admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-12T16:00:32.041579+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-12 16:03:31 +00:00
parent d1249b1afa
commit f501e156ee
87 changed files with 4839 additions and 505 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
CVE-1999/CVE-1999-00xx/CVE-1999-0038.json
View File

@ -2,7 +2,7 @@
"id": "CVE-1999-0038",
"sourceIdentifier": "cve@mitre.org",
"published": "1997-04-26T04:00:00.000",
"lastModified": "2022-08-17T07:15:09.050",
"lastModified": "2024-09-12T15:35:31.693",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -12,6 +12,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,6 +70,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [

58
CVE-2021/CVE-2021-225xx/CVE-2021-22509.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-22509",
"sourceIdentifier": "security@opentext.com",
"published": "2024-08-28T07:15:04.753",
"lastModified": "2024-08-28T12:57:27.610",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:22:30.923",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -51,10 +81,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opentext:netiq_advance_authentication:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.5.1",
"matchCriteriaId": "B37C4B8A-B724-4C7C-98E6-9BE7B476BBCB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

57
CVE-2021/CVE-2021-225xx/CVE-2021-22529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-22529",
"sourceIdentifier": "security@opentext.com",
"published": "2024-08-28T07:15:06.223",
"lastModified": "2024-08-28T12:57:27.610",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:55:31.813",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opentext:netiq_advance_authentication:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.5.1",
"matchCriteriaId": "B37C4B8A-B724-4C7C-98E6-9BE7B476BBCB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Release Notes"
]
}
]
}

57
CVE-2021/CVE-2021-381xx/CVE-2021-38122.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-38122",
"sourceIdentifier": "security@opentext.com",
"published": "2024-08-28T07:15:08.300",
"lastModified": "2024-08-28T12:57:17.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:05:51.547",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opentext:netiq_advance_authentication:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.5.1",
"matchCriteriaId": "B37C4B8A-B724-4C7C-98E6-9BE7B476BBCB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Release Notes"
]
}
]
}

54
CVE-2022/CVE-2022-35xx/CVE-2022-3556.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3556",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-05T11:15:11.853",
"lastModified": "2024-09-05T12:53:21.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-12T14:30:58.577",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kanev:cab_fare_calculator:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.6",
"matchCriteriaId": "68570211-08DD-4117-82F8-F231D8815536"
}
]
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/cab-fare-calculator/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/219de193-32d0-40b0-a471-bf8bf6e2bb62?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2022/CVE-2022-383xx/CVE-2022-38382.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38382",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-13T02:15:04.730",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:37:51.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -51,14 +71,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.10.0.0",
"versionEndIncluding": "1.10.11.0",
"matchCriteriaId": "8FA89838-3E05-4778-9323-DE51CC10FD18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.10.12.0",
"versionEndIncluding": "1.10.23.0",
"matchCriteriaId": "681CAB61-9525-422C-91F5-10AAEC7BC1BD"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233672",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7165286",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

44
CVE-2022/CVE-2022-45xx/CVE-2022-4529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4529",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-05T11:15:12.147",
"lastModified": "2024-09-05T12:53:21.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-12T14:29:03.923",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +61,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:msoftplugins:security_antivirus_firewall:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.5",
"matchCriteriaId": "5798AD71-3560-4419-8FC4-02650DE38A8C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/security-antivirus-firewall/trunk/includes/wptsafEnv.php#L68",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd177a43-6059-4125-9408-1090b9a54117?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

111
CVE-2022/CVE-2022-489xx/CVE-2022-48901.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48901",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-22T02:15:04.733",
"lastModified": "2024-08-22T12:48:02.790",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:05:35.127",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,118 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: btrfs: no inicie la reubicaci\u00f3n hasta que se completen las ca\u00eddas en progreso. Nos topamos con un error con una reubicaci\u00f3n de recuperaci\u00f3n en el montaje para uno de nuestros sistemas de archivos en producci\u00f3n. Reproduje esto localmente inyectando errores en la eliminaci\u00f3n de instant\u00e1neas con el saldo ejecut\u00e1ndose al mismo tiempo. Esto se present\u00f3 como un error al buscar un elemento de extensi\u00f3n ADVERTENCIA: CPU: 5 PID: 1501 en fs/btrfs/extent-tree.c:866 lookup_inline_extent_backref+0x647/0x680 CPU: 5 PID: 1501 Comm: btrfs-balance No contaminado 5.16 .0-rc8+ #8 RIP: 0010:lookup_inline_extent_backref+0x647/0x680 RSP: 0018:ffffae0a023ab960 EFLAGS: 00010202 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000000000 RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000000000 RBP: ffff943fd2a39b60 R08: 0000000000000000 R09: 000000000001 R10: 0001434088152de0 R11: 0000000000000000 R12: 0000000001d05000 R13: ffff943fd2a39b60 R14: ffff943fdb96f2a0 R15: ffff9442fc923000 FS: 000000000000000(0000) GS:ffff944e9eb40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 3: 000000010f092000 CR4: 0000000000350ee0 Seguimiento de llamadas: insert_inline_extent_backref+0x46/0xd0 __btrfs_inc_extent_ref.isra.0+0x5f/0x200 ? btrfs_merge_delayed_refs+0x164/0x190 __btrfs_run_delayed_refs+0x561/0xfa0 ? btrfs_search_slot+0x7b4/0xb30? btrfs_update_root+0x1a9/0x2c0 btrfs_run_delayed_refs+0x73/0x1f0 ? btrfs_update_root+0x1a9/0x2c0 btrfs_commit_transaction+0x50/0xa50 ? btrfs_update_reloc_root+0x122/0x220 prepare_to_merge+0x29f/0x320 relocate_block_group+0x2b8/0x550 btrfs_relocate_block_group+0x1a6/0x350 btrfs_relocate_chunk+0x27/0xe0 btrfs_balance+0x777/0xe60 balance_kthread+0x35/0x50? btrfs_balance+0xe60/0xe60 kthread+0x16b/0x190 ? set_kthread_struct+0x40/0x40 ret_from_fork+0x22/0x30 Normalmente, fs_info->cleaner_mutex excluye la ejecuci\u00f3n simult\u00e1nea de la eliminaci\u00f3n y reubicaci\u00f3n de instant\u00e1neas. Sin embargo, si tuvi\u00e9ramos un saldo pendiente esperando obtener ->cleaner_mutex, y se estuviera ejecutando una eliminaci\u00f3n de instant\u00e1nea y luego el cuadro fallara, llegar\u00edamos a un estado en el que tendr\u00edamos una instant\u00e1nea medio eliminada. Nuevamente, en el caso normal, la eliminaci\u00f3n de la instant\u00e1nea debe completarse antes de que pueda comenzar la reubicaci\u00f3n, pero en este caso la reubicaci\u00f3n podr\u00eda muy bien comenzar antes de que se complete la eliminaci\u00f3n de la instant\u00e1nea, ya que simplemente agregamos la ra\u00edz a la lista de ra\u00edces muertas y esperamos la pr\u00f3xima vez que se complete la eliminaci\u00f3n de la instant\u00e1nea. El limpiador se ejecuta para limpiar la instant\u00e1nea. Solucione este problema configurando un bit en fs_info si tenemos alg\u00fan DEAD_ROOT que tenga una clave drop_progress pendiente. Si lo hacen, entonces sabremos que est\u00e1bamos en medio de la operaci\u00f3n de colocaci\u00f3n y configuramos una bandera en fs_info. Luego, el saldo puede esperar hasta que se borre esta bandera para comenzar nuevamente. Si hay DEAD_ROOT que no tienen drop_progress configurado, entonces podemos comenzar a equilibrar de inmediato, ya que estaremos protegidos adecuadamente por clean_mutex."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"matchCriteriaId": "A48510A0-1C49-4D24-BB6E-AC9B5F1C4DFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.13",
"matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*",
"matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/5e70bc827b563caf22e1203428cc3719643de5aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6599d5e8bd758d897fd2ef4dc388ae50278b1f7e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b4be6aefa73c9a6899ef3ba9c5faaa8a66e333ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

