admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-09T18:00:19.387334+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-09 18:03:12 +00:00
parent 8bc8c61f98
commit e9c2086156
217 changed files with 11430 additions and 297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2018/CVE-2018-251xx/CVE-2018-25103.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-25103",
"sourceIdentifier": "cret@cert.org",
"published": "2024-06-17T18:15:12.650",
"lastModified": "2024-07-09T15:15:10.550",
"lastModified": "2024-07-09T16:15:02.787",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -56,6 +56,10 @@
"url": "https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9",
"source": "cret@cert.org"
},
{
"url": "https://www.kb.cert.org/vuls/id/312260",
"source": "cret@cert.org"
},
{
"url": "https://www.runzero.com/blog/lighttpd/",
"source": "cret@cert.org"

4
CVE-2021/CVE-2021-473xx/CVE-2021-47389.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47389",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:24.330",
"lastModified": "2024-07-03T01:37:51.067",
"lastModified": "2024-07-09T16:22:03.467",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-400"
"value": "CWE-772"
}
]
}

78
CVE-2023/CVE-2023-403xx/CVE-2023-40356.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2023-40356",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2024-07-09T16:15:03.067",
"lastModified": "2024-07-09T16:15:03.067",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target\u2019s existing registered devices. A threat actor might be able to exploit this vulnerability to register their own MFA device with a target user\u2019s account if they have existing knowledge of the target user\u2019s first factor credential."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
]
},
"weaknesses": [
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394",
"source": "responsible-disclosure@pingidentity.com"
}
]
}

78
CVE-2023/CVE-2023-407xx/CVE-2023-40702.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2023-40702",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2024-07-09T16:15:03.220",
"lastModified": "2024-07-09T16:15:03.220",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user\u2019s first-factor credentials."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH"
}
}
]
},
"weaknesses": [
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394",
"source": "responsible-disclosure@pingidentity.com"
}
]
}

56
CVE-2023/CVE-2023-501xx/CVE-2023-50178.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-50178",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-07-09T16:15:03.390",
"lastModified": "2024-07-09T16:15:03.390",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-298",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2023/CVE-2023-501xx/CVE-2023-50179.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-50179",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-07-09T16:15:03.640",
"lastModified": "2024-07-09T16:15:03.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-480",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2023/CVE-2023-501xx/CVE-2023-50181.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-50181",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-07-09T16:15:03.853",
"lastModified": "2024-07-09T16:15:03.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-469",
"source": "psirt@fortinet.com"
}
]
}

24
CVE-2023/CVE-2023-53xx/CVE-2023-5322.json
View File

@ -2,8 +2,16 @@
"id": "CVE-2023-5322",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-01T05:15:09.933",
"lastModified": "2024-05-17T02:33:00.683",
"lastModified": "2024-07-09T16:15:04.150",
"vulnStatus": "Modified",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
@ -104,10 +112,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2015-12-31",
"matchCriteriaId": "495BA542-4BC4-42FD-874F-3F7B1EB3E625"
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1500AB3C-D11B-4683-86AC-FEB6AF6AD69F"
}
]
},
@ -116,9 +123,10 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1500AB3C-D11B-4683-86AC-FEB6AF6AD69F"
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2015-12-31",
"matchCriteriaId": "495BA542-4BC4-42FD-874F-3F7B1EB3E625"
}
]
}

31
CVE-2024/CVE-2024-13xx/CVE-2024-1305.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-1305",
"sourceIdentifier": "security@openvpn.net",
"published": "2024-07-08T18:15:07.150",
"lastModified": "2024-07-08T18:15:07.150",
"lastModified": "2024-07-09T16:22:15.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tap-windows6 driver version 9.26 and earlier does not properly \ncheck the size data of incomming write operations which an attacker can \nuse to overflow memory buffers, resulting in a bug check and potentially\n arbitrary code execution in kernel space"
},
{
"lang": "es",
"value": "La versi\u00f3n 9.26 y anteriores del controlador tap-windows6 no verifica correctamente los datos de tama\u00f1o de las operaciones de escritura entrantes que un atacante puede usar para desbordar los b\u00fafers de memoria, lo que resulta en una verificaci\u00f3n de errores y la ejecuci\u00f3n de c\u00f3digo potencialmente arbitrario en el espacio del kernel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@openvpn.net",

