admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-05T18:00:18.857841+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-05 18:03:17 +00:00
parent 42e3834531
commit faf53ba14e
116 changed files with 6112 additions and 599 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2020/CVE-2020-256xx/CVE-2020-25659.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-25659",
"sourceIdentifier": "secalert@redhat.com",
"published": "2021-01-11T16:15:15.040",
"lastModified": "2023-02-09T02:25:50.887",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:10:54.837",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -95,8 +95,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python-cryptography_project:python-cryptography:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3140ADD7-95CF-4087-8E09-BF6EC4836E7C"
"criteria": "cpe:2.3:a:cryptography.io:cryptography:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8D52B0-326F-479B-A3F2-6BA7333256FD"
}
]
}

6
CVE-2020/CVE-2020-362xx/CVE-2020-36242.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36242",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-02-07T20:15:12.090",
"lastModified": "2023-11-07T03:22:08.227",
"lastModified": "2024-09-05T16:09:10.430",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -89,9 +89,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cryptography_project:cryptography:*:*:*:*:*:python:*:*",
"criteria": "cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*",
"versionEndExcluding": "3.3.2",
"matchCriteriaId": "C0951FE7-BCCA-4ACB-B773-B6EF1C17AF5B"
"matchCriteriaId": "CA823DED-BFFE-4DBC-878D-5316EE987208"
}
]
}

24
CVE-2022/CVE-2022-458xx/CVE-2022-45805.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45805",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-03T13:15:08.227",
"lastModified": "2023-11-09T19:17:27.470",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:01.640",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

24
CVE-2022/CVE-2022-475xx/CVE-2022-47588.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47588",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-03T12:15:08.490",
"lastModified": "2023-11-13T18:29:39.327",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:02.347",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

129
CVE-2022/CVE-2022-488xx/CVE-2022-48877.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48877",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.563",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:47:28.647",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,144 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: evitemos el p\u00e1nico si no se crea extend_tree. Este parche evita el siguiente p\u00e1nico. pc: __lookup_extent_tree+0xd8/0x760 lr: f2fs_do_write_data_page+0x104/0x87c sp: ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27: ffffff8803e7f020 : ffffff8803e7ed40 x25: ffffff8803e7f020 x24: ffffffc010cbb460 x23: ffffffc010cbb480 x22: 0000000000000000 x21: 0000000000000000 x20: ffffffff22e9090 0x19: 0000000000000000 x18: ffffffc010c5d080 x17: 0000000000000000 x16: 0000000000000020 x15: ffffffdb1acdbb88 x14: ffffff888759e2b0 x13: 0000000000000000 x12: 02da49000 x11: 000000000a001200 x10: ffffff8803e7ed40 x9: ffffff8023195800 x8: ffffff802da49078 x7: 0000000000000001 x6: 0000000000000000 x5 000000000000006 x4: ffffffc010cbba28 x3: 0000000000000000 x2: ffffffc010cbb480 x1: 0000000000000000 x0: ffffff8803e7ed40 Rastreo de llamadas: __lookup_extent_tree+0xd8/0x760 f2fs_do_write_data_page+0x104/0x87c f2fs_write_single_data_page+0x420/0xb60 f 2fs_write_cache_pages+0x418/0xb1c __f2fs_write_data_pages+0x428/0x58c f2fs_write_data_pages+0x30/0x40 do_writepages+0x88/0x190 __writeback_single_inode+0x48/0x448 writeback_sb_inodes+0x468/0x9e8 __writeback_inodes_wb+0xb8/0x2a4 wb_writeback+0x33c/0x740 wb_do_writeback+0x2b4/0x400 wb_workfn+0xe4/0x34c Process_one_work+0x24c/0x5bc trabajador_thread+0x3e8/0xa 50 khilo+0x150/0x1b4"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.304",
"matchCriteriaId": "E8A9B982-D3D6-49CA-BF0A-196ED7947B3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.271",
"matchCriteriaId": "D86DA289-B5BC-4629-BD56-AB453D481393"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.230",
"matchCriteriaId": "9DB7398D-9781-49C5-B2AE-1969B694B614"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.165",
"matchCriteriaId": "C6002D5B-9B6A-4788-B943-E3EE01E01303"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.90",
"matchCriteriaId": "E995CDA5-7223-4FDB-BAD3-81B22C763A43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.8",
"matchCriteriaId": "A6AFE6C9-3F59-4711-B2CF-7D6682FF6BD0"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1c38cdc747f00daf7394535eae5afc4c503c59bb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2c129e868992621a739bdd57a5bffa3985ef1b91",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/557e85ff9afef6d45020b6f09357111d38033c31",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/72009139a661ade5cb1da4239734ed02fa1cfff0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dd83a9763e29ed7a21c8a43f7a62cd0a6bf74692",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/df9d44b645b83fffccfb4e28c1f93376585fdec8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ff85a1dbd90d29f73033177ff8d8de4a27d9721c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