111
CVE-2022/CVE-2022-489xx/CVE-2022-48902.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48902",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-22T02:15:04.807",
"lastModified": "2024-08-22T12:48:02.790",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:01:44.523",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,118 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: no haga WARN_ON() si tenemos configurado PageError. Siempre que realizamos operaciones de b\u00fafer de extensi\u00f3n, llamamos a afirmar_eb_page_uptodate() para quejarnos en voz alta si estamos operando en una p\u00e1gina no actualizada. Nuestras pruebas nocturnas detectaron esta advertencia a principios de esta semana ADVERTENCIA: CPU: 1 PID: 553508 en fs/btrfs/extent_io.c:6849 afirmar_eb_page_uptodate+0x3f/0x50 CPU: 1 PID: 553508 Comm: kworker/u4:13 Tainted: GW 5.17. 0-rc3+ #564 Nombre de hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 01/04/2014 Cola de trabajo: btrfs-cache btrfs_work_helper RIP: 0010:assert_eb_page_uptodate+0x3f/0x50 RSP: 0018 :ffffa961440a7c68 EFLAGS: 00010246 RAX: 0017ffffc0002112 RBX: ffffe6e74453f9c0 RCX: 00000000000001000 RDX: ffffe6e74467c887 RSI: ffffe6e74453f9c0 ffff8d4c5efc2fc0 RBP: 0000000000000d56 R08: ffff8d4d4a224000 R09: 0000000000000000 R10: 00015817fa9d1ef0 R11: 000000000000000c R12: 000000007b1 R13: ffff8d4c5efc2fc0 R14: 0000000001500000 R15: 0000000001cb1000 FS: 0000000000000000(0000) GS:ffff8d4dbbd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 448d8 CR3: 0000000118be8004 CR4: 0000000000370ee0 Seguimiento de llamadas: extend_buffer_test_bit+0x3f/0x70 free_space_test_bit+0xa6/0xc0 load_free_space_tree +0x1f6/0x470 caching_thread+0x454/0x630 ? rcu_read_lock_sched_held+0x12/0x60? rcu_read_lock_sched_held+0x12/0x60? rcu_read_lock_sched_held+0x12/0x60? lock_release+0x1f0/0x2d0 btrfs_work_helper+0xf2/0x3e0 ? lock_release+0x1f0/0x2d0? terminar_task_switch.isra.0+0xf9/0x3a0 proceso_one_work+0x26d/0x580 ? proceso_one_work+0x580/0x580 trabajador_thread+0x55/0x3b0? proceso_one_work+0x580/0x580 kthread+0xf0/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 Esto fue solucionado parcialmente por c2e39305299f01 (\"btrfs: borrar la actualizaci\u00f3n del b\u00fafer de extensi\u00f3n cuando no logramos escribirlo\"), sin embargo, todo lo que esa soluci\u00f3n hizo fue evitar que encontr\u00e1ramos b\u00faferes de extensi\u00f3n despu\u00e9s de una escritura fallida. Eso no nos impidi\u00f3 seguir usando un b\u00fafer que ya hab\u00edamos encontrado. En este caso, estamos buscando la ra\u00edz de confirmaci\u00f3n para almacenar en cach\u00e9 el grupo de bloques, de modo que podamos comenzar a confirmar la transacci\u00f3n, cambiar la ra\u00edz de confirmaci\u00f3n y luego comenzar a escribir. Despu\u00e9s del cambio, podemos buscar un b\u00fafer de extensi\u00f3n que a\u00fan no se ha escrito y comenzar a procesar ese grupo de bloques. Luego no escribimos ese bloqueo y borramos Actualizar en la p\u00e1gina, y luego comenzamos a arrojar estos errores. Normalmente aqu\u00ed estamos protegidos hasta cierto punto por el candado del \u00e1rbol. Si leemos un bloque, tenemos la lectura del bloque bloqueada y evitamos que el escritor bloquee el bloque antes de enviarlo para la escritura. Sin embargo, esto no es necesariamente infalible porque la lectura podr\u00eda ocurrir antes de submit_bio y despu\u00e9s de bloquear y desbloquear el b\u00fafer de extensi\u00f3n. Tambi\u00e9n en este caso particular tenemos configurado path->skip_locking, por lo que eso no nos salvar\u00e1 aqu\u00ed. Simplemente obtendremos un bloque que era v\u00e1lido cuando lo le\u00edmos, pero dej\u00f3 de ser v\u00e1lido mientras lo us\u00e1bamos. Lo que realmente queremos es detectar el caso en el que hemos \"le\u00eddo\" un bloque pero no est\u00e1 marcado como Actualizado. Al leer, usamos ClearPageError(), por lo que si estamos !Uptodate y !Error sabremos que no hicimos lo correcto al leer la p\u00e1gina. Solucione esto marcando !Uptodate && !Error, de esta manera no nos quejaremos si nuestro b\u00fafer se invalida mientras lo estamos usando, y mantendremos el esp\u00edritu de la verificaci\u00f3n, que es asegurarnos de que tengamos un cach\u00e9 completo. bloquear mientras estamos jugando con \u00e9l."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"matchCriteriaId": "A48510A0-1C49-4D24-BB6E-AC9B5F1C4DFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.13",
"matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*",
"matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/9efcc83b33b576302147634eca9bece8e3737e34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a50e1fcbc9b85fd4e95b89a75c0884cb032a3e06",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e00077aa439f0e8f416699fa4e9600db6583db70",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

14
CVE-2023/CVE-2023-378xx/CVE-2023-37831.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37831",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T18:15:08.527",
"lastModified": "2023-11-08T18:00:34.107",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T14:35:05.870",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-204"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-388xx/CVE-2023-38845.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38845",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-25T22:15:09.227",
"lastModified": "2023-11-03T16:39:40.890",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:33.573",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-388xx/CVE-2023-38846.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38846",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-25T22:15:09.290",
"lastModified": "2023-11-03T17:00:05.280",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:34.370",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-388xx/CVE-2023-38847.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38847",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-25T22:15:09.340",
"lastModified": "2023-11-03T17:22:18.760",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:35.200",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-388xx/CVE-2023-38848.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38848",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-25T22:15:09.383",
"lastModified": "2023-11-03T17:27:41.767",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:36.227",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-433xx/CVE-2023-43352.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43352",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-26T22:15:08.700",
"lastModified": "2023-11-07T17:23:49.890",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:38.720",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-447xx/CVE-2023-44794.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44794",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-25T18:17:32.863",
"lastModified": "2023-10-31T20:08:45.883",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:40.080",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-458xx/CVE-2023-45867.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45867",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-26T15:15:08.900",
"lastModified": "2023-11-14T18:34:47.817",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:41.190",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-462xx/CVE-2023-46277.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46277",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-20T05:15:08.487",
"lastModified": "2023-10-26T17:45:23.253",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:41.900",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-463xx/CVE-2023-46393.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46393",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T14:15:08.567",
"lastModified": "2023-11-07T21:24:28.183",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:42.627",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-460"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-465xx/CVE-2023-46509.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46509",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T21:15:09.897",
"lastModified": "2023-10-31T15:24:07.963",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:43.353",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-465xx/CVE-2023-46510.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46510",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T21:15:09.947",
"lastModified": "2023-11-08T00:54:34.267",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:44.080",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [

77
CVE-2023/CVE-2023-529xx/CVE-2023-52908.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52908",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.800",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:54:41.943",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,82 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: corrige una posible desreferencia NULL. Se corrige una posible desreferencia NULL, en el caso de que sea \"man\", el administrador de recursos podr\u00eda ser NULL, cuando/si imprimimos informaci\u00f3n de depuraci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.9",
"versionEndExcluding": "6.1",
"matchCriteriaId": "28CC5A62-2D03-429C-A726-BF09788C85CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.5",
"versionEndExcluding": "6.1.7",
"matchCriteriaId": "43DB50CE-32DB-4D33-9568-7E0E5EA53986"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0be7ed8e7eb15282b5d0f6fdfea884db594ea9bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f2faf0699af78968a27ca154bf76e94247f8c471",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

95
CVE-2023/CVE-2023-529xx/CVE-2023-52909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52909",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.857",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:52:54.573",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,104 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: corrige el manejo de archivos abiertos almacenados en cach\u00e9 en la ruta de c\u00f3digo nfsd4_open el commit fb70bf124b05 (\"NFSD: crear una instancia de un archivo de estructura al crear un archivo NFSv4 normal\") agreg\u00f3 la capacidad de almacenar en cach\u00e9 un fd abierto sobre un compuesto. Hay un par de problemas con la forma en que esto funciona actualmente: Es picante, ya que un nfsd_file reci\u00e9n creado puede terminar con su bit PENDIENTE borrado mientras el nf tiene hash, y el puntero nf_file todav\u00eda est\u00e1 puesto a cero. Otras tareas pueden encontrarlo en este estado y esperan ver un nf_file v\u00e1lido, y pueden ir si nf_file es NULL. Adem\u00e1s, no hay garant\u00eda de que terminemos creando un nuevo nfsd_file si ya hay uno en el hash. Si una entrada existente est\u00e1 en el hash con un nf_file v\u00e1lido, nfs4_get_vfs_file golpear\u00e1 su puntero nf_file con el valor de op_file y el antiguo nf_file se filtrar\u00e1. Solucione ambos problemas creando una nueva variante nfsd_file_acquirei_opened que toma un puntero de archivo opcional. Si hay uno presente cuando se llama, tomaremos una nueva referencia en lugar de intentar abrir el archivo. Si el nfsd_file ya tiene un nf_file v\u00e1lido, simplemente ignoraremos el archivo opcional y devolveremos el nfsd_file tal como est\u00e1. Tambi\u00e9n vuelva a trabajar un poco los puntos de seguimiento para permitir una variante \"abierta\" y no intente evitar contar adquisiciones en el caso de que ya tengamos un archivo abierto en cach\u00e9."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19",
"versionEndExcluding": "6.1.7",
"matchCriteriaId": "A3B4D9E4-9005-47B1-B0C1-FFC9874D6FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0b3a551fa58b4da941efeb209b3770868e2eddd7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/0b778361998d6c6356b8d2fc7ddf025fb3224654",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/45c08a752982116f3287afcd1bd9c50f4fab0c28",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/973acfdfe90c8a4e58ade97ff0653a498531ff2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