56
CVE-2024/CVE-2024-207xx/CVE-2024-20701.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-20701",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:10.737",
"lastModified": "2024-07-09T17:15:10.737",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20701",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-213xx/CVE-2024-21303.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21303",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:11.117",
"lastModified": "2024-07-09T17:15:11.117",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21303",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-213xx/CVE-2024-21308.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21308",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:11.337",
"lastModified": "2024-07-09T17:15:11.337",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21308",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-213xx/CVE-2024-21317.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21317",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:11.573",
"lastModified": "2024-07-09T17:15:11.573",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21317",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-213xx/CVE-2024-21331.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21331",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:11.800",
"lastModified": "2024-07-09T17:15:11.800",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21331",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-213xx/CVE-2024-21332.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21332",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:12.033",
"lastModified": "2024-07-09T17:15:12.033",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21332",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-213xx/CVE-2024-21333.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21333",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:12.260",
"lastModified": "2024-07-09T17:15:12.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21333",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-213xx/CVE-2024-21335.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21335",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:12.487",
"lastModified": "2024-07-09T17:15:12.487",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21335",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-213xx/CVE-2024-21373.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21373",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:12.857",
"lastModified": "2024-07-09T17:15:12.857",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21373",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-213xx/CVE-2024-21398.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21398",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:13.103",
"lastModified": "2024-07-09T17:15:13.103",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21398",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-214xx/CVE-2024-21414.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21414",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:13.327",
"lastModified": "2024-07-09T17:15:13.327",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21414",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-214xx/CVE-2024-21415.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21415",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:13.550",
"lastModified": "2024-07-09T17:15:13.550",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21415",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-214xx/CVE-2024-21425.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21425",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:13.770",
"lastModified": "2024-07-09T17:15:13.770",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21425",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-214xx/CVE-2024-21428.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21428",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:13.973",
"lastModified": "2024-07-09T17:15:13.973",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21428",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-214xx/CVE-2024-21449.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21449",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:14.177",
"lastModified": "2024-07-09T17:15:14.177",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21449",
"source": "secure@microsoft.com"
}
]
}

33
CVE-2024/CVE-2024-217xx/CVE-2024-21729.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-21729",
"sourceIdentifier": "security@joomla.org",
"published": "2024-07-09T17:15:14.463",
"lastModified": "2024-07-09T17:15:14.463",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@joomla.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/935-20240701-core-xss-in-accessible-media-selection-field.html",
"source": "security@joomla.org"
}
]
}

33
CVE-2024/CVE-2024-217xx/CVE-2024-21730.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-21730",
"sourceIdentifier": "security@joomla.org",
"published": "2024-07-09T17:15:14.580",
"lastModified": "2024-07-09T17:15:14.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@joomla.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/936-20240702-core-self-xss-in-fancyselect-list-field-layout.html",
"source": "security@joomla.org"
}
]
}

33
CVE-2024/CVE-2024-217xx/CVE-2024-21731.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-21731",
"sourceIdentifier": "security@joomla.org",
"published": "2024-07-09T17:15:14.660",
"lastModified": "2024-07-09T17:15:14.660",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper handling of input could lead to an XSS vector in the StringHelper::truncate method."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@joomla.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/937-20240703-core-xss-in-stringhelper-truncate-method.html",
"source": "security@joomla.org"
}
]
}

56
CVE-2024/CVE-2024-217xx/CVE-2024-21759.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21759",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-07-09T16:15:04.357",
"lastModified": "2024-07-09T16:15:04.357",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-011",
"source": "psirt@fortinet.com"
}
]
}