24
CVE-2023/CVE-2023-207xx/CVE-2023-20702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20702",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:07.653",
"lastModified": "2023-11-13T18:48:09.407",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:02.980",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

6
CVE-2023/CVE-2023-239xx/CVE-2023-23931.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23931",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-02-07T21:15:09.850",
"lastModified": "2023-02-16T16:57:18.890",
"lastModified": "2024-09-05T16:09:10.430",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -76,10 +76,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cryptography_project:cryptography:*:*:*:*:*:python:*:*",
"criteria": "cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*",
"versionStartIncluding": "1.8",
"versionEndExcluding": "39.0.1",
"matchCriteriaId": "35C254EF-097A-4C4B-A36F-C512D1565900"
"matchCriteriaId": "D620CB15-986D-4955-BCE9-5CC459F01289"
}
]
}

24
CVE-2023/CVE-2023-287xx/CVE-2023-28748.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28748",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:07.790",
"lastModified": "2023-11-10T04:19:54.407",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:04.003",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

34
CVE-2023/CVE-2023-328xx/CVE-2023-32818.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32818",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:07.713",
"lastModified": "2023-11-13T18:52:16.527",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:04.620",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-843"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-328xx/CVE-2023-32838.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32838",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:08.013",
"lastModified": "2023-11-08T23:50:22.660",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:06.560",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

24
CVE-2023/CVE-2023-343xx/CVE-2023-34383.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34383",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-03T12:15:08.583",
"lastModified": "2023-11-13T18:29:48.217",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:07.860",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

6
CVE-2023/CVE-2023-383xx/CVE-2023-38325.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38325",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-14T20:15:09.157",
"lastModified": "2023-11-07T04:17:14.413",
"lastModified": "2024-09-05T16:09:10.430",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -56,10 +56,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cryptography_project:cryptography:*:*:*:*:*:python:*:*",
"criteria": "cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*",
"versionStartIncluding": "40.0.0",
"versionEndExcluding": "41.0.2",
"matchCriteriaId": "48A5429D-9342-49D8-B431-85389BF965B3"
"matchCriteriaId": "25486FE9-75C9-4B7A-844F-B627F115137D"
}
]
}

14
CVE-2023/CVE-2023-390xx/CVE-2023-39042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39042",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-02T22:15:08.700",
"lastModified": "2023-11-10T04:10:50.210",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:08.263",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-390xx/CVE-2023-39047.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39047",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-02T22:15:08.750",
"lastModified": "2023-11-10T04:10:59.547",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:09.043",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-390xx/CVE-2023-39048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39048",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-02T22:15:08.797",
"lastModified": "2023-11-10T04:11:07.203",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:09.877",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-390xx/CVE-2023-39050.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39050",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-02T22:15:08.840",
"lastModified": "2023-11-10T04:11:23.803",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:10.590",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-390xx/CVE-2023-39051.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39051",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-02T22:15:08.887",
"lastModified": "2023-11-10T04:11:41.413",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:11.323",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-390xx/CVE-2023-39053.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39053",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-02T22:15:08.933",
"lastModified": "2023-11-10T04:11:48.573",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:12.070",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-390xx/CVE-2023-39054.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39054",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-02T22:15:08.980",
"lastModified": "2023-11-10T04:11:57.213",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:12.807",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-390xx/CVE-2023-39057.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39057",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-02T22:15:09.023",
"lastModified": "2023-11-10T04:12:05.497",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:13.513",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

24
CVE-2023/CVE-2023-416xx/CVE-2023-41652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41652",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-03T12:15:08.737",
"lastModified": "2023-11-13T18:31:03.343",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:14.493",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

24
CVE-2023/CVE-2023-416xx/CVE-2023-41685.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41685",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.367",
"lastModified": "2023-11-10T04:18:08.210",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:14.713",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

34
CVE-2023/CVE-2023-426xx/CVE-2023-42655.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42655",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-11-01T10:15:10.657",
"lastModified": "2023-11-08T23:16:27.247",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:15.060",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

24
CVE-2023/CVE-2023-450xx/CVE-2023-45001.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45001",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.427",
"lastModified": "2023-11-10T04:18:01.923",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:16.000",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