97
CVE-2023/CVE-2023-529xx/CVE-2023-52910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52910",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.910",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:47:08.540",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,104 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iommu/iova: soluciona el problema de desbordamiento de alloc iova. En __alloc_and_insert_iova_range, hay un problema que retry_pfn se desborda. El valor de iovad->anchor.pfn_hi es ~0UL, luego, cuando iovad->cached_node es iovad->anchor, curr_iova->pfn_hi + 1 se desbordar\u00e1. Como resultado, si se ejecuta la l\u00f3gica de reintento, low_pfn se actualiza a 0 y luego new_pfn < low_pfn devuelve falso para que la asignaci\u00f3n sea exitosa. Este problema ocurre en las dos situaciones siguientes: 1. El tama\u00f1o del primer iova excede el tama\u00f1o del dominio. Al inicializar el dominio iova, iovad->cached_node se asigna como iovad->anchor. Por ejemplo, el tama\u00f1o del dominio iova es 10 M, start_pfn es 0x1_F000_0000 y el tama\u00f1o de iova asignado por primera vez es 11 M. La siguiente es la informaci\u00f3n de registro, new->pfn_lo es m\u00e1s peque\u00f1o que iovad->cached_node. Registro de ejemplo como sigue: [ 223.798112][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range start_pfn:0x1f0000,retry_pfn:0x0,size:0xb00,limit_pfn:0x1f0a00 [ 223.799590][T1705487] [nombre:iova&]__alloc_and_insert_iova_range \u00e9xito start_pfn :0x1f0000,new->pfn_lo:0x1efe00,new->pfn_hi:0x1f08ff 2. El nodo con el valor iova->pfn_lo m\u00e1s grande en el dominio iova se elimina, iovad->cached_node se actualizar\u00e1 a iovad->anchor y luego el tama\u00f1o de alloc iova excede el tama\u00f1o m\u00e1ximo de iova que se puede asignar en el dominio. Despu\u00e9s de juzgar que retry_pfn es menor que limit_pfn, llame a retry_pfn+1 para solucionar el problema de desbordamiento."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.89",
"matchCriteriaId": "E706841F-E788-4316-9B05-DA8EB60CE6B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.7",
"matchCriteriaId": "9275C81F-AE96-4CDB-AD20-7DBD36E5D909"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/61cbf790e7329ed78877560be7136f0b911bba7f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c929a230c84441e400c32e7b7b4ab763711fb63e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dcdb3ba7e2a8caae7bfefd603bc22fd0ce9a389c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

99
CVE-2023/CVE-2023-529xx/CVE-2023-52911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52911",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.967",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:49:30.220",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,104 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm: otra soluci\u00f3n para la GPU Adreno sin cabeza. Se corrigi\u00f3 otro error reproducible al reiniciar la placa con la GPU Adreno funcionando en modo sin cabeza (por ejemplo, plataformas iMX). No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 00000000 cuando se lee [00000000] *pgd=74936831, *pte=00000000, *ppte=00000000 Error interno: Ups: 17 [#1] ARM CPU: 0 PID: 51 Comm: reiniciar Not tainted 6.2.0-rc1-dirty #11 Nombre del hardware: Freescale i.MX53 (soporte de \u00e1rbol de dispositivos) La PC est\u00e1 en msm_atomic_commit_tail+0x50/0x970 LR est\u00e1 en commit_tail+0x9c/0x188 pc: [] lr: [< c067a214>] psr: 600e0013 sp: e0851d30 ip: ee4eb7eb fp: 00090acc r10: 00000058 r9: c2193014 r8: c4310000 r7: c4759380 r6: 07bef61d r5: 00000 r4: 00000000 r3: c44cc440 r2: 00000000 r1: 00000000 r0: 00000000 Banderas: nZCv IRQ en FIQ en Modo SVC_32 ISA ARM Segmento ninguno Control: 10c5387d Tabla: 74910019 DAC: 00000051 Informaci\u00f3n del registro r0: puntero NULL Informaci\u00f3n del registro r1: puntero NULL Informaci\u00f3n del registro r2: puntero NULL Informaci\u00f3n del registro r3: slab kmalloc-1k inicio c44cc400 desplazamiento del puntero 64 tama\u00f1o 1024 Informaci\u00f3n del registro r4: puntero NULL Informaci\u00f3n del registro r5: puntero NULL Informaci\u00f3n del registro r6: memoria no paginada Informaci\u00f3n del registro r7: slab kmalloc-128 inicio c4759380 desplazamiento del puntero 0 tama\u00f1o 128 Informaci\u00f3n del registro r8: slab kmalloc-2k inicio c4310000 desplazamiento del puntero 0 tama\u00f1o 2048 Informaci\u00f3n del registro r9: memoria no slab/vmalloc Informaci\u00f3n del registro r10: memoria no paginada Informaci\u00f3n del registro r11: memoria no paginada Informaci\u00f3n del registro r12: memoria no paginada Reinicio del proceso (pid: 51, l\u00edmite de pila = 0xc80046d9) Pila : (0xe0851d30 a 0xe0852000) 1d20: c4759380 fbd77200 000005ff 002b9c70 1d40: c4759380 c4759380 00000000 07bef61d 00000600 c0d6fe7c 3014 00000058 1d60: 00090acc c067a214 00000000 c4759380 c4310000 00000000 c44cc854 c067a89c 1d80: 00000000 00000000 00000000 c431046 8 00000000 c4759380 c4310000 c4310468 1da0: c4310470 c0643258 c4759380 00000000 00000000 c0c4ee24 00000000 c44cc810 1dc0: 00000000 c0c4ee24 00000000 c44cc810 00000000 0347d2a8 e0851e00 e0851e00 1de0: c4759380 c067ad20 c4310000 00 c44cc810 c27f8718 c44cc854 c067adb8 1e00: c4933000 00000002 00000001 00000000 00000000 c2130850 00000000 c2130854 1e20: c25fc488 00000 c0ff162c 00000000 00000001 00000002 00000000 00000000 1e40: c43102c0 c43102c0 00000000 0347d2a8 c44cc810 c44cc814 c2133da8 c06d1a60 1e60: 00000000 00000000 00079028 c2012f24 fee1dead c4933000 00000058 c01431e4 1e80: 01234567 c0143a20 00000000 000 00000000 00000000 00000000 00000000 1ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1ec0: 000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1ee0: 00000000 00000000 00000000 00000000 00000000 0000 00000000 00000000 1f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1f20: 00000000 00000000 000000 00000000 00000000 00000000 00000000 00000000 1f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000 1f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1f80: 00000000 00000000 00000000 0347d2a 8 00000002 00000004 00000078 00000058 1fa0: c010028c c0100060 00000002 00000004 fee1dead 28121969 01234567 00079028 1fc0: 00000002 00000004 00000078 0000058 0002fdc5 00000000 00000000 00090acc 1fe0: 00000058 becc9c64 b6e97e05 b6e0e5f6 600e0030 fee1dead 00000000 00000000 msm_atomic_commit_tail de commit_tail+ 0x9c/0x188 commit_tail de drm_atomic_helper_commit+0x160/0x188 drm_atomic_helper_commit de drm_atomic_commit+ 0xac/0xe0 drm_atomic_commit de drm_atomic_helper_disable_all+0x1b0/0x1c0 drm_atomic_helper_disable_all de drm_atomic_helper_shutdown+0x88/0x140 drm_atomic_helper_shutdown de device_shutdown+0x16c/0x240 device_shutdown de kernel_restart+0x 38/0x90 kernel_restart desde __do_sys_reboot+0x ---truncado---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.17",
"versionEndExcluding": "6.0",
"matchCriteriaId": "6817F83D-0EC4-49B2-AAB2-1836D288AE4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.3",
"versionEndExcluding": "6.1",
"matchCriteriaId": "B25A852D-8667-4C72-9253-EEF71841020B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.1.7",
"matchCriteriaId": "043B7290-EDB8-4ACE-A87A-8FA7D130B565"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/00dd060ab3cf95ca6ede7853bc14397014971b5e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b107b08c41b3076a508113fbaaffe15ce1fe7f65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

84
CVE-2023/CVE-2023-529xx/CVE-2023-52912.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52912",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:07.020",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:35:58.593",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,89 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Se corrigi\u00f3 el error al descargar amdgpu. Se corrigi\u00f3 el error al descargar amdgpu. El mensaje de error es el siguiente: [377.706202] ERROR del kernel en drivers/gpu/drm/drm_buddy.c:278. [ 377.706215] c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP NOPTI [ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Contaminado: G IOE 6.0.0-thomas #1 [ 377.706231] Nombre de hardware: Nombre del producto del sistema ASUS/PRIME Z390 -A, BIOS 2004 02/11/2021 [377.706238] RIP: 0010:drm_buddy_free_block+0x26/0x30 [drm_buddy] [377.706264] C\u00f3digo: 00 00 00 90 0f 1f 44 00 00 48 8b 0e 89 8 25 00 0c 00 00 3d 00 04 00 00 75 10 48 8b 47 18 48 d3 e0 48 01 47 28 e9 fa fe ff ff <0f> 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 54 55 48 89 f5 [ 377.706282] RSP : 0018:ffffad2dc4683cb8 EFLAGS: 00010287 [ 377.706289] RAX: 0000000000000000 RBX: ffff8b1743bd5138 RCX: 0000000000000000 [ 377.706297] RDX: ffff8b1743bd5160 RSI: ffff8b1743bd5c78 RDI: ffff8b16d1b25f70 [ 377.706304] RBP: ffff8b1743bd59e0 R08: 0000000000000001 R09: 00000000000000001 [ 377.706311] R10: ffff8b16c8572400 R11 : ffffad2dc4683cf0 R12: ffff8b16d1b25f70 [ 377.706318] R13: ffff8b16d1b25fd0 R14: ffff8b1743bd59c0 R15: ffff8b16d1b25f70 [ 377.706325] FS: 07fec56c72c40(0000) GS:ffff8b1836500000(0000) knlGS:0000000000000000 [ 377.706334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 377.706340] CR2: 00007f9b88c1ba50 CR3: 0000000110450004 CR4: 00000000003706e0 [ 377.706347] DR0: 0000000000000000 DR1: 00000000000000 00 DR2: 0000000000000000 [ 377.706354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 377.706361] Seguimiento de llamadas: [ 377.706365] > [ 377.706369 ] drm_buddy_free_list+0x2a/0x60 [drm_buddy] [ 377.706376] amdgpu_vram_mgr_fini+0xea/0x180 [amdgpu] [ 377.706572] amdgpu_ttm_fini+0x12e/0x1a0 [amdgpu] [ 377.706650] dgpu_bo_fini+0x22/0x90 [amdgpu] [ 377.706727] gmc_v11_0_sw_fini+0x26/0x30 [amdgpu] [ 377.706821] amdgpu_device_fini_sw+0xa1/0x3c0 [amdgpu] [ 377.706897] amdgpu_driver_release_kms+0x12/0x30 [amdgpu] [ 377.706975] drm_dev_release+0x20/0x40 [drm] 377.707006] release_nodes+0x35/0xb0 [ 377.707014] devres_release_all+0x8b /0xc0 [ 377.707020] dispositivo_unbind_cleanup+0xe/0x70 [ 377.707027] dispositivo_release_driver_internal+0xee/0x160 [ 377.707033] driver_detach+0x44/0x90 [ 377.707039] bus_remove_driver+0x55/0x e0 [377.707045] pci_unregister_driver+0x3b/0x90 [377.707052] amdgpu_exit+0x11/0x6c [amdgpu] [377.707194] __x64_sys_delete_module+0x142/0x2b0 [377.707201]? fpregs_assert_state_consistent+0x22/0x50 [377.707208]? exit_to_user_mode_prepare+0x3e/0x190 [ 377.707215] do_syscall_64+0x38/0x90 [ 377.707221] entrada_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"matchCriteriaId": "7728F53D-42CF-4970-B14A-FDAE02704780"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/9196eb7c52e55749a332974f0081f77d53d60199",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/99f1a36c90a7524972be5a028424c57fa17753ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

