135a8b6662ebdd124a6ab09b5ebeaf37eae8a573bbe6,2024-09-17T00:15:50.763000 -CVE-2024-44153,0,0,1b87c117a4ffb2b15540e409bf82207565e2fcec5726353778512198aba4a554,2024-09-17T00:15:50.810000 -CVE-2024-44154,0,0,9789e8d5dfaa952348de260f27d0026789703ba215a7f3d6d08b7e0564047c0f,2024-09-17T00:15:50.860000 -CVE-2024-44158,0,0,8cb1c6f4e801354f54f8bb0543408dc53739da3c702d338f13ecced2855894c4,2024-09-17T00:15:50.910000 -CVE-2024-44160,0,0,6279f58fb76f4227f390cb8d938b325b98bb5c11bf4c2ed263b4686e1b3741c6,2024-09-17T15:35:09.730000 -CVE-2024-44161,0,0,0cae258d94f615739216092bf6e26fdd2132ab5b974b2bf9fcb47ef7d134e3ea,2024-09-17T00:15:51.010000 -CVE-2024-44162,0,0,7c8dc8cb1794e435e159570654dfd404793cbc7d6485100d7b6db6e471f55527,2024-09-17T00:15:51.060000 -CVE-2024-44163,0,0,25be5dffd3a9e5399c3e325f19381dfb9a95df04f88c89632525d3a3e0c86319,2024-09-17T00:15:51.107000 -CVE-2024-44164,0,0,b99a062b58b97c7a3d98a80823f224d9bff8927a0e72290c92b3a6e29a1f31be,2024-09-17T00:15:51.157000 -CVE-2024-44165,0,0,a7e8f145a76de2fcef8206444371e2a7f7ad0b6c0af30e6cd99ee6833ed6e202,2024-09-17T00:15:51.207000 -CVE-2024-44166,0,0,2d8190455851a8a67b982415e9d3ab8fddb339b6e45b81afd68e2435f8536ac5,2024-09-17T00:15:51.260000 -CVE-2024-44167,0,0,9f3d56f83dc067ac305f54368fd7f5896f58eadd0eff0a391ba78547ebd4120e,2024-09-18T08:35:53.200000 -CVE-2024-44168,0,0,4c6aa60d3ee36133c15b85dacb7853804a1499a3b87e6bf9a00be00f39f6c9c9,2024-09-17T00:15:51.367000 -CVE-2024-44169,0,0,92236126660592a1c9f1a92db5cf0926d3435475ab83053e9be05d8c74b3b13f,2024-09-17T21:35:07.080000 +CVE-2024-44130,0,1,b860a41cc74f8cdb030d0762c448bbce0f404e56008223c8cc73a7b3a27447c2,2024-09-20T12:31:20.110000 +CVE-2024-44131,0,1,616a6306e83c59df35b7c762f574080ddc1fb5a715c9e09a09ecfcb6996b25e3,2024-09-20T12:31:20.110000 +CVE-2024-44132,0,1,025bc39178c8aaeeedde19fa86578cab56517e73471c42ea3a47af8718cfd908,2024-09-20T12:31:20.110000 +CVE-2024-44133,0,1,ffcc4c90a999a71b673f653ae8a0e753cd591c3f40af2bdbcfb5bfa0a8f912fb,2024-09-20T12:31:20.110000 +CVE-2024-44134,0,1,a07a476bf5dd298ab30484c09c84f519c218ca1ebb18d95a53c45b803a6ea88d,2024-09-20T12:31:20.110000 +CVE-2024-44135,0,1,5965a57b9acfdbabd92fe864390d08c378d2b08941f576cb0b1177942ddb4946,2024-09-20T12:31:20.110000 +CVE-2024-44139,0,1,f8d0ba8be2f26827096f7c4b211f1011ab13a9b5f5d8a5a599b88274df2fe4b0,2024-09-20T12:31:20.110000 +CVE-2024-44146,0,1,c9703c8cc11ed8f3e12dd428efc81629d9d55a16ff8d62964513abaa2e7c81ed,2024-09-20T12:31:20.110000 +CVE-2024-44147,0,1,8d82d5566ea29b70940c9c9f21d951cc6eb5498675d184ba22b8d555bbcad202,2024-09-20T12:31:20.110000 +CVE-2024-44148,0,1,d287b3a30730fa9576daabed091d8af23bea3955963340f02021415b2746c828,2024-09-20T12:31:20.110000 +CVE-2024-44149,0,1,e86eb23449fdc316e598e6aa05aaba96529b6152947c14ad954d92fa4f31089d,2024-09-20T12:31:20.110000 +CVE-2024-44151,0,1,bc6fc4f3e7a9c4984ee4365b3e6e6ae8d38d4755cccaee3970cd5303e1b89b1e,2024-09-20T12:31:20.110000 +CVE-2024-44152,0,1,9edf4cd7b442f9701c5da33a0fdac486d7b0ab83e47730e9adb2b9edea91795f,2024-09-20T12:31:20.110000 +CVE-2024-44153,0,1,916256e95db31dfa6ea6122aa4cc3d869528790c0f6e877e4c089e2567b85a45,2024-09-20T12:31:20.110000 +CVE-2024-44154,0,1,6e42706db6f65b9bf1320df07dbf9a16084fe0ab8e8fd5bcb7b83cb244fba767,2024-09-20T12:31:20.110000 +CVE-2024-44158,0,1,634beff4997dc9b4442b906b8341dad4a805ef029586829ebc63227fa5ae7ce5,2024-09-20T12:31:20.110000 +CVE-2024-44160,0,1,111306ea6d5f4cd614ad1f97ebba8b9ebd1a48c26d38996100c4c5802f2b5bd6,2024-09-20T12:31:20.110000 +CVE-2024-44161,0,1,addbc514445e0c7292301d9de7a75e8bede0890df281f99ad80b419b4c502969,2024-09-20T12:31:20.110000 +CVE-2024-44162,0,1,3f14eb43cace0291473abe5a6a05a37f0c7d25818db1b9306e78a99c625d78e0,2024-09-20T12:31:20.110000 +CVE-2024-44163,0,1,d582112c33ca3983643ae0a23a9b29e760e51cec4265270cd6b28e0b4af58943,2024-09-20T12:31:20.110000 +CVE-2024-44164,0,1,ddf68cfa54da5bf35ca84460db2640d977dae028328567d83555b5965c374b17,2024-09-20T12:31:20.110000 +CVE-2024-44165,0,1,7a80a45e9c5c0801ff5df33d26ca02e16b382cad49b8d35f9e3ba74dc1079494,2024-09-20T12:31:20.110000 +CVE-2024-44166,0,1,6133213e190d4b72abe938f88de9de88411e5644eb193e3913a4f94c204d2e56,2024-09-20T12:31:20.110000 +CVE-2024-44167,0,1,0c7f2bd46dbe690e9e6ee041bf2863bc0bf24e5ff869009fc286ce7f5e79d55a,2024-09-20T12:31:20.110000 +CVE-2024-44168,0,1,a0b9e33b35d889f897da896fb7c191ca4c99f7830c925f799140b17ef18fbaa3,2024-09-20T12:31:20.110000 +CVE-2024-44169,0,1,1984dc39e10d51ae75d1eb4ce71ed44a0e161e0da261bb6e58a46f9336bba7e5,2024-09-20T12:31:20.110000 CVE-2024-4417,0,0,9b4dc22c7f1e74f381016fafb921403ecdaeb7b3b80aa5fc2130db180ef5935c,2024-05-14T16:11:39.510000 -CVE-2024-44170,0,0,eaee94625696e10e244480f362239ab3b8c5d3e94d8657717d77fa54a9c25544,2024-09-17T00:15:51.463000 -CVE-2024-44171,0,0,6d6988c5b02b24d58bcd2c90e99110317d20ac11c5529524260344531b895d3a,2024-09-17T00:15:51.520000 -CVE-2024-44176,0,0,d9e1b5aa5e6df020546ebea7ad60dbaee4a1d2e0bebc3363d8b851157be3835b,2024-09-17T00:15:51.573000 -CVE-2024-44177,0,0,1ebaa477d27b7d39f74686301b87ab410c10689ab03bed6d1473ec261682bdb4,2024-09-17T00:15:51.637000 -CVE-2024-44178,0,0,be4a2f09394d4d5c752914f6665c596d5bb2cd51050a9b38486757fdf8d34acd,2024-09-17T00:15:51.690000 +CVE-2024-44170,0,1,ad9c7ebf0677867158c66367ee67fb353ce44ea245452aff8d81c248a025d15c,2024-09-20T12:31:20.110000 +CVE-2024-44171,0,1,b727b75b48d7c52102251b1d2ec8e72523f3bb4dd1baa1faf39f7e8468370e77,2024-09-20T12:31:20.110000 +CVE-2024-44176,0,1,ba7f8b73267c9c45a3d8e8ca5968b7373044b3082c40552641c913654fc3e7d6,2024-09-20T12:31:20.110000 +CVE-2024-44177,0,1,2f7e30a579679772d9bd2c4df002868af74211bf781cf2368c821dfb8f56e2c7,2024-09-20T12:31:20.110000 +CVE-2024-44178,0,1,7b5944ab03a83375263d576ce8239b16aedb4497ecf6590029c1c535693ab1b7,2024-09-20T12:31:20.110000 CVE-2024-4418,0,0,b4bbbecff5b748c422c3d0ed121fdcb8cd9b2330acacbc04d39874726279d92b,2024-09-13T22:15:02.123000 -CVE-2024-44180,0,0,5bd7fbc688964a63a7f40a9f1539fe75506ee5c7a945b6a3776b2ecd212fd761,2024-09-17T00:15:51.743000 -CVE-2024-44181,0,0,61bde0f4123c4a10cd16af4585b529ab0239372ed25efd39c4589fff16c1cc6c,2024-09-17T00:15:51.790000 -CVE-2024-44182,0,0,13fdb6703ba1073e30c987668f0b76750be68269952e7c0c028940eebaea497e,2024-09-17T00:15:51.840000 -CVE-2024-44183,0,0,f8219cc255f1f04268ae636a1274feb096e05a517c25417fa721fe497e5b39a5,2024-09-17T00:15:51.890000 -CVE-2024-44184,0,0,ae834459824188218e58e66580ff3454aab46ad89b4175fafe44e126ffc5f23a,2024-09-17T00:15:51.940000 -CVE-2024-44186,0,0,7ff902f01b709c01eeb06627a490a56ae8f82a6ebd59910418699151211815b1,2024-09-17T00:15:51.987000 -CVE-2024-44187,0,0,3198dae26281f9ee9cba7b40c3f9d593f0bc5e70ae7f4e39b3d495c339868c22,2024-09-17T00:15:52.037000 -CVE-2024-44188,0,0,11a024a5f08e1baf95f1fe8ab958d87f216d939a37b1a9b0006a20ce66645c1f,2024-09-17T00:15:52.093000 -CVE-2024-44189,0,0,a5e4446c0a739442ec4a9eaf230b9e1d86ec4adf7fd51a8fdddcb97fe6c2970e,2024-09-17T00:15:52.143000 +CVE-2024-44180,0,1,21cafe3f871f544ffbc1129f47115fe5101d1aff279092e56bacc98d9f72735c,2024-09-20T12:31:20.110000 +CVE-2024-44181,0,1,853b4c4e0553eb4d105d2b58b48901eab1bb091eb370adb3a05d7eb187a53f2b,2024-09-20T12:31:20.110000 +CVE-2024-44182,0,1,c213937d9061eeb56bfa92fb96cd3632036cee3602d24048eafc8d70487db5d8,2024-09-20T12:31:20.110000 +CVE-2024-44183,0,1,888fbfb072caf0d49188915dc6bd856f9e11d6cb91d62ef6a0dfe9ab161a7c03,2024-09-20T12:31:20.110000 +CVE-2024-44184,0,1,de0e6668ade6964b051d2235b41345c8a5f0a452f02df6a0ab24c5c4befe1c44,2024-09-20T12:31:20.110000 +CVE-2024-44186,0,1,9a86ae4ba99a26d085ee7869bbb0a851e649d0f6881deb2cf3b518804c3bebbd,2024-09-20T12:31:20.110000 +CVE-2024-44187,0,1,b2cacf02341e442dbf4e00cfcfa5cbe1b0a709de7f1ce9cb6d9bd942234b3b65,2024-09-20T12:31:20.110000 +CVE-2024-44188,0,1,b2a3440baa16b57b0f734e737116e183650ca151c23c24ec7f3d1fde7d469ffd,2024-09-20T12:31:20.110000 +CVE-2024-44189,0,1,b81a0689db3aa4d1ebc169753f537d3e975cec8700a8abdf977615cf7b4c20d4,2024-09-20T12:31:20.110000 CVE-2024-4419,0,0,918f3c0166609f9f9b771eac1f6aa12d317d90973a2d5ca4b8b94efa19c28169,2024-05-29T13:02:09.280000 -CVE-2024-44190,0,0,5fc50793f6fbb8377939f391b9fb761b7a197e54c1d6ea3812cdb8d636f53c55,2024-09-17T00:15:52.200000 -CVE-2024-44191,0,0,53b7014de415d3b1773ef562597aff276a8beb3fc9f0c13fc42b9da618a8732e,2024-09-17T00:15:52.263000 -CVE-2024-44198,0,0,3d9588a2bc6599f5b42b8a9556a1b68361f6fc7641e3a38064d06288ef91abd3,2024-09-17T00:15:52.320000 +CVE-2024-44190,0,1,b33e490c672cf3dd084cec78eb2c7f8f03f5e9bf01c53fb5a8f2e5da6b7e809d,2024-09-20T12:31:20.110000 +CVE-2024-44191,0,1,9e7190477f5b53cdae1382f8881362b81dc3dc904a3ab39bb84ac8eeaa1923a3,2024-09-20T12:31:20.110000 +CVE-2024-44198,0,1,f63fee72e92c29767f6cfb212aaeeba9158e3c05333563ad45188588baa80fc6,2024-09-20T12:31:20.110000 CVE-2024-4420,0,0,02a774e6911ba5e1ba33187a3301eb3f9ee3d8fd212c89cee791dd002410f381,2024-05-21T12:37:59.687000 -CVE-2024-44202,0,0,d0875e0bc9390a2dbcec6063a5494436d3d1a19861104c8559a233908b0870ac,2024-09-18T18:35:11.417000 +CVE-2024-44202,0,1,e17cdcd52ced4944b3cb8ebf1e0107ecaca0e3b137318260a8309f5868dfd271,2024-09-20T12:31:20.110000 CVE-2024-4422,0,0,19c238465441950f6a856008185dbc8a7b4e94407f1040ce4816040c86860490,2024-05-30T13:15:41.297000 CVE-2024-4423,0,0,0715bc9caf3e0b170ca2968c721bdd1e236908d8891315bb75fdf772bdc9c875,2024-07-03T02:07:32.943000 CVE-2024-4424,0,0,f0ec85c26b242f03f1dda01796c703344a9d3cb93681b5b37fa83e955b9558c1,2024-05-14T16:11:39.510000 @@ -259458,7 +259458,7 @@ CVE-2024-4442,0,0,9c1eda6fa3435f8c4d08218c5481ff931fe1467531bf106c3f2c1021638ef5 CVE-2024-4443,0,0,844cc6ae76fc91b0a9b2c7cc836e7c7382ecc4895f252d76709d68a22aac17cb,2024-05-22T12:46:53.887000 CVE-2024-44430,0,0,f640e237da24007d6a0c1a8b89d52bdbc13fc34691f8dcc93f05041c29090cb1,2024-09-19T01:38:06.317000 CVE-2024-4444,0,0,b8ab3a280e1fea7a38298a9a71737680ed9a07734ba58de04ed034a8b48f0be8,2024-05-14T16:11:39.510000 -CVE-2024-44445,0,0,08a4fdca954368472940c8c2524ceb7cd04674f0407b4762b892d4168753ab1b,2024-09-16T20:15:47.020000 +CVE-2024-44445,0,1,a7fbd12929c70124ad58671357453d511722d2c695ced38a6c3dd4a33f4c6a6b,2024-09-20T12:31:20.110000 CVE-2024-4445,0,0,bc137eb49d08335d8d2b32a3f413016c50b301d09f6a742095c80df385aba82a,2024-05-14T19:17:55.627000 CVE-2024-44459,0,0,670effdef227992b8cdc08c87f459a8275f3c158e3a1277b6a93f5606e8e0581,2024-09-18T18:53:58.983000 CVE-2024-4446,0,0,1f8054153546c06c7cecced2dcd2c53333dc96b1e8806f72a87d7ba3a2b74b3c,2024-05-14T16:11:39.510000 @@ -259473,7 +259473,7 @@ CVE-2024-4452,0,0,8393f4e948f53b2fbde25aaf7f55c55c1f0989c48fbd4a40cb4c1f768b7a8d CVE-2024-4453,0,0,bc1bfc8908fbb505485206b11e5cc2278d2416192493c6c78b1ac2e39a46d4c3,2024-06-10T17:16:33.460000 CVE-2024-4454,0,0,ef12942a51bdcd592bf2170096c1c09a451df07ea3cdb4fb15fcced864f88fa2,2024-05-24T01:15:30.977000 CVE-2024-44541,0,0,3a1e561d6510cb46fc3025d4e567327c4a8fc313204436661e66190b9e443f5d,2024-09-12T12:35:54.013000 -CVE-2024-44542,0,0,a553c2b7fd622cdc93ad84053aa6dd98f9e9bab6bcb72936b19f14b1355cf096,2024-09-18T19:35:13.340000 +CVE-2024-44542,0,1,ae61c0f5fd9542e820a853b434527731c00f8fe17ea27a1b37dfc0ba3c44f2e0,2024-09-20T12:30:17.483000 CVE-2024-44549,0,0,95d002d4c0f2cba16cd184ab62e810c42d47abc2b51570dfaaedb60ad257bca3,2024-08-27T14:28:55.157000 CVE-2024-4455,0,0,266cd4e6dd8917294ad9c9f8fba8b2f0acb52688c86d3ca408cceaa482353b44,2024-05-24T13:03:05.093000 CVE-2024-44550,0,0,9f267ccbfa739b7dd965bc2964320acade2cb81782d1bf956b8f3a920e81fa22,2024-08-27T14:29:02.370000 @@ -259496,14 +259496,14 @@ CVE-2024-44575,0,0,201a6ca7c7ab73c1cf72eb94fa46c058ee5fb2f214506723411e1243ae73d CVE-2024-44577,0,0,f23b5398825615b1e4c9cdd4a9ee17debd24c87e40c16b163c6e9227921995f9,2024-09-12T12:35:54.013000 CVE-2024-4458,0,0,0a429f9bf96fae3ee6bbb1cf09933ff34e8fcd6340740204bd4095a557c4fb2e,2024-07-24T20:23:12.307000 CVE-2024-44587,0,0,df65b03ef618d179da9d66b0f4fc4c4e495ab75863a2207f1a4d99901686f98d,2024-09-05T17:44:56.007000 -CVE-2024-44589,0,0,8cb7fe0028eed391be14922113778103f1f7a9710ff1959caf828ca38391a02b,2024-09-19T17:35:04.797000 +CVE-2024-44589,0,1,67d52b979dbf84795ff1b1a6445da43c9d3cf1ac9141ab2287575f9704bf9c6e,2024-09-20T12:30:17.483000 CVE-2024-4459,0,0,b17743adc54c2996e578e7c399fafb8182f2604175c352726fa92e67f639f3de,2024-07-24T18:00:21.097000 CVE-2024-4460,0,0,91888f8bde5a4d48a24dfa2195fe74c4db2ec96b9dcf1f6b0a4392132da82baa,2024-07-17T11:15:10.240000 CVE-2024-4461,0,0,51250da8bcd9ecf720caf9f3a7efd550d6e47af21e57f982fabb8237238dcfce,2024-05-03T12:48:41.067000 CVE-2024-4462,0,0,7de1c10fc651b37d9659e3e60da12a8c072b437874aeb6819554614b6acb9a58,2024-06-04T16:57:41.053000 CVE-2024-44623,0,0,a0ca56196e6f33ad59c03de9ed627818c7a59dfa57bdcc55f3af990767a2c2f3,2024-09-17T02:35:54.787000 CVE-2024-4463,0,0,697d96b65b3f5bb41384b58e0f6586cf3caa8378b8edc45503427d4f5bdd2d8e,2024-05-14T16:11:39.510000 -CVE-2024-4465,0,0,a8b5bb3ccc001aca8dbec9c1218945d6749e78708c54f3144379a224bff7f5e7,2024-09-18T20:35:56.917000 +CVE-2024-4465,0,1,26ef4c6776c9d416386e05785f538f3827353feee51318ae877b367823cc1915,2024-09-20T13:15:19.850000 CVE-2024-4466,0,0,b7aa09b25d001fa0ca3c8a92093b33e950eb38bf6c988ff6fde91a26b7231c00,2024-05-03T12:48:41.067000 CVE-2024-44667,0,0,67bc66d5934efb1ec507a459f00d72755f90d65f712e9b4a25f261f89a211afc,2024-09-10T20:35:11.007000 CVE-2024-4467,0,0,57c2229fa6c3e84bff363dc59d2c80befb785107da1c6be3c514b7e8bc55ed5c,2024-09-13T22:15:02.260000 @@ -259825,7 +259825,7 @@ CVE-2024-4529,0,0,5fbb4c14219ef7d51954458b7780a68dbee769876e9489db6e9ba34bd68834 CVE-2024-45294,0,0,571ccadaa63af3685b6ee82cf020ce004878004e5a04088787ea6924189ffc78,2024-09-06T17:15:16.977000 CVE-2024-45295,0,0,9cbcd7c9c4357757a60245b46b7ad7987cdeaebea00bcdcc3890fa90524c0282,2024-09-06T17:15:17.053000 CVE-2024-45296,0,0,49181c4036a3982c1d4d8e879ccd14076733bcb79f94fe42ac7b08410afb4b40,2024-09-10T12:09:50.377000 -CVE-2024-45298,0,0,6778b5969d1a96041077fbe293ccb84a0a03abbad60216232d94385551983c96,2024-09-18T17:15:18.570000 +CVE-2024-45298,0,1,3855d0d2f5eeba6af655c62306c41db8dfb0c660d64bc08f64547216bf276198,2024-09-20T12:30:17.483000 CVE-2024-45299,0,0,1dc20bab2e5804f3b833440e86d8fa4e2d640a2a31779b302ea51c7be7ad4d71,2024-09-06T16:46:26.830000 CVE-2024-4530,0,0,6b78f15ba2a60e96a20ff176cd49d228ee37f0e30a4b3e696092a717f8a23e27,2024-05-28T12:39:28.377000 CVE-2024-45300,0,0,371ea055cbd370f2315f57d501b2d8bde7fe9993dc271953659e5b000db99936,2024-09-06T16:46:26.830000 @@ -259851,12 +259851,12 @@ CVE-2024-4534,0,0,527a3127a7586bdf18d80cd2b5b17fe74ac5ed6a2aa4ee562148173cc1d9d3 CVE-2024-45346,0,0,2f7f906fa8e830e09f5dc1994b30102df77aeab36a86b7c31755a212ce377dbe,2024-08-29T03:15:05.247000 CVE-2024-4535,0,0,87b4b5e0787ea182ddd9c6fa8e26c59b6c616e4e57e592ee0d6f169678ff9b64,2024-05-28T12:39:28.377000 CVE-2024-4536,0,0,7a5702ddadcf7f48c7c82ca09978f30e343a6d4f259e12cc6fa88068d1723500,2024-05-07T13:39:32.710000 -CVE-2024-45366,0,0,4d1063d2ce8874d0b4e0f4cd2e5266ec8448f270090d611b1129889d93c2e5e4,2024-09-18T06:15:02.413000 +CVE-2024-45366,0,1,ec78c74ac351c22ffbb4e903d91259c92e90ebafbe4e65694c50f7e794cfe1f6,2024-09-20T12:30:51.220000 CVE-2024-45368,0,0,90b261935345e5a71065b81f602a78ead3b313d8ed7a8032973fdb3888383312,2024-09-14T11:47:14.677000 CVE-2024-4537,0,0,2e530ca2c49a8373646367a8e0c1771a783669d0151f9600cf6b8a99b12e73b9,2024-05-07T13:39:32.710000 