24
CVE-2023/CVE-2023-450xx/CVE-2023-45046.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45046",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.493",
"lastModified": "2023-11-10T04:17:55.987",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:16.210",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

24
CVE-2023/CVE-2023-450xx/CVE-2023-45055.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45055",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.553",
"lastModified": "2023-11-10T04:17:47.710",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:16.437",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

34
CVE-2023/CVE-2023-456xx/CVE-2023-45657.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45657",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.730",
"lastModified": "2023-11-14T15:28:24.893",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:16.643",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

24
CVE-2023/CVE-2023-460xx/CVE-2023-46084.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46084",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:07.917",
"lastModified": "2023-11-14T15:28:12.030",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:17.453",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

24
CVE-2023/CVE-2023-467xx/CVE-2023-46775.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46775",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T11:15:09.347",
"lastModified": "2023-11-14T17:04:19.490",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:17.790",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

24
CVE-2023/CVE-2023-467xx/CVE-2023-46776.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46776",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T12:15:08.380",
"lastModified": "2023-11-14T16:23:57.467",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:18.017",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

24
CVE-2023/CVE-2023-467xx/CVE-2023-46777.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46777",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T12:15:08.450",
"lastModified": "2023-11-15T20:21:23.860",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:18.237",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

12
CVE-2023/CVE-2023-467xx/CVE-2023-46778.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46778",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T12:15:08.513",
"lastModified": "2024-09-05T15:35:17.763",
"lastModified": "2024-09-05T16:35:18.537",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,16 +69,6 @@
"value": "CWE-352"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [

24
CVE-2023/CVE-2023-468xx/CVE-2023-46821.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46821",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.130",
"lastModified": "2023-11-14T17:06:01.507",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:18.747",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},

24
CVE-2023/CVE-2023-471xx/CVE-2023-47182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47182",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.470",
"lastModified": "2023-11-14T17:04:32.890",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:35:18.960",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

6
CVE-2023/CVE-2023-490xx/CVE-2023-49083.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49083",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-29T19:15:07.967",
"lastModified": "2024-02-17T02:15:45.350",
"lastModified": "2024-09-05T16:09:10.430",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -80,10 +80,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cryptography_project:cryptography:*:*:*:*:*:python:*:*",
"criteria": "cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*",
"versionStartIncluding": "3.1",
"versionEndExcluding": "41.0.6",
"matchCriteriaId": "D82EE66F-7D6B-4710-8F2B-08F1819F6860"
"matchCriteriaId": "EB8793E0-61EC-45EC-8818-44A40DB08658"
}
]
}

33
CVE-2023/CVE-2023-507xx/CVE-2023-50782.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50782",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-05T21:15:11.183",
"lastModified": "2024-07-26T22:15:03.550",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-05T16:43:20.083",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -140,9 +140,29 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python-cryptography_project:python-cryptography:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*",
"versionEndExcluding": "42.0.0",
"matchCriteriaId": "3840C0A9-EF24-48AF-B0EE-93E452931D60"
"matchCriteriaId": "A7B7EA1D-8C2A-4C40-B9FC-E83F4E87C62B"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE39595E-F4B2-4CEC-A405-809B75E71E36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B84B0C96-07C4-44ED-A291-94CEAAF6FFB6"
}
]
}
@ -167,7 +187,10 @@
},
{
"url": "https://www.couchbase.com/alerts/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

25
CVE-2023/CVE-2023-517xx/CVE-2023-51712.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2023-51712",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-05T16:15:06.970",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function."
}
],
"metrics": {},
"references": [
{
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/",
"source": "cve@mitre.org"
},
{
"url": "https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/debug_log_vulnerability.html",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-11xx/CVE-2024-1151.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1151",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-11T15:15:07.890",
"lastModified": "2024-09-05T14:17:17.603",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-05T16:15:07.097",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -189,27 +189,6 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/",
"source": "secalert@redhat.com",