92
CVE-2023/CVE-2023-529xx/CVE-2023-52913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52913",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:07.087",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:38:40.430",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,97 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/i915: corrige posibles UAF de contexto gem_context_register() hace que el contexto sea visible para el espacio de usuario, y en qu\u00e9 punto un hilo separado puede activar el ioctl I915_GEM_CONTEXT_DESTROY. Por lo tanto, debemos asegurarnos de que nada use ctx ptr despu\u00e9s de esto. Y debemos asegurarnos de que agregar ctx al xarray sea lo *\u00faltimo* que hace gem_context_register() con el puntero ctx. [tursulin: etiquetas estables y corregidas agregadas/ordenadas.] (seleccionado de el commit bed4b455cf5374e68879be56971c1da563bcd90c)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8.11",
"versionEndExcluding": "5.9",
"matchCriteriaId": "06BCA914-E4BD-46C7-A8F5-74061C8BC138"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "6.1.7",
"matchCriteriaId": "7349455C-BBB3-4263-B0EA-BC54BA76B4C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/afce71ff6daa9c0f852df0727fe32c6fb107f0fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b696c627b3f56e173f7f70b8487d66da8ff22506",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

85
CVE-2023/CVE-2023-529xx/CVE-2023-52914.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52914",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:07.143",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:07:17.137",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,90 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: io_uring/poll: agregue hash si la solicitud de sondeo lista no se puede completar en l\u00ednea. Si no lo hacemos, podemos perder el acceso a ella por completo, lo que provocar\u00e1 una fuga de solicitud. Esto eventualmente tambi\u00e9n detendr\u00e1 el proceso de salida del anillo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0",
"versionEndExcluding": "6.1.7",
"matchCriteriaId": "9A23C236-3F02-4454-B9C9-0A91464BDE09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/4ad6c063541665c407d17e1faf2fe4f04e947dcc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/febb985c06cb6f5fac63598c0bffd4fd823d110d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

14
CVE-2023/CVE-2023-56xx/CVE-2023-5654.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5654",
"sourceIdentifier": "report@snyk.io",
"published": "2023-10-19T15:15:09.973",
"lastModified": "2023-10-27T21:53:06.943",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:44.870",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -79,6 +79,16 @@
"value": "CWE-285"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-56xx/CVE-2023-5671.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5671",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-10-25T18:17:43.867",
"lastModified": "2023-11-07T21:46:49.640",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T15:35:45.620",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-57xx/CVE-2023-5739.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5739",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-10-31T16:15:10.307",
"lastModified": "2023-11-08T17:57:37.590",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-12T14:35:09.683",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [

130
CVE-2024/CVE-2024-213xx/CVE-2024-21302.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21302",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-08-08T02:15:37.827",
"lastModified": "2024-08-16T19:15:06.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:06:55.120",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,122 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "2FC29448-7141-4214-9649-CED500988576"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20710",
"matchCriteriaId": "E75CE9C1-0E1A-428C-BCD0-93101BACE69B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.7259",
"matchCriteriaId": "FA0304FD-3109-4A15-A2BC-CB1AA66C7877"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.7259",
"matchCriteriaId": "02BC3C30-4E56-47F1-950A-FC7D71FFB11C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6189",
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4780",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4780",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3147",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.4037",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.4037",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.1457",
"matchCriteriaId": "39CF5041-1FEC-420E-9D73-F78CC9C091C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.26100.1457",
"matchCriteriaId": "836AD97E-1760-48F1-9667-8E0B9F170E15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7259",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6189",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2655",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1085",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-237xx/CVE-2024-23716.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23716",
"sourceIdentifier": "security@android.com",
"published": "2024-09-11T00:15:10.957",
"lastModified": "2024-09-11T16:26:11.920",
"lastModified": "2024-09-12T14:35:11.523",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En DevmemIntPFNotify de devicemem_server.c, existe un posible use after free debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-09-01",

30
CVE-2024/CVE-2024-271xx/CVE-2024-27114.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27114",
"sourceIdentifier": "csirt@divd.nl",
"published": "2024-09-11T14:15:13.040",
"lastModified": "2024-09-11T16:26:11.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-12T14:35:12.397",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) no autenticada en la herramienta de planificaci\u00f3n en l\u00ednea SO Planning. Si la configuraci\u00f3n de vista p\u00fablica est\u00e1 habilitada, un atacante puede cargar un archivo PHP que estar\u00e1 disponible para su ejecuci\u00f3n durante unos milisegundos antes de que se elimine, lo que provocar\u00e1 la ejecuci\u00f3n de c\u00f3digo en el sistema subyacente. La vulnerabilidad se ha solucionado en la versi\u00f3n 1.52.02."
}
],
"metrics": {
@ -55,6 +59,28 @@
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [

60
CVE-2024/CVE-2024-289xx/CVE-2024-28990.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-28990",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-09-12T14:16:06.273",
"lastModified": "2024-09-12T14:16:06.273",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console.\n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@solarwinds.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@solarwinds.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm",
"source": "psirt@solarwinds.com"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28990",
"source": "psirt@solarwinds.com"
}
]
}

60
CVE-2024/CVE-2024-289xx/CVE-2024-28991.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-28991",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-09-12T14:16:06.540",
"lastModified": "2024-09-12T14:16:06.540",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@solarwinds.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@solarwinds.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm",
"source": "psirt@solarwinds.com"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28991",
"source": "psirt@solarwinds.com"
}
]
}

39
CVE-2024/CVE-2024-313xx/CVE-2024-31336.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31336",
"sourceIdentifier": "security@android.com",
"published": "2024-09-11T00:15:11.023",
"lastModified": "2024-09-11T16:26:11.920",
"lastModified": "2024-09-12T14:35:13.360",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Imagination PowerVR-GPU en Android antes del 5 de septiembre de 2024 tiene una vulnerabilidad de alta gravedad, tambi\u00e9n conocida como A-337949672."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-09-01",

39
CVE-2024/CVE-2024-31xx/CVE-2024-3163.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3163",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-09-12T06:15:23.607",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T15:35:47.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento Easy Property Listings de WordPress anterior a la versi\u00f3n 3.5.4 no tiene verificaci\u00f3n CSRF al eliminar contactos en masa, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los elimine mediante un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/f89c8654-5486-4939-880d-101f33d359c0/",

351
CVE-2024/CVE-2024-330xx/CVE-2024-33005.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33005",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:07.740",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:39:03.480",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.5
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -51,14 +71,337 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "816DBDA9-E4F1-476B-95B3-19758627E3A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E640D6CD-A1BA-46C5-B652-0A65F6FF17E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3C3F09-14C5-4E8C-93B4-40F444F3B9F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6F567192-ED9A-47B9-A386-0A83AB64948E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "86C349D7-8F6C-42F4-9B8B-A7E0008FB3A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.89:*:*:*:*:*:*:*",
"matchCriteriaId": "A548E7E7-EAB0-40B7-89BD-F7682F76FD45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.93:*:*:*:*:*:*:*",
"matchCriteriaId": "B3532BC5-507D-4517-A017-19E2B95A8FD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BE43A-6659-4C08-8194-F85FA47D7D81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "4673CFDB-C17D-437B-8FE8-F0EA5BA97831"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E415C122-70DF-478E-8493-4CF9E9AD934C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5A9939-C663-4B52-97DB-64D80B40FB5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5C3E99-E68D-4CC2-8F9B-779406AE8B1A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DB3FCF-F720-4DA5-AF2D-D0E3B1F2297E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "7109185C-385B-451E-AD63-BC09BD06B1F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "D30D9CA9-4704-4CEA-AC05-C501ED5AAFCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEDE97-D538-4899-BEC0-0A1AF88283F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "A80E509A-4262-41F0-92B4-1A3639F4B80D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.89:*:*:*:*:*:*:*",
"matchCriteriaId": "016D047B-F45A-4357-865F-75C6EB392FA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.93:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA04598-FB33-4DF1-A5B1-1433FB7BCA28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_java:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D41AD192-F087-441A-B875-3626AD1142F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_java:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8A21AA-F5E0-4332-9654-DABDCA0C5363"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_java:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D31F22F6-7C40-4FDB-A8CE-EF63E9E7B220"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_java:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "4CABDDC7-44AF-4F15-BEB0-C60EFE732B3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_java:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "F373984D-DB7D-4FA8-B8B1-DA9F55B4CDE3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4E320D-178F-4F08-A9F6-8244148768EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "414F67F4-A294-4097-B6E1-7FBBDEDB8AE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0EDBD6-7716-4521-8E98-392DA6C6D7E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "36362B65-8434-404C-AAE6-D778E533B1DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF1E060-A7ED-4ED3-A514-FCDE6EE52C57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.89:*:*:*:*:*:*:*",
"matchCriteriaId": "598F9F0F-82C7-4199-8E86-65D8D6FC2BA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.93:*:*:*:*:*:*:*",
"matchCriteriaId": "FA38CCCD-9003-4A64-8646-66C4719C366F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:content_server:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4003CF-11F3-4BF6-B976-37DC0BB5F881"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:content_server:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "70C658C4-2571-4C71-A4CA-82AA6A4E7259"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:content_server:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B0052599-8162-44D5-B7B6-72C3DD621DB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:content_server:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C7350-983D-4D9D-B0EA-E1D9262EF6C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:content_server:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "4191B6B2-EC7E-460E-A98F-A239AF022454"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E1A535-8362-454E-AC22-85C4E957CCF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E4BC89-114A-4EA3-A9E8-D956A26BCB18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "65A5FFAC-93F9-4204-9FA1-4D749D443173"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "E0098E57-6A7F-4CC6-8109-E2400E0FFFEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ABB030-9A13-4194-A2A4-9623B2F22D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.89:*:*:*:*:*:*:*",
"matchCriteriaId": "DB22EAAE-F75C-4902-9734-52B048D5D7B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.93:*:*:*:*:*:*:*",
"matchCriteriaId": "30459CD4-451D-4C3D-8FE2-17552F83D7CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA8BFCF-0A55-4DEE-B426-1DEF04DA0464"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "54AE89EF-E64B-43C5-B9C2-8F41ACCD3482"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "52C58E1D-8A91-451C-A1E1-85BE336DC763"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "89262244-880C-41CB-A904-3B06D3A73460"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8CD933-E217-445A-B244-C07625F9EE74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.22_ext:*:*:*:*:*:*:*",
"matchCriteriaId": "715F51D3-00BA-4512-A8E4-FE32F4B176F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "5481831F-91CC-49DD-A54B-277A6E6D22AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "F04B311B-7FCC-421E-BF3C-8D020245F83D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "44FA685E-8C00-45E0-AC72-C21EA1DD66FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "3905B636-9BD2-4D27-8CE8-35135F98B7BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.89:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0AEE9-CD7F-47D5-8F3C-08E1BEE9E820"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C04CED5F-79E6-410C-8BA4-2F202810576A"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3438085",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