18
CVE-2024/CVE-2024-220xx/CVE-2024-22020.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-22020",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-07-09T02:15:09.973",
"lastModified": "2024-07-09T02:15:09.973",
"lastModified": "2024-07-09T16:22:17.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security flaw in Node.js allows a bypass of network import restrictions.\nBy embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.\nVerified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.\nExploiting this flaw can violate network import security, posing a risk to developers and servers."
},
{
"lang": "es",
"value": "Un fallo de seguridad en Node.js permite eludir las restricciones de importaci\u00f3n de la red. Al incorporar importaciones fuera de la red en las URL de datos, un atacante puede ejecutar c\u00f3digo arbitrario, comprometiendo la seguridad del sistema. Verificada en varias plataformas, la vulnerabilidad se mitiga al prohibir las URL de datos en las importaciones de red. La explotaci\u00f3n de este fallo puede violar la seguridad de importaci\u00f3n de la red, lo que representa un riesgo para los desarrolladores y servidores."
}
],
"metrics": {
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://hackerone.com/reports/2092749",

20
CVE-2024/CVE-2024-235xx/CVE-2024-23562.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23562",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-07-08T16:15:07.797",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-09T16:22:18.987",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de seguridad en HCL Domino podr\u00eda permitir la divulgaci\u00f3n de informaci\u00f3n de configuraci\u00f3n confidencial. Un atacante remoto no autenticado podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n y lanzar m\u00e1s ataques contra el sistema afectado."
}
],
"metrics": {
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822",

56
CVE-2024/CVE-2024-236xx/CVE-2024-23663.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-23663",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-07-09T16:15:04.593",
"lastModified": "2024-07-09T16:15:04.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-459",
"source": "psirt@fortinet.com"
}
]
}

34
CVE-2024/CVE-2024-239xx/CVE-2024-23998.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23998",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T16:15:04.230",
"lastModified": "2024-07-08T16:40:42.923",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-09T16:22:20.347",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

56
CVE-2024/CVE-2024-260xx/CVE-2024-26015.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-26015",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-07-09T16:15:04.810",
"lastModified": "2024-07-09T16:15:04.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1389"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-261xx/CVE-2024-26184.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-26184",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:14.773",
"lastModified": "2024-07-09T17:15:14.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26184",
"source": "secure@microsoft.com"
}
]
}

33
CVE-2024/CVE-2024-262xx/CVE-2024-26278.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-26278",
"sourceIdentifier": "security@joomla.org",
"published": "2024-07-09T17:15:14.970",
"lastModified": "2024-07-09T17:15:14.970",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Custom Fields component not correctly filter inputs, leading to a XSS vector."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@joomla.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/939-20240705-core-xss-in-com-fields-default-field-value.html",
"source": "security@joomla.org"
}
]
}

33
CVE-2024/CVE-2024-262xx/CVE-2024-26279.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-26279",
"sourceIdentifier": "security@joomla.org",
"published": "2024-07-09T17:15:15.047",
"lastModified": "2024-07-09T17:15:15.047",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inadequate content filtering leads to XSS vulnerabilities in various components."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@joomla.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html",
"source": "security@joomla.org"
}
]
}

27
CVE-2024/CVE-2024-273xx/CVE-2024-27309.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27309",
"sourceIdentifier": "security@apache.org",
"published": "2024-04-12T07:15:08.560",
"lastModified": "2024-07-05T16:15:04.360",
"lastModified": "2024-07-09T16:22:21.487",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Mientras se migra un cl\u00faster de Apache Kafka del modo ZooKeeper al modo KRaft, en algunos casos las ACL no se aplicar\u00e1n correctamente. Se necesitan dos condiciones previas para desencadenar el error: 1. El administrador decide eliminar una ACL. 2. El recurso asociado con la ACL eliminada contin\u00faa teniendo dos o m\u00e1s ACL asociadas despu\u00e9s de la eliminaci\u00f3n. Cuando se cumplen esas dos condiciones previas, Kafka tratar\u00e1 el recurso como si tuviera solo una ACL asociada despu\u00e9s de la eliminaci\u00f3n, en lugar de las dos o m\u00e1s que ser\u00edan correctas. La condici\u00f3n incorrecta se elimina eliminando todos los intermediarios en modo ZK o agregando una nueva ACL al recurso afectado. Una vez que se completa la migraci\u00f3n, no hay p\u00e9rdida de metadatos (todas las ACL permanecen). El impacto total depende de las ACL en uso. Si solo se configuraran ALLOW ACL durante la migraci\u00f3n, el impacto se limitar\u00eda al impacto en la disponibilidad. Si se configuraron DENY ACL, el impacto podr\u00eda incluir un impacto en la confidencialidad e integridad seg\u00fan las ACL configuradas, ya que DENY ACL podr\u00edan ignorarse debido a esta vulnerabilidad durante el per\u00edodo de migraci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