CVE-2024-4538,0,0,1753f7bd0b59062edc1103b5572b8666a59c2630e5fb59443506518ac4083bd7,2024-05-07T13:39:32.710000 CVE-2024-45383,0,0,235a14ef262025a5c45e6e746df2b6dcf33186b99aef4d19b36fdcfc9676da5c,2024-09-18T20:24:29.247000 -CVE-2024-45384,0,0,941e13256bbcdb7f0ece4dcedd02e1d0c151d469f0a38b92008d24b95ebd11da,2024-09-17T19:15:28.100000 +CVE-2024-45384,0,1,583f6b0150a5c6e4d0e90be5e6cc15f9937a4f3e905df3e759e07d110131191d,2024-09-20T12:30:51.220000 CVE-2024-45388,0,0,28676e6d1c1faf0a789ad4f826a6462261feef9ecff64b3588c21e46509a5b28,2024-09-19T15:18:32.007000 CVE-2024-45389,0,0,3c33cfe16c07d091d7fefb5db536793f3efe9f98f40a959df73e39f6dc2254ee,2024-09-12T20:17:31.767000 CVE-2024-4539,0,0,55abcbe26e411ca656e6a32a2a4f1ff2caad1b7d092df554c28514564a925650,2024-05-14T16:11:39.510000 @@ -259866,7 +259866,7 @@ CVE-2024-45392,0,0,9fbc5e30fa3bc562debe7349b4449c2781517f74b4c1565d7b7acedf814cb CVE-2024-45393,0,0,6f436bc32d420db4f8aef33efc64d5a86243ff621c73802c298c0db31d80b7a3,2024-09-10T15:50:47.237000 CVE-2024-45394,0,0,bfa856fd3910cd158abdb0649aaa3b144a57df0415e22d97c0d54c8ae8371de9,2024-09-17T13:26:42.567000 CVE-2024-45395,0,0,40bba716ba89648b0a5b0a469128bfb2472f289be140a10878a9431641f22b04,2024-09-05T12:53:21.110000 -CVE-2024-45398,0,0,7758f6d65fcbad19eab77bcca68b8445fb5c0f0afca8b3214cdef86ff36248a6,2024-09-17T20:15:04.670000 +CVE-2024-45398,0,1,8276e24674af00e92c8170d01c29766b42947cb457801bfc8ec4aa9033ee4a96,2024-09-20T12:30:51.220000 CVE-2024-45399,0,0,037a7bffbd0f8d9091903d0d9148831df46e7343b0a57250b24ff56b22720edf,2024-09-05T12:53:21.110000 CVE-2024-4540,0,0,56ac6cff101cc91d96d8daf4bfda0c052b655471dc0698e77d798366d59b9124,2024-06-03T23:15:08.930000 CVE-2024-45400,0,0,23d149ef7bada976fce9d2c89ea0cb38e5ff315577519b49e805da7db09942df,2024-09-19T18:04:36.627000 @@ -259876,13 +259876,13 @@ CVE-2024-45406,0,0,fccecd6532f18f7e1ea06f6cc62abb2faeaefa7fcd57ba441a0597b2a3137 CVE-2024-45407,0,0,363c12723797ac0c72d1d271ead356acc799cc8a41f14636bd37d7f20defb6ac,2024-09-10T17:43:14.410000 CVE-2024-45409,0,0,e8a57f681223d5d4d86ed3700b6bbf47ebb91cc7ae4b5cd7db2b29b0bb144780,2024-09-11T21:15:10.763000 CVE-2024-4541,0,0,3195b1a81526d9da93cf28b1e1f763238ece2897561011f493b9a3c77f12398c,2024-06-20T12:44:01.637000 -CVE-2024-45410,0,0,2b78e23f5289636db18163a0aa36a9da366129ea70b81e29919362aaea8b9ff8,2024-09-19T23:15:11.480000 +CVE-2024-45410,0,1,d97b3f55ffaa7f1c72d1eb4293ac6b508c6644d3210d0f4e5c5139a0826526a8,2024-09-20T12:30:17.483000 CVE-2024-45411,0,0,9447be5f23a6dce6216fa2fc0d1f4dbe990c7e9c91ca7c4cc6b7685ee626123e,2024-09-19T14:31:13.697000 CVE-2024-45412,0,0,68bd5e75f1c3c7017abcc752fdd96b826ed1ef4251ed03428fdbd5051759e5da,2024-09-10T17:43:14.410000 -CVE-2024-45413,0,0,3cc285414744f60efccd03699e55ff34dac4157bc03bfc377bc6534ddca8a4f3,2024-09-18T16:35:11.470000 -CVE-2024-45414,0,0,ea9e5d910110decb98e2bd5c89cc9f29dc679ec390f973c1296ad46e2bbe0d8f,2024-09-18T16:35:12.227000 -CVE-2024-45415,0,0,a6fabe6bf38a72092e23cb8ceb357418f175cf0c07979f8a62bb321584367184,2024-09-18T16:35:12.983000 -CVE-2024-45416,0,0,714211c19307b08eb58a343ae24c2a0b4c29773c82270b525ccb56dae3192098,2024-09-18T16:35:13.743000 +CVE-2024-45413,0,1,072ecefbd02221baa97e08c8b2b2cf75fcea808cd89eb8ab6dce8bd1cc6d17eb,2024-09-20T12:31:20.110000 +CVE-2024-45414,0,1,1f6fcf22f74f513d4e25fa4586b0c28a572599f7998d11e2f915ac71260fc0be,2024-09-20T12:31:20.110000 +CVE-2024-45415,0,1,67e99951c116f32bcf47515432cb6c9b62d04fe83da120b3acd57aac4da437be,2024-09-20T12:31:20.110000 +CVE-2024-45416,0,1,0fad0f1b46d9e7a888952ce0fe1ab8d2557e1e8402866d94cd89467db5c47cd8,2024-09-20T12:31:20.110000 CVE-2024-4542,0,0,188546ca483f93e7131261a5bd57b93b03491de5e62247759ac8c05b93c8f51b,2024-05-16T14:15:08.980000 CVE-2024-45429,0,0,cb79d4cb1119eef526a53ffe42933f2c5d8ecfb1b3eb67e65dd167ddf505fc2d,2024-09-13T20:48:05.387000 CVE-2024-4543,0,0,cda17786b919b03cc3eee3c735d905916723b9b88a929a8c3a419843d78bdd6c,2024-07-03T18:23:54.237000 @@ -259901,8 +259901,8 @@ CVE-2024-45448,0,0,baaac6177753b9ef1526bea7e39de3dc043a4ca1913a07543e6e5e11685c2 CVE-2024-45449,0,0,16fcc8f3add1fcba18b36fc04f0c4a19c97d176cb514abd9722e7bafd45dc227,2024-09-06T14:38:08.067000 CVE-2024-4545,0,0,864a22773c6eaa7a20fdb4cf4c4b7a2709a2c8e64cfe98132d05364d67e97af4,2024-05-14T16:11:39.510000 CVE-2024-45450,0,0,aa5d1afac94647878136a29faab537df333625d6375aa0ea38189e29e05bb108,2024-09-12T19:30:22.863000 -CVE-2024-45451,0,0,5229461646061f5229c33d4bf801b0a9f7047a3683ddb2578fb28570321f2734,2024-09-17T23:15:20.970000 -CVE-2024-45452,0,0,fdfee902792e194b32d188f2f974cff27f1fb2a2547b725b9bb68c5c8e0a2fab,2024-09-17T23:15:21.183000 +CVE-2024-45451,0,1,a5f3c269bfe73aa36bb7e68d30b413496a52a46e472afc8b3f53dbd5cc7f8a36,2024-09-20T12:30:51.220000 +CVE-2024-45452,0,1,2ea26ae6193cf50ec971738f633c24b782bc76d27deae32253c71dc02fedbfa3,2024-09-20T12:30:51.220000 CVE-2024-45455,0,0,4d27dc502cdc314ca65322205c1992846fdc5d39734d6d904b9bfe916c2c58d0,2024-09-19T18:51:15.433000 CVE-2024-45456,0,0,47f416b4ad02b4137088267164d544ec869b0c8806ca776b6a7c643c5eb500b1,2024-09-19T18:38:57.500000 CVE-2024-45457,0,0,5900191db09039069fbddda66128c2809bcb929085a84aed28a0c8f708ed46f3,2024-09-19T20:53:46.313000 @@ -259917,7 +259917,7 @@ CVE-2024-4549,0,0,e09f9cdaebb6118867e13a9d3ab643eb98c9f9e356cd137ad04d5c4afde157 CVE-2024-45490,0,0,4a9544858f8ad52701885faaacc054b024c5e1d139687b3f21fcc2ee9f6ad4a9,2024-09-04T14:28:19.313000 CVE-2024-45491,0,0,e460156ea6419a80b45a0f265018e72555b70e117c8be4ee37cb347a447d976e,2024-09-04T14:28:33.953000 CVE-2024-45492,0,0,073ca72c9147ce0bd071ae42dd069b817368a461c31ddb6a6a85b43c752a5921,2024-09-04T14:28:41.760000 -CVE-2024-45496,0,0,bf715a05c794fd20083634b49f1eb068776d0e150060120d941d4d1e0abe15a4,2024-09-19T20:15:06.813000 +CVE-2024-45496,0,1,cb4145e26d358c15cb434585f9bcb20449ce473167aa6d60e18e039ff47cf458,2024-09-20T12:31:20.110000 CVE-2024-45498,0,0,c0b73fd56e19fc295690d422c61db0b0a34ba9767e31b80f7a635220e3379808,2024-09-09T13:03:38.303000 CVE-2024-4550,0,0,15fbc24f09319144879d8500386f895513bfa5772ea62a92e0fabd950300c406,2024-09-14T11:47:14.677000 CVE-2024-45504,0,0,d1fb07a3228efd18f7c0af3faab016c97edb9e2da8e02dba547168a8c292ae66,2024-09-10T12:09:50.377000 @@ -259928,11 +259928,11 @@ CVE-2024-45509,0,0,2da4a07b41eb99a3059398ff74aeb7ba3be7995744fd94f415c5c3e9d41f0 CVE-2024-4551,0,0,f0a0f74f6dfab215971682e84a8c3d35d9da568954bf14d9189d7462b5493bd2,2024-09-20T00:24:08.597000 CVE-2024-4552,0,0,a910e848f992d4848b5a9057809234cfe8833a167abb01396097dc34db4ca3d3,2024-06-04T16:57:41.053000 CVE-2024-45522,0,0,cfbe5f5b4866198ecf4773ddc4ec07a576ac517554c3c987f558bc88648f0e9a,2024-09-05T14:29:32.737000 -CVE-2024-45523,0,0,d2d3bae02a02902a3375d895e0fe04a284e76cde0872dfa56d2568a06724d559,2024-09-18T18:15:06.420000 +CVE-2024-45523,0,1,744bd981cffa699a50a15216447d14d7834ac040e9a53d0e1dfecccbf267d5b7,2024-09-20T12:30:17.483000 CVE-2024-45527,0,0,0ed4b7876171a991bf7220f1ee96f2007c9fed522b397370892e632e0f15c024,2024-09-03T15:35:13.673000 CVE-2024-45528,0,0,b726a60695697377572ea54be1902b1c537e8da89a7623e441b7aa9130d0fc17,2024-09-03T15:35:14.480000 CVE-2024-4553,0,0,a1e8f5bd1acd4a97b93bbbe85c146f94099965137fad1ebd49acd106c4b8e00a,2024-05-21T12:37:59.687000 -CVE-2024-45537,0,0,522e8ad70c4a2b88082c6938714c807f5fbe9d880fbc938f7c7e90871d6ceaae,2024-09-17T19:15:28.157000 +CVE-2024-45537,0,1,a282d5193ad4ed25eb36900d0c615a3a776acb77a2f162fd5f0d463a04fcdb02,2024-09-20T12:30:51.220000 CVE-2024-4554,0,0,937a5d36b2a75a32b850145e7584d302fcbf1e70f1d70fb88494beed5a5d0988,2024-09-19T18:15:10.433000 CVE-2024-4555,0,0,c6e5ee837600c596327a91768410832a19be004b920151e53620c97a72516b9c,2024-09-12T15:13:25.520000 CVE-2024-4556,0,0,32422e1a58fd58f5056dd13adba171d2a9e41531acfe1ea2f85efa6ba6a345d7,2024-09-12T15:09:55.107000 @@ -259951,14 +259951,14 @@ CVE-2024-45595,0,0,ede23268a540135a5b850bb94c6f703a5aa5e0c31883aaf264822fc090a91 CVE-2024-45596,0,0,6e565b4a7c9ad9fc7c8e22389ae667ed11775275e4e8d0d4bae0af105f45843b,2024-09-11T16:26:11.920000 CVE-2024-45597,0,0,0fad881157bfd299e8512a05afe15ba28f7513c6a1c09923d6036dedef269a28,2024-09-11T16:26:11.920000 CVE-2024-4560,0,0,3d2b06b4cd5ab2760bd3f364e15c96b4f7456a14baec47a1cd857fe992686648,2024-05-14T16:11:39.510000 -CVE-2024-45601,0,0,68a61c7fb218a1533d3e7ba7c27d30ed89f1e5c575368ebb4614ebef9094a8ef,2024-09-18T18:15:06.473000 -CVE-2024-45604,0,0,df9309ebee69f4ec700bb7840ba1cc6f02080f3fc26293d013bd69264df2338d,2024-09-17T20:15:04.893000 -CVE-2024-45605,0,0,e087e48cc4df76249173d7a618d4b2cb5065b1483d2a45b39541842585093271,2024-09-17T20:15:05.120000 -CVE-2024-45606,0,0,8b315609968854b688a141eba7c889d1bac462088775a65d9695e6d2d8c00cf9,2024-09-17T20:15:05.393000 +CVE-2024-45601,0,1,82c78fc0b34e3874a995a9480cd843d85a228c4e48ca2a726daf8341eb653121,2024-09-20T12:30:17.483000 +CVE-2024-45604,0,1,e486164d82ddbc33393ca8296ab3485f8fa7d7ebe07b187714e2c0cdf4039bf4,2024-09-20T12:30:51.220000 +CVE-2024-45605,0,1,c7727599bd83a9fd5b838e99cce6e3a894cd6260aaa1f7c226622e15924e2b9f,2024-09-20T12:30:51.220000 +CVE-2024-45606,0,1,3387cf6bafc97f34cf884f7ca0b4f85a8bd2d59f53c4b0d6b1c8b12f643f3acb,2024-09-20T12:30:51.220000 CVE-2024-45607,0,0,9d199e13e4c36b979d30a8467667e188e65d4bf0165b27173d5a6e5dc2ce7529,2024-09-19T02:05:28.707000 CVE-2024-4561,0,0,8ef61ebc386f7e587b6eb6df8054d64514729591e443c5ac6735c0df58420e0f,2024-05-15T16:40:19.330000 -CVE-2024-45612,0,0,ef43e3990d9c954ad7bf7532592a25b6df1296840bab862dfc7fa4022c718569,2024-09-17T19:15:28.250000 -CVE-2024-45614,0,0,d026923bbd19160792f0548908c42b3e76d77d1f2e3221230e2ed092f8969892,2024-09-19T23:15:11.703000 +CVE-2024-45612,0,1,29ed7cb71667b7b2349dfb7cf950a29b85494e7c824a7f685cda3c4e7fb3f906,2024-09-20T12:30:51.220000 +CVE-2024-45614,0,1,a4bd2872c46f9cbb2c0f25769a726f94bca2a9c47d47af3e4cd0649a5803ebb7,2024-09-20T12:30:17.483000 CVE-2024-45615,0,0,c6d6282e5a9613bcbeb55c568082301f30c66c5c3e170d6aa78e0325f2dae6b9,2024-09-13T19:21:15.423000 CVE-2024-45616,0,0,ec4ff704ba2aae95f08442d1bfa2173f2a102c1c3b0570dfa4cb1518cb449547,2024-09-13T19:21:11.507000 CVE-2024-45617,0,0,6cb16d6fbb6421ff7c08177427efbe84e4a03cb3cf72e212ba5673d3ad33ab5e,2024-09-13T19:21:08.633000 @@ -259977,9 +259977,9 @@ CVE-2024-4565,0,0,15260fda70e8733111d52b1dae1a14ee33f22d1739a2e8de851c031d5bec2f CVE-2024-4566,0,0,c4354a4e62a03c97286174a61ad4d2f3843d01589ace1532dbd5a5f84743d16c,2024-05-21T12:37:59.687000 CVE-2024-4567,0,0,55b6508070b71672e22c57660afab28e7ebc1a40a37655965c41825cdc3bc17a,2024-05-14T16:11:39.510000 CVE-2024-45678,0,0,a1fda46a16546e5971e32d47cf6c55c6e5adf9e7e7bc6498d2c3cdc35ca99a2c,2024-09-12T20:07:09.640000 -CVE-2024-45679,0,0,24fe5e8b07957bef72ba6b8d0da3520fbc3692507139f06d451cd33c077c5a94,2024-09-18T16:35:14.530000 +CVE-2024-45679,0,1,b98f85803530a208de6f955471a00fda8462357bfd07c53d204959dc086af47d,2024-09-20T12:30:51.220000 CVE-2024-4568,0,0,950b62937f2f303cb16f164d002be64527131317e5dfff26daecb96b6bec4236,2024-05-07T13:39:32.710000 -CVE-2024-45682,0,0,0a3a96f00baaac84815943dcdccfa17287729c7fa491cf17cf5846701260505e,2024-09-17T18:15:04.893000 +CVE-2024-45682,0,1,1a6d7f712942fb2e7ae12dd4695c3805806dea3833b9fd61b2e3bc34f67a3180,2024-09-20T12:30:51.220000 CVE-2024-4569,0,0,2e4b27b05be8561bd3f260b3ccf0eed0d11ea74483878f5df5227737faa1c038,2024-06-28T13:10:05.153000 CVE-2024-45692,0,0,281ed60ed9431c734132a4f1fca034600bdda2bdb5b83bc44745bc26a826447d,2024-09-05T21:35:14.337000 CVE-2024-45694,0,0,6df0853247a969905230185a9047d7f0b5d3157f1a7bc76614dde5322218c3ae,2024-09-17T18:40:07.243000 @@ -259993,12 +259993,12 @@ CVE-2024-4572,0,0,6754f54e88e479a744a4367c8d1d2577fd697a90d0783dabcb9fc508df6109 CVE-2024-4574,0,0,5bc00996fe57104150ae610f292ff224de65f0948423aca3282fe7d917884520,2024-05-14T16:11:39.510000 CVE-2024-4575,0,0,9d22d248e877183fb374174504fab6bfc500414f16c234b88b687abe10cd48be,2024-05-24T01:15:30.977000 CVE-2024-45751,0,0,cc5d68fd09f5f304456a6be90ad821b34bc4a7f1a983b99ed7260cdb2141f184,2024-09-10T12:15:01.857000 -CVE-2024-45752,0,0,011305e5643eeb4a93bf894c37aad5e6746c1482bd06f4dd86def3fd52eea26e,2024-09-19T16:35:06.277000 +CVE-2024-45752,0,1,c0805cf3ab6310e7a4b6dbb56a1c3b55ab51506387ae9690f4eec83bbec021e5,2024-09-20T12:30:17.483000 CVE-2024-45758,0,0,e058696ef4ee1e11dde5d7f4a1626a6964f9190aeabab6642796a352a4a3c2cd,2024-09-06T18:35:13.043000 CVE-2024-4576,0,0,bef0c1eb81bb0f4c3eef72c993d9a673f04f17bc2d954741979507814d4ccd99,2024-07-02T14:41:30.777000 -CVE-2024-45769,0,0,92aeaef10977321b3b8f880452f808da2ba9009b0d38d64b0d275ffae85a5d17,2024-09-19T14:15:17.120000 +CVE-2024-45769,0,1,8008e87928d7d924cb6edc7a002ab7d174233b35bc221ee2578339101437b36f,2024-09-20T12:30:17.483000 CVE-2024-4577,0,0,b55cac970df35b2daf21f1bc20cfa9dd0965f08c49eae1007fc9a139f9980913,2024-08-14T19:23:47.253000 -CVE-2024-45770,0,0,063422d10f41f4c611dc5623102076ad49056ecb697142b457b0003882342c72,2024-09-19T14:15:17.237000 +CVE-2024-45770,0,1,e98fab17d907c24beb2a28773665764214c6145643120e7f9304697540dec889,2024-09-20T12:30:17.483000 CVE-2024-45771,0,0,754a0f27219aa2eb6179ec627ac31099e8e2882043a643cfa7921ddb03dbb66f,2024-09-09T15:35:11.567000 CVE-2024-4578,0,0,de2bf1ab8b65cf8119579f63d8e64a9383c9519828d1fae8ddac21d6dcb5605a,2024-06-27T19:25:12.067000 CVE-2024-45786,0,0,1027a4a71b54e4ed926e7c4d82608ed7bf7290e7e8486a1ac94d8f7e4edfad02,2024-09-18T20:12:47.337000 @@ -260007,24 +260007,24 @@ CVE-2024-45788,0,0,7ba304e58f1e132a77e708ed9119516e49dd167750ae6faec1e1736fde9ea CVE-2024-45789,0,0,85b2a3e63aad506ab70a8ae8f934d73422c76c344971f05123a4397c0e8661da,2024-09-18T19:55:58.287000 CVE-2024-4579,0,0,b44e5adee861e75c9f2de9111724b513cf79b7a7dcd7134192d107fac1782253,2024-05-14T15:44:07.607000 CVE-2024-45790,0,0,339d5c59c4b08184225ef02e77057a5607db1e407fbacc8325ce6de4811d4a59,2024-09-18T18:38:04.393000 -CVE-2024-45798,0,0,94f407ae281a9d4823e1a5397fb4b399a0b2d14a0927b86ba424f621d9f9aea8,2024-09-17T19:15:28.457000 -CVE-2024-45799,0,0,91b14fc0a289ed6c6b5949d54ca5f9a30d3a246868e50c15953ec10acdc5dd5b,2024-09-16T19:16:10.880000 +CVE-2024-45798,0,1,36d6c14bd6da02b6f563e24f34a8e0ae70f5e9226b87bf40201ee0b5fcb96dec,2024-09-20T12:30:51.220000 +CVE-2024-45799,0,1,57236f37d51cb52dc4abff4e8ae9968f58089f5668de4fddcdb24ddcded04f03,2024-09-20T12:31:20.110000 CVE-2024-4580,0,0,975d7d3fa65fc4746aeff6882996f0991cc57002c73b964b5a97c9777b6d66f5,2024-05-16T13:03:05.353000 -CVE-2024-45800,0,0,15b60dc62fc78c0cc38c124ac63f137374709ba8fcfc04ae1dc9d515d877d818,2024-09-16T20:15:47.097000 -CVE-2024-45801,0,0,6cf2908141281733da9f2c82737c6811e04d5fe422e7fcc54cfb6d6ab7ce7487,2024-09-16T19:16:11.080000 -CVE-2024-45803,0,0,3545b99fe22bbd854319c3d83e4e919bd18f67ffd67280643db637b7c5607646,2024-09-17T19:15:28.660000 +CVE-2024-45800,0,1,e84cff012b7d4b74db66a83e7b935dc1edfec9ef774b30490760e7407aa53849,2024-09-20T12:31:20.110000 +CVE-2024-45801,0,1,4f22389c9c4d2fd289d85319452f0dd4a424809e7db0e4cdef14a74db91bd025,2024-09-20T12:31:20.110000 +CVE-2024-45803,0,1,229c857bfa292cdb0ba4078b3fbf512c465922b11345a00889b8daf4243936d0,2024-09-20T12:30:51.220000 CVE-2024-45804,0,0,9c3150fd449f47d5e8da1aa073c6ed29687a211817f4370f22049a4ad2a93841,2024-09-17T18:15:05.110000 -CVE-2024-45806,0,0,79b301499ef6911c7a926f20d27e9c0fcf3e0ad76e5d0069501a63ddd1ea8afb,2024-09-20T00:15:02.293000 -CVE-2024-45807,0,0,a7e0dff085d795e667fe19557c448e410339f43a22e60f614297bb0b5c7bab2e,2024-09-20T00:15:02.520000 -CVE-2024-45808,0,0,9e037dbaec0aa3db05aa042be2de9e12287cfb5fee5d38c1addb75de435ce24d,2024-09-20T00:15:02.733000 -CVE-2024-45809,0,0,9d480af22d8173c6360c85b6ce6a24928dfab05d7c17370038bf9114170e8918,2024-09-20T00:15:02.930000 +CVE-2024-45806,0,1,16bdad84bc5548bd7e8aec15e15668bb838e7367f5838d878ec055fe1df6e781,2024-09-20T12:30:17.483000 +CVE-2024-45807,0,1,ffdc7f73f8d9d4fd3c835b11c0d64576ec3646ffd11aa866d90183f881535157,2024-09-20T12:30:17.483000 +CVE-2024-45808,0,1,c9408bde9f4e832c23de3eb7ea0793cc44437f1a0e1488f1c646a9365476bebe,2024-09-20T12:30:17.483000 +CVE-2024-45809,0,1,14606764b695bd5959851435568e1d938ae8192b06e59a7d2c4242cfe62d90aa,2024-09-20T12:30:17.483000 CVE-2024-4581,0,0,87f8fe03f507957c50ab3e12c65c26f01a42761aed681f779ccb3bf731c25cc4,2024-06-04T16:57:41.053000 -CVE-2024-45810,0,0,b1f7c82b14135ff4785995e52c54499c2e77d46515e60cb119ca39342330eb8d,2024-09-20T00:15:03.153000 -CVE-2024-45811,0,0,f0df0a439acb31f6186bb710f50e08de1db9507a40924c9c8e01331981994a78,2024-09-17T20:15:05.800000 -CVE-2024-45812,0,0,5296a33ded9dac212f5f77eaf6bb8e39d45694864c0a4631f697e8131e868b30,2024-09-17T20:15:06.037000 -CVE-2024-45813,0,0,0eadbef1de308ef8515c0af27022620f76b7b1a7b20031c5ee8c246824fc0e60,2024-09-18T17:15:19.163000 -CVE-2024-45815,0,0,6121c6708e592c490155dce1fe575882728b0a6c1af42d4541c312ae5b01ce7e,2024-09-17T21:15:12.320000 -CVE-2024-45816,0,0,bd13ff224f761096d12293be0d33d1aab90974326ea62d89cf84a16485cf8833,2024-09-17T21:15:12.553000 +CVE-2024-45810,0,1,2ee4df7df98599ca9018556e84282fe6725be3bd57d4e43969aa9a5e42d9783d,2024-09-20T12:30:17.483000 +CVE-2024-45811,0,1,f51e9eeb83849f3505d43c222760648244f1cc1e2124b122ea4b078bd6eb7f1d,2024-09-20T12:30:51.220000 +CVE-2024-45812,0,1,489679080c302c07130a30d30d7a91b5b88da7ba1022d4140c8924855fd12313,2024-09-20T12:30:51.220000 +CVE-2024-45813,0,1,98386851201b0e15badf0fa3bf589a7fa5db9873ebefbf247a44caa5f088f23f,2024-09-20T12:30:17.483000 +CVE-2024-45815,0,1,7728fc3e64389a4042474429755f4af53e5f2705e8bc977a53c6bb50cbf454c7,2024-09-20T12:30:51.220000 +CVE-2024-45816,0,1,91352019ab5afc498b0191c2d060da2fd3e6fbd96a888f7699ca212f91aefbfe,2024-09-20T12:30:51.220000 CVE-2024-4582,0,0,44a298c10fdfe0ab8acf9c943d89720dd7bed9fa14549ad9833d5c0a75c14780,2024-06-04T19:20:42.750000 CVE-2024-45823,0,0,54a17f937d68305d32d91930064931beaa080879f88a3df13aee6b9073c444aa,2024-09-12T18:14:03.913000 CVE-2024-45824,0,0,10e16d904d2154d7119c6df05a22810044cd3b50093fd71dfd8bbe566411a270,2024-09-12T18:14:03.913000 @@ -260048,10 +260048,10 @@ CVE-2024-45854,0,0,5f2ec656fa84647920a6b33fa5c2d62d11148d85f4c62c01feffe9bb5b57c CVE-2024-45855,0,0,b8b3a725ae8bf0f62655fdebc48ac0030507baf797da7b56c3156e7506de5acf,2024-09-16T18:03:27.970000 CVE-2024-45856,0,0,0d2d555a4be2f7d0582132e7868cb1ae44e7be28b33194ae92062d7b37f54103,2024-09-16T18:04:07.503000 CVE-2024-45857,0,0,baf58007ae785d8a411fcf58ab797e8aa621cae99978a873f3918c60d00cf497,2024-09-12T18:14:03.913000 -CVE-2024-45858,0,0,26e716964960a7625743254ab836d7c358ad6927670be1bca3f8d6e0ddda0dbf,2024-09-18T15:15:16.333000 +CVE-2024-45858,0,1,b5441be916d9d638a5a087843bce9f2981a17328a32cafaa10622a0d2ef26e3e,2024-09-20T12:30:17.483000 CVE-2024-4586,0,0,308ac0f257920a7bf6e50f46839419870b7e733c7917681ea48f64312191a5cb,2024-06-04T19:20:42.953000 -CVE-2024-45861,0,0,f2700b8537298b1d77c39a6181a74a65e0b5407cbb7c0f50791135712d1ab8bf,2024-09-19T16:15:05.103000 -CVE-2024-45862,0,0,8bee6ce34dafde56e12a20a08c53abf8f2aee4852ffb0aff5a366ec400a7c326,2024-09-19T16:15:05.227000 +CVE-2024-45861,0,1,57fe73e3a177e4e17ab3e3d5c857fbcecceae3ffb20171f8b220e3723b40fcc2,2024-09-20T12:30:17.483000 +CVE-2024-45862,0,1,267d393c40ac4758b5b0d5f00783ff7e60ad200162cab3206861198fe5f922b0,2024-09-20T12:30:17.483000 CVE-2024-4587,0,0,ccb551f2bab92e34c98709c8a5231b1e8778dd90f0d16bd4ac4c665438d47b6c,2024-06-04T19:20:43.057000 CVE-2024-4588,0,0,9198a141cbfd67d79271a90e0ce19e828dccb043a1ec84b18e696744e0f31db8,2024-06-04T19:20:43.163000 CVE-2024-4589,0,0,4328e8e6c3737b332b5624dfb7ea03e7812e5262794529580dcb4596fe3e40c9,2024-06-04T19:20:43.257000 @@ -260079,8 +260079,8 @@ CVE-2024-4605,0,0,cc5939dfa5bb0891c69db66e562cc6696594a6a88efe746332f5ec8ead5152 CVE-2024-4606,0,0,f985d30934b7c1f8930bf2267fb972a68a7301f3b4fab17a99fda7060e053c79,2024-08-28T08:15:07.093000 CVE-2024-4607,0,0,26d7fb8a60d9724fbac67d9d15e472fd268b8645ac384c2f62b0c7323928361f,2024-09-10T15:03:24.710000 CVE-2024-4608,0,0,6b948b515db267f779f431dbe386ca01ccd7f50a9fc569455bb84149dca96357,2024-07-24T17:59:54.607000 -CVE-2024-46085,0,0,4bcdae61af1b4709b2602a60bed18e8d14f66a9e47eac90a75adf8f8594192f4,2024-09-17T18:35:01.317000 -CVE-2024-46086,0,0,32b8ebb76222fe230d0ebcb52431524d64d881180813f7b4b0933e90ad3c1e8c,2024-09-18T18:35:13.440000 +CVE-2024-46085,0,1,c40bf34999e41384db415b4f8361df5bc1a972c059bfcf483e35e9bef50d8457,2024-09-20T12:30:51.220000 +CVE-2024-46086,0,1,ae34b30986f1e813f622cb2d55126bfe93452e0dc2a10c54d34629700e751404,2024-09-20T12:30:17.483000 CVE-2024-4609,0,0,b6f3fd3db9085553e8d026a562774e21d6dc7bb2eb7a9a6cfeb43138546783c0,2024-05-17T18:36:31.297000 CVE-2024-4610,0,0,43047990281e26a04055de4ace6574603f0b08f61a7727d9acdec64f6d8d9784,2024-08-14T17:06:24.800000 CVE-2024-4611,0,0,51a3d5438728b832e97210e2f9860d8c98e7a9272bd8319e6cdccdf57653adc1,2024-05-29T13:02:09.280000 @@ -260105,18 +260105,18 @@ CVE-2024-4632,0,0,1847fe54466daf978000619c24fbece5b125c2ebcf9d5cf0d1e6a4b4114645 CVE-2024-4634,0,0,2c56b13392d50c2560d26201cfe4914a1f0ee83080b338e78708abce42a9dd35,2024-05-16T13:03:05.353000 CVE-2024-4635,0,0,c975e44d5f71ffee6fe63563ea783b273fe931e5f01b077f7022458b2ef1e222,2024-05-16T13:03:05.353000 CVE-2024-4636,0,0,5f6d994195b0d258cedd76eef14490d422ed4d9e1ed2778ad911a6f2ded3ef43,2024-05-15T16:40:19.330000 -CVE-2024-46362,0,0,19797b772fedfa56b8ab1944bfa10d47aee5c75ee333d19ae89a45da58afb3c6,2024-09-17T18:35:02.140000 +CVE-2024-46362,0,1,8cdb883bb64f25e58b7c696699971ee36778fa528121237250c7da4497ad58d6,2024-09-20T12:30:51.220000 CVE-2024-4637,0,0,feac91fbe82af9a41f47d1c690f7cb9ac382f5ae365379b4bab97a7b08b57d3e,2024-06-04T16:57:41.053000 -CVE-2024-46372,0,0,fd6f56a0663f220726a1bac55ab58f9ad10bc05a60b983463690dc99ae056ea6,2024-09-18T21:15:13.443000 -CVE-2024-46373,0,0,26308fac89234bd0c4e6545029c0375bca524ac42183e23bc115426b28dd097d,2024-09-19T19:35:14.767000 -CVE-2024-46374,0,0,d8f5ae0d53687ee2132192046d5833100ce6e39c88021fb4246bbf0f13d8b372,2024-09-19T19:35:15.573000 -CVE-2024-46375,0,0,a3753b0b860f3107bde948855a197ee1efaa17527c91f22e315c5003ce34e48c,2024-09-19T14:35:06.727000 -CVE-2024-46376,0,0,a3c7dd3b4bc749abac101cd27fd7d78b57ef129d32ef5359aae71578abaf0c50,2024-09-19T14:35:07.493000 -CVE-2024-46377,0,0,95e91e17e2ab812f3da9298bb3d6639e1f6afea01389da755fb47626e16ccaef,2024-09-19T15:35:09.843000 +CVE-2024-46372,0,1,df4622f0159b9c7841a356242b36a623aa7e9499683b55b446fcf372fe5c02ca,2024-09-20T12:30:17.483000 +CVE-2024-46373,0,1,364353f8eed746e65cf065bb51dddf6fa9b6298b578b96d8db4d43f0b16ff53a,2024-09-20T12:30:17.483000 +CVE-2024-46374,0,1,6b3bef89b591c7aace46c8ec89775c521763f5b17ab41ae31cfbeab497067e4f,2024-09-20T12:30:17.483000 +CVE-2024-46375,0,1,efaf3c452fc78cd47f1de30f27156020a55e9f97430000be5918d84fee1dff32,2024-09-20T12:30:17.483000 +CVE-2024-46376,0,1,f3c4758540f2ac7c03838f8eccd3f67c9d25fd080cb7169c664824c92406ddbc,2024-09-20T12:30:17.483000 +CVE-2024-46377,0,1,dbd66064786bd129c8f0daf0f8e37ec51d021bf976974fef51557cd63106242d,2024-09-20T12:30:17.483000 CVE-2024-4638,0,0,a819fdfba96fa18a2f7909a394b6447b878ef2488f2357c7db7b0cfcaa9db703,2024-06-25T12:24:17.873000 -CVE-2024-46382,0,0,f059348d25dc41ccdd08b42dfa84fb166631b9efd73051400a61c5f1dcb34e07,2024-09-19T14:35:08.243000 +CVE-2024-46382,0,1,d58e1ea27f21cfd47bdd0489944511f3488ae805b6df4b21cae37b2aaa67b3bc,2024-09-20T12:30:17.483000 CVE-2024-4639,0,0,d09b63781578ea43d80f90bc1869913d7850dd4433262c761e06a825045658ac,2024-09-18T15:46:04.960000 -CVE-2024-46394,0,0,3b04a8688caa5257c67204ffbf42e007096eb9126aaf2aa89f8a9579cad09cbe,2024-09-19T14:35:09.007000 +CVE-2024-46394,0,1,0cb3fe3a4b01a54d8b30c75c71beb8830d2ea64caa3449cc0a9fec5e06be42b1,2024-09-20T12:30:17.483000 CVE-2024-4640,0,0,561eb45560c6a2512cf49113a4a8a4e86a4cf3daabba823a155e6305f710bfc9,2024-09-18T15:48:43.557000 CVE-2024-4641,0,0,d2927a28c50e25615b8d9b87dbdc2988c0bb0a134e471834d0fabc4f24e49cb1,2024-09-18T15:52:41.237000 CVE-2024-46419,0,0,75fafdfe43d678734223982a9d05d92176b9e138ef313759af24f79de1b289e9,2024-09-17T14:35:29.797000 @@ -260136,43 +260136,43 @@ CVE-2024-4652,0,0,8fd7af949b4c89aa1e5f9f8bc7784e47292323116a1f6a56ecb880f3c410a5 CVE-2024-4653,0,0,7b6d5c0913690c5b51d844fc9718b4208eaa5f352f244fd41eee7be1add5e3bc,2024-06-04T19:20:44.990000 CVE-2024-4654,0,0,0088d34096b2578204ff98fe71c1f702e4c8866653411407f72fe940a56448df,2024-06-04T19:20:45.100000 CVE-2024-4655,0,0,95970f39f135367edf16c40c69bbdd98999f38726ef0802da749dedbafaa6dbb,2024-08-01T13:59:32.490000 -CVE-2024-46550,0,0,aa050264d9c75e0eaf28944c9ca950f4fef57fa00bd271bdc9470a72e8d92779,2024-09-18T15:15:16.533000 -CVE-2024-46551,0,0,fcc68f84a59b25c736446d685841bc48e7e1c08b935a05835a527ba9f0068aad,2024-09-18T15:15:16.590000 -CVE-2024-46552,0,0,4ae72437d53be5c53f87fd86447519952146284f253b00894fe6f6ee36afc075,2024-09-18T15:15:16.650000 -CVE-2024-46553,0,0,a24adcaea8735b1c5bc528a60e7f02527cf2400261bfc7352812b8f5da038499,2024-09-18T15:15:16.720000 -CVE-2024-46554,0,0,ff9a9a690bae5595b61975c9783973f24a76e4da8d91f653300ef9eb17ec908e,2024-09-18T15:15:16.783000 -CVE-2024-46555,0,0,b2f0f82493457739a95559ebe2860e9b0a286a704737f1c4920620f2f735b473,2024-09-18T15:15:16.837000 -CVE-2024-46556,0,0,6f237c3dcfeb013f44fd59ac69b0ed4c776bc80c4979643671f66c59014ebb6d,2024-09-18T15:15:16.910000 -CVE-2024-46557,0,0,e72d40316a8dd14fd51f98ff60889639ed433426e9340d188fd5b0b9f865e394,2024-09-18T15:15:16.983000 -CVE-2024-46558,0,0,1e4b9db0244226da4b652846ba62e062409aaa4336ec7927d034ecfdab1d030e,2024-09-18T15:15:17.033000 -CVE-2024-46559,0,0,66ba1cadc0fa9983f2e6258b53180181a5940d101a31445d7c6382c8089bd458,2024-09-18T15:15:17.097000 +CVE-2024-46550,0,1,dbfd90472f86885f437cdb17b60b43e8d80027dc256b6fa3f37250c68a11c734,2024-09-20T12:30:17.483000 +CVE-2024-46551,0,1,7d680c195cee424aa1c9fe58540d432bc709203e2247c1daf09b4190980aa965,2024-09-20T12:30:17.483000 +CVE-2024-46552,0,1,c1a09cb5c2feec69c454d2be51e8851cb1c6a73b88e00e92a51b6f23840624f9,2024-09-20T12:30:17.483000 +CVE-2024-46553,0,1,5b24e1a330e9bc189326fbcdcd2d7d2f4f48bedcc572819bb3fa107a903b6b63,2024-09-20T12:30:17.483000 +CVE-2024-46554,0,1,22fe22822683037b779958ca7e34b5438bea404182938db6d0fdfabe5353f6ec,2024-09-20T12:30:17.483000 +CVE-2024-46555,0,1,bc6b269a7cd69e548548b076f62b9a1c4d3225aac80dfdb926f1804c496beb3f,2024-09-20T12:30:17.483000 +CVE-2024-46556,0,1,9e565880d1bb4c3b0dad0e9abc62c6ecbefdc4044c418353b6b2f73b1a3d393a,2024-09-20T12:30:17.483000 +CVE-2024-46557,0,1,6a1a863b6b782f0bcf019617b2b037d09e5bdf83f2e28ff946ee429a971f8ec7,2024-09-20T12:30:17.483000 +CVE-2024-46558,0,1,c8160ecc07d1036bffb2943f847eda7cb757a6c39d5f023e2a871d4f00d88cc9,2024-09-20T12:30:17.483000 +CVE-2024-46559,0,1,2931564a92e2a0499df08cd5cbd2d23afc94cd8a781f48f76e1dbb9ba21c75c2,2024-09-20T12:30:17.483000 CVE-2024-4656,0,0,32c9d7e0c2f1168ca7d7381e4fab827ca08fdbd964272924da1671d43db7cf43,2024-05-15T16:40:19.330000 -CVE-2024-46560,0,0,37da0c86e41fc40c51a23b7f6a7b240acdf885adb21893ecaa6f897d1dd88785,2024-09-18T15:15:17.160000 -CVE-2024-46561,0,0,827610d713c85938edcd0a672f3b80989b8c1603e1ec2096d515c8f1170c5ad3,2024-09-18T15:15:17.210000 -CVE-2024-46564,0,0,9c53abc4290095ef9c94b8caa6151b1582d026c56de5ba2cd9b9332a36672a98,2024-09-18T15:15:17.263000 -CVE-2024-46565,0,0,561c47320a036b7b30a61f0ef3bbd0d90faf83f4491fcff8c9e4f46a1e316d4b,2024-09-18T15:15:17.313000 -CVE-2024-46566,0,0,15038b0259be6ed1c83206e5ca18daab2195f1035bd94d1c801bed7080ca14e0,2024-09-18T15:15:17.367000 -CVE-2024-46567,0,0,44339a18e76c5d329445112c0f2a519b76b8cc97c1f690731297cc4f99a31fa1,2024-09-18T15:15:17.420000 -CVE-2024-46568,0,0,05fa5319f0d6b7344bf7591c14d218b1e6beee6ec4ddb07a35b64cced2067e93,2024-09-18T15:15:17.480000 -CVE-2024-46571,0,0,e147345ced5c037c296665623edee70a8ff952e5f4fcfef2bee5357d86b43a4b,2024-09-18T15:15:17.530000 -CVE-2024-46580,0,0,8a7cc23843ab7532bc4e099084ca1b38d8dfcf5f163b1bb3e99eab8c8ac72ae9,2024-09-18T15:15:17.580000 -CVE-2024-46581,0,0,1a036e61c05d9d99887e7d746c30ab4284053b1827b71ef577771edfcec73f46,2024-09-18T15:15:17.630000 -CVE-2024-46582,0,0,6ee4cb064a18113fc6425d973eefd431c1555a88498d2efdabc5b4d31b23f054,2024-09-18T15:15:17.680000 -CVE-2024-46583,0,0,508d7037cd9a3fa45380a1ca74eaea66ed78dc6a2a8be1ffd7894b484b48a76f,2024-09-18T15:15:17.723000 -CVE-2024-46584,0,0,34fa714c00f27ad0f9a3f20e7b04852da2c076b04a454c4756d287d37e8e355b,2024-09-18T15:15:17.790000 -CVE-2024-46585,0,0,ba843aa332ed1b6f4d5a208bd96955eb825f18ff133704cd63952e11387f48bc,2024-09-18T15:15:17.847000 -CVE-2024-46586,0,0,08a48d19535eb5815c7ce6f65e01510f51e72c874c4516a2435fa8010ff5b366,2024-09-18T15:15:17.900000 -CVE-2024-46588,0,0,ff98a8a93245f9c4378c483d60cd2119fb71c96600bf3b5852f0b765014eb8fd,2024-09-18T15:15:17.957000 -CVE-2024-46589,0,0,2ccd47f6dde4cb9bd5a952c0acce27bec1df77ff8e3ebd0de81f26c955d68dd3,2024-09-18T15:15:18.007000 -CVE-2024-46590,0,0,3c98dd0cb0cdc1588f2b8481c088df10a5bb6b24dfe436e35ed185ca33e9d88b,2024-09-18T15:15:18.067000 -CVE-2024-46591,0,0,7ff9db331a08522ac36f6b43693e46370b7012e0693f21c83b5069be6ac29210,2024-09-18T15:15:18.117000 -CVE-2024-46592,0,0,e65fbc2fdacf3a4508ae490381ebfac511e16cad69e7ab7fe064e842b3950547,2024-09-18T15:15:18.170000 -CVE-2024-46593,0,0,6cb9d636a3fe6e5a69f34f615afd793e995b7794da720f7ed13ee9358943e1d7,2024-09-18T15:15:18.220000 -CVE-2024-46594,0,0,1427e388d15f33e0b70e916c025c4e148e9ed15a1c578a27a75c8212070e236a,2024-09-18T15:15:18.263000 -CVE-2024-46595,0,0,c899a8cf55794b9fcb48be5696c7fdeeb5e92162dce0b2bdbbfc91e998231fe2,2024-09-18T15:15:18.307000 -CVE-2024-46596,0,0,e16790bb87529e3fa3cb3cf96e2e3f0675ec1ed29d7419b87fded006ce573939,2024-09-18T15:15:18.353000 -CVE-2024-46597,0,0,3b9086fd52147db347360741cdd07d08edd41d7cfccca81420fdb015dad854f8,2024-09-18T15:15:18.400000 -CVE-2024-46598,0,0,b528b31684949ece420878ed09068cc05a18e9683ebc282b3aff4d118a5ba696,2024-09-18T15:15:18.453000 +CVE-2024-46560,0,1,6c31df695ddcd9261dfdd8069f8566f31759057c7507f5fc16a1cd1c4eb0b28d,2024-09-20T12:30:17.483000 +CVE-2024-46561,0,1,4e56e7e6a2a6dd35c84f18b0e9d3507c7db4b2fec390245e901000c6a10c6326,2024-09-20T12:30:17.483000 +CVE-2024-46564,0,1,c49712895b90c110250998e17fc2235d342284dee9a4baeba67d3f9f844e7f78,2024-09-20T12:30:17.483000 +CVE-2024-46565,0,1,2015200dc13b485d3f900382b290bdbc2f8b9b10ff994c0a99f63d5f89d51178,2024-09-20T12:30:17.483000 +CVE-2024-46566,0,1,9d549fbb8a5d174b75eac4923d76392f1860d7d860475196674abc1baece22cc,2024-09-20T12:30:17.483000 +CVE-2024-46567,0,1,4f921ec67ea65bf2635f55fcfb92040f53d1d0ea1a46f2cf5fc58215e6f7eda1,2024-09-20T12:30:17.483000 +CVE-2024-46568,0,1,c447bcf57ea21ec99c34926adfbe3f162ed270e08e0ac6f68d549bdd94adc2e4,2024-09-20T12:30:17.483000 +CVE-2024-46571,0,1,eeff8c6e75b603654b139914f3b2e9dddafd35d2b6563c9b101849db1df8fd33,2024-09-20T12:30:17.483000 +CVE-2024-46580,0,1,1cf03d7e052563f3d0f4f52385e144e31a6a8dba7e967f8ae64bcb89d934a5b8,2024-09-20T12:30:17.483000 +CVE-2024-46581,0,1,ce15dbd7715ebf99d9bb3ccff19ade6aab3283df4094d4441ae91bca4b708bca,2024-09-20T12:30:17.483000 +CVE-2024-46582,0,1,944e3b02b5594207e3626f3866022fb372c6341133b233814d52d2614cff84ef,2024-09-20T12:30:17.483000 +CVE-2024-46583,0,1,01f5acf1e5f88368bac71a5ec32b153dfd54ed7240275a91b4b362f9599ade57,2024-09-20T12:30:17.483000 +CVE-2024-46584,0,1,1df18e830f427416905dd49acd436788b5bff3660ec1869c8da570f7f57372e4,2024-09-20T12:30:17.483000 +CVE-2024-46585,0,1,eb304b7f5451c0c5904f44c364711f727c897ed9ae523b7f39045f085875c159,2024-09-20T12:30:17.483000 +CVE-2024-46586,0,1,2abc5f5804e5d94c165088cb0a8c7be29c66d6f389d46e49ec7fd05b167d047c,2024-09-20T12:30:17.483000 +CVE-2024-46588,0,1,b0ef758eb794d3fdf1634c81dd1e88b567e731064267b2090c2ca518c08f1aa1,2024-09-20T12:30:17.483000 +CVE-2024-46589,0,1,b254c536d305c84c9ba6ce987a6ed0b8c6785ec07e73a852ca2082ef78b0fa58,2024-09-20T12:30:17.483000 +CVE-2024-46590,0,1,0f57a75aa544d32682a0bb4074aab1a882bc11b87bd1f3612df15b4a5d25fd82,2024-09-20T12:30:17.483000 +CVE-2024-46591,0,1,561ecf7b8fa4364e80e792d0945e12681309a969ed5526cd7f6a2edc80c0947b,2024-09-20T12:30:17.483000 +CVE-2024-46592,0,1,b84869db5ceb8dd591f4b7de3a3e818828e0b8a2f05e22c9bbfe5095d7e29e9e,2024-09-20T12:30:17.483000 +CVE-2024-46593,0,1,df78a9ece238a69e5314bb125e47adfe9e602331c1ffafe9e6b90bf9f42cc82f,2024-09-20T12:30:17.483000 +CVE-2024-46594,0,1,06056c6d3c18e051eee83bae8e4b8700414578262094deb3f352921f9bc37205,2024-09-20T12:30:17.483000 +CVE-2024-46595,0,1,168616c0bfac92d53cf964f1fff59cb9c6076be84a9884986a51bb9de19cd1d1,2024-09-20T12:30:17.483000 +CVE-2024-46596,0,1,8ddda5a1bad76ce2d5f4ae9a2835a79d0556215a818431d2b147ad0cd9c82d77,2024-09-20T12:30:17.483000 +CVE-2024-46597,0,1,21b5f832b84f8b1d9a1a8fb596cb81552dab6a30720a8887f0faf84f82f6dd42,2024-09-20T12:30:17.483000 +CVE-2024-46598,0,1,88337e9b2b310200918c0719d8ffaa45392bed63d3bfd34621f6eb261ac15968,2024-09-20T12:30:17.483000 CVE-2024-4660,0,0,e2da4ceee6df96a1cb7e9b187d6ffc85e3946e3cc1d921567db2bce412f91772,2024-09-14T14:57:01.130000 CVE-2024-4661,0,0,f19406aac3e0e4dd229494d2c7f4a9ae6fd94c8256be755b3955222db7d3bf70,2024-06-10T02:52:08.267000 CVE-2024-4662,0,0,42d3ec88d759fc9bf88fc92972e0c9891830916b90a0cdbb0331ad5486f420dd,2024-05-24T01:15:30.977000 @@ -260226,103 +260226,103 @@ CVE-2024-46710,0,0,99ad059fec6100ef5344b9476dea58e8105bf6e298abfd9609e18d1b32dd8 CVE-2024-46711,0,0,91f6e71bff9276f1e56a88764fca11ade7e1d2c1501a9c829689237f0828b894,2024-09-19T13:12:30.390000 CVE-2024-46712,0,0,225e28d58d121274afe8a67bb7e9b2a631f03521abd17c753d0a27bb12faae1a,2024-09-19T13:09:22.957000 CVE-2024-46713,0,0,d8ee32a1d2f66a0382271f856af541b1f264ab38003525966195157bdf6c59dd,2024-09-13T16:37:22.997000 -CVE-2024-46714,0,0,b72ad44a954f2715ef56c9102a244a355debec6037b8929871f8785f000f2aa0,2024-09-18T07:15:03.060000 -CVE-2024-46715,0,0,7d56260d3c8e43c2b1103e17b191e44a00795874e8dfaaf69c4d53ea8d6e708a,2024-09-18T07:15:03.130000 -CVE-2024-46716,0,0,f0c06910c0f0108021204a31d3b99a21339fd759427583f73b07fb17bfb4398b,2024-09-18T07:15:03.183000 -CVE-2024-46717,0,0,58e023325c3d7a2093f7f409ac6c3d7a620565d1ae4a826a1d3ad7a098cf13c2,2024-09-18T07:15:03.237000 -CVE-2024-46718,0,0,cf3af73466d6bbd0afb1db52d7a36e95453d29578bfc8de05f662a43e1d1c575,2024-09-18T07:15:03.303000 -CVE-2024-46719,0,0,a98e453395a34394743cd0299c4df1ac5f0421b80366fb3e5b2fc95d5d69f456,2024-09-18T07:15:03.357000 +CVE-2024-46714,0,1,5dc06c1790627348c8b42d7234b56d306e0d63ecf8e6e2f024add2fdc2f2068b,2024-09-20T12:30:51.220000 +CVE-2024-46715,0,1,f6acc12b1eecea12bf9d6f195b39a00b75ddb201277b4ad1fc8ac95e25d25405,2024-09-20T12:30:51.220000 +CVE-2024-46716,0,1,285e828ee8aa50fa4c3aa4bd8a3abe4a01c20af8ed00007aa5c1fe4778857afd,2024-09-20T12:30:51.220000 +CVE-2024-46717,0,1,cd61e7eb874e3f98372d85a33e9e40d7e36ee1787456cd2287e7b17844f088a5,2024-09-20T12:30:51.220000 +CVE-2024-46718,0,1,900cf0c6c1a69e700d46f12e93b7fb3c7ac208373a9c299b455c66344a9143ca,2024-09-20T12:30:51.220000 +CVE-2024-46719,0,1,9285bc7dfb0d857c8db70386d45ade93b3a6840f08fa7bbb1c417b6315b9d9e5,2024-09-20T12:30:51.220000 CVE-2024-4672,0,0,35f3d370a957f330147d6589398835ee73958e29db9da9b60896b5f03e87d787,2024-06-04T19:20:45.330000 -CVE-2024-46720,0,0,e3161e09133bba9dc30a4ca20f98d5adcc706e17282ee413d2709c9b74a376f8,2024-09-18T07:15:03.420000 -CVE-2024-46721,0,0,9494d6e4bb6468169d547543bb2def558dd6fbb56d913287202d81e10ee4094d,2024-09-18T07:15:03.480000 -CVE-2024-46722,0,0,81372ea97dbfccde1319c85d9f57adf890fa914b8e3ae7f745a9d7903c465123,2024-09-18T07:15:03.547000 -CVE-2024-46723,0,0,2a0a3fa7e2e4134fd622cb00816daf317356741248d44691c05c963dfcd3da60,2024-09-18T07:15:03.610000 -CVE-2024-46724,0,0,6a49c4863b7dc5b1a396051c9766018a91c9b73d52254fee30119905cf8601af,2024-09-18T07:15:03.673000 -CVE-2024-46725,0,0,e3446e982b438aea881f5aa322f3de93a7ef060cb0d6eab7eeb3300518b20d40,2024-09-18T07:15:03.733000 -CVE-2024-46726,0,0,f99f1e94fc50be4e09d1aa883bc5f7f94caaf437fa4b1eb519a033065d71ecf4,2024-09-18T07:15:03.787000 -CVE-2024-46727,0,0,a67bb64f5914afc360000d2d6dbb2c2174bac49d8be41ef3251d3d9fd2bfef97,2024-09-18T07:15:03.840000 -CVE-2024-46728,0,0,0c2b39983ac0d45f940d03286be472be8b9e82ffd64c660e156b22c601b9f5cc,2024-09-18T07:15:03.893000 -CVE-2024-46729,0,0,0d8e6c4f42d731dce965f983d0e201a80c26212f7eeaded58347d635d48547f8,2024-09-18T07:15:03.950000 +CVE-2024-46720,0,1,7f0e0cf641062efbfc2b2c008a971437e349ef6fa6fd66d448bd20bb035a354b,2024-09-20T12:30:51.220000 +CVE-2024-46721,0,1,15efcb99953290d48d47c2aab79913b401c56c1cdf27225fd4a3babd318b7bef,2024-09-20T12:30:51.220000 +CVE-2024-46722,0,1,df1db153a52709fb258161d81d3e0e05155f1d1d1569a5ae5312c1a2454c016b,2024-09-20T12:30:51.220000 +CVE-2024-46723,0,1,54dbeca0c14ff3fb67e5533cf2939d5b0103a71dab065d83029c3ba104d50efd,2024-09-20T12:30:51.220000 +CVE-2024-46724,0,1,2c9cfd3c8036183e04dc1f333b022c33881e59724a41e965aa9c9de3389c8ea0,2024-09-20T12:30:51.220000 +CVE-2024-46725,0,1,9d06e81d0b09a76096b8f064905ad04e1f5ba82a81a3c2c7903a7ce46ec8b226,2024-09-20T12:30:51.220000 +CVE-2024-46726,0,1,3b4ddb419b1b15b91cdc1caff7bbb05b6b934f38755207d8805cb1f886dc50ef,2024-09-20T12:30:51.220000 +CVE-2024-46727,0,1,df7c36e90817b43197d2d9c012a6e8afd8c1a737d85f5fed3ed5c2384427e829,2024-09-20T12:30:51.220000 +CVE-2024-46728,0,1,f1507805084327b44e8fee22decfb0c40d7f7eb85de7a9e9a8b408615007213a,2024-09-20T12:30:51.220000 +CVE-2024-46729,0,1,7b3dc0c090bb6cc0b1332923d5e2f0f6592c4f5e0390aac8790a4bd11f0fc162,2024-09-20T12:30:51.220000 CVE-2024-4673,0,0,534fe3baa36c9b2de1fe1f9372b44f4a695e5779fe305c090e0c97233d7085b1,2024-06-04T19:20:45.437000 -CVE-2024-46730,0,0,1adc8291665857c7c0f2647d015b9412b8fdf4990cc38ffd2877ad27489a37be,2024-09-18T07:15:04.003000 -CVE-2024-46731,0,0,13a373ddcd5f315ac18e0946969b2c5c495766f1aea575fd0555bc4c1db9f1b1,2024-09-18T07:15:04.057000 -CVE-2024-46732,0,0,a5427b13e2293c253d511105d2e0d2effba659346184f11515e61e5403229ab8,2024-09-18T07:15:04.117000 -CVE-2024-46733,0,0,4e6821936c110c6cba37f3f3ba1aac8acf438c28676b0744bfa28c2e36d500e2,2024-09-18T07:15:04.170000 -CVE-2024-46734,0,0,ca8157dffc30c848222a36425eb0ca003896ae1557bd4054bad8eeadb6c115f2,2024-09-18T08:15:02.980000 -CVE-2024-46735,0,0,23dcfc7438cb86f8fa67c88ccd8490e78ed6fda0a20ab836c34757840e546eb1,2024-09-18T08:15:03.057000 -CVE-2024-46736,0,0,82bc2a49b7ce30a8d0cdf3e30e9310b0335c20538d0c4db741eb41883c2ef422,2024-09-18T08:15:03.113000 -CVE-2024-46737,0,0,b451cfb21869e663a9907cf1b6c43fd0619852cf9d047432a95a9be2edaff8c2,2024-09-18T08:15:03.167000 -CVE-2024-46738,0,0,321080f5c21f3354f1096c7dabb4731bd866638f5eafd666ebeada79e7755a8f,2024-09-18T08:15:03.233000 -CVE-2024-46739,0,0,6a3269f8b7f581274dd284c855dd5505a03c6d740dac85d7d47db87f721288a9,2024-09-18T08:15:03.293000 +CVE-2024-46730,0,1,b0df5901f35fba20f373c4395684d5c970a27cd6c2c7852cf6020fd607887d24,2024-09-20T12:30:51.220000 +CVE-2024-46731,0,1,c8de721c1d70bdf1609b0fdd097cf2854d971ad3f5bfad663016055fdd4e2d1e,2024-09-20T12:30:51.220000 +CVE-2024-46732,0,1,530d8f994d9b9cf54c55c5524704c16a51b41898be5349a56b20327166337e75,2024-09-20T12:30:51.220000 +CVE-2024-46733,0,1,79186a2b7b8560d75a3f382848c11d76972e45dfdd742ee0a98c810d97481fb5,2024-09-20T12:30:51.220000 +CVE-2024-46734,0,1,54144e8397a8d8508d8b9ddc79011d1a73acd2236e76feed8ed79d1cd04c3452,2024-09-20T12:30:51.220000 +CVE-2024-46735,0,1,dcb595f12dbfadf1e8f90a0a790489489496c0467b234e74490dc715efaa8443,2024-09-20T12:30:51.220000 +CVE-2024-46736,0,1,3c1ef12c24cce0f8bcbd38405e5151195e4b1250b39e7384abcf96ac2ee7ee60,2024-09-20T12:30:51.220000 +CVE-2024-46737,0,1,90ce604e61aa06a709f7bf35c2b5cb43dab7f3517b89f01b08ef588b2940a77d,2024-09-20T12:30:51.220000 +CVE-2024-46738,0,1,475079046fa42d46d304782166e3aaaf23420d4500332bac4a1f361b5d08019a,2024-09-20T12:30:51.220000 +CVE-2024-46739,0,1,b8f7f9ca35b963481bd6457f3dc1f173218c607b85e4825e35783481f2360eed,2024-09-20T12:30:51.220000 CVE-2024-4674,0,0,60247f20a2a4283bfbeed309267e9d6b22bdb830da33ae543a1f6522ba4ea3ca,2024-06-04T19:20:45.527000 -CVE-2024-46740,0,0,c57a330ddb408700c00759e66521ee359785c25d500312a457a50f333d0fafcd,2024-09-18T08:15:03.377000 -CVE-2024-46741,0,0,7fc217d442c1871a95dcd26d0675d278db8b06ee2dde9d4c65e5c8bf50a5d7c7,2024-09-18T08:15:03.430000 -CVE-2024-46742,0,0,1520154e2aece5372bfa4988bcf830bbc57b01e5ef0771490bd71d5a70b906bf,2024-09-18T08:15:03.480000 -CVE-2024-46743,0,0,43a9fec176cc021a6ddd29460956f5674a48d3e852f2ad277cf6036de8eec4d9,2024-09-18T08:15:03.540000 -CVE-2024-46744,0,0,0177ac74e1dcb965170b4c5eff27204534e6e039c229f955ddd20fa2d5959821,2024-09-18T08:15:03.603000 -CVE-2024-46745,0,0,14210a0a3e69adfcfa23efce8119555c9fdc39951541d131f8ed407f7f2b993f,2024-09-18T08:15:03.667000 -CVE-2024-46746,0,0,a9acee6010f9e46506c14d6c7ab845747513de49a6f383c813fa635db3bf4928,2024-09-18T08:15:03.730000 -CVE-2024-46747,0,0,0c0bcfb183b4e427845b56a01b01e403278e79efdf19d4134a59087f309153dd,2024-09-18T08:15:03.790000 -CVE-2024-46748,0,0,84e1d760015a869d639ddc906eea238feb7f25bf77bc3de265e49df8e67d2ea5,2024-09-18T08:15:03.847000 -CVE-2024-46749,0,0,a84dc47f1a685cca130fd1d205ba545590944b2287763f8082943274c97fa444,2024-09-18T08:15:03.893000 +CVE-2024-46740,0,1,569afd2e74c68ed1f0092ddffd6c8a9ea0e52288d71e57594a617359403b03ac,2024-09-20T12:30:51.220000 +CVE-2024-46741,0,1,224345768332a98ab8bab4349b1a0f54641198ec213c82437c0ff59d1475f39a,2024-09-20T12:30:51.220000 +CVE-2024-46742,0,1,b43d692a26684d32f39da6e5138b47d11fd9ab0d6641291b69be7f8733fe2a05,2024-09-20T12:30:51.220000 +CVE-2024-46743,0,1,68b26f93dda3c6f01225d050126f3f582a26f740503c51ce2dff0d290d7982cb,2024-09-20T12:30:51.220000 +CVE-2024-46744,0,1,1ddb6091ea143124b9b1590099b9687701ffa30b9df9a4a2d29918b7d821e335,2024-09-20T12:30:51.220000 +CVE-2024-46745,0,1,1810fdd8cfd3dd07004fc4f09934af972754cc295d1890751708649bd77ab182,2024-09-20T12:30:51.220000 +CVE-2024-46746,0,1,66631ae9233179f4d43fd41cc88627d2ad8b2de48a18ecb72de08d4ca46bd4ef,2024-09-20T12:30:51.220000 +CVE-2024-46747,0,1,f1e436e9cf53390c24120404e06adb6c6dbd87510773f8febc4a84960b79bf79,2024-09-20T12:30:51.220000 +CVE-2024-46748,0,1,1f58ab5daa8fdc3cf242c066f17a57853dc64a33693f07928a094111674fe835,2024-09-20T12:30:51.220000 +CVE-2024-46749,0,1,b79c60084bcfe7e3f33e588bd439034481a2186bd7fcd4249a8d87561ad9e9aa,2024-09-20T12:30:51.220000 CVE-2024-4675,0,0,897bf9bfba1675ab43c3b9cceb7b3ad24a12ab65256b892b47361d9f07ed1f4e,2024-06-04T19:20:45.627000 -CVE-2024-46750,0,0,aee5ebe7558bfb9a061bb6cd49323b6cfe0cd1a818ff34428f92fb4c203bf5d9,2024-09-18T08:15:03.947000 -CVE-2024-46751,0,0,500d65fd4878c17e59e0460623e699bf5a05ef513b976b7f7fc40531de5e867d,2024-09-18T08:15:04.010000 -CVE-2024-46752,0,0,95700a0fd1347632123627bfeed0884541591678cc370aa8e8f91bc180445ec3,2024-09-18T08:15:04.057000 -CVE-2024-46753,0,0,aaa56db2056ad72d2210ed453cdb7699d4c83c1c83b8a842a2c55676e9ae5328,2024-09-18T08:15:04.107000 -CVE-2024-46754,0,0,519ad8ed4f70fc79baf215f1fae225c69ec584d6a61e86940f2856c730f11951,2024-09-18T08:15:04.153000 -CVE-2024-46755,0,0,d65402df22689d74c2901ddfca934b261817c6ea05cbaea37fede63b09c7be25,2024-09-18T08:15:04.203000 -CVE-2024-46756,0,0,efc9393bae4300cabbd67283339c039e1e347253f565010ca3ab40e68ec107f4,2024-09-18T08:15:04.260000 -CVE-2024-46757,0,0,b053c4fbda2b1e302c0dfeef758e02db09110978a7e541103df7be899fd72473,2024-09-18T08:15:04.313000 -CVE-2024-46758,0,0,2c71d2b40db06a20bb5ef5ccc4a1c9f6b2178bd692dd524d9908f0f0a0f6e005,2024-09-18T08:15:04.367000 -CVE-2024-46759,0,0,ada271a1cb7ade7f46688431c0f7e6a642de7c840c35d1c69dc93d8b7f37137b,2024-09-18T08:15:04.413000 +CVE-2024-46750,0,1,c09c1f067655fcdf519db40372da7bacd7550fd274adcad8a90935385ad5d13a,2024-09-20T12:30:51.220000 +CVE-2024-46751,0,1,9a3f715f8855231d0b29f7b0ce4f06ca1ddb8cb0650b529c0cfbbf4ef8fa6072,2024-09-20T12:30:51.220000 +CVE-2024-46752,0,1,a6e483848fd846991fe052cf397d8e3748be44625f58093adb7b1755e086fa32,2024-09-20T12:30:51.220000 +CVE-2024-46753,0,1,3d7493508cc733effcafdd7d2b06bc7d70b1185c0794738e42492fc29ea4f135,2024-09-20T12:30:51.220000 +CVE-2024-46754,0,1,d335bc48b5fc1eebe1a7eef0e7eae5f8d2c1b537f7a261d71a0e5ceb10c05e28,2024-09-20T12:30:51.220000 +CVE-2024-46755,0,1,1c2cee47a5f52019889840654a81eabff2fcf476ae457d6c1a522c0980afebe1,2024-09-20T12:30:51.220000 +CVE-2024-46756,0,1,2784999f02c44246c6be632cd1b356e9d973dee53806c3e7c82011c79d890be3,2024-09-20T12:30:51.220000 +CVE-2024-46757,0,1,d658d5a6445883939a117026fdd033f5e89f137c5551608549549a47861237c7,2024-09-20T12:30:51.220000 +CVE-2024-46758,0,1,9788f4141815483fc0ba1555c4f05848abf9199230331734c580b3c3bdc21876,2024-09-20T12:30:51.220000 +CVE-2024-46759,0,1,8150f17e6e0bf81c0c3ce95e038bb9449689632cebfb85234012c9bada8f5acf,2024-09-20T12:30:51.220000 CVE-2024-4676,0,0,36c2a5f720119d264342d4d9b8586d4aebc357e75b49de4b862f0e7d867ff32b,2024-06-04T19:20:45.727000 -CVE-2024-46760,0,0,3e2300cd8d2fabb5cf9827a46591e30e5af12d81b529bb4898a37599f6bf17b3,2024-09-18T08:15:04.470000 -CVE-2024-46761,0,0,d794a75c09d81e3cf2420d27e3fec20450ae3eeae382df2bdbbd37ceb53c6336,2024-09-18T08:15:04.517000 -CVE-2024-46762,0,0,311ded7d89bac2ce37980efb774b64419b0297daf3311304efdf7bbe4352e47b,2024-09-18T08:15:04.570000 -CVE-2024-46763,0,0,fded74b609da36f293ef91439089fca2c339650d06eaa8338e0b394be2512369,2024-09-18T08:15:04.613000 -CVE-2024-46764,0,0,c0c3b16d2104728940b34dcab85289300736cfa68f1e9d24048f48ef35472920,2024-09-18T08:15:04.670000 -CVE-2024-46765,0,0,be2a64e60e7281b042f49be55c2190c79212f83fa0575808e1635043aeb497e7,2024-09-18T08:15:04.710000 -CVE-2024-46766,0,0,bf62edb91010fc35fb49ea0fbdeb83286e8f94577e85a901da1cf346909c8903,2024-09-18T08:15:04.760000 -CVE-2024-46767,0,0,f9ddafdd83482ad232f7883c1565304e3c8cdc3d50b610dc014c3526e6c9a0f4,2024-09-18T08:15:04.810000 -CVE-2024-46768,0,0,5271c54138b132bd74549712838ad23987e543eeecef1de7950914c7073515d3,2024-09-18T08:15:04.853000 -CVE-2024-46769,0,0,8e83b56277e9718dfb6f9ebef7918b4e31b05988377611bde3198ae0fc5da5b0,2024-09-18T08:15:04.903000 +CVE-2024-46760,0,1,2530b49d4788eb6191c0aff0e99a062798c5dd484c96a4bee576a8838f22173f,2024-09-20T12:30:51.220000 +CVE-2024-46761,0,1,556b38b75aff01cada3e1c0b0b6e27b306aa97e4f1a828293e76c9cc573d5d92,2024-09-20T12:30:51.220000 +CVE-2024-46762,0,1,26c19304b7a73ede011c115575e2dd768c2d0539ab9d2785f90b5399ab449586,2024-09-20T12:30:51.220000 +CVE-2024-46763,0,1,87b1fd780c4144daaadd0fb23add37332ac0cba1810513ab10ce03115d7af135,2024-09-20T12:30:51.220000 +CVE-2024-46764,0,1,12c93d62cf976e0fac2b5ba84bf2f54a4d1d5062174357996a20e7c4bd1fa2c6,2024-09-20T12:30:51.220000 +CVE-2024-46765,0,1,f01e0ddd7e40b861ffad58b9281d3a4910ee707fc5f31982899203207d6d42e2,2024-09-20T12:30:51.220000 +CVE-2024-46766,0,1,d31b3d7d3d5596fd525e588f58177c1ac17388459457ebea11ab3b386899e25c,2024-09-20T12:30:51.220000 +CVE-2024-46767,0,1,fd3b90678eac65bcb3233c07c19427fffd1566d14f3f9a8041e6042771984f5b,2024-09-20T12:30:51.220000 +CVE-2024-46768,0,1,404d33c105e2f2e7a4f6108144330470208ba943ab19e3a7f2654703cb3bf44e,2024-09-20T12:30:51.220000 +CVE-2024-46769,0,1,27c275cf99cad3189c828761832a92d77d4a10c7366ca2ce0ffd4d9d81bbe6ae,2024-09-20T12:30:51.220000 CVE-2024-4677,0,0,06b789b4e22353188f4fa1dbcfc045ef487187889647b738ddd6f1b3dabcd887,2024-06-04T19:20:45.830000 -CVE-2024-46770,0,0,3f4294f35fa46bd644327bb119a7d649d1e5d430016155a3be0373dc62531fbf,2024-09-18T08:15:04.957000 -CVE-2024-46771,0,0,66bcc8c19784e6a549884b183adf2b278b5b3e81ee9940357877a5123b86ea26,2024-09-18T08:15:05.010000 -CVE-2024-46772,0,0,1642d179863b0ad9729f1e477daa23a89c819cec037bcb7c988c5e9e2118133f,2024-09-18T08:15:05.073000 -CVE-2024-46773,0,0,bb1cbd774c918bcf0e139aa4b8b6313886238c92d9536ca9e9e82630df89c795,2024-09-18T08:15:05.123000 -CVE-2024-46774,0,0,df1c5e77c06dbd9b106228b7c368b6ad5c4966fab6a95b97cb6229d63b6176bb,2024-09-18T08:15:05.180000 -CVE-2024-46775,0,0,283ebb629ae0601e3c0cfd444a28a230977bf1a273655962b8a6e3c78d71a20c,2024-09-18T08:15:05.240000 -CVE-2024-46776,0,0,c8f2a75c0261c691dd667e52c608f508f8803277127f673fc6db443900bbbf2d,2024-09-18T08:15:05.287000 -CVE-2024-46777,0,0,8cdc9a39570265278d9e350aadaa9c58cce6e89a9dcfcf8c31f8f1094f07ad9b,2024-09-18T08:15:05.330000 -CVE-2024-46778,0,0,396380603e968003b58900d0d6490bbd6acfb10302f743c9f7cf9856c1c60b1b,2024-09-18T08:15:05.380000 -CVE-2024-46779,0,0,bf47890b5db85f1151a1f3f701c0c22151de888592e192e303c6ca501a5d224c,2024-09-18T08:15:05.430000 +CVE-2024-46770,0,1,c1db1e23ada7dcf7b68d5bca1418aec03f8b7324e35577b52d7987bd7cf95c63,2024-09-20T12:30:51.220000 +CVE-2024-46771,0,1,d3e25589d0aa5cc76f678addd8f11cf59207b44575da23e672799ad7db6233bc,2024-09-20T12:30:51.220000 +CVE-2024-46772,0,1,d84466b9e80a2ff04c50eebed518f22b45fee60b06b335d323632ba213bccee4,2024-09-20T12:30:51.220000 +CVE-2024-46773,0,1,38f4dd091575a01bc3cf71b34e6e50ab9688760949d7bf2beee764b693afc074,2024-09-20T12:30:51.220000 +CVE-2024-46774,0,1,898312b974f7d676e3801eb8898f9749e66804c2df5ac294f95a2f8fc72b8a3a,2024-09-20T12:30:51.220000 +CVE-2024-46775,0,1,39f7e39a0a2b9096f49799d0bab00e7744bc4ac1b71a53fbddef419b6853ebb9,2024-09-20T12:30:51.220000 +CVE-2024-46776,0,1,a99442a67c30f6b8b2c7edd14b057b7025440bebaf3c1a97a251694bd1019ccc,2024-09-20T12:30:51.220000 +CVE-2024-46777,0,1,64f254a8e69394e560ce14802bd54bf5d7b5322084f6066ae69ad8c2320dab95,2024-09-20T12:30:51.220000 +CVE-2024-46778,0,1,42ed538387ee8783838f45ac891015186bc9fe8d2c7a6ed0b3d8d0096eca7842,2024-09-20T12:30:51.220000 +CVE-2024-46779,0,1,4e717c031148172d04b4e4178adf3f034546c6267e5767a2d07946874fdaa94c,2024-09-20T12:30:51.220000 CVE-2024-4678,0,0,be695eaab1f72a88b10d5b9b54afd539ecd5dccc02b3dde1eca881aeeba1ff59,2024-06-04T19:20:45.930000 -CVE-2024-46780,0,0,7b1bba29160bfd83b176fb8e0d1f40f48f858bbf35f08f76ad30ce3254b6d8dc,2024-09-18T08:15:05.473000 -CVE-2024-46781,0,0,597bc570a64ccf458b5f007cb1b9bb1fbb8c80ba6c44612b54cb99a0f4dd329a,2024-09-18T08:15:05.527000 -CVE-2024-46782,0,0,bfe5fd54d42ab2d5a56dbed17ca47a24c8b851b2ecc919d2654eaa75cd27c7ee,2024-09-18T08:15:05.577000 -CVE-2024-46783,0,0,177b79cb044c64bdd1ba5ec4df2c0194374ddb06b727bcb28ee590c1edb71806,2024-09-18T08:15:05.630000 -CVE-2024-46784,0,0,1cb02002808032cce280c51dc21ba513691e1421440415a90656bd0aec4254c9,2024-09-18T08:15:05.683000 -CVE-2024-46785,0,0,88edcda4b6a413136bd12d34f9993a9814755864fe55569ac385479d63cb3838,2024-09-18T08:15:05.730000 -CVE-2024-46786,0,0,2afbea964bbb8e8e0af027de7dcd2557cbc76f10803a1ef9d28441f442ec1ac2,2024-09-18T08:15:05.783000 -CVE-2024-46787,0,0,8673b56cc0cde759acc6c3b46fb56f29d3bed68790505e12c0d024209f02c4ce,2024-09-18T08:15:05.833000 -CVE-2024-46788,0,0,6863b050d499c258508d08167bf5fd5b190433b7c9d93f657fd609255797c155,2024-09-18T08:15:05.893000 -CVE-2024-46789,0,0,32bcb44e01af3e39425bea50f4012b3cf64106bf1e6fd2e81b0c290b840e513b,2024-09-18T08:15:05.957000 +CVE-2024-46780,0,1,450748190a91dea98a59a618a62a7f263f80a5e9eca3c0ec693f8e0a9ab81d08,2024-09-20T12:30:51.220000 +CVE-2024-46781,0,1,6997bbf6aedd74681f5356965e090353ca0de0dc4b0bf6c95aa2cb72fe33edc0,2024-09-20T12:30:51.220000 +CVE-2024-46782,0,1,fad1c07a38aff93b00cc6b49fcc84cb7d1b68efa7d32760beab30bf5dcd3c28a,2024-09-20T12:30:51.220000 +CVE-2024-46783,0,1,f5fd8344250949515be76b1169d4b4d1ed741f3003762efd1e1ca67374b9059a,2024-09-20T12:30:51.220000 +CVE-2024-46784,0,1,b080e0cb6c05e947afba9f8111d5663b9980c89af16be739ca2d41c09180c9da,2024-09-20T12:30:51.220000 +CVE-2024-46785,0,1,8d6f4d8b7ad5fda1c01fd9eca76139f118ad0f09ac66f10fd11804a28b21d7b1,2024-09-20T12:30:51.220000 +CVE-2024-46786,0,1,ea856edd20a55dbe24e6f1fcb1f488b69ded889b0b700120634cdd6ec24a3bc1,2024-09-20T12:30:51.220000 +CVE-2024-46787,0,1,9fb096d8d921acd2c368cad3cbdb998975731bd46e12281362df63b23b6f072c,2024-09-20T12:30:51.220000 +CVE-2024-46788,0,1,695266a8c696b6d7e3425cc0a9ed86e76a0329cbee6a482b93b62801857e8044,2024-09-20T12:30:51.220000 +CVE-2024-46789,0,1,a571fb0b950e8c979ab026a9fe716bd6ec64ed8b8cb21d6691e8cab8a49ba099,2024-09-20T12:30:51.220000 CVE-2024-4679,0,0,9bfb1104bd992ff014fab2b1166f6f818504f2232183224a6a702e4c44b2119a,2024-07-02T12:09:16.907000 -CVE-2024-46790,0,0,0e5f417035edc97890f7422f1a5ed558a218db3741cf1169d25a20dab7b5be63,2024-09-18T08:15:06.010000 -CVE-2024-46791,0,0,ac0a42f40cb248198e15dc852d5167199a32b81f4938e31573af311e3901d026,2024-09-18T08:15:06.067000 -CVE-2024-46792,0,0,d38cb61b8caa44931422580fcadde7ec500ae4af201ad39f926e73e5a8878183,2024-09-18T08:15:06.123000 -CVE-2024-46793,0,0,1c3720a58618218f02f33bcb019fe1af7bffec77c282dcb9cdf6b79f4c3920ac,2024-09-18T08:15:06.177000 -CVE-2024-46794,0,0,be84dad7d86db27f47727010e1f732d1c64835dd4cdbb36666d2fae21dc33a64,2024-09-18T08:15:06.230000 -CVE-2024-46795,0,0,2711ac53c713016191834849cacc7c866bf81469c68b13c1d81152bcd18cf7fa,2024-09-18T08:15:06.280000 -CVE-2024-46796,0,0,e02b9590a0e56b309481819e3f1983453a532a2f0f3f200cb7b6fc82321650ca,2024-09-18T08:15:06.340000 -CVE-2024-46797,0,0,0681211f2d2ffd817071cc32b3ea0ad9d55c684ee5ca1363c17b0fb948b1a2d2,2024-09-18T08:15:06.403000 -CVE-2024-46798,0,0,0aba1fbc2db265a759029f391a6dabd6d21e9643b67c2735d30595a521be5af2,2024-09-18T08:15:06.463000 -CVE-2024-46799,0,0,6b67f44c56049465bc9d56da43c7a044a2c7fde44d68186b9b25e96f0eee326a,2024-09-18T08:15:06.523000 +CVE-2024-46790,0,1,d27eade819ed2fd15185afc828dfb8999a9cfdae3e96ed34fd07c06d351f85e6,2024-09-20T12:30:51.220000 +CVE-2024-46791,0,1,118aaa67b80d54abec82d4160deec801758d5df924356b4755593426c59e26b0,2024-09-20T12:30:51.220000 +CVE-2024-46792,0,1,5038c4c1693692d5253e8551ff854391bb6738497f066bf8f1ac22d03388831f,2024-09-20T12:30:51.220000 +CVE-2024-46793,0,1,2d10fac5b5abe5b03bd81c41bb3faf348690f0206eb063045a21a3271a7d2a51,2024-09-20T12:30:51.220000 +CVE-2024-46794,0,1,4a5040d28c02875cb7f0ceba00353539020b8be79b10a6b6826a3f96b115ba34,2024-09-20T12:30:51.220000 +CVE-2024-46795,0,1,09bce0df2cbc6fbed8b0693e3ec9572ca7bf502b5d09005fd46bec0264a496d5,2024-09-20T12:30:51.220000 +CVE-2024-46796,0,1,f0739f821fd11df3512e35ed8c12112d71430a1a3f159dda95f51c24b4baa720,2024-09-20T12:30:51.220000 +CVE-2024-46797,0,1,d965b0051a3a2a8ab1598f3a2e3c165fbe92da8ddf842ea1eaf30dd4dcdbe3bd,2024-09-20T12:30:51.220000 +CVE-2024-46798,0,1,f71f7ec1c9324d751007fa91d4a40123f401d2292728995d6093603f38cf8f18,2024-09-20T12:30:51.220000 +CVE-2024-46799,0,1,462e24e8c67dcd1d09d24ff68399c1aa3f12fb9f0614901bf3ef2240d2e98a99,2024-09-20T12:30:51.220000 CVE-2024-4680,0,0,0c8976c1b63cea89edb43ad9d9b81fc90d65237e24435549d62994fa7d6af35d,2024-07-19T18:51:53.003000 -CVE-2024-46800,0,0,c66c41d358180fbf4c204f6a3b9cda44ad03ccadfd845f41ee5c20a598448cb8,2024-09-18T08:15:06.573000 -CVE-2024-46801,0,0,5a25cda834e5800cd9c501ac0fe5feafbcf74cf7074dcd3eff31a0148ad4b31c,2024-09-18T08:15:06.633000 +CVE-2024-46800,0,1,05c08febfdbf5f8ba0e3a091e7402c462bf17d82efedf1d2064a7794c34be9ee,2024-09-20T12:30:51.220000 +CVE-2024-46801,0,1,231b87a0702cfe32dbc6fcf0e702e16e3985896f01de41d5c40d26942a893094,2024-09-20T12:30:51.220000 CVE-2024-4681,0,0,fe9d790ee9979c1aca5fe28a3e8115d4c327b815a1753595a7df398a95b1856e,2024-06-04T19:20:46.033000 CVE-2024-4682,0,0,b188d20fdb53d2324882bc38bcdbd4c51d4b6beb562fc8362c2866e7563895e8,2024-06-04T19:20:46.140000 CVE-2024-4683,0,0,f97d6282ccf029728c8ab8e65ca2b64efa101897ef8ccdc22b5456d11d66a8f8,2024-06-04T19:20:46.247000 @@ -260338,48 +260338,48 @@ CVE-2024-46937,0,0,07fdd1d78aaed903fbff4e5d9a0ce758118188db8683180f256eed71d0649 CVE-2024-46938,0,0,9e276dbb5f511d90ea6307dc9981b04eafca4332d1a762536bafb02391c73acc,2024-09-17T15:35:10.980000 CVE-2024-46942,0,0,39b03564ad46dfa226521fed6197bd85a5899e9352724095b0a13d9a65f5effe,2024-09-17T15:35:11.740000 CVE-2024-46943,0,0,152386ee346108a0b10024e97836216e24787fcc13e07313dcb51a8afe0ec6cb,2024-09-17T15:35:11.950000 -CVE-2024-46946,0,0,36ac86aead2e49e73e416655f8cae00331f8c74ccc5799b9b53e6553f68ba39e,2024-09-19T14:35:09.763000 +CVE-2024-46946,0,1,5adf6fed09d7522a85c453ac4c470cad5917d88736dbb3b605636f5befca45fa,2024-09-20T12:30:17.483000 CVE-2024-4695,0,0,aa253f1bdce79ef626aa7622c4e367006f6b60359a6a2b0af989b23a6e81f980,2024-05-21T12:37:59.687000 CVE-2024-46958,0,0,55b6c34933d7f404734afe78f6fca5f500d88d2d153f0079c17dd51e529b774d,2024-09-16T15:30:28.733000 -CVE-2024-46959,0,0,47d5f83d561a982f4a4be7b405a83d2d9fa4ba828de30b6ae661fef4ddec5ff0,2024-09-18T18:15:06.730000 +CVE-2024-46959,0,1,472b45b0ae16b9abae7dfecaa89a010840bc35189a129396c9411cf14e134190,2024-09-20T12:30:17.483000 CVE-2024-4696,0,0,b8ce6d89da084f88972905e9878372f109e48889eae7d9f95b30ecbbc63816ed,2024-06-17T12:43:31.090000 CVE-2024-4697,0,0,3bc62a9bb9952d026af8ecd13a98f81fa60290945109a2f6023ef384956822fe,2024-06-04T16:57:41.053000 -CVE-2024-46970,0,0,850e1f9bd88ec99bda9e7fcbc1327358ebf0bb50f2ce23e44dc920d53302143a,2024-09-16T15:30:28.733000 -CVE-2024-46976,0,0,f3786e54e8d51b8dd39dbbbd9771974fd9112681cfc7638f96badfdf4c35d719,2024-09-17T21:15:12.763000 -CVE-2024-46978,0,0,36b285d1460b110c481154f782e68d9c8d1dbf797d63b33fab3e9a2d3ca20de7,2024-09-18T18:15:06.800000 -CVE-2024-46979,0,0,a3ce74339b7719674395a76d00801d8b382d6390868e9fcc0ca030e18df5986e,2024-09-18T18:15:07.020000 +CVE-2024-46970,0,1,6ef16041ee18068670ae3579af5d9c59d6c6488d479945d9220353b5e1ab4205,2024-09-20T13:23:29.700000 +CVE-2024-46976,0,1,fac4549e2cfc5991edf80f643afe5e39489353c2d5ed7b8ac34e2796d6ba6f03,2024-09-20T12:30:51.220000 +CVE-2024-46978,0,1,3012612591065cdf72fb760bb9d34692ccfd8a93c66cdc7533522797108e3ef1,2024-09-20T12:30:17.483000 +CVE-2024-46979,0,1,bd5b4b491d76f1da7f15e1f5aed6e68afd31ea61b239078722a0e41874b565fd,2024-09-20T12:30:17.483000 CVE-2024-4698,0,0,9dba1ffb097faf0537551ac7612916f547965c7b253baf1637388ba1ee83ae86,2024-05-20T13:00:34.807000 -CVE-2024-46982,0,0,ea2fe597553d263f2cd1280d984988f3dd8bd84e5f24bd16a84753abcca26655,2024-09-17T22:15:02.273000 -CVE-2024-46983,0,0,a244c3d23a5d9a0783d6651ab93a9ddf7d7bf9a7b398ebade5ae771e4c3bc281,2024-09-19T23:15:11.920000 -CVE-2024-46984,0,0,fe824b6e7b17f61bc2b9f113f8742c844b97861158455f0a9e5d8a454c39fd44,2024-09-19T23:15:12.107000 -CVE-2024-46986,0,0,ab926f7ee3625c1f0fa39ee7df55321654bf0797162efeee0b83d34e0f36f202,2024-09-18T18:15:07.223000 -CVE-2024-46987,0,0,0b3e61b78d6adc419a3f678f58860f4b2fd2c45d12714c222bbe2cf403782bf7,2024-09-18T18:15:07.440000 -CVE-2024-46989,0,0,48dd7108bf10593b6831181378ca5e465053fb270e6b778a9f5fc4b1e64c1ebe,2024-09-18T18:15:07.650000 +CVE-2024-46982,0,1,3d9f669d24afb928408eff7284c81bba148f4b4b0d8de4608d668ca1c9286073,2024-09-20T12:30:51.220000 +CVE-2024-46983,0,1,acaa55f24871e509b77d1e06f663550a224b0f8e1fdd17d482c575b8d54a8432,2024-09-20T12:30:17.483000 +CVE-2024-46984,0,1,a2d03b7a5561555bfe246598e474bdc74be23a5595876ca1a73ac153425b0c5b,2024-09-20T12:30:17.483000 +CVE-2024-46986,0,1,3e5474e4d3f0ca437c93a26b5ad5be1b408b91db1912cf5867b13b0513090c02,2024-09-20T12:30:17.483000 +CVE-2024-46987,0,1,2c19edcdcd72e415c468d494212ed34638457574872dadaff25a296c917131b7,2024-09-20T12:30:17.483000 +CVE-2024-46989,0,1,fa29cba3c1dce457e1dbba7936349383199f9bdd1c6535b099705e0bc06fa139,2024-09-20T12:30:17.483000 CVE-2024-4699,0,0,094a3293d1ad6c00b8f42deb1643b829befd633ab0dcef49a183da331debaad7,2024-08-06T19:15:57.580000 -CVE-2024-46990,0,0,0086cd506cde60b64c95cfd59e3cef371a66ac89f344398a809e570bfb502034,2024-09-18T17:15:19.687000 -CVE-2024-46999,0,0,f230b776b8ce1be4215063615a4b20c9ffdae692ee93bcb729f6149737d9e2b2,2024-09-20T00:15:03.350000 +CVE-2024-46990,0,1,a651df2006ba8ce24b06699e6e89ccb4decc32abf73ae7975ae4d0581b357bf8,2024-09-20T12:30:17.483000 +CVE-2024-46999,0,1,936e6dded30bae75c051ee86425d55d0bec8cfeb314d38cd4a963526cd44391f,2024-09-20T12:30:17.483000 CVE-2024-4700,0,0,fa1a582bbd6e4a675ead2d89728236d2ca7c92c15fe998cffa14cb24a4febb9d,2024-05-21T12:37:59.687000 -CVE-2024-47000,0,0,0c8c646b157ce5a2f49560a4529db9a8802618b36b1fbd6f999455dd4ed59bdc,2024-09-20T00:15:03.550000 -CVE-2024-47001,0,0,83229a19d20eee81e566ef79ab83e90e0827d76bd000b5c84838a15b7c996890,2024-09-18T16:35:16.540000 +CVE-2024-47000,0,1,e6cd2cf15ff79097068621837cc569a3cd3866f901ede30d096e1a736477e158,2024-09-20T12:30:17.483000 +CVE-2024-47001,0,1,2bb4bf673c202add583b3cb6aa8d87ad17a722980665125974c3d12c60f8fe21,2024-09-20T12:30:51.220000 CVE-2024-4701,0,0,5f841f0540b46f49c80d409ca526b0c08d190fe4f1f5bc2d7cfb115b5ba38647,2024-05-14T16:11:39.510000 CVE-2024-4702,0,0,dd020b59844aa3c2b904a852a1e5f578b8784127317756ef97f595c083848ea0,2024-05-15T16:40:19.330000 CVE-2024-4703,0,0,7e57d47de6048bcd912b4c77aa51d488946887d89315e68305481f1a25780324,2024-06-11T18:06:31.967000 CVE-2024-4704,0,0,9637a93e192a5f32142e05687e31ff3688b029254561fc4728d18bbfa1666d6b,2024-07-03T02:07:57.433000 -CVE-2024-47047,0,0,4e646814c5b30cbe1daeb568412b4fe1a760b92cb8d05c187c4f5db28264ea4c,2024-09-17T14:15:17.790000 -CVE-2024-47049,0,0,0632fb9d999b7a0f0772c4bcd61e6520e2d1b47f1300e76d8780773c41e655cd,2024-09-17T14:15:17.877000 +CVE-2024-47047,0,1,0a4a15ee2fb8d94ee7dbf9b3ee25f3c32a7e76c7b103a0dd6583489587dbacd4,2024-09-20T12:30:51.220000 +CVE-2024-47049,0,1,bc768f951de25f2d3b7ee4ed4c1188c49a1568cca5cfdd9dc385ac790402738a,2024-09-20T12:30:51.220000 CVE-2024-4705,0,0,26b272539ad739bf4cdb858b2e8b5e748c64203d796935ad814b34867a2408a1,2024-07-23T21:15:15.147000 -CVE-2024-47050,0,0,9fb75eec65018e4d647a95f2333bff20c9711ca8d7d9db03b47fb8b221e40194,2024-09-18T21:15:13.743000 -CVE-2024-47058,0,0,531cdfc92f76cf21d508b7b6b64addb62803353166eabe55a6bed18bc21358e2,2024-09-18T21:15:13.923000 -CVE-2024-47059,0,0,9466c943a41a2a8bfe710cc2c837a4487b91955bb723557f79ac146e1930f89d,2024-09-19T20:15:06.953000 +CVE-2024-47050,0,1,5ddac1f8a8053f0642ae4dbec5cd7e9a4084918d6fb4495768633d435a3f2c23,2024-09-20T12:30:17.483000 +CVE-2024-47058,0,1,ce9dc8340a8922ed16d37cd23094d408dba7fce77515a97a3b8ba24288e2b02f,2024-09-20T12:30:17.483000 +CVE-2024-47059,0,1,1ded05aa2ea1e0adbe840bc57816abecb4dbdb9b2a551e659bc55563f7788a30,2024-09-20T12:30:17.483000 CVE-2024-4706,0,0,9fb317504579dba9e9851d8ef4d6ad37a71c1b39f231cbe007ab86fbaba76dfc,2024-05-24T01:15:30.977000 -CVE-2024-47060,0,0,b4a6de37cadb13dda606c586055981ee10110d2035b1f92da13e1eb3cd38465b,2024-09-20T00:15:03.767000 +CVE-2024-47060,0,1,c8534b944f9f43cb46cae0367e9011f6cce8af6cd945cedb8784aafc5607d945,2024-09-20T12:30:17.483000 CVE-2024-4707,0,0,8435cc27f87132831b9d3f5ec9dd9fe3cf2e85b8b55db14f2e03c7e1023e49fc,2024-07-24T17:59:29.230000 CVE-2024-4708,0,0,c271dbf72bf72946f8191932c0e7ad58bd2ebed6dfb7e2f3f6882e8c7f0da7d3,2024-08-29T19:31:56.517000 -CVE-2024-47085,0,0,acf09fb5d7836be537cffc2aeab5710c48921dfc4ab00260d89f88dcc9fe9256,2024-09-19T07:15:02.050000 -CVE-2024-47086,0,0,c597aff6bbd7122f701df285b04373f6876cc52360db80ffce9703bab5aefb29,2024-09-19T07:15:02.273000 -CVE-2024-47087,0,0,c17260a07ad475edb6de93f6253baae513f72940bb2a30bdb5bf18d003b336d7,2024-09-19T07:15:02.360000 -CVE-2024-47088,0,0,f1b689ad85c208ee53ba72ca5eb09bbf05a2999ca1226200ecd0d641d49d720e,2024-09-19T07:15:02.507000 -CVE-2024-47089,0,0,2e3a77febc0fc74cf78f02dddd4b131b0b725d4d01d4e225fd6b9d55d84fd9f9,2024-09-19T07:15:02.657000 +CVE-2024-47085,0,1,612c4ee1afdc108ee26a19ffa4ef99d7ce5dec79600533d571ae4fcd8b698a7c,2024-09-20T13:15:18.703000 +CVE-2024-47086,0,1,19622658bc16613a77f76eedbc221d6bedafd71c37603778fc455e0fbce10980,2024-09-20T12:30:17.483000 +CVE-2024-47087,0,1,add434e60dfaab3ccacfd801680bb9afc83e4e7605ab2cab181c720ca468bd3e,2024-09-20T12:30:17.483000 +CVE-2024-47088,0,1,e030e98c1a56b33d36ea4b74cae0381b61a692bd98f8880821f6f8490c7ca9e0,2024-09-20T12:30:17.483000 +CVE-2024-47089,0,1,747d9db580763da5143a0072ff546dab60f08a23733ea114071ab112c2f09119,2024-09-20T12:30:17.483000 CVE-2024-4709,0,0,291d83b7a71e23f3ddf2ffe4b4f9de6c9c89e71bab3de54c457add53e92c99e9,2024-05-20T13:00:34.807000 CVE-2024-4710,0,0,bc3d641a4dcd652350f442cdc80714adde1798c9afb82fb5cdb92bbe3aa27b20,2024-05-21T12:37:59.687000 CVE-2024-4711,0,0,d363465dc42b9acab3c0c0b87ab6c465a5fbabc481e6b69ff97f983a499169d2,2024-07-18T16:32:23.447000 @@ -260387,10 +260387,10 @@ CVE-2024-4712,0,0,8c9912a72fdb973e445c03f0c431e473f67586d80716ea23b3c04f9af648d8 CVE-2024-4713,0,0,a3c96b0a67396332ccb3b3b7da032ec990741228737b0623d292fd0ff6dd150b,2024-06-04T19:20:46.913000 CVE-2024-4714,0,0,d7e9d9d95d84a12a856ae94c0b47f221a8b241db6b1f0d94ea74b84fa1b36764,2024-06-04T19:20:47.027000 CVE-2024-4715,0,0,8280b54df57d141f79c5c5ba7edbd4b8610f06a30ecbd5ba39cd6c268b4b3f05,2024-06-04T19:20:47.130000 -CVE-2024-47159,0,0,37cd59fd117f5cf50861cd88b8abebb1e1884db1ba94dfcf9ceb69cfa69bb528,2024-09-19T18:15:09.803000 +CVE-2024-47159,0,1,890e3d5a9be16b29dd7e0c31e28ceba0ba2bbf7aa61683213557c862c326aba9,2024-09-20T12:30:17.483000 CVE-2024-4716,0,0,17dd73abada87214ed7c4da9787dcdd43aa5089416e4d3395c3029d4b8a776fa,2024-06-04T19:20:47.230000 -CVE-2024-47160,0,0,3f6af29a5418c0ea31328b241c0a67d429ed0f2ea9a2a4795d9856d4f3850696,2024-09-19T18:15:10.013000 -CVE-2024-47162,0,0,7a918a68f616964c3a64fa06f015fde786d9abd7d452c1eb72d0cb1650c8a0a1,2024-09-19T18:15:10.227000 +CVE-2024-47160,0,1,16bb0f9cd0f6022d45fac0850d9090a427ec1683eeae8aff594828c8298e10ea,2024-09-20T12:30:17.483000 +CVE-2024-47162,0,1,7b60fccc4e2164a6b5f94202f004482d3a6e786c10ef3d4ea569a8ab88249643,2024-09-20T12:30:17.483000 CVE-2024-4717,0,0,7921e256cd1b57dcd690590999b44ca8d29db58a18405deda5f12fdfca691aaa,2024-05-17T02:40:34.317000 CVE-2024-4718,0,0,2fda56f630ea417950b3260007ed553b407a44c514b05be289e283a21ee915c1,2024-06-06T20:15:14.717000 CVE-2024-4719,0,0,5f15010ce3da97593d62bd8e5cbd7e4df0db8fec077945fcbb72e898184ff8a0,2024-06-20T20:15:19.763000 @@ -260788,7 +260788,7 @@ CVE-2024-5166,0,0,5c544eab21844e01fabd3874ed7776a55145987bd3a510311ad16f12f33bd2 CVE-2024-5167,0,0,a26d674346a63d8730649864e3fcc22e33fb8b5877ed990bcd49874aef8d8c48,2024-08-01T13:59:41.660000 CVE-2024-5168,0,0,cbe1b6c96aef7b506dd526cf00951c936dfc5233fd9563b4af0bf7fdab7a5899,2024-05-24T01:15:30.977000 CVE-2024-5169,0,0,882a6aa1fee4c71f4df51ce353ec6b27431ae776e2b2b23b3c5ba8c59ca21797,2024-08-02T15:00:10.200000 -CVE-2024-5170,0,0,5f1db528726dd323875861e074726283fef856faa90ba432082a43f6bfafc650,2024-09-17T15:35:12.693000 +CVE-2024-5170,0,1,391a03e8162665a6158987d43ca861d0d66830b727cfe85b8d6847ec08923be8,2024-09-20T12:31:20.110000 CVE-2024-5171,0,0,dd574bf92e93c62d270c5e3b0cb384556e01dba1d43a5b9db2a02845fa564cb4,2024-07-23T18:09:56.753000 CVE-2024-5172,0,0,b469524ff2309ced9aec08b056578c23e8b8b5248adb8fcea2b38cb214c81275,2024-07-05T14:05:48.213000 CVE-2024-5173,0,0,e808cbd0ff507575dfa32503bcc3a2123c9461298f1a4a4ef8cd294367da6464,2024-06-26T12:44:29.693000 @@ -261246,7 +261246,7 @@ CVE-2024-5678,0,0,afe74031d89f42a567cee8ccb637e89bb2adfa159544a8b4a6426bad0bf894 CVE-2024-5679,0,0,0839965cde25fea3aa350fa717eb81302bb5423efd743b60fd44dbd620732a01,2024-07-12T16:38:44.027000 CVE-2024-5680,0,0,4b89f5f26e3b07478091cc4705b6bf03eb5b6d7ef8a454176f219f6262119e02,2024-07-12T16:38:49.670000 CVE-2024-5681,0,0,ba69ac569d7576d195fd1b6967a53d4cc4e5811e9ef97dab1bfc2916a4020575,2024-07-12T16:37:40.303000 -CVE-2024-5682,0,0,969b6f3cda4ea4b8882cd9ee8eb2594b87a5596afb164c53f79c5e3a897da379,2024-09-18T14:35:06.033000 +CVE-2024-5682,0,1,4e663b84e46992ee9e8018abd9de5b15d87664435ff9d4210ddce72352a3ea9a,2024-09-20T12:30:51.220000 CVE-2024-5683,0,0,d868b38bbdf38c932e73ada9d6770c9e54d9ba7e4690e6e76a9813e02684500a,2024-06-24T12:57:36.513000 CVE-2024-5684,0,0,6dc10e55a9350eba996ce70432d644a2a60e5231b687551b107b8ab41fb44f1c,2024-06-11T18:13:30.163000 CVE-2024-5685,0,0,08c398f5d772f4e953acbb7297cc0e7eb76495399d04b916942753d822d0eb8a,2024-06-19T09:15:12.173000 @@ -261476,9 +261476,9 @@ CVE-2024-5952,0,0,4b0244413edcc544ed5c05479b5dbc3eeb5d75652ce440b39e8ad3eb0aaa28 CVE-2024-5953,0,0,0b3a2e806b18666b2c6a15758894da60b95802ead709b5c7200c052eff2cbfed,2024-09-11T11:15:11.350000 CVE-2024-5956,0,0,420ebddf13dc6945f3b24acaba57b0a6b03370d22cfc4e076d52d9e45c18f699,2024-09-06T16:25:19.253000 CVE-2024-5957,0,0,c06bad62b3a76beb3abdcaffc89e2e904ca620c6e7deccb3fcebfda71eaf22f8,2024-09-06T16:24:23.317000 -CVE-2024-5958,0,0,eb1f208f756febdf31da5f71c45b0e34465f30babc97c88a7e7c51e662e6457d,2024-09-18T15:15:18.510000 -CVE-2024-5959,0,0,95bf313e7e72966f30a3e12fd340025779a485583f7f275e9527de048f4965de,2024-09-18T15:15:18.623000 -CVE-2024-5960,0,0,3c93a6aa2927884a82438d1c0ef1d4ab36a1bcd826d98efeecd74446d52f871f,2024-09-18T15:15:18.740000 +CVE-2024-5958,0,1,5c53f34842b02ddd31be557a86dd847cea641c8617663e1a692092665b6afc1d,2024-09-20T12:30:17.483000 +CVE-2024-5959,0,1,b5e5d3382199d22c1eb6f0e776d7f4a26ce8f4ce01bec7f8a3a25e5c26c71c3c,2024-09-20T12:30:17.483000 +CVE-2024-5960,0,1,08d4190dec7d2e7cd2f433fac2a0991cf0ffea83580db402c19748bdadf3c281,2024-09-20T12:30:17.483000 CVE-2024-5961,0,0,458be8cb6fdb0d558a4d51d11b5f294250dd9695661afd805b88290bb2df249d,2024-06-17T12:42:04.623000 CVE-2024-5963,0,0,a4cccf44b2eb0314cba658473713210aafeaf2066181b69f96f839930da4f321,2024-08-06T16:30:24.547000 CVE-2024-5964,0,0,d6f5f38a4c6449f04f742ee04a5db3f604bc83ddff32647d9051bd1d156e71e9,2024-07-18T12:28:43.707000 @@ -261511,7 +261511,7 @@ CVE-2024-5994,0,0,c1974f8e417911883c192155213f25e6e809cb75c20fd828172f5e744b8258 CVE-2024-5995,0,0,8d0649a03e9f8bd101521287664fde419efa05e0cba1e926a7b9f4f0e9253177,2024-06-17T12:42:04.623000 CVE-2024-5996,0,0,ab938dbc15262bb65cf82c58e85d96d3d9a41bba3218e574f8e961fd3a4906a3,2024-08-14T02:15:04.567000 CVE-2024-5997,0,0,f617c2b08e97b588522e326e884bd8b2d7e5f36631694be3e5e4c23ccbcfc0bd,2024-07-19T13:01:44.567000 -CVE-2024-5998,0,0,18a8f18c01f8cd084cedcbcf7523b38c7505e86c060fb26f74012dc5e676744f,2024-09-17T12:15:02.977000 +CVE-2024-5998,0,1,cb47ce11848332fe3456b89a3a0d74b1e195ba8860cfde79b404aca567671e26,2024-09-20T12:31:20.110000 CVE-2024-6000,0,0,4ab86aa4bce235d1120437fd5cb3b34fb6bdae181005ebaa070e8c0afe83cf87,2024-06-17T12:42:04.623000 CVE-2024-6003,0,0,14279c0384813c4cf50ab75a79953f2b0469d9bedd7f76c2b6cebfd90962fd14,2024-06-17T16:15:16.027000 CVE-2024-6004,0,0,4b0764617f658896fbb875974633cf86b65018a4f2f72789370b5c7f05c7592f,2024-08-19T13:00:23.117000 @@ -261863,7 +261863,7 @@ CVE-2024-6401,0,0,fa456b2019a7777fd8925c5cdb042b2ab101578127039e040c74673bdb8b6a CVE-2024-6402,0,0,2dbb843b8ac3a7858f42e0a7205d0fe42cc4e1a6d0db6e5033a007b00a2a1ef3,2024-08-30T21:08:54.327000 CVE-2024-6403,0,0,9d6874f85ed8785db48c417cc57cf1b425db80cf3f43ac931de3a37049d75945,2024-08-30T21:08:04.557000 CVE-2024-6405,0,0,2f2aaf52bab49b757e1ad90b974deb9c303ecc0ebed2850b0a99dd7bdb5e4a9a,2024-08-20T14:00:07.663000 -CVE-2024-6406,0,0,871ca980964c0056352381de8c4ffb10cc84b51fe41a9a6d040493d18de5192b,2024-09-18T12:15:03.370000 +CVE-2024-6406,0,1,0e0a583345faa4efde14b6ddf68412c0f9ee85c53009841e03cfd0f6ed72a0d3,2024-09-20T12:30:51.220000 CVE-2024-6407,0,0,12314028e09ddfd135bb748e0530e9ce4aee25dcaa6c2bae62524650d54b655f,2024-07-12T16:36:34.747000 CVE-2024-6408,0,0,560f6344922c296035b0717025e77a13b366c296a6767546b7234de1c853f80b,2024-08-01T14:00:21.483000 CVE-2024-6409,0,0,9bcf73b7e73de600a40e8d67921dca9ee633e58d1be7205c1cbcd58e7e7c039b,2024-09-12T20:15:05.567000 @@ -262050,7 +262050,7 @@ CVE-2024-6637,0,0,59f76fa21430fd2f815d25b14c560949a8f50f1f9b39a99ada5c48c5c42ab4 CVE-2024-6638,0,0,e1ef78f4a331a1760f078cffbff2fa855ff8b1eb633d9ef9812bbb8cfee1af62,2024-07-24T12:55:13.223000 CVE-2024-6639,0,0,b0961b2e4919c622335aabbfc385d1eb275ee15e95377de0fc4654e6fe695570,2024-08-12T14:46:23.463000 CVE-2024-6640,0,0,9ee47aa53dd102db483256b30926c63cffc6a6337fe30ff4760f8de568b66f8d,2024-08-12T13:41:36.517000 -CVE-2024-6641,0,0,fc48afbd07714902932ac7ca9c80a4df48bc38a3e3fded50001d4232b0ae9676,2024-09-18T06:15:02.490000 +CVE-2024-6641,0,1,3d05132a20747fac8fa1cc6f02dbd21478929755e3cc1237bf6b1290468bc186,2024-09-20T12:30:51.220000 CVE-2024-6642,0,0,8d96c1180af1047f7b667e53dd25106a95583c9fef6033b783f527ef0b9e4e6b,2024-07-10T13:15:11.140000 CVE-2024-6643,0,0,c4eab211147138bb5613809a885f81bacb4eb0fc3c1e7955b1f331b632c0ef4a,2024-07-11T10:15:02.650000 CVE-2024-6644,0,0,0f2d20ba591a113ddb0330b932f8a246adf881e1931b22ed31564a539ff168f9,2024-07-11T13:05:54.930000 @@ -262082,7 +262082,7 @@ CVE-2024-6679,0,0,193698b3a519c2de1af0fd23f7e404e2d54c730e4704d97d0092b63ef1c812 CVE-2024-6680,0,0,131299d0989a76f846afb0c8ae15f4692f1a0fdd9931fad30c165660cd1232fc,2024-07-11T18:09:58.777000 CVE-2024-6681,0,0,fd87484dafd740c0f788720b14149eb40f6b6d8ce371416d0e039ce9acf82071,2024-07-11T18:09:58.777000 CVE-2024-6684,0,0,5077927f346cf8d394fd9a76287141cc3d9bbdc383e5155cbda2006a142ade04,2024-08-13T21:15:16.377000 -CVE-2024-6685,0,0,c73132e3e30f28daa5844f63e635bbd199e3e2e9f4f8ab1a7703e5830c55e099,2024-09-16T22:15:20.917000 +CVE-2024-6685,0,1,1b1e642f0782c4b0916bbf07195a255a39c6a7175e9d85f17072032fb70a2ff4,2024-09-20T12:31:20.110000 CVE-2024-6687,0,0,ff47b1397711b8cc3d93cfe454be390cc9012eec28a4b5d25b3eacdb0bcb37ed,2024-08-01T12:42:36.933000 CVE-2024-6688,0,0,f3f1be58bd1e1f5bb790bc2c9a8d143be302970d5943f04009242d4003685b5b,2024-08-27T13:01:37.913000 CVE-2024-6689,0,0,d40d4a6e022419e83ed34bb3a74eb0d24556e6d76f7b0a592f90775a9d52873c,2024-07-16T13:43:58.773000 @@ -262214,8 +262214,8 @@ CVE-2024-6872,0,0,9eb628e3a6d1ea0380e94dd099512f5a2f74ddb0ba75bf9a102e83ab13e260 CVE-2024-6873,0,0,8e5db8bfa0491746f29814d1d8249a1850325cbcdbd09b52dbf90709e95d212c,2024-08-01T16:45:25.400000 CVE-2024-6874,0,0,805a0b27cbdf811d96209b292e2d5909e967f9d3161226db1f6fe45d6b995555,2024-09-10T15:27:04.190000 CVE-2024-6876,0,0,743577dc92893ad331003e5e7d748a3bee9fa96e904d71b602ea86d0aeed6917,2024-09-10T17:43:14.410000 -CVE-2024-6877,0,0,c778de9272c5a8813b8beccd6fc852d9bef42e13437f5fac87efcad188a03490,2024-09-18T15:15:18.860000 -CVE-2024-6878,0,0,53660dcd49b4f705db523366433f8adfcc9655cb9f439629eb565276cf1fd2dd,2024-09-18T18:35:14.400000 +CVE-2024-6877,0,1,8b4e60ee8aa4c0f56e9328cb39a71b81676511f2a9657afb6bcaae861b0b62d5,2024-09-20T12:30:17.483000 +CVE-2024-6878,0,1,f5582059b5d1bf17731a698db689103b20b34785921cd291277cac7bea80d487,2024-09-20T12:30:17.483000 CVE-2024-6879,0,0,6dd99f7574923c6a0220f28a1253b4ac8ff29b09a2650b86b7b021e79b9e4f08,2024-08-28T15:35:24.120000 CVE-2024-6881,0,0,9eb1bb1325feedc0a442bcf6c20b4ef8c1194f18829a36ce47ae950cf638d18d,2024-08-27T11:15:04.740000 CVE-2024-6883,0,0,17af31f8537d0ebfdcc29735e63f85da6d525c783f08d8df80e6d71ccea2f1ba,2024-08-21T12:30:33.697000 @@ -262280,8 +262280,8 @@ CVE-2024-6944,0,0,7b965a61c0ec04909ebf3b2d64fc3cac19dfdf0980bcfd6393e8e0769c3fc7 CVE-2024-6945,0,0,fe7643eb8a7b51df3743099b1ad67c8dd1ce3b9c85ea5a20c342990508ec4fba,2024-09-05T16:14:31.237000 CVE-2024-6946,0,0,df228dd2d7200de27b517d29f9641805aeb6beb3f4080f036d115266cf455158,2024-09-05T16:14:28.857000 CVE-2024-6947,0,0,d9680f8f56c52ed66ccf8eaad5c9080a87e7a6242d8c371c2239db66f7a5aa2b,2024-09-05T16:14:25.513000 -CVE-2024-6948,0,0,0b9fbb236c6e3f5ea21d1e35e20ae66f7f191a5cc171b7ef9247f18011e040b5,2024-07-22T13:00:31.330000 -CVE-2024-6949,0,0,50fb9ada1c84c7692d0a258888bcfbeb043b4a29416a40cdc9f5aa2aa0edc74b,2024-07-22T13:00:31.330000 +CVE-2024-6948,0,1,e8893bdc7d23eb6f47404beb90f1838fa38f07b6038322b2469e0bfc6b6296cb,2024-09-20T13:41:59.217000 +CVE-2024-6949,0,1,466117e42db1f6ed03ed03128ccf0b37640bdeae471f2fcdcc65685f3c7def4b,2024-09-20T13:39:10.090000 CVE-2024-6950,0,0,eef15633338af4a4d46f21c9ea1976ad7775894e17137260e2d107902fc3b3ff,2024-07-22T13:00:31.330000 CVE-2024-6951,0,0,ebbc0494a46d3e9d3d9e38f19f55f076805f950ade9957285c0b9a9903fc46f8,2024-08-14T16:34:39.177000 CVE-2024-6952,0,0,918977008643369bfcea6db43d9f8d1eb39335c72e76787e42816cbd089da27d,2024-08-21T17:41:15.617000 @@ -262459,7 +262459,7 @@ CVE-2024-7202,0,0,cd873862dd9c581add7def3fb09e4d862139cb04eed28a9bf2f7047259aa2b CVE-2024-7203,0,0,9623065bb1076b933803b0136efc271bca239649fdbd7e41cb52d273c630ecf2,2024-09-05T14:33:17.567000 CVE-2024-7204,0,0,1bfd5eea41034a87a8406d1df422953de68b7d6759dfb1054c8215461bee3314,2024-09-11T14:23:45.127000 CVE-2024-7205,0,0,f8b1cbec46ea51b223aac866d1ac39ee6fa7b6e832e6e62020df5a45e4b00643,2024-07-31T15:15:10.993000 -CVE-2024-7207,0,0,ec6876a3a8cbb954a7c08488c7eb383df8f0896162750164c6110f4c6418e185,2024-09-19T23:15:12.337000 +CVE-2024-7207,0,1,20818f32fe2bb704fccc065021bd5b1db8e154a6eefd90303159ea299821a11a,2024-09-20T12:30:17.483000 CVE-2024-7208,0,0,23976b9c97cfc390397ceda1fa9cd6b5d178a3b311c11fb9c9f129febf7d4e73,2024-08-02T15:16:37.420000 CVE-2024-7209,0,0,70d88ede2ff174d67b44db29b9d64c217e00f13cf62689936f75e53f7397ee7a,2024-07-31T12:57:02.300000 CVE-2024-7211,0,0,92a84d32183c8fcd0c3fcd4c786a37ad4d038da054671ef7ebf12a51168571d0,2024-09-06T13:23:07.237000 @@ -262485,7 +262485,7 @@ CVE-2024-7249,0,0,73974231501387b12eacc736781f51c9d8ec8d78fa61d8eb72875d86090b0d CVE-2024-7250,0,0,2714d196410008034281d23fd2726bb5d251b721e04c2e3643d0ed11cf2d609a,2024-08-20T14:58:56.213000 CVE-2024-7251,0,0,e880a7a9378bf8b927f40852329063562fbba4ad5a97a9957dc1093c25591f2f,2024-08-20T15:00:02.603000 CVE-2024-7252,0,0,490536b1b267bc05e09f33c429c150806f5477f059597f5cad78d37cad62a66a,2024-08-20T15:00:39.470000 -CVE-2024-7254,0,0,3688d973c29636dacce7d4506510a3924f445d0d86eedd2628144c1ce48621d0,2024-09-19T01:15:10.963000 +CVE-2024-7254,0,1,8400894e8711410825184771bcde9b50c684e58b49dfe4878e8d0a79485e219d,2024-09-20T12:30:17.483000 CVE-2024-7255,0,0,a4eb887a2aa91b61ced64af6faa636cef124d2fd1032af5abcd1e986918698ff,2024-08-16T15:23:19.167000 CVE-2024-7256,0,0,28c6c5405ca0661376f4706f7e75647b14826bc648847c0c2ef29d4ee5bafea0,2024-08-03T18:35:04.003000 CVE-2024-7257,0,0,e6ef266df52e25692b132cfb6522d79defb5eb3e548daae54be1d69b0c3ab16e,2024-08-05T12:41:45.957000 @@ -262600,7 +262600,7 @@ CVE-2024-7381,0,0,ca7cc8a67702d68f3387a7110e4857f594b40c8a2313eee62c5e5767902903 CVE-2024-7382,0,0,38dbfd05201dede10e421fed3e3b0d675c062e51a3aa3f6428b06fad8a88c553,2024-08-12T13:41:36.517000 CVE-2024-7383,0,0,d2737cd69fd6977c5ff3be04ae298e1bf45647197e69a7bb44ed13fcf569259a,2024-09-18T20:15:03.760000 CVE-2024-7384,0,0,959c51f9d9089f82b75c53d05c8efe51e41a9d17d895f5f42948ac7d882f9351,2024-08-22T12:48:02.790000 -CVE-2024-7387,0,0,02e3ddf0d1b53309fa616b29b5397e6bbcf37df8e8f5e06d91f5505bbe8c5d56,2024-09-19T20:15:07.277000 +CVE-2024-7387,0,1,de7380b259c5cde0120b2e8a809f8a10a35a7d4a44cb8d5f57cbb1470484b8a0,2024-09-20T12:31:20.110000 CVE-2024-7388,0,0,f17b6292d40b8d2d9d22865fdbf912ed4604c49db111ea9e78f67fdbb858de85,2024-08-13T12:58:25.437000 CVE-2024-7389,0,0,a5776290ae762be985431158def3f2d002b265ca6a95ce830d8f46206854f21a,2024-08-02T12:59:43.990000 CVE-2024-7390,0,0,7895dab66ddc704219ddf6d579bba9623189661f47faa0372744a2c8c5dc8ef9,2024-08-21T12:30:33.697000 @@ -262855,8 +262855,8 @@ CVE-2024-7731,0,0,e84a2998e171304858ad1fb8b038e10b362c1589200ef021af448b39d41434 CVE-2024-7732,0,0,8a3c8a90acf6f5b098dbde4b61fbc477d38ff395fb346234319b59a8d03915b0,2024-09-16T16:49:31.427000 CVE-2024-7733,0,0,6e2d7bf1ae3b63c8d3634c7048b79cd280171ae70720629e0842a624f33387c9,2024-09-12T16:20:49.503000 CVE-2024-7734,0,0,ecf2761e7c92c768ea860282a3ce0e06a2c71cea4892b743b02acfaa994cd50a,2024-09-10T12:09:50.377000 -CVE-2024-7736,0,0,793266d0f87a5b7f5db686013fb7ca43b6829c1d4a302cdbd16f9330a7e437c3,2024-09-19T16:15:05.520000 -CVE-2024-7737,0,0,b86114bd3b9828440bffc5c6b86d2465141e10c2d700271feb71bbfa3f5d7169,2024-09-19T16:15:05.727000 +CVE-2024-7736,0,1,ce9247efde023705af1cb8ccc6da7b14548eb91ae5af047fc841139014aac596,2024-09-20T12:30:17.483000 +CVE-2024-7737,0,1,e53dd92d3b129d88196d7c1a6ef282a1ba660eaa21af254544f958cbdf414541,2024-09-20T12:30:17.483000 CVE-2024-7738,0,0,77baa8ad9219363c0b9f8c974088b914a426a11beaf2249218dd53ceafa511c2,2024-09-13T16:03:45.013000 CVE-2024-7739,0,0,93ba2cd98f674046a013ca0d04355005a6712730837693604a9e1ff7550070b5,2024-09-13T16:03:11.377000 CVE-2024-7740,0,0,b6b97e22b2a1c91ed733b5ea0db90c7ca386835aea8a2536d78b137aa899a052,2024-08-21T19:06:30.707000 @@ -262883,9 +262883,9 @@ CVE-2024-7778,0,0,3bccf24c2d6c26e9b97b53b6049aaebd5856252add9958ab8944d96a94251b CVE-2024-7780,0,0,45e331e41470c18e0d898be4bc1931dca39faf6b7f4d412a460044104575abbc,2024-08-26T18:19:59.907000 CVE-2024-7782,0,0,9772cfc0cffb104f900f553126e5bb2a4b326e29588ceccc59352666287dfd99,2024-08-26T18:21:12.203000 CVE-2024-7784,0,0,a1673633f8befe483b8c481cae0c04073b4df8acf7cf90d7ad7fd806da35778c,2024-09-10T12:09:50.377000 -CVE-2024-7785,0,0,3eb9f59b64f4cae75cd504cac8483699ef5125a604958fd6f53bf3c26ac46d09,2024-09-19T14:15:17.583000 +CVE-2024-7785,0,1,a72f8e02860a571fa21aeee74639693caaa851e87622e48dd31b51d79a961437,2024-09-20T12:30:17.483000 CVE-2024-7786,0,0,bc9bd7c5c069bb8c59f5ac773821571e1c9df29939aac0b9b15b34e792ea7a51,2024-09-04T15:35:26.560000 -CVE-2024-7788,0,0,3b4d1f23925297b53f8a8a821c730c1c5a9f445dc61e358a0b68dd69b89b6959,2024-09-17T15:15:14.413000 +CVE-2024-7788,0,1,1cbc62d355ff23f10e1f49f85ada50f3b74eb2ce125c7c2fd76f4b77e31f8f80,2024-09-20T12:30:51.220000 CVE-2024-7790,0,0,456afed422d8355372643bd567f11679217bfde5ad866de9b559c62284a4c756,2024-08-20T19:27:28.757000 CVE-2024-7791,0,0,7416656b44e86a668ddf90bfa89c01f36bde25a07c507963ab58656b2d115a3d,2024-08-27T13:01:37.913000 CVE-2024-7792,0,0,780efb1d4f2f4b2b409fe743d3f22e99dbfd1dd19ca4b6135b1d10d208fddc9f,2024-08-20T19:08:12.970000 @@ -262948,7 +262948,7 @@ CVE-2024-7867,0,0,cc4e8e2cbae6cc9c2393332b56b3dc1a7160836d4b3b7919e8d1234e73599a CVE-2024-7868,0,0,c4ea1bb97a13baa8d231995b3d29c0db15f328b428d9b25a1a7a0b4c8b9c1d1a,2024-09-11T12:40:01.817000 CVE-2024-7870,0,0,4141f264a23149fdea486ca620816f1c3f41138cabf6c23297e955fee3254fb2,2024-09-04T13:05:36.067000 CVE-2024-7871,0,0,d47ede6ca23d1578a9b705a8257da890832c1e69392e6414a190c6fb054ce14f,2024-09-04T17:34:14.630000 -CVE-2024-7873,0,0,f5b47e1fae6843a68da1453efc0beadae64e0f4319f9390c480de261438a8dd5,2024-09-17T13:15:04.003000 +CVE-2024-7873,0,1,206d8282726d748a6a41b367b674a966213f9d6e3053dc261b740ef29ffe8ab7,2024-09-20T12:30:51.220000 CVE-2024-7884,0,0,785c516d1dabe55fa31f7695706ba6a05f994a8f8d63c46081a0777ad4e173ab,2024-09-12T20:47:13.387000 CVE-2024-7885,0,0,b180edc3f841635966345269d0abc3580da7735701efbdcde3f656f6bc9ddf46,2024-09-19T20:15:07.410000 CVE-2024-7886,0,0,b8c1f856b8479c6982faa8a2fc4a6d8b2480e045b8b096d9bd3b8640a06eb6f3,2024-08-19T13:00:23.117000 @@ -263057,13 +263057,13 @@ CVE-2024-8035,0,0,e11fe8c378f080395f404658baee2e1c5cd70ef826bdf0b13fe46f85c653ad CVE-2024-8039,0,0,75dd15cbf64fe4bb3f25b4e678f58a350c7ac0d4791106998aa5586c640f03c8,2024-09-17T02:35:59.503000 CVE-2024-8041,0,0,d1a08eb64fa9104259a4b82950c39baccb3cd8ac76a0f9fe28938628a6898399,2024-09-11T16:54:10.997000 CVE-2024-8042,0,0,e4aa4e1a36a07a1eb78e15d1333e45b76f368de2e361b8c314d2f7b5ac3ec00f,2024-09-17T17:25:02.330000 -CVE-2024-8043,0,0,25cc750c1561b848d56db710d47ec2a57c19c3ec63b4b6f24b30593e2c09a688,2024-09-17T15:35:12.877000 -CVE-2024-8044,0,0,4243a832aff712bd3fd7410a67dad34070597eed1acc2d07bd00c4bc8956aeaf,2024-09-17T15:35:13.050000 +CVE-2024-8043,0,1,72068f1b94ed25675f4b4c3a0c59b47266d4077ab704f6b2bc67e237c033a67c,2024-09-20T12:31:20.110000 +CVE-2024-8044,0,1,66a840b3b744914aeb912493a88172b219c2bc4688dd089a25891a08edff7e40,2024-09-20T12:31:20.110000 CVE-2024-8045,0,0,05d36d75d042c2c9517546223100d3f67299fb6baf521e764ed39ac43e964a74,2024-09-11T16:26:11.920000 CVE-2024-8046,0,0,b737fce0801d82db74076beb4b2a2085f8323b47e71780060f37f6f5c3050f1a,2024-08-27T13:01:37.913000 -CVE-2024-8047,0,0,c6d5beab1d769aefe31892e81a4a85e212d80bef0ae14127b5e7b859c8550987,2024-09-17T15:35:13.230000 -CVE-2024-8051,0,0,63a59cebc71fe9037a7ecaf2d96466a10cadf2c1ef6a50b403b9c82d638551c2,2024-09-17T15:35:13.407000 -CVE-2024-8052,0,0,62022b7ff92cd79bb1b57fa93f7ee8130af7c70b6e3cec2274c2270fcaa11cf0,2024-09-17T15:35:13.577000 +CVE-2024-8047,0,1,451c9202eb5241e7fe3b1625d48b44a3fdd0de8dfb43ec8dea1780c6029fedaf,2024-09-20T12:31:20.110000 +CVE-2024-8051,0,1,ade2868d9ae58e3ed9fdbe86321a68577a09272a7aaa4d41ebc01d4d6d38b883,2024-09-20T12:31:20.110000 +CVE-2024-8052,0,1,9362653a8df0667559bfef0475423206ce6d50dc0482453f0658dd7cd2d7742f,2024-09-20T12:31:20.110000 CVE-2024-8054,0,0,cd3f21fbab232193f2e1023cd4fdcf2e5fe80aa9a017de7b992adfbc243b258d,2024-09-12T14:35:22.300000 CVE-2024-8056,0,0,5fb88a6ca250e6ff67f8a1ef0c841abbb4c8f2529c05613c2143403e703e96cb,2024-09-12T13:35:23.340000 CVE-2024-8059,0,0,cfbf4f8f44b252e848882465d205a6335741f212b7c8eb409750cba9932c228f,2024-09-14T11:47:14.677000 @@ -263084,9 +263084,9 @@ CVE-2024-8086,0,0,1db8fbbbc3b8bbc355402aca80f0447c54000b25360ca3b1fa582aada4800d CVE-2024-8087,0,0,9e47ad2dfed1c8a4045274b6d757cb5a75d1e05917b45ee6f1489b72f67b871b,2024-08-27T13:19:35.530000 CVE-2024-8088,0,0,8ddda94d9e5d462484d35576871f82a931bed67f85a71db29ea75a996b1d19a4,2024-09-04T23:15:13.100000 CVE-2024-8089,0,0,e6e12db9d845890df3284b8f9ed104fa7a1183d91532c3c72d090f8235aedb4e,2024-08-27T13:21:22.927000 -CVE-2024-8091,0,0,6b3dc9da62c66bf0066f885412f67b3184c950edc9a372814c9c34487a962203,2024-09-17T15:35:13.860000 -CVE-2024-8092,0,0,9deab3c507feb4222a728d9e314e7e409515e40741b0e15c0cac2b9cd27b5a4b,2024-09-17T15:35:14.573000 -CVE-2024-8093,0,0,5ac0adc10753b493b0ffaf7beb4032ddc452cee3c7b2dd824f1365467e2015e6,2024-09-17T14:35:33.057000 +CVE-2024-8091,0,1,09118f3c00589f8d4c1997eff955d12cd62b8543f8682345521aa77586cd7711,2024-09-20T12:31:20.110000 +CVE-2024-8092,0,1,7c06444c0d58d3fdefef665a7cbb5d71888475a88d5edbe48a2567ad9f1bc27e,2024-09-20T12:31:20.110000 +CVE-2024-8093,0,1,28168b8d33552be411d6e6218304fae6f161324fc2f917deb7b7e8f539cabfb7,2024-09-20T12:31:20.110000 CVE-2024-8096,0,0,33268897f7f8b2273839db6d4e75fbc8fdf5f760a220b507e80b08e690a9edf4,2024-09-11T16:26:11.920000 CVE-2024-8097,0,0,9eb75255abcd069d744af59bd7e8120e62794401b3e1be4e7c495de1066a7b41,2024-09-12T12:35:54.013000 CVE-2024-8102,0,0,59b268e27a6763219f51e9e55e73ae4276fd3b992bf79726ec1ccd845c10f5f9,2024-09-05T13:28:54.747000 @@ -263094,7 +263094,7 @@ CVE-2024-8104,0,0,e0dd7af2b8170ad0cb122178cc67d0512cc1eb1562d671a3c4e0173a78c8b5 CVE-2024-8105,0,0,fdab1a8bdde46d997c9a9800b483d676df23e449425d94531660960b3c42e376,2024-09-09T21:35:17.320000 CVE-2024-8106,0,0,918839130e1d38968c976a0bfdbedb93d4d38744e55b3c51d6882ceb90663b73,2024-09-05T13:05:52.540000 CVE-2024-8108,0,0,8f1cde3e4e080de95c0957ccbabc0a49f644f40a04612484228affb54375e534,2024-09-19T13:37:32.203000 -CVE-2024-8110,0,0,70e34b8fb0e74179f102366e82bc6eb3331f20df821d46fd84d2bf4a81d1d1dd,2024-09-17T02:15:49.523000 +CVE-2024-8110,0,1,35b29aa278bc186f939dacbb87981e7b3283cd41ccc0818c634be4d5c87818aa,2024-09-20T12:31:20.110000 CVE-2024-8112,0,0,68d19c324dfb08f42fbaae63f6c41217ad9d464e632ed1f450780261e0cb818a,2024-09-12T18:23:22.507000 CVE-2024-8113,0,0,955ebfeb47657ee688d94f4a91bdebad900106533d62e5ae0eb920a40b616cec,2024-09-12T18:21:30.677000 CVE-2024-8117,0,0,8911918cea1d80613ef158836fc25c8d180447229a308c8b8d66c79bd51e5356,2024-09-06T16:04:23.413000 @@ -263205,7 +263205,7 @@ CVE-2024-8279,0,0,5d39f13bab18c8b062f816d8a34a66e17dacced8749261e8ff2d72add9b366 CVE-2024-8280,0,0,18ff93fe95d9a618cd1e9aa30ede1e799ae76756e814abae774622eee2d35ef4,2024-09-14T11:47:14.677000 CVE-2024-8281,0,0,315ce652edea1d53f877da56f47f4821a8fb50ce483f6ae9e053efb7b35fdfa1,2024-09-14T11:47:14.677000 CVE-2024-8285,0,0,44d06284adb5d71c65e8f3277866d5d546f57dcd495152060c7216923cd6bd07,2024-09-03T12:59:02.453000 -CVE-2024-8287,0,0,7e500053e23c28f6317e3f024a590b95e246ac37197a466d327cb9dff719182c,2024-09-18T19:15:41.073000 +CVE-2024-8287,0,1,2c020d0d6aac36c1319fc3ec1323c446fa5c8dde5a2fb1a60dc0818c66a91384,2024-09-20T12:30:17.483000 CVE-2024-8289,0,0,900bfbd861154484ed59254bdbec992d28a9742381ab830cf631e50b7fa985ab,2024-09-05T17:41:58.350000 CVE-2024-8292,0,0,ddba0ea03a741b8e444eb2158f82b5461df4d19adfc58fb2639bbcaaaadf6349,2024-09-12T12:37:18.380000 CVE-2024-8294,0,0,76cafe7a1838d9cd0244706a299f12cd4ba69ef653952654db2fa070ca07bd0d,2024-08-30T15:38:13.437000 @@ -263248,10 +263248,10 @@ CVE-2024-8345,0,0,bea7763926b715c0e51801ea13b0e6641ca2b2321817703caee6bafdff4fc9 CVE-2024-8346,0,0,b4457249ac6e42b712016be7384df47b946c6e796e6e27191d31db6f56c0933d,2024-09-04T16:37:22.077000 CVE-2024-8347,0,0,14715b4855076c65c4bf21be6c68b62e0d22e8650a0e63bf9f5074414663f3cb,2024-09-04T16:42:49.037000 CVE-2024-8348,0,0,d08ea1deaed5cbc2f4a773e843468145326bb3a1da186780c7ff7b6cd74aae9b,2024-09-04T16:43:30.310000 -CVE-2024-8354,0,0,7420c1c857038527c73a91c88aff8209c9653e6fba2044078da37c58273aab17,2024-09-19T11:15:10.440000 +CVE-2024-8354,0,1,c1d02a1fc95123a7759961217f307a83eec87733739438039b5b9ddbf5c0d461,2024-09-20T12:30:17.483000 CVE-2024-8362,0,0,54abf718b9bfba93199694e9f50bfa28d6dfde9a56fb3c77d91594ed8cbda92f,2024-09-04T14:35:16.777000 CVE-2024-8363,0,0,01e2f3c42ed63ca762fc774c70d7336df5274e0f5dacdde750731dfd76f769a2,2024-09-11T16:35:05.653000 -CVE-2024-8364,0,0,3e721283ebe00934a928d8628eb31017a2df2ef87556569b7955e4303aeb1f1e,2024-09-19T04:15:06.270000 +CVE-2024-8364,0,1,9f5476f9a6bec86fe4cba5d7f1cd84e4d4a8798e9cad5960d51454d0fb0d7481,2024-09-20T12:30:17.483000 CVE-2024-8365,0,0,81c889787151e95f50edc31d86d0d8800a4aaa4de596dc2a7252c4cbdeb9547d,2024-09-04T14:37:03.543000 CVE-2024-8366,0,0,be663b51eff047ef5324516e3dc05e341a7647978df6a6f91fe297f3f5c5eb50,2024-09-04T11:26:49.020000 CVE-2024-8367,0,0,5172ded1dd5d5dccb77f0059a7c6495922e642ce8e52859a1f0a60d7fb927bb9,2024-09-03T12:59:02.453000 @@ -263262,7 +263262,7 @@ CVE-2024-8371,0,0,7b748619aff48ca851aaa4522abab6772c72472a7e35dd23e50368b3e39076 CVE-2024-8372,0,0,ed7416684bf8c992c4344af2dee1225532302d263529a8756259e179ed722aa5,2024-09-17T17:24:21.793000 CVE-2024-8373,0,0,d1a5cc99924a2151520a8ea490fb3d660801248a7f2168e9fe7f0fc9057db80c,2024-09-17T17:32:33.380000 CVE-2024-8374,0,0,d48dc520ae709311b13e321521d105dda894c6710801eb063d42db744b0094d0,2024-09-16T16:44:42.403000 -CVE-2024-8375,0,0,aaa7aacdae353ea1e1868b53188416f82d46294c587bbf7a4322d9966d07dd9b,2024-09-19T16:15:06.023000 +CVE-2024-8375,0,1,58cea17ca7f7a98f8126bafea3caa90f64ce326ce0b828e067a1c86c7d982ac6,2024-09-20T12:30:17.483000 CVE-2024-8380,0,0,036c8c11a05ec98776794766e58c3583b3eabb4c67c37c1216e0519e7baf5609,2024-09-04T14:58:49.450000 CVE-2024-8381,0,0,71cd6342a2b6c00c154431956e1e93b11926fd4f87284990ba91ff899e315a4c,2024-09-06T17:15:17.573000 CVE-2024-8382,0,0,6313fe051491464f5060a11c4fbfc0623b9d0d82cc5fbeccd812557ff3cd8b8d,2024-09-06T17:15:17.677000 @@ -263313,7 +263313,7 @@ CVE-2024-8473,0,0,0d318dfea88475fed5cabdbe761e188358c3ae35cd6d226ef3fe46f2f9041c CVE-2024-8478,0,0,e333806b3f124cdccad931974c458d04f248d7fe56143afacc5e05746f5f352e,2024-09-10T12:09:50.377000 CVE-2024-8479,0,0,ebc1b71f85a05f962bbf3240dbf25e3c46169d29151d0e9a76238a49b2d94dd1,2024-09-14T11:47:14.677000 CVE-2024-8480,0,0,6f63c0c2b913be669f1e72f74bb0555ea9046fdf00f5eabae51a6bc6bb95358b,2024-09-06T12:08:04.550000 -CVE-2024-8490,0,0,cd43fa149fe90bca2eda91b8754b977ff280f5e87ebc6b8acb93d3ce2649ba65,2024-09-17T08:15:02.227000 +CVE-2024-8490,0,1,6e5b07e5bb4afbbb49aeaadda950eceaa124fac4979667ae64ac88188fc2314b,2024-09-20T12:31:20.110000 CVE-2024-8503,0,0,9f803200a857fcdb413b5557fdfb30066c33963fff9f6132df8887c5f7ded0b9,2024-09-11T16:26:11.920000 CVE-2024-8504,0,0,8357da8291f04353fac31874868f2eb40b31e26be1555ef771437bf9554e80e3,2024-09-12T14:35:23.173000 CVE-2024-8509,0,0,72b678ade46a23d1db65e1dfb65526568e7875d83752ef0a47b4a7edfeaf5ddf,2024-09-09T19:15:14.837000 @@ -263373,14 +263373,14 @@ CVE-2024-8641,0,0,6714847a0a2d7b4da8f2ecb0f7b3c9e94c4657d9429961f088a44e0537d838 CVE-2024-8642,0,0,2aae0632e6322f09814ded77019a17c6bdd3adefc0841a6f6e92e4043db21740,2024-09-19T15:18:47.917000 CVE-2024-8645,0,0,a9ec59eb761dcf7b03b051641e3314ff9102e8e55de30e4e3a512e1bddcece61,2024-09-10T12:09:50.377000 CVE-2024-8646,0,0,80914337a2bd562d2db1f36aec06ad883cb607d6cc039af494590eb0a0b50d8e,2024-09-18T20:20:51.643000 -CVE-2024-8651,0,0,24c43d83d88e55ccb42455ca7f2a06a85f1137676fd4c59e592afc727b0a6f4f,2024-09-19T17:15:15.173000 -CVE-2024-8652,0,0,01de35da454bcf77db821c9e18f381f6885088365f6408939562cc6f4bdec039,2024-09-19T17:15:15.360000 -CVE-2024-8653,0,0,30c691d97001a678d25f8d3bf4fef38ffd5cd2e38e7a3f0a9c9d02b4c7c9017c,2024-09-19T17:15:15.503000 +CVE-2024-8651,0,1,d07f788a1fce7cc478875ab8c67dd426c6e15d79917420b822efc051a2281f62,2024-09-20T12:30:17.483000 +CVE-2024-8652,0,1,76161e787e4034f708343f03ab5a9458141a77ff2e52f6236d33091b77d95536,2024-09-20T12:30:17.483000 +CVE-2024-8653,0,1,c909119d0d8799a4034c29027498dca4bcab65dec11c7679192bb2d33b2ddaa9,2024-09-20T12:30:17.483000 CVE-2024-8654,0,0,9ff4197fc4fa3acdeeaabf5d042cf9151def7011df3ee9c1e3c9b932ce455541,2024-09-10T15:50:57.713000 CVE-2024-8655,0,0,ae8f7bc5241b7c169a5dccbcccc728c3b8a01d5ae62a1e846fce72d64496b2eb,2024-09-11T16:26:11.920000 CVE-2024-8656,0,0,fc862011d1e771531d08fceed2dec553d3fda9d67ee9f88d486fa676eb49a82a,2024-09-13T14:06:04.777000 -CVE-2024-8660,0,0,ab82c7e26f005302fdb808ebba97a9d76ec0191b3c422bb767ece84565812250,2024-09-17T19:15:28.953000 -CVE-2024-8661,0,0,9faf3dc478e32d3a199dd2057718464b08fcf94b97b6a44aba36d8ff5090e7a8,2024-09-17T19:15:29.053000 +CVE-2024-8660,0,1,0da75e352d52fe6afb10b3e2a9af84416d212299b86a523addb948399a5c700f,2024-09-20T12:30:51.220000 +CVE-2024-8661,0,1,0afd1b1d511a5cb974c5ec483781301a64c5aef2b66e34c656ba899fea9e8652,2024-09-20T12:31:20.110000 CVE-2024-8663,0,0,95df1e4ddd212aa242aadc3c7cf5dbe906cc5735393ec0be59f396093ac78f31,2024-09-13T14:06:04.777000 CVE-2024-8664,0,0,2555823c9f06fc746960b11f9d47a03631001b4434e03f9cf5f8083f2818653d,2024-09-13T14:06:04.777000 CVE-2024-8665,0,0,09ab15f5f9bd70753d6f594bff7ff364c9764fb90e308cd08c47d778b9a8291f,2024-09-13T14:06:04.777000 @@ -263396,7 +263396,7 @@ CVE-2024-8693,0,0,0bf9bf9fae22897a2e08c32b35e067d4cd5332929319ef0efd3cac78490dae CVE-2024-8694,0,0,2e1993ee271c7157fceb04bc71a63e2f464fbf1cced51f76c6346163fc12348e,2024-09-12T12:35:54.013000 CVE-2024-8695,0,0,52bc6b8b60aae6c315837e4eb131cf540e2b445dfd9cef8ca664c148d103d584,2024-09-13T16:01:31.340000 CVE-2024-8696,0,0,3ba62a921109450e540b318e77e86831bda9c658513319d0aed77dfa516028ff,2024-09-13T16:01:22.410000 -CVE-2024-8698,0,0,57a50d1b448574a1d6821c44ecd8389a2da97b4c787b5f2a0c2f40af59c885a7,2024-09-19T20:15:07.560000 +CVE-2024-8698,0,1,c30062663018d2be77466996c15fd1705260c0877cb3bd39b8f8b72279191504,2024-09-20T12:30:17.483000 CVE-2024-8705,0,0,cb97dc5a896b102e020f4c6f7ce9db0475b1546a38609fc8cb74768e11db5694,2024-09-12T12:35:54.013000 CVE-2024-8706,0,0,6f71e5876a7dec7ae56fc457ee5142cb7cf0075ec2e95d2e16cb7162a3c7da96,2024-09-12T12:35:54.013000 CVE-2024-8707,0,0,53b8f536d953dccbee27f563b6dc5109a4e216dbbeb04b8d1e78c2b9c947dcb4,2024-09-12T15:18:27.333000 @@ -263418,11 +263418,11 @@ CVE-2024-8750,0,0,6aa000b45a0c694359dda91e7e992492dcd4e93d6e7b8c131ee0a86fa36b56 CVE-2024-8751,0,0,dd4f77422f5dc981129a2e765da3e243ee86648b85be15172cd0c4e6601f992a,2024-09-13T14:06:04.777000 CVE-2024-8752,0,0,0be9e28f6d85a85d4e0858af0a364ad7f2c3e55ca0710790013b49eb71d6357c,2024-09-16T18:03:16.707000 CVE-2024-8754,0,0,f8a4ca9a3c8c6c9af2a693c6565fade1a53b2c08d2db63ea33e154699f832b1a,2024-09-14T15:40:20.583000 -CVE-2024-8761,0,0,4b2e90396c11bbbc2e9cd3600db2cc3dcdfb22ed25573d49b03cdaf931a19380,2024-09-17T09:15:03.060000 +CVE-2024-8761,0,1,3585691f416075376d018cf9f4fcfa97af66b09d60d17a08ef4151ff63a68129,2024-09-20T12:31:20.110000 CVE-2024-8762,0,0,2877f4481d10e26d4e6bf50e010d02152cab4d90b2c2329689bb4edd4b768ea9,2024-09-14T15:54:10.687000 -CVE-2024-8766,0,0,2324716e2cc66becaf1399ee24d86431f71e6aeb653bf4ccd42d648a8d0ec6ec,2024-09-16T20:15:47.600000 -CVE-2024-8767,0,0,88a45e0b369d4bb8e56a3dfe9307ae145e765fe7d74bfb184d53fa51f17aa534,2024-09-17T09:15:03.423000 -CVE-2024-8768,0,0,00d154826e540767ec58e7c1e181d8a93b644dc80e323a39d75c8345b6a2e437,2024-09-17T17:15:11.100000 +CVE-2024-8766,0,1,b5c86feebeb7f4c2ef3d57aeff024553a8b8afab58619c1ddcc92e275588dfe2,2024-09-20T12:31:20.110000 +CVE-2024-8767,0,1,17744319861b5196f5a63bddf3c3c4ab0c9d11dd531ce1a95816c3c9e2193e0e,2024-09-20T12:31:20.110000 +CVE-2024-8768,0,1,a982019cb3e87700eba7d9922c696779881e32d71a95f1662a9030bc9b15c0d2,2024-09-20T12:30:51.220000 CVE-2024-8775,0,0,fcca86ce876772170d6581789978acb0ae0c53951dd659594245568535621773,2024-09-14T11:47:14.677000 CVE-2024-8776,0,0,d6542dd836edb3a7b0373fa55ea55b6588d00dc2d460f1bba77ff0b778a4f882,2024-09-16T15:30:28.733000 CVE-2024-8777,0,0,34a835ea08030c4a5a9203e5f6cc8fd8352bd723c399e4db5ce1a16dac92eb5c,2024-09-16T15:30:28.733000 @@ -263432,10 +263432,10 @@ CVE-2024-8780,0,0,bd4bd08e2eb72cc17a88ed55f562faebe92fedded2e0fdee3ed50b9263d53a CVE-2024-8782,0,0,ec0da4baac22ae9eceb8ce2507375e0a71b6a51926de3cc40576bcd259fd7175,2024-09-19T01:46:07.003000 CVE-2024-8783,0,0,b434dfc5f50cf2811a1f5688ac574f745dec48e5af54cf5f568ce8560b0e2702,2024-09-19T01:38:57.033000 CVE-2024-8784,0,0,7bc5ed86fd42122481efd27561493828acec6a50cb9d34c0b1c40453c943431f,2024-09-19T01:38:35.177000 -CVE-2024-8796,0,0,94e01fa2394b7e3cc5729adcbe04212056eb704ee3dccdfd860de0e7129048a2,2024-09-17T18:15:05.443000 +CVE-2024-8796,0,1,85a6dfb5fb230c10b66238538bd5fe186ab9999598b67e5deda1ed4d1b78b262,2024-09-20T12:30:51.220000 CVE-2024-8797,0,0,b7273f8d72c4c7b82a815cc8357933cfcef5a0b838634eab59479c200615300b,2024-09-14T11:47:14.677000 -CVE-2024-8850,0,0,93c3effab202541418248ca686b83b93e9ac19fd90a1ab3c2b19a3b5c06db2e1,2024-09-19T04:15:06.557000 -CVE-2024-8853,0,0,5aa5f44c2d0058c33afc2b050a9e181c9b858d177768260824607f55817a7dba,2024-09-20T08:15:11.493000 +CVE-2024-8850,0,1,16d3ef25e9e3c3a395e24ef62b53309c976d74bdad746efe4904407697f24dbe,2024-09-20T12:30:17.483000 +CVE-2024-8853,0,1,9f4483af2fc4525065d6409c29e78f86f7ea099a8bfb3db8a350d2fbd96a1485,2024-09-20T12:30:17.483000 CVE-2024-8862,0,0,3c0cefe3796a3067716726cae64fd2b6a2a71c4947999e21da2abde8a533c886,2024-09-16T15:30:28.733000 CVE-2024-8863,0,0,c201c0a73f6e94fc800a591d431c13570689b06531fa3fd890390312a87785df,2024-09-16T15:30:28.733000 CVE-2024-8864,0,0,3bc8b301985cc40353022de4e4744e73398cd0188f617195b9d24ac6f8e8e30d,2024-09-17T10:38:13.410000 @@ -263447,40 +263447,43 @@ CVE-2024-8869,0,0,b189f35b5a28c07852ca6d00280a8a46d906bab51b4d56357a90dd535f0651 CVE-2024-8875,0,0,0e9f0f93ae52ceba12c10384b7bbc3067de71e5c05493a69fd2a253e00e4d595,2024-09-16T15:30:28.733000 CVE-2024-8876,0,0,addb0b44112b1a235842444519e6fae7cff8dfa26076fe63459831c9d856ee31,2024-09-16T15:30:28.733000 CVE-2024-8880,0,0,c70f0c1183e8c3d27f59a30fcb8fb19e438cfaca91533ac680f84142f408d715,2024-09-16T15:30:28.733000 -CVE-2024-8883,0,0,a0be9b5da5d215b8fc392d3c8a617ce7263ca56781c3f2afcdacabf77294a182,2024-09-19T20:15:07.687000 -CVE-2024-8887,0,0,3a4ee8c7c72402467690a1d5baf4ee46122c1a9bd1979c36a47f557846bba5ff,2024-09-18T11:15:10.530000 -CVE-2024-8888,0,0,1e74f6eae96ea2bc3e4d1e807f25808d32b7d4278014e4cabc70fec925ff3214,2024-09-18T12:15:03.520000 -CVE-2024-8889,0,0,d14885671be48487e73dc26a56497c68dd08124696a268e049900425bd24a291,2024-09-18T12:15:03.710000 -CVE-2024-8890,0,0,855b827c685ae1eb47e1ce00665defd0cd149a05c8eda3283f4806fe62a00f74,2024-09-18T13:15:03.620000 -CVE-2024-8891,0,0,66ee1e3a5770b3f6e09e8b032a6124a31192085197984368a464d9541bf3af69,2024-09-18T14:15:20.187000 -CVE-2024-8892,0,0,b8b5b660b06202667c5cd07cec126cd880bab05613441d7293a44f11f3e1c023,2024-09-18T13:15:03.907000 -CVE-2024-8897,0,0,b99b42e128a3a937599a5ee8c7a3b275ca81dee2198a043376f3ec3c0daeea34,2024-09-17T13:15:04.423000 -CVE-2024-8900,0,0,f58f5185481b4f9d895145fbfe2d15f4fe9fa908c07bf76713d81ef85bc63469,2024-09-17T19:15:29.163000 -CVE-2024-8904,0,0,154b42e06b3eec9dd6263288069b5cac3c6ac5013e0c0ce81a0319625e4f3176,2024-09-18T16:35:17.877000 -CVE-2024-8905,0,0,f4bcda9cc4c1bd1ffbda7130fd2d6fba2d07ae19df57b92968e0e6b8f6a2196a,2024-09-18T16:35:18.640000 -CVE-2024-8906,0,0,a825cb604140b0e13ad78ca82d1d231a96e53bbe511215a792b4240c110540db,2024-09-17T21:15:13.140000 -CVE-2024-8907,0,0,64dc4dc8a4d40c7e225809d67f10cc92608ae63c53341c28f0018040d67ff7cd,2024-09-17T21:15:13.193000 -CVE-2024-8908,0,0,5ad2b20eaf7b11cce42e37ec1af63dc38b712b10d9cb0d1e4c7b4750e472beb6,2024-09-17T21:15:13.247000 -CVE-2024-8909,0,0,6e8b76716a7583909abac5259bbc846654dc137ba42004644398974c5fd98eaa,2024-09-17T21:15:13.313000 -CVE-2024-8939,0,0,957d3e495c1f91e1f01ec85026d867d3ef775813b5ad800712d45bf5da2fd527,2024-09-17T17:15:11.327000 -CVE-2024-8944,0,0,e33cef62d9a54e3c9644e7c4b2af554d4827e7ec1a566e407d17d5b44ecd7aca,2024-09-17T18:15:05.690000 -CVE-2024-8945,0,0,fd45c5052c525bcd2663848f4b04e9d4ca0dd08a1af7e68c5c053387b1392731,2024-09-17T18:15:06.023000 -CVE-2024-8946,0,0,f683e89c1a7c4d3f311a742522396e1eb7b882f209db6b5cf4981f5f483bbf2b,2024-09-17T19:15:29.220000 -CVE-2024-8947,0,0,e7358c360d7018d342c095a0ae4b74d3493e808891550c9a094bb59ec7b9a4b3,2024-09-17T19:15:29.483000 -CVE-2024-8948,0,0,fb95c4586dc1832c9169ff9ab84deb54253d2f0155e4f47c91bfeed6e755aedd,2024-09-17T19:15:29.747000 -CVE-2024-8949,0,0,558b0f2a15aa10d0215f6e776b245d8a42240ea8527c9ffd4d56905704832de3,2024-09-17T19:15:30.017000 -CVE-2024-8951,0,0,fdcc8f1ef8d6875cdf064fe8ca72ee0e4237f3f89d53a358120e1931bee39aef,2024-09-17T20:15:07.020000 -CVE-2024-8956,0,0,8fb796f1e52be7bf3f012ac38934615fcbd07a654b11f2c40ea225bc31651e57,2024-09-17T20:15:07.287000 -CVE-2024-8957,0,0,745e7f02f1c26d5de4df67e0c2795340d562588c5301af2d060cb965e1ba5dae,2024-09-17T21:15:13.423000 -CVE-2024-8963,0,0,93d7bc4693ca0287ce4c44cf55519b9aac3c6a810e6ed77a8e8da6781c39194a,2024-09-20T01:00:01.427000 -CVE-2024-8969,0,0,b91ca645bf2071dccf15db49fd3efa26a97008959fe8a964028e51af15b02de3,2024-09-18T07:15:04.657000 -CVE-2024-8986,0,0,26509263613f6b019d61b82311e5933cc6dfa31601ff6ae6235d1951248ed56c,2024-09-19T11:15:10.913000 -CVE-2024-9001,0,0,0d8d90841bb39ddd316a3b0f07a2238c63d1c3d63bb40bbe9e637e97326eb595,2024-09-19T20:15:07.810000 -CVE-2024-9003,0,0,a7edb4b1e5aaa5d75db10253bc650df7937e844fac757479d623a505ae81903c,2024-09-19T21:15:16.143000 -CVE-2024-9004,0,0,fa45f62c4f8208914b8b10a2adf7a01880d466c20d27c0e44bd9dc0f676ce217,2024-09-19T21:15:16.383000 -CVE-2024-9006,0,0,852929cf14d0fd35ddf48cb2d6572e34d47e475f716324e8b8d34ef72253a868,2024-09-19T23:15:12.570000 -CVE-2024-9007,0,0,2ed00ba09d6346ca52405d737f1ea8260825916d8ba14647aaa2678f5fb0a625,2024-09-19T23:15:12.830000 -CVE-2024-9008,0,0,77d826e7c271663667c77c9a7532359cf4fc0e1d0af525ca0cfcca90765539f1,2024-09-19T23:15:13.100000 -CVE-2024-9009,0,0,1ac9519eafc6cbe08b36770826cf44fb97f8235af1e3cf50c2fc809ba50e6294,2024-09-20T00:15:03.997000 -CVE-2024-9011,0,0,4c216b753b208d079d0b75681eff478970bf3c3611602e4dca6410c6d6e1d6d5,2024-09-20T01:15:10.550000 -CVE-2024-9043,1,1,fb2d62a3b3fd8a916328179a28239b80c650861677979e64aa76c84487b42f8c,2024-09-20T11:15:13.280000 +CVE-2024-8883,0,1,acc01ec9c3f72dcdfde915e68c8076ac17eb948c45b5a812494bde62dc939653,2024-09-20T12:30:17.483000 +CVE-2024-8887,0,1,a3051d5be0b46f2e314e247c4baa7ed0aa876885e0f5e30506d6e71c9b64e9ac,2024-09-20T12:30:51.220000 +CVE-2024-8888,0,1,d3d200e7933cf93bb4518f85255c1552ff25ba2dbbac181116d14fe38ef319f6,2024-09-20T12:30:51.220000 +CVE-2024-8889,0,1,409f189e1cc8763baf41f6d7663087a2138f3ee0ecad616a441fc7d44385c004,2024-09-20T12:30:51.220000 +CVE-2024-8890,0,1,fc1054c03b243ece3f2bc6d1e5d1c2132bd49d78b6446b066c01d96f20c410fc,2024-09-20T12:30:51.220000 +CVE-2024-8891,0,1,ff7b73f9bb006862fcafd00a3c7fc11e18cbcab5a72fef5cdc59af2eebbe9059,2024-09-20T12:30:17.483000 +CVE-2024-8892,0,1,c9caca4d0649554f09943d8c0b6b3ad595c85c6885b65601c2d986f975532bfc,2024-09-20T12:30:51.220000 +CVE-2024-8897,0,1,15e9b60d292ae69a3cbabdc5b3b6c0b60bc9e0178f2aa5e1d8167c3742c685d1,2024-09-20T12:30:51.220000 +CVE-2024-8900,0,1,a2f685783b9e1c392a05c85bce9847889aa408cf0022e8683f9ceee8bc3b9ae3,2024-09-20T12:30:51.220000 +CVE-2024-8904,0,1,d8dcf25b3cbae62dbf75fa5380e6989346805c7240b139b8d28c46adffd353f1,2024-09-20T12:30:51.220000 +CVE-2024-8905,0,1,625d5bb69a9f76fcb9a2cd22498ac865437c911f131708c6085adf66bce9c960,2024-09-20T12:30:51.220000 +CVE-2024-8906,0,1,c51af906a95a15be5327dac802b1d2f57255f0ac356fbd5092d72b98f427b1aa,2024-09-20T12:30:51.220000 +CVE-2024-8907,0,1,e55b029819e1880cccb7765901b3a55cc0c1b2d504d1cc9d67b2c3d028d0204f,2024-09-20T12:30:51.220000 +CVE-2024-8908,0,1,2cdc284d30425d55c3301b265aa824cfabc4291e60dafd28f3f684d1e0e6c3c9,2024-09-20T12:30:51.220000 +CVE-2024-8909,0,1,386c83b7c7452ac57d55b71bc2f305c4f673c28ccd53f7de6e3cc2a0e46c0bc9,2024-09-20T12:30:51.220000 +CVE-2024-8939,0,1,1f70befe339fdb31af424859012581aeb13e8f518e2f8da7bf31e05da17f11bc,2024-09-20T12:30:51.220000 +CVE-2024-8944,0,1,c511b7005cecea91ce45485a67d026b5f73b5f0b5af64bce5db009df6a565867,2024-09-20T12:30:51.220000 +CVE-2024-8945,0,1,77e57cc0daafb23c488a0c254aeafd8124ae9f6ed721201729c1012ac6f99983,2024-09-20T12:30:51.220000 +CVE-2024-8946,0,1,8a2f766ae082e9686bc904f91757f583dbd8f4889c15271f098ce61a6bcf6338,2024-09-20T12:30:51.220000 +CVE-2024-8947,0,1,142b334351315d973b23e9fa2b46ea48efa60f68fe36d29240dd8efb3a41145c,2024-09-20T12:30:51.220000 +CVE-2024-8948,0,1,e48646be37a0a68a8aa511be7c15ed2bdbf702905a905aedbcce35268874ba70,2024-09-20T12:30:51.220000 +CVE-2024-8949,0,1,4e9d601fee172a94ba49ee35aea448f6bded70cb3491e6b2d21ae3d6c35d1816,2024-09-20T12:30:51.220000 +CVE-2024-8951,0,1,b4e578d2868e5412124560d470dd45b82eeca4c71bef34da31e191dcdb0db204,2024-09-20T12:30:51.220000 +CVE-2024-8956,0,1,469912f1c3a233b9c6103ff1ea98b03260e653e6a7cf65fa430bb18bb060e2a0,2024-09-20T12:30:51.220000 +CVE-2024-8957,0,1,479bb87a5ce094312d7bf571ad4a1b1d6922673dde5733f096aa7041bc35da67,2024-09-20T12:30:51.220000 +CVE-2024-8963,0,1,05f549709b9aaa28085b04188c4fe26290ba72a7275b762dfd9592aad32dc096,2024-09-20T12:30:17.483000 +CVE-2024-8969,0,1,98dd6be27cce2c3412495467ecb9257ef6e673bce29c0f376bf0c342ca11f9e9,2024-09-20T12:30:51.220000 +CVE-2024-8986,0,1,072cf1f180fb390d1b4b3d2d50dea4c4259a9c38757ddb70b883e21ef9d81f01,2024-09-20T12:30:17.483000 +CVE-2024-9001,0,1,9b13a2fa607aa131086bdba172245fa51bab7371f9cc290d71e053da89f6fb96,2024-09-20T12:30:17.483000 +CVE-2024-9003,0,1,89e492cdf9625bcd402f2d372b84ed9d063d82d6c6e605d6ac046e5c4fddcb18,2024-09-20T12:30:17.483000 +CVE-2024-9004,0,1,a73c76aa2707ab3a0e4665ac20c4a2ec017aa5abfff8846a243b717ead0fd4ba,2024-09-20T12:30:17.483000 +CVE-2024-9006,0,1,eb6905de18835e73d5f3aae6b6e1bd3d98fc46259724a6cf5f28916e9914a036,2024-09-20T12:30:17.483000 +CVE-2024-9007,0,1,c3325d5e6200bcf88e4a6052ed2fbc0b69e680b1880d3dda76ca633ab4f58b66,2024-09-20T12:30:17.483000 +CVE-2024-9008,0,1,7005f9c8279ec37a49db022d265541669e79d8464b76895862b27cc1a88c0ce6,2024-09-20T12:30:17.483000 +CVE-2024-9009,0,1,17443e50682d864d9d26849a7b0a2d779c3fac12c20c448335a7ee27727ee5e3,2024-09-20T12:30:17.483000 +CVE-2024-9011,0,1,6e4965c1c504828c275455559ec4b34d1e47696782c056acd5eb0d58050d747e,2024-09-20T12:30:17.483000 +CVE-2024-9030,1,1,c02750ee2431835b56e3fddb157ac70c9dc26922df6f09c38aacc6e7a9a74da0,2024-09-20T12:30:17.483000 +CVE-2024-9031,1,1,57fdf5749ccc5d937da700ca98cfc48a5413c79adc127ea09574439e3652411d,2024-09-20T12:30:17.483000 +CVE-2024-9032,1,1,d9f5887c8d5f665c1fb910f1c9f27985e29f0ae85f48ddd022227528502954ce,2024-09-20T13:25:34.283000 +CVE-2024-9043,0,1,8dd475426653f7d07aa5f325730a5d6c66debac84ef1209cdf6fa14cde3c264c,2024-09-20T12:30:17.483000