33
CVE-2024/CVE-2024-341xx/CVE-2024-34128.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34128",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-07-23T12:15:09.763",
"lastModified": "2024-07-24T12:55:13.223",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:58:26.700",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"versionEndExcluding": "6.5.21.0",
"matchCriteriaId": "AAF67BB0-572D-4DCA-9CEB-C30D5D8FDB48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"versionEndIncluding": "2024.5.0",
"matchCriteriaId": "FFBF1159-72E3-4163-A403-8909C50C2E92"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

36
CVE-2024/CVE-2024-373xx/CVE-2024-37397.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37397",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-09-12T02:15:03.700",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T15:35:46.803",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -39,6 +61,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022",

89
CVE-2024/CVE-2024-382xx/CVE-2024-38202.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38202",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-08-08T02:15:38.180",
"lastModified": "2024-08-16T19:15:09.843",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:09:04.470",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,81 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61019899-D7AF-46E4-A72C-D189180F66AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E332666-2E03-468E-BC30-299816D6E8ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F513002-D8C1-4D3A-9F79-4B52498F67E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB4AE761-6FAC-4000-A63D-42CE3FAB8412"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4793BFB-2E4E-4067-87A5-4B8749025CA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42D329B2-432D-4029-87EB-4C3C5F55CD95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

32
CVE-2024/CVE-2024-404xx/CVE-2024-40457.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-40457",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-12T14:16:06.780",
"lastModified": "2024-09-12T14:16:06.780",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior."
}
],
"metrics": {},
"references": [
{
"url": "https://www.noip.com/support/knowledgebase/install-linux-3-x-dynamic-update-client-duc",
"source": "cve@mitre.org"
},
{
"url": "https://www.noip.com/support/knowledgebase/running-linux-duc-v3-0-startup-2",
"source": "cve@mitre.org"
}
]
}

39
CVE-2024/CVE-2024-406xx/CVE-2024-40650.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-40650",
"sourceIdentifier": "security@android.com",
"published": "2024-09-11T00:15:11.080",
"lastModified": "2024-09-11T16:26:11.920",
"lastModified": "2024-09-12T14:35:14.240",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En wifi_item_edit_content de styles.xml, existe una posible omisi\u00f3n de FRP debido a la falta de verificaci\u00f3n del estado de FRP. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-358"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/2968ccc911956fa5813a9a6a5e5c8970e383a60f",

172
CVE-2024/CVE-2024-410xx/CVE-2024-41012.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41012",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-23T08:15:01.877",
"lastModified": "2024-07-29T07:15:05.083",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:28:48.250",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,189 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: filelock: Elimina bloqueos de manera confiable cuando se detecta fcntl/close race Cuando fcntl_setlk() corre con close(), elimina el bloqueo creado con do_lock_file_wait(). Sin embargo, los LSM pueden permitir el primer do_lock_file_wait() que cre\u00f3 el bloqueo y al mismo tiempo negar el segundo do_lock_file_wait() que intenta eliminar el bloqueo. Por separado, posix_lock_file() tambi\u00e9n podr\u00eda no eliminar un bloqueo debido a un fallo en la asignaci\u00f3n de GFP_KERNEL (al dividir un rango por la mitad). Despu\u00e9s de que se haya activado el error, se producir\u00e1n lecturas de use-after-free en lock_get_status() cuando el espacio de usuario lea /proc/locks. Es probable que esto se pueda usar para leer memoria del kernel arbitraria, pero no puede da\u00f1ar la memoria del kernel. Solucionelo llamando a locks_remove_posix() en su lugar, que est\u00e1 dise\u00f1ado para deshacerse de manera confiable de los bloqueos POSIX asociados con el archivo dado y files_struct y tambi\u00e9n lo usa filp_flush()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.13",
"versionEndExcluding": "4.19.319",
"matchCriteriaId": "09B96E21-A9AA-4FE9-9963-81674510791D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.281",
"matchCriteriaId": "92317F4D-6FF1-4A82-8834-52B023F0A242"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.223",
"matchCriteriaId": "12CD4E48-26A1-40B4-AF6A-1CC066193F4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.164",
"matchCriteriaId": "3D6B1E23-6E6C-4761-ACD4-EA687A95F56F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.101",
"matchCriteriaId": "2B46438B-72B8-4053-8554-94AED3EB13EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.42",
"matchCriteriaId": "972274A2-D688-4C37-BE42-689B58B4C225"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.9",
"matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*",
"matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3cad1bc010416c6dd780643476bc59ed742436b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/52c87ab18c76c14d7209646ccb3283b3f5d87b22",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5661b9c7ec189406c2dde00837aaa4672efb6240",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5f5d0799eb0a01d550c21b7894e26b2d9db55763",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b6d223942c34057fdfd8f149e763fa823731b224",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d30ff33040834c3b9eee29740acd92f9c7ba2250",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dc2ce1dfceaa0767211a9d963ddb029ab21c4235",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ef8fc41cd6f95f9a4a3470f085aecf350569a0b3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

44
CVE-2024/CVE-2024-411xx/CVE-2024-41173.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41173",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-08-27T08:15:04.620",
"lastModified": "2024-08-27T13:01:37.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:52:20.820",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
@ -51,10 +61,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beckhoff:ipc_diagnostics_package:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.0.1",
"matchCriteriaId": "18F97E31-D97A-40A3-BD8A-4EBB91374378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:beckhoff:twincat\\/bsd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.1.2.0",
"matchCriteriaId": "A311642D-9723-4D61-8979-20A1F28EB17E"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-045",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Mitigation",
"Third Party Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-411xx/CVE-2024-41174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41174",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-08-27T08:15:04.860",
"lastModified": "2024-08-27T13:01:37.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:33:54.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
@ -41,7 +61,7 @@
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -49,12 +69,50 @@
"value": "CWE-79"
}
]
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beckhoff:ipc_diagnostics_package:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.1.0",
"matchCriteriaId": "6CE6AD04-5B96-480C-A9A4-1A3DE962306D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:beckhoff:twincat\\/bsd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.1.2.0",
"matchCriteriaId": "A311642D-9723-4D61-8979-20A1F28EB17E"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-048",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Mitigation",
"Third Party Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-411xx/CVE-2024-41175.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41175",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-08-27T08:15:05.080",
"lastModified": "2024-08-27T13:01:37.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:25:10.307",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beckhoff:ipc_diagnostics_package:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.0.1",
"matchCriteriaId": "18F97E31-D97A-40A3-BD8A-4EBB91374378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:beckhoff:twincat\\/bsd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.1.2.0",
"matchCriteriaId": "A311642D-9723-4D61-8979-20A1F28EB17E"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-049/",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://infosys.beckhoff.com/content/1033/twincat_bsd/11780818443.html?id=4222392218353411614",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-411xx/CVE-2024-41176.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41176",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-08-27T08:15:05.317",
"lastModified": "2024-08-27T13:01:37.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:26:00.527",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.5
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beckhoff:mdp_package:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.7.0",
"matchCriteriaId": "E249BB97-D030-457D-B2AA-53460328757B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:beckhoff:twincat\\/bsd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.1.2.0",
"matchCriteriaId": "A311642D-9723-4D61-8979-20A1F28EB17E"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-050",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Mitigation",
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-418xx/CVE-2024-41839.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41839",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-07-23T12:15:10.520",
"lastModified": "2024-07-24T12:55:13.223",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:58:11.690",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"versionEndExcluding": "6.5.21.0",
"matchCriteriaId": "AAF67BB0-572D-4DCA-9CEB-C30D5D8FDB48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"versionEndExcluding": "2024.5.0",
"matchCriteriaId": "5FF97DFB-A8E0-4311-A6EA-303A4D8612C2"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-424xx/CVE-2024-42483.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-42483",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-12T15:18:22.093",
"lastModified": "2024-09-12T15:18:22.093",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for all kinds of messages, whether they are broadcast or unicast, and regardless of whether they are ciphertext or plaintext. This can result an attacker to clear the cache of its legitimate entries, there by creating an opportunity to re-inject previously captured packets. This vulnerability is fixed in 2.5.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-349"
}
]
}
],
"references": [
{
"url": "https://github.com/espressif/esp-now/commit/4e30db50d541b2909d278ef0db05de1a3d7190ef",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/espressif/esp-now/security/advisories/GHSA-wf6q-c2xr-77xj",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-424xx/CVE-2024-42484.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-42484",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-12T15:18:22.320",
"lastModified": "2024-09-12T15:18:22.320",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An Out-of-Bound (OOB) vulnerability was discovered in the implementation of the ESP-NOW group type message because there is no check for the addrs_num field of the group type message. This can result in memory corruption related attacks. Normally there are two fields in the group information that need to be checked, i.e., the addrs_num field and the addrs_list fileld. Since we only checked the addrs_list field, an attacker can send a group type message with an invalid addrs_num field, which will cause the message handled by the firmware to be much larger than the current buffer, thus causing a memory corruption issue that goes beyond the payload length."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/espressif/esp-now/commit/b03a1b4593713fa4bf0038a87edca01f10114a7a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/espressif/esp-now/security/advisories/GHSA-q6f6-4qc5-vhx5",
"source": "security-advisories@github.com"
}
]
}