72
CVE-2024/CVE-2024-224xx/CVE-2024-22441.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22441",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-06-13T16:15:10.493",
"lastModified": "2024-06-13T18:35:19.777",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-05T17:42:43.337",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,75 @@
"value": "El servicio de lanzamiento de aplicaciones paralelas (PALS) de HPE Cray est\u00e1 sujeto a una omisi\u00f3n de autenticaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hpe:cray_parallel_application_launch_service:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.2.14",
"matchCriteriaId": "50B4198C-41E6-49BC-8664-AF841D38FC3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hpe:cray_parallel_application_launch_service:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.3.0",
"versionEndExcluding": "1.3.3",
"matchCriteriaId": "91E967BC-8477-43A4-83F3-428AC266AC36"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04653en_us&docLocale=en_US",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-224xx/CVE-2024-22442.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22442",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-07-16T16:15:04.017",
"lastModified": "2024-08-01T13:46:56.070",
"lastModified": "2024-09-05T17:12:12.433",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hpe:3par_service_provider:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.2",
"matchCriteriaId": "939B605C-A7C5-4AF1-9A66-7536C6100BB2"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04663en_us&docLocale=en_US",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-245xx/CVE-2024-24507.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24507",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-22T22:15:02.200",
"lastModified": "2024-07-24T12:55:13.223",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T16:59:07.437",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,67 @@
"value": " La vulnerabilidad de Cross Site Scripting en Act-On 2023 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro newUser en el componente login.jsp."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:act-on:act-on:2023:*:*:*:*:*:*:*",
"matchCriteriaId": "814C9DE3-806A-4A7F-BA70-D07E48D17B57"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Xandsz/2b409acb81e846fc3478600f984785a1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-247xx/CVE-2024-24759.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-24759",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-05T17:15:12.380",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2024/CVE-2024-280xx/CVE-2024-28087.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28087",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-15T17:15:10.643",
"lastModified": "2024-08-20T14:35:07.653",
"lastModified": "2024-09-05T16:15:07.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -52,6 +52,10 @@
}
],
"references": [
{
"url": "https://documentation.bonitasoft.com/bonita/2024.1/release-notes#_fixes_in_bonita_2024_1_u0_2024_04_11",
"source": "cve@mitre.org"
},
{
"url": "https://documentation.bonitasoft.com/bonita/latest/release-notes#_fixes_in_bonita_2024_1_2024_04_11",
"source": "cve@mitre.org"

6
CVE-2024/CVE-2024-336xx/CVE-2024-33664.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33664",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-26T00:15:09.060",
"lastModified": "2024-08-07T14:35:02.110",
"lastModified": "2024-09-05T16:15:07.570",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -59,6 +59,10 @@
{
"url": "https://github.com/mpdavis/python-jose/pull/345",
"source": "cve@mitre.org"
},
{
"url": "https://www.vicarius.io/vsociety/posts/jwt-bomb-in-python-jose-cve-2024-33664",
"source": "cve@mitre.org"
}
]
}

228
CVE-2024/CVE-2024-346xx/CVE-2024-34650.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34650",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-09-04T06:15:14.583",
"lastModified": "2024-09-04T13:05:36.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:59:36.770",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -39,10 +59,212 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3093F6FE-C562-4F62-97B7-CA0D2DDF9BBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9CBFF102-91A9-4BCC-BB43-912896BFCCEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "DAB2A0D7-8F4F-4128-AE09-D2658D793BF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "6A89AE5B-4D1A-4ADA-B572-38B1FC4ED54C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "401980A7-E64A-4773-83EB-C93B50AE0F73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC6E2FC7-2BAF-4C7B-9E0F-D9F844041A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "6E12AB0B-728A-4478-B237-78CBAA2A44C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "0501033A-0D51-41E8-91A9-E72B6EE3F78D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "2A901EFE-90BA-474C-88D2-8A3E7D99C0E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "DF7B3213-520A-49F0-A183-C73A37A56854"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "30F706F3-34F6-4D43-AE5E-C202C700A333"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "FD8B9CD3-063E-481E-BE7C-1628ADA71849"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "12C17130-A0C0-49E1-8525-9D65F0275270"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "4FAA7790-A323-4ECA-834E-F19E59C571F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "9CE09EF7-B024-4D79-9400-C8223CDFBB86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "C339A665-413D-443F-AD04-F71C161235D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "213AC4D5-3B95-4120-B72D-A9327BADE2BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3DD61EDA-98ED-4309-B54F-0CF8B7D07DC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "F7DCB465-A0F7-496E-BE45-0B5FA1508D93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "6D65C03E-7BC3-491A-8621-A8C93FBA0A69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4ECB0B7A-590C-460C-878B-9A78CB37D259"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "D66CF415-6C4A-4AF3-B660-B2E9CF484B51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "31B5B670-ACDE-4A64-97C5-358D79C65080"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EAFE015F-8130-4F10-A553-420F0BB2A132"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "141E541B-8FA5-4829-A413-4F1DC19E9AE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "77CE3494-F7C0-497B-8491-107D31C9A91F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "ACEA385E-3931-4438-A2A9-0357651F9B48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "A57CB118-46CC-4CE8-ACC3-A806CD2C25A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "84F3023F-E65C-4871-A65A-738EFF64D365"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "6DD1F78D-EA98-4825-A0EA-703196DDE5E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "BDDB3FBE-99EC-4763-961B-2C436D864A1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "1B02110E-71FB-495F-86CA-F2A4E55C0E42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "931CC6D7-A42D-4482-B901-B539DFF89C3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "852A1BEC-438F-4D1E-B361-87BD57D50157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "84ED2366-D4BA-4094-94AC-AD6E7AEBB6FF"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=09",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