39
CVE-2024/CVE-2024-277xx/CVE-2024-27709.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27709",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:10.853",
"lastModified": "2024-07-08T15:49:22.437",
"lastModified": "2024-07-09T16:22:21.743",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Eskooly Web Product v.3.0 permite a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n mediante el par\u00e1metro searchby del componente allstudents.php y el par\u00e1metro id del componente requestmanager.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://blog.be-hacktive.com/eskooly-cve/cve-2024-27709-sql-injection-in-eskooly-web-product-v.3.0",

39
CVE-2024/CVE-2024-277xx/CVE-2024-27710.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27710",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:10.940",
"lastModified": "2024-07-08T15:49:22.437",
"lastModified": "2024-07-09T16:22:22.570",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " Un problema en Eskooly Free Online School Management Software v.3.0 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s del mecanismo de autenticaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27710-privilege-escalation-via-authentication-mechanism-in-eskooly-web-product-less-than-v3",

39
CVE-2024/CVE-2024-277xx/CVE-2024-27713.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27713",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:11.183",
"lastModified": "2024-07-08T15:49:22.437",
"lastModified": "2024-07-09T16:22:23.383",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " Un problema en Eskooly Free Online School Management Software v.3.0 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s del componente HTTP Response Header Settings."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://blog.be-hacktive.com/eskooly-cve/cve-2024-27713-protection-mechanism-failure-in-eskooly-web-product-less-than-v3.0",

56
CVE-2024/CVE-2024-277xx/CVE-2024-27782.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-27782",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-07-09T16:15:05.017",
"lastModified": "2024-07-09T16:15:05.017",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-069",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-277xx/CVE-2024-27783.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-27783",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-07-09T16:15:05.240",
"lastModified": "2024-07-09T16:15:05.240",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-070",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-277xx/CVE-2024-27784.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-27784",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-07-09T16:15:05.470",
"lastModified": "2024-07-09T16:15:05.470",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-072",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-277xx/CVE-2024-27785.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-27785",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-07-09T16:15:05.687",
"lastModified": "2024-07-09T16:15:05.687",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-073",
"source": "psirt@fortinet.com"
}
]
}

29
CVE-2024/CVE-2024-279xx/CVE-2024-27903.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27903",
"sourceIdentifier": "security@openvpn.net",
"published": "2024-07-08T11:15:10.390",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-09T16:22:25.120",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,30 @@
"value": "Los complementos de OpenVPN en Windows con OpenVPN 2.6.9 y versiones anteriores se pueden cargar desde cualquier directorio, lo que permite a un atacante cargar un complemento arbitrario que puede usarse para interactuar con el servicio interactivo privilegiado OpenVPN."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@openvpn.net",

56
CVE-2024/CVE-2024-288xx/CVE-2024-28899.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-28899",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:15.210",
"lastModified": "2024-07-09T17:15:15.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28899",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-289xx/CVE-2024-28928.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-28928",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:15.447",
"lastModified": "2024-07-09T17:15:15.447",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28928",
"source": "secure@microsoft.com"
}
]
}

34
CVE-2024/CVE-2024-293xx/CVE-2024-29319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29319",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T16:15:04.520",
"lastModified": "2024-07-08T16:39:22.330",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-09T16:22:26.077",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-918"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [

56
CVE-2024/CVE-2024-300xx/CVE-2024-30013.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-30013",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:15.660",
"lastModified": "2024-07-09T17:15:15.660",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows MultiPoint Services Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30013",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-300xx/CVE-2024-30061.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-30061",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:15.990",
"lastModified": "2024-07-09T17:15:15.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30061",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-300xx/CVE-2024-30071.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-30071",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:16.233",
"lastModified": "2024-07-09T17:15:16.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Access Connection Manager Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-126"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30071",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-300xx/CVE-2024-30079.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-30079",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:16.467",
"lastModified": "2024-07-09T17:15:16.467",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Access Connection Manager Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-126"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30079",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-300xx/CVE-2024-30081.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-30081",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:16.717",
"lastModified": "2024-07-09T17:15:16.717",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows NTLM Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30081",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-300xx/CVE-2024-30098.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-30098",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:16.973",
"lastModified": "2024-07-09T17:15:16.973",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Cryptographic Services Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30098",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-301xx/CVE-2024-30105.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-30105",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:17.200",
"lastModified": "2024-07-09T17:15:17.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET Core and Visual Studio Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30105",
"source": "secure@microsoft.com"
}
]
}

40
CVE-2024/CVE-2024-308xx/CVE-2024-30878.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-30878",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-11T05:15:47.520",
"lastModified": "2024-04-11T12:47:44.137",
"lastModified": "2024-07-09T16:22:30.387",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Vulnerabilidad decross-site scripting (XSS) en RageFrame2 v2.6.43 permite a atacantes remotos ejecutar scripts web o HTML arbitrarios y obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro upload_drive."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/jianyan74/rageframe2/issues/111",

49
CVE-2024/CVE-2024-315xx/CVE-2024-31504.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-31504",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-08T16:15:08.260",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-09T16:22:31.613",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodbus v.2018-09-12 allows a remtoe attacker to cause a denial of service via the LINUXTCP server component."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en SILA Embedded Solutions GmbH freemodbus v.2018-09-12 permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s del componente del servidor LINUXTCP."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/CAPCOMIN/a0361511068dce21a557cf9fa01d0a02",

56
CVE-2024/CVE-2024-329xx/CVE-2024-32987.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-32987",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:17.410",
"lastModified": "2024-07-09T17:15:17.410",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32987",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-335xx/CVE-2024-33509.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-33509",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-07-09T16:15:05.950",
"lastModified": "2024-07-09T16:15:05.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-326",
"source": "psirt@fortinet.com"
}
]
}

39
CVE-2024/CVE-2024-338xx/CVE-2024-33862.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33862",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T23:15:10.050",
"lastModified": "2024-07-08T15:49:22.437",
"lastModified": "2024-07-09T16:22:35.020",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " Una vulnerabilidad de gesti\u00f3n del b\u00fafer en OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core anterior a 1.05.374.54 podr\u00eda permitir a atacantes remotos agotar los recursos de memoria. Se activa cuando el sistema recibe una cantidad excesiva de mensajes de una fuente remota. Esto podr\u00eda conducir potencialmente a una condici\u00f3n de denegaci\u00f3n de servicio (DoS), interrumpiendo el funcionamiento normal del sistema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-33862.pdf",

391
CVE-2024/CVE-2024-341xx/CVE-2024-34102.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34102",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-06-13T09:15:10.380",
"lastModified": "2024-07-03T16:15:03.550",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-09T16:00:38.170",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,391 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html",
"source": "psirt@adobe.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102",
"source": "psirt@adobe.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
"matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
"matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
"matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
"matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
"matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
"matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
"matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
"matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
"matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
"matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
"matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
"matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
"matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
"matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
"matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
"matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
"matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
"matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
"matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
"matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
"matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
"matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
"matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
"matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
"matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
"matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
"matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
"matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
"matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
"matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
"matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
"matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
"matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
"matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
"matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
"matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
"matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
"matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
"matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.2.0",
"versionEndIncluding": "1.4.0",
"matchCriteriaId": "75FC038A-FDAE-4A80-B3A2-BE38F53841B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
"matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
"matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
"matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
"matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
"matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
"matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
"matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
"matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
"matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
"matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
"matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
"matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
"matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
"matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
"matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
"matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
"matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
"matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
"matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
"matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
"matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
"matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
"matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
"matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102",
"source": "psirt@adobe.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