39
CVE-2024/CVE-2024-430xx/CVE-2024-43040.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-43040",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-10T20:15:04.527",
"lastModified": "2024-09-11T16:26:11.920",
"lastModified": "2024-09-12T14:35:15.010",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que Renwoxing Enterprise Intelligent Management System anterior a la versi\u00f3n 3.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro parid en /fx/baseinfo/SearchInfo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/X1lyS/75a8ea48c4997b683e8b41c94e79e5f9",

47
CVE-2024/CVE-2024-432xx/CVE-2024-43214.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43214",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-26T21:15:24.763",
"lastModified": "2024-08-27T13:01:52.723",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:17:59.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mycred:mycred:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.7.3",
"matchCriteriaId": "6E05DB02-1B8F-47AE-8750-594D0288BC1A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-7-2-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

86
CVE-2024/CVE-2024-449xx/CVE-2024-44938.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44938",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T12:15:05.960",
"lastModified": "2024-08-29T17:15:08.753",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:05:44.310",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,95 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: jfs: corrigi\u00f3 el desplazamiento fuera de los l\u00edmites en dbDiscardAG Al buscar el siguiente bloque log2 m\u00e1s peque\u00f1o, BLKSTOL2() devolvi\u00f3 0, lo que provoc\u00f3 que el exponente de desplazamiento -1 fuera negativo. Este parche soluciona el problema saliendo del bucle directamente cuando se encuentra un cambio negativo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.47",
"matchCriteriaId": "CF4F8EA7-C643-4B9C-8E32-BD81930A5E8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.6",
"matchCriteriaId": "C1CDF130-CCA6-47F6-9718-8949BF4E05CC"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

86
CVE-2024/CVE-2024-449xx/CVE-2024-44940.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44940",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T12:15:06.053",
"lastModified": "2024-08-29T17:15:08.903",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T14:10:00.857",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,95 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: fou: elimine la advertencia en gue_gro_receive en un protocolo no compatible. Descarte WARN_ON_ONCE en gue_gro_receive si el tipo encapsulado no se conoce o no tiene un controlador GRO. Un paquete de este tipo se construye f\u00e1cilmente. Syzbot los genera y activa esta advertencia. Elimine la advertencia como se esperaba y no es procesable. La advertencia se redujo previamente de WARN_ON a WARN_ON_ONCE en el commit 270136613bf7 (\"fou: Haga WARN_ON_ONCE en gue_gro_receive para devoluciones de llamadas de proto incorrectas\")."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.47",
"matchCriteriaId": "CF4F8EA7-C643-4B9C-8E32-BD81930A5E8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.6",
"matchCriteriaId": "C1CDF130-CCA6-47F6-9718-8949BF4E05CC"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

39
CVE-2024/CVE-2024-456xx/CVE-2024-45624.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-45624",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-09-12T05:15:05.053",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T15:35:48.600",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Existe un problema de exposici\u00f3n de informaci\u00f3n confidencial debido a pol\u00edticas incompatibles en Pgpool-II. Si un usuario de la base de datos accede a un cach\u00e9 de consultas, es posible que se recuperen datos de tablas no autorizados para el usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN67456481/",

100
CVE-2024/CVE-2024-458xx/CVE-2024-45823.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45823",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2024-09-12T15:18:22.547",
"lastModified": "2024-09-12T15:18:22.547",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVE-2024-45823 IMPACT\n\n\n\nAn\nauthentication bypass vulnerability exists in the affected product. The\nvulnerability exists due to shared secrets across accounts and could allow a threat\nactor to impersonate a user if the threat actor is able to enumerate additional\ninformation required during authentication."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.2,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201698.html",
"source": "PSIRT@rockwellautomation.com"
}
]
}

100
CVE-2024/CVE-2024-458xx/CVE-2024-45824.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45824",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2024-09-12T14:16:06.953",
"lastModified": "2024-09-12T14:16:06.953",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVE-2024-45824 IMPACT\n\n\n\nA remote\ncode vulnerability exists in the affected products. The vulnerability occurs\nwhen chained with Path Traversal, Command Injection, and XSS Vulnerabilities\nand allows for full unauthenticated remote code execution. The link in the\nmitigations section below contains patches to fix this issue."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.2,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html",
"source": "PSIRT@rockwellautomation.com"
}
]
}

100
CVE-2024/CVE-2024-458xx/CVE-2024-45825.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45825",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2024-09-12T15:18:23.387",
"lastModified": "2024-09-12T15:18:23.387",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVE-2024-45825 IMPACT\nA denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1699.html",
"source": "PSIRT@rockwellautomation.com"
}
]
}

100
CVE-2024/CVE-2024-458xx/CVE-2024-45826.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45826",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2024-09-12T15:18:24.287",
"lastModified": "2024-09-12T15:18:24.287",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVE-2024-45826 IMPACT\nDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-610"
}
]
}
],
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1700.html",
"source": "PSIRT@rockwellautomation.com"
}
]
}

62
CVE-2024/CVE-2024-45xx/CVE-2024-4554.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4554",
"sourceIdentifier": "security@opentext.com",
"published": "2024-08-28T07:15:09.330",
"lastModified": "2024-08-28T12:57:17.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:01:12.217",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -51,14 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_access_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.4.1",
"matchCriteriaId": "8011A46E-5BD5-4330-888F-9BB2558C650D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Release Notes"
]
}
]
}

64
CVE-2024/CVE-2024-45xx/CVE-2024-4555.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4555",
"sourceIdentifier": "security@opentext.com",
"published": "2024-08-28T07:15:09.830",
"lastModified": "2024-08-28T12:57:17.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:13:25.520",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -51,14 +81,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_access_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.4.1",
"matchCriteriaId": "8011A46E-5BD5-4330-888F-9BB2558C650D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-45xx/CVE-2024-4556.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4556",
"sourceIdentifier": "security@opentext.com",
"published": "2024-08-28T07:15:10.320",
"lastModified": "2024-08-28T12:57:17.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:09:55.107",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -51,14 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_access_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.4",
"matchCriteriaId": "96CD67B1-1A6C-4485-853F-A62402766C14"
}
]
}
]
}
],
"references": [
{
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Release Notes"
]
}
]
}

64
CVE-2024/CVE-2024-64xx/CVE-2024-6449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6449",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-08-28T12:15:06.340",
"lastModified": "2024-09-06T13:15:06.110",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:32:19.680",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -73,14 +105,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hyperview:geoportal_toolkit:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.5.0",
"matchCriteriaId": "367D4360-8F40-4B9E-8EFD-8E08C8EEF734"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/08/CVE-2024-6449",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/posts/2024/08/CVE-2024-6449",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-64xx/CVE-2024-6450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6450",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-08-28T12:15:06.507",
"lastModified": "2024-09-06T13:15:06.343",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-12T15:42:45.430",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -73,14 +105,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hyperview:geoportal_toolkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.5.0",
"matchCriteriaId": "05587DF4-201B-438C-9EC6-FC927D748B80"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/08/CVE-2024-6449",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/posts/2024/08/CVE-2024-6449",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-65xx/CVE-2024-6510.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-6510",
"sourceIdentifier": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"published": "2024-09-12T15:18:26.347",
"lastModified": "2024-09-12T15:18:26.347",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
},
{
"lang": "en",
"value": "CWE-732"
},
{
"lang": "en",
"value": "CWE-749"
}
]
}
],
"references": [
{
"url": "https://www.cirosec.de/sa/sa-2023-008",
"source": "a341c0d1-ebf7-493f-a84e-38cf86618674"
}
]
}

56
CVE-2024/CVE-2024-66xx/CVE-2024-6658.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-6658",
"sourceIdentifier": "security@progress.com",
"published": "2024-09-12T15:18:26.543",
"lastModified": "2024-09-12T15:18:26.543",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.0 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.11 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nMulti-Tenant Hypervisor \n\n\n\n\n\n7.1.35.11 and all prior versions \n\n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.0 (inclusive)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.kemptechnologies.com/hc/en-us/articles/28910587250701",
"source": "security@progress.com"
}
]
}