34
CVE-2024/CVE-2024-344xx/CVE-2024-34481.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34481",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T02:15:09.920",
"lastModified": "2024-07-08T16:45:59.813",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-09T16:22:36.033",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

27
CVE-2024/CVE-2024-347xx/CVE-2024-34750.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34750",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-03T20:15:04.083",
"lastModified": "2024-07-05T12:55:51.367",
"lastModified": "2024-07-09T16:22:37.120",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Manejo inadecuado de condiciones excepcionales, vulnerabilidad de consumo incontrolado de recursos en Apache Tomcat. Al procesar una secuencia HTTP/2, Tomcat no manej\u00f3 correctamente algunos casos de encabezados HTTP excesivos. Esto llev\u00f3 a un conteo err\u00f3neo de flujos HTTP/2 activos que a su vez llev\u00f3 al uso de un tiempo de espera infinito incorrecto que permiti\u00f3 que las conexiones permanecieran abiertas y que deber\u00edan haberse cerrado. Este problema afecta a Apache Tomcat: desde 11.0.0-M1 hasta 11.0.0-M20, desde 10.1.0-M1 hasta 10.1.24, desde 9.0.0-M1 hasta 9.0.89. Se recomienda a los usuarios actualizar a la versi\u00f3n 11.0.0-M21, 10.1.25 o 9.0.90, que soluciona el problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

56
CVE-2024/CVE-2024-352xx/CVE-2024-35256.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-35256",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:17.623",
"lastModified": "2024-07-09T17:15:17.623",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35256",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-352xx/CVE-2024-35261.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-35261",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:17.857",
"lastModified": "2024-07-09T17:15:17.857",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure Network Watcher VM Extension Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35261",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-352xx/CVE-2024-35264.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-35264",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:18.213",
"lastModified": "2024-07-09T17:15:18.213",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-352xx/CVE-2024-35266.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-35266",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:18.413",
"lastModified": "2024-07-09T17:15:18.413",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure DevOps Server Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35266",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-352xx/CVE-2024-35267.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-35267",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:18.630",
"lastModified": "2024-07-09T17:15:18.630",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure DevOps Server Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35267",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-352xx/CVE-2024-35270.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-35270",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:18.820",
"lastModified": "2024-07-09T17:15:18.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows iSCSI Service Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35270",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-352xx/CVE-2024-35271.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-35271",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:19.023",
"lastModified": "2024-07-09T17:15:19.023",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35271",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-352xx/CVE-2024-35272.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-35272",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:19.217",
"lastModified": "2024-07-09T17:15:19.217",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272",
"source": "secure@microsoft.com"
}
]
}

34
CVE-2024/CVE-2024-360xx/CVE-2024-36041.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36041",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T02:15:10.000",
"lastModified": "2024-07-08T16:46:20.147",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-09T16:22:37.687",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"configurations": [

43
CVE-2024/CVE-2024-360xx/CVE-2024-36059.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-36059",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-27T22:15:10.437",
"lastModified": "2024-06-28T10:27:00.920",
"lastModified": "2024-07-09T16:22:38.580",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol."
},
{
"lang": "es",
"value": "Vulnerabilidad de Directory Traversal en Kalkitech ASE ASE61850 IEDSmart hasta la versi\u00f3n 2.3.5 incluida, permite a atacantes leer/escribir archivos de su elecci\u00f3n a trav\u00e9s del protocolo de transferencia de archivos IEC61850."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://kalkitech.com/wp-content/uploads/2024/05/CYB_60704_Advisory_v1.0.pdf",

43
CVE-2024/CVE-2024-360xx/CVE-2024-36072.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-36072",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-27T21:15:15.327",
"lastModified": "2024-06-28T10:27:00.920",
"lastModified": "2024-07-09T16:22:39.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious request, resulting in the ability to execute system commands with root privileges."
},
{
"lang": "es",
"value": "Netwrix CoSoSys Endpoint Protector hasta 5.9.3 y CoSoSys Unify hasta 7.0.6 contienen una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el componente de registro de Endpoint Protector y la aplicaci\u00f3n del servidor Unify que permite a un atacante remoto no autenticado enviar una solicitud maliciosa, lo que resulta en la capacidad de ejecutar comandos del sistema con privilegios de root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-779"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html",

25
CVE-2024/CVE-2024-365xx/CVE-2024-36526.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-36526",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T17:15:19.430",
"lastModified": "2024-07-09T17:15:19.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-36526.md",
"source": "cve@mitre.org"
},
{
"url": "https://zkteco.eu/downloads/zkbio-cvsecurity-installation-files",
"source": "cve@mitre.org"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37318.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37318",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:19.520",
"lastModified": "2024-07-09T17:15:19.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37318",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37319.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37319",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:19.757",
"lastModified": "2024-07-09T17:15:19.757",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37319",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37320.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37320",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:19.973",
"lastModified": "2024-07-09T17:15:19.973",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37320",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37321.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37321",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:20.180",
"lastModified": "2024-07-09T17:15:20.180",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37321",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37322.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37322",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:20.390",
"lastModified": "2024-07-09T17:15:20.390",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37322",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37323.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37323",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:20.603",
"lastModified": "2024-07-09T17:15:20.603",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37323",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37324.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37324",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:20.797",
"lastModified": "2024-07-09T17:15:20.797",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37324",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37326.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37326",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:20.997",
"lastModified": "2024-07-09T17:15:20.997",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37326",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37327.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37327",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:21.190",
"lastModified": "2024-07-09T17:15:21.190",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37327",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37328.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37328",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:21.387",
"lastModified": "2024-07-09T17:15:21.387",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37328",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37329.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37329",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:21.660",
"lastModified": "2024-07-09T17:15:21.660",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37329",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37330.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37330",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:21.910",
"lastModified": "2024-07-09T17:15:21.910",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37330",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37331.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37331",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:22.113",
"lastModified": "2024-07-09T17:15:22.113",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37331",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37332.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37332",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:22.313",
"lastModified": "2024-07-09T17:15:22.313",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37332",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37333.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37333",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:22.523",
"lastModified": "2024-07-09T17:15:22.523",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37333",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37334.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37334",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:22.730",
"lastModified": "2024-07-09T17:15:22.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-373xx/CVE-2024-37336.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37336",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:22.927",
"lastModified": "2024-07-09T17:15:22.927",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37336",
"source": "secure@microsoft.com"
}
]
}

39
CVE-2024/CVE-2024-377xx/CVE-2024-37762.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37762",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T22:15:02.983",
"lastModified": "2024-07-02T12:09:16.907",
"lastModified": "2024-07-09T16:22:43.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "MachForm hasta la versi\u00f3n 21 se ve afectado por una carga de archivos autenticados y sin restricciones que conduce a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/Atreb92/cve-2024-37762",

56
CVE-2024/CVE-2024-379xx/CVE-2024-37969.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37969",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:23.137",
"lastModified": "2024-07-09T17:15:23.137",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-822"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37969",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-379xx/CVE-2024-37970.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37970",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:23.363",
"lastModified": "2024-07-09T17:15:23.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37970",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-379xx/CVE-2024-37971.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37971",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:23.590",
"lastModified": "2024-07-09T17:15:23.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37971",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-379xx/CVE-2024-37972.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37972",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:23.803",
"lastModified": "2024-07-09T17:15:23.803",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37972",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-379xx/CVE-2024-37973.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37973",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:24.023",
"lastModified": "2024-07-09T17:15:24.023",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37973",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-379xx/CVE-2024-37974.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37974",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:24.250",
"lastModified": "2024-07-09T17:15:24.250",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37974",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-379xx/CVE-2024-37975.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37975",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:24.470",
"lastModified": "2024-07-09T17:15:24.470",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37975",
"source": "secure@microsoft.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More