56
CVE-2024/CVE-2024-67xx/CVE-2024-6700.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-6700",
"sourceIdentifier": "security@pega.com",
"published": "2024-09-12T15:18:26.757",
"lastModified": "2024-09-12T15:18:26.757",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pega.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@pega.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://support.pega.com/support-doc/pega-security-advisory-c24-vulnerability-remediation-note",
"source": "security@pega.com"
}
]
}

56
CVE-2024/CVE-2024-67xx/CVE-2024-6701.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-6701",
"sourceIdentifier": "security@pega.com",
"published": "2024-09-12T15:18:26.953",
"lastModified": "2024-09-12T15:18:26.953",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pega.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@pega.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://support.pega.com/support-doc/pega-security-advisory-c24-vulnerability-remediation-note",
"source": "security@pega.com"
}
]
}

56
CVE-2024/CVE-2024-67xx/CVE-2024-6702.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-6702",
"sourceIdentifier": "security@pega.com",
"published": "2024-09-12T15:18:27.133",
"lastModified": "2024-09-12T15:18:27.133",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pega.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@pega.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://support.pega.com/support-doc/pega-security-advisory-c24-vulnerability-remediation-note",
"source": "security@pega.com"
}
]
}

64
CVE-2024/CVE-2024-69xx/CVE-2024-6929.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6929",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-05T10:15:03.980",
"lastModified": "2024-09-05T12:53:21.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-12T14:32:51.000",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -51,22 +71,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ankitpokhrel:dynamic_featured_image:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.7.0",
"matchCriteriaId": "AC2359BD-E7A6-42AC-83F1-0C1CA74F3700"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/dynamic-featured-image/trunk/dynamic-featured-image.php#L434",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/dynamic-featured-image/trunk/dynamic-featured-image.php#L469",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://wordpress.org/plugins/dynamic-featured-image/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6700e926-21c1-45c9-bca9-62ef0218e998?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

37
CVE-2024/CVE-2024-76xx/CVE-2024-7605.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7605",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-05T11:15:13.257",
"lastModified": "2024-09-05T12:53:21.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-12T14:24:03.833",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,18 +51,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:helloasso:helloasso:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.11",
"matchCriteriaId": "ABB11B6A-A8C1-4EF0-BF69-EA3EE398BB88"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/helloasso/trunk/admin/class-hello-asso-admin.php#L457",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3145151/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1690631b-0e5d-45d1-9db6-6ac426874762?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-78xx/CVE-2024-7816.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7816",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-09-12T06:15:24.440",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T14:35:15.873",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento Gixaw Chat para WordPress hasta la versi\u00f3n 1.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta desinfecci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/f610c4a5-ccde-4305-93e0-3c6f50c741ee/",

39
CVE-2024/CVE-2024-78xx/CVE-2024-7817.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7817",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-09-12T06:15:24.503",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T14:35:16.087",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento Misiek Photo Album de WordPress hasta la versi\u00f3n 1.4.3 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados eliminen \u00e1lbumes arbitrarios mediante un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ab09e5a3-f5ea-479f-be2d-366f8707775e/",

39
CVE-2024/CVE-2024-78xx/CVE-2024-7818.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7818",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-09-12T06:15:24.570",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T14:35:16.877",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento Misiek Photo Album de WordPress hasta la versi\u00f3n 1.4.3 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta desinfecci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3d2263b9-e1e7-4e86-8475-5e468eef1826/",

39
CVE-2024/CVE-2024-78xx/CVE-2024-7820.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7820",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-09-12T06:15:24.633",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T14:35:17.657",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento ILC Thickbox WordPress hasta la versi\u00f3n 1.0 no tiene una verificaci\u00f3n CSRF activada al actualizar sus configuraciones, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n las cambie a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/31b2c97b-2458-43ee-93db-e57968ac8455/",

39
CVE-2024/CVE-2024-78xx/CVE-2024-7822.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7822",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-09-12T06:15:24.713",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T14:35:18.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento Quick Code de WordPress hasta la versi\u00f3n 1.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta desinfecci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3a5bdd7e-7dd5-4749-9fad-ff4d7df20273/",

39
CVE-2024/CVE-2024-78xx/CVE-2024-7859.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7859",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-09-12T06:15:24.783",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T14:35:19.213",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento Visual Sound de WordPress hasta la versi\u00f3n 1.03 no tiene una verificaci\u00f3n CSRF activada al actualizar sus configuraciones, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n las cambie mediante un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/88cacd47-d900-478c-b833-c6c55fd4b082/",

39
CVE-2024/CVE-2024-78xx/CVE-2024-7860.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7860",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-09-12T06:15:24.853",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T14:35:19.980",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento Simple Headline Rotator para WordPress hasta la versi\u00f3n 1.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta saneamiento y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/584156d7-928e-48c9-8b81-539ccb06f3f5/",

39
CVE-2024/CVE-2024-78xx/CVE-2024-7861.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7861",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-09-12T06:15:24.933",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T14:35:20.767",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento Misiek Paypal para WordPress hasta la versi\u00f3n 1.1.20090324 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta desinfecci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/df9aa795-ba16-4806-b01a-311f80aa52c0/",

39
CVE-2024/CVE-2024-78xx/CVE-2024-7862.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7862",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-09-12T06:15:25.003",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T14:35:21.530",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento blogintroduction-wordpress-plugin de WordPress hasta la versi\u00f3n 0.3.0 no tiene la comprobaci\u00f3n CSRF activada al actualizar sus configuraciones, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n las cambie mediante un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/9b54cd05-3bb8-4bb9-a0e4-fb00d97d5cae/",

39
CVE-2024/CVE-2024-80xx/CVE-2024-8054.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8054",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-09-12T06:15:25.077",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T14:35:22.300",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento MM-Breaking News para WordPress hasta la versi\u00f3n 0.7.9 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta saneamiento y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/f27deffc-9555-44bf-8dee-1891c210ecfd/",

27
CVE-2024/CVE-2024-85xx/CVE-2024-8504.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8504",
"sourceIdentifier": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"published": "2024-09-10T20:15:05.363",
"lastModified": "2024-09-11T16:26:11.920",
"lastModified": "2024-09-12T14:35:23.173",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un atacante con acceso autenticado a VICIdial como \"agente\" puede ejecutar comandos de shell arbitrarios como usuario \"superusuario\". Este ataque se puede encadenar con CVE-2024-8503 para ejecutar comandos de shell arbitrarios a partir de una perspectiva no autenticada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "bbf0bd87-ece2-41be-b873-96928ee8fab9",

4
CVE-2024/CVE-2024-87xx/CVE-2024-8707.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-8707",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-09-12T01:15:10.110",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-09-12T15:18:27.333",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ?????????? Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
"value": "A vulnerability was found in \u4e91\u8bfe\u7f51\u7edc\u79d1\u6280\u6709\u9650\u516c\u53f8 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",

99
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-09-12T14:00:29.248440+00:00
2024-09-12T16:00:32.041579+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-09-12T13:58:48.473000+00:00
2024-09-12T15:58:26.700000+00:00
```
### Last Data Feed Release
@ -33,69 +33,58 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
262663
262677
```
### CVEs added in the last Commit
Recently added CVEs: `26`
Recently added CVEs: `14`
- [CVE-2021-22518](CVE-2021/CVE-2021-225xx/CVE-2021-22518.json) (`2024-09-12T13:15:08.553`)
- [CVE-2021-22532](CVE-2021/CVE-2021-225xx/CVE-2021-22532.json) (`2024-09-12T13:15:08.837`)
- [CVE-2021-22533](CVE-2021/CVE-2021-225xx/CVE-2021-22533.json) (`2024-09-12T13:15:09.137`)
- [CVE-2021-38131](CVE-2021/CVE-2021-381xx/CVE-2021-38131.json) (`2024-09-12T13:15:09.700`)
- [CVE-2021-38132](CVE-2021/CVE-2021-381xx/CVE-2021-38132.json) (`2024-09-12T13:15:10.050`)
- [CVE-2021-38133](CVE-2021/CVE-2021-381xx/CVE-2021-38133.json) (`2024-09-12T13:15:10.327`)
- [CVE-2022-26322](CVE-2022/CVE-2022-263xx/CVE-2022-26322.json) (`2024-09-12T13:15:10.620`)
- [CVE-2024-27320](CVE-2024/CVE-2024-273xx/CVE-2024-27320.json) (`2024-09-12T13:15:11.987`)
- [CVE-2024-27321](CVE-2024/CVE-2024-273xx/CVE-2024-27321.json) (`2024-09-12T13:15:12.267`)
- [CVE-2024-3305](CVE-2024/CVE-2024-33xx/CVE-2024-3305.json) (`2024-09-12T13:15:12.540`)
- [CVE-2024-3306](CVE-2024/CVE-2024-33xx/CVE-2024-3306.json) (`2024-09-12T13:15:12.767`)
- [CVE-2024-45846](CVE-2024/CVE-2024-458xx/CVE-2024-45846.json) (`2024-09-12T13:15:12.920`)
- [CVE-2024-45847](CVE-2024/CVE-2024-458xx/CVE-2024-45847.json) (`2024-09-12T13:15:13.177`)
- [CVE-2024-45848](CVE-2024/CVE-2024-458xx/CVE-2024-45848.json) (`2024-09-12T13:15:13.437`)
- [CVE-2024-45849](CVE-2024/CVE-2024-458xx/CVE-2024-45849.json) (`2024-09-12T13:15:13.700`)
- [CVE-2024-45850](CVE-2024/CVE-2024-458xx/CVE-2024-45850.json) (`2024-09-12T13:15:13.933`)
- [CVE-2024-45851](CVE-2024/CVE-2024-458xx/CVE-2024-45851.json) (`2024-09-12T13:15:14.170`)
- [CVE-2024-45852](CVE-2024/CVE-2024-458xx/CVE-2024-45852.json) (`2024-09-12T13:15:14.403`)
- [CVE-2024-45853](CVE-2024/CVE-2024-458xx/CVE-2024-45853.json) (`2024-09-12T13:15:14.643`)
- [CVE-2024-45854](CVE-2024/CVE-2024-458xx/CVE-2024-45854.json) (`2024-09-12T13:15:14.900`)
- [CVE-2024-45855](CVE-2024/CVE-2024-458xx/CVE-2024-45855.json) (`2024-09-12T13:15:15.143`)
- [CVE-2024-45856](CVE-2024/CVE-2024-458xx/CVE-2024-45856.json) (`2024-09-12T13:15:15.373`)
- [CVE-2024-45857](CVE-2024/CVE-2024-458xx/CVE-2024-45857.json) (`2024-09-12T13:15:16.227`)
- [CVE-2024-8749](CVE-2024/CVE-2024-87xx/CVE-2024-8749.json) (`2024-09-12T12:15:53.060`)
- [CVE-2024-8750](CVE-2024/CVE-2024-87xx/CVE-2024-8750.json) (`2024-09-12T12:15:54.007`)
- [CVE-2024-28990](CVE-2024/CVE-2024-289xx/CVE-2024-28990.json) (`2024-09-12T14:16:06.273`)
- [CVE-2024-28991](CVE-2024/CVE-2024-289xx/CVE-2024-28991.json) (`2024-09-12T14:16:06.540`)
- [CVE-2024-40457](CVE-2024/CVE-2024-404xx/CVE-2024-40457.json) (`2024-09-12T14:16:06.780`)
- [CVE-2024-42483](CVE-2024/CVE-2024-424xx/CVE-2024-42483.json) (`2024-09-12T15:18:22.093`)
- [CVE-2024-42484](CVE-2024/CVE-2024-424xx/CVE-2024-42484.json) (`2024-09-12T15:18:22.320`)
- [CVE-2024-45823](CVE-2024/CVE-2024-458xx/CVE-2024-45823.json) (`2024-09-12T15:18:22.547`)
- [CVE-2024-45824](CVE-2024/CVE-2024-458xx/CVE-2024-45824.json) (`2024-09-12T14:16:06.953`)
- [CVE-2024-45825](CVE-2024/CVE-2024-458xx/CVE-2024-45825.json) (`2024-09-12T15:18:23.387`)
- [CVE-2024-45826](CVE-2024/CVE-2024-458xx/CVE-2024-45826.json) (`2024-09-12T15:18:24.287`)
- [CVE-2024-6510](CVE-2024/CVE-2024-65xx/CVE-2024-6510.json) (`2024-09-12T15:18:26.347`)
- [CVE-2024-6658](CVE-2024/CVE-2024-66xx/CVE-2024-6658.json) (`2024-09-12T15:18:26.543`)
- [CVE-2024-6700](CVE-2024/CVE-2024-67xx/CVE-2024-6700.json) (`2024-09-12T15:18:26.757`)
- [CVE-2024-6701](CVE-2024/CVE-2024-67xx/CVE-2024-6701.json) (`2024-09-12T15:18:26.953`)
- [CVE-2024-6702](CVE-2024/CVE-2024-67xx/CVE-2024-6702.json) (`2024-09-12T15:18:27.133`)
### CVEs modified in the last Commit
Recently modified CVEs: `128`
Recently modified CVEs: `71`
- [CVE-2024-8155](CVE-2024/CVE-2024-81xx/CVE-2024-8155.json) (`2024-09-12T13:53:23.827`)
- [CVE-2024-8292](CVE-2024/CVE-2024-82xx/CVE-2024-8292.json) (`2024-09-12T12:37:18.380`)
- [CVE-2024-8522](CVE-2024/CVE-2024-85xx/CVE-2024-8522.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8529](CVE-2024/CVE-2024-85xx/CVE-2024-8529.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8622](CVE-2024/CVE-2024-86xx/CVE-2024-8622.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8636](CVE-2024/CVE-2024-86xx/CVE-2024-8636.json) (`2024-09-12T13:35:12.283`)
- [CVE-2024-8637](CVE-2024/CVE-2024-86xx/CVE-2024-8637.json) (`2024-09-12T13:35:17.667`)
- [CVE-2024-8638](CVE-2024/CVE-2024-86xx/CVE-2024-8638.json) (`2024-09-12T13:35:04.660`)
- [CVE-2024-8639](CVE-2024/CVE-2024-86xx/CVE-2024-8639.json) (`2024-09-12T13:35:02.863`)
- [CVE-2024-8686](CVE-2024/CVE-2024-86xx/CVE-2024-8686.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8687](CVE-2024/CVE-2024-86xx/CVE-2024-8687.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8688](CVE-2024/CVE-2024-86xx/CVE-2024-8688.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8689](CVE-2024/CVE-2024-86xx/CVE-2024-8689.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8690](CVE-2024/CVE-2024-86xx/CVE-2024-8690.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8691](CVE-2024/CVE-2024-86xx/CVE-2024-8691.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8692](CVE-2024/CVE-2024-86xx/CVE-2024-8692.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8693](CVE-2024/CVE-2024-86xx/CVE-2024-8693.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8694](CVE-2024/CVE-2024-86xx/CVE-2024-8694.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8705](CVE-2024/CVE-2024-87xx/CVE-2024-8705.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8706](CVE-2024/CVE-2024-87xx/CVE-2024-8706.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8707](CVE-2024/CVE-2024-87xx/CVE-2024-8707.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8708](CVE-2024/CVE-2024-87xx/CVE-2024-8708.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8709](CVE-2024/CVE-2024-87xx/CVE-2024-8709.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8710](CVE-2024/CVE-2024-87xx/CVE-2024-8710.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-8711](CVE-2024/CVE-2024-87xx/CVE-2024-8711.json) (`2024-09-12T12:35:54.013`)
- [CVE-2024-41839](CVE-2024/CVE-2024-418xx/CVE-2024-41839.json) (`2024-09-12T15:58:11.690`)
- [CVE-2024-43040](CVE-2024/CVE-2024-430xx/CVE-2024-43040.json) (`2024-09-12T14:35:15.010`)
- [CVE-2024-43214](CVE-2024/CVE-2024-432xx/CVE-2024-43214.json) (`2024-09-12T14:17:59.390`)
- [CVE-2024-44938](CVE-2024/CVE-2024-449xx/CVE-2024-44938.json) (`2024-09-12T14:05:44.310`)
- [CVE-2024-44940](CVE-2024/CVE-2024-449xx/CVE-2024-44940.json) (`2024-09-12T14:10:00.857`)
- [CVE-2024-4554](CVE-2024/CVE-2024-45xx/CVE-2024-4554.json) (`2024-09-12T15:01:12.217`)
- [CVE-2024-4555](CVE-2024/CVE-2024-45xx/CVE-2024-4555.json) (`2024-09-12T15:13:25.520`)
- [CVE-2024-4556](CVE-2024/CVE-2024-45xx/CVE-2024-4556.json) (`2024-09-12T15:09:55.107`)
- [CVE-2024-45624](CVE-2024/CVE-2024-456xx/CVE-2024-45624.json) (`2024-09-12T15:35:48.600`)
- [CVE-2024-6449](CVE-2024/CVE-2024-64xx/CVE-2024-6449.json) (`2024-09-12T15:32:19.680`)
- [CVE-2024-6450](CVE-2024/CVE-2024-64xx/CVE-2024-6450.json) (`2024-09-12T15:42:45.430`)
- [CVE-2024-6929](CVE-2024/CVE-2024-69xx/CVE-2024-6929.json) (`2024-09-12T14:32:51.000`)
- [CVE-2024-7605](CVE-2024/CVE-2024-76xx/CVE-2024-7605.json) (`2024-09-12T14:24:03.833`)
- [CVE-2024-7816](CVE-2024/CVE-2024-78xx/CVE-2024-7816.json) (`2024-09-12T14:35:15.873`)
- [CVE-2024-7817](CVE-2024/CVE-2024-78xx/CVE-2024-7817.json) (`2024-09-12T14:35:16.087`)
- [CVE-2024-7818](CVE-2024/CVE-2024-78xx/CVE-2024-7818.json) (`2024-09-12T14:35:16.877`)
- [CVE-2024-7820](CVE-2024/CVE-2024-78xx/CVE-2024-7820.json) (`2024-09-12T14:35:17.657`)
- [CVE-2024-7822](CVE-2024/CVE-2024-78xx/CVE-2024-7822.json) (`2024-09-12T14:35:18.437`)
- [CVE-2024-7859](CVE-2024/CVE-2024-78xx/CVE-2024-7859.json) (`2024-09-12T14:35:19.213`)
- [CVE-2024-7860](CVE-2024/CVE-2024-78xx/CVE-2024-7860.json) (`2024-09-12T14:35:19.980`)
- [CVE-2024-7861](CVE-2024/CVE-2024-78xx/CVE-2024-7861.json) (`2024-09-12T14:35:20.767`)
- [CVE-2024-7862](CVE-2024/CVE-2024-78xx/CVE-2024-7862.json) (`2024-09-12T14:35:21.530`)
- [CVE-2024-8054](CVE-2024/CVE-2024-80xx/CVE-2024-8054.json) (`2024-09-12T14:35:22.300`)
- [CVE-2024-8504](CVE-2024/CVE-2024-85xx/CVE-2024-8504.json) (`2024-09-12T14:35:23.173`)
- [CVE-2024-8707](CVE-2024/CVE-2024-87xx/CVE-2024-8707.json) (`2024-09-12T15:18:27.333`)
## Download and Usage

436
_state.csv
View File

File diff suppressed because it is too large Load Diff