578
CVE-2024/CVE-2024-346xx/CVE-2024-34651.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34651",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-09-04T06:15:14.810",
"lastModified": "2024-09-04T13:05:36.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:59:25.727",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -39,10 +59,562 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EC4A2EBA-038B-44D5-84F3-FF326CD1C62D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "40EB3FC1-D79A-40C7-9E2B-573E20780982"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "F1525232-54F0-467F-9575-2445F73F43B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0ABFBBDB-E935-4C54-865A-0E607497DA87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7B738B6B-78CE-4618-B70D-6BC9ED453105"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "2E61388E-2542-4198-8BC6-ABB20930F01A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "3899E3E7-1284-4223-A258-DA691F5D62FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "ECD961EA-6881-4A14-83DE-C6972F6F681C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "18940389-1FBD-48B2-BCF0-1D709C2C3045"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "011CC4F5-6701-41E9-BC7D-CFE6EFF682AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "13E145E2-CE11-4EE5-9085-B4960FE4F52F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "B3556856-6F56-465C-8254-BB3CD8252FF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3BBC8B6-1D2B-47C9-93EE-3D3DC43062F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "02600CDD-6862-4146-88E8-A2E73B7ED534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "2DB353A1-BE96-4FB5-9F4D-0119DC51F24E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "35F40D59-034B-44FB-8DCD-D469B50DE7E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC84021B-9846-40FB-834B-7C5BECEFFEAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "06092D16-EBD5-489C-81D2-F6E0F922AE7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "BC3F8572-578B-4D19-9453-1D03DA55EF70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EEABF42E-578E-4689-B80D-B305467AA72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "E070DA79-8F09-4877-BFBA-3F23564DD8C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9137C66C-4966-4C90-ABE9-7E22F7E29BA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E261C9D8-1E74-44B8-9F11-F5769CF8B7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "D80C2C7A-6F48-48B8-ACAD-720FC797F836"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "18CD523B-530E-4187-8BFF-729CDAC69282"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C28D3CD-DD34-4334-B03F-794B31A4BF48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "EE03013A-AAB3-4426-BB22-E1487D3B3F6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "5A81C86D-F1FE-4166-8F37-D7170E6B30FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3D80783-523A-455E-B1AD-0961086F79E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D5EF09DB-023A-40CB-9C94-020172383EEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "89BE2958-0BEE-4CFD-A0BA-494DE62E7F32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5C5B44E9-BA5B-4CFB-8452-B52B6CC833F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B0329C50-B904-480D-8EBB-F2757049FC81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E1553CEA-FCF4-4A9C-85FE-F7DB7A500443"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "BDE4D65E-8F9B-4810-AED6-95564A97D741"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "A5E68B7B-BA08-4E8C-B60A-B3836C6986BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0AF1EDA0-2712-4C3C-8D8A-89E154BB63DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "88DC0A82-CAF3-4E88-8A4D-8AF79D0C226D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "6239D93F-CA0E-4120-96A1-FB63276EAEE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "CD382E2D-0B51-4908-989A-88E083FC85BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "38B7AB56-AB65-4557-A91C-40CA2FD12351"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "61D507C0-086B-4139-A560-126964DFA579"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "952CA843-7CF0-4424-BDA4-3F2A93E077B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "57B125ED-D939-4CBC-9E96-BBCF02402A69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "07AC19C6-D245-4C3A-90CC-A931A901EA0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "DF85AA7B-E1C7-4946-92B4-E4D545CAACDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "34114DDC-DCDA-4306-8D23-2E628873171F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "B6871BC1-19F4-4F0C-88D8-4000590D8D5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9FA72654-2389-4709-BC70-59EC4349A826"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "85E4E8C1-749F-4A1C-8333-6BAFBF8B64D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "E346DCBD-7DEB-464F-B917-8624BE87D646"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "79C89A24-B07F-43D2-AE83-8F4F03D6C114"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "5697984D-08BA-412F-9BDF-26B658B0ADBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "E4187BA1-226E-4976-A642-2F6DAE85538E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "73F22C26-52FC-42A7-B263-0CC7770A8C6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "BFB2B338-5E04-4136-939F-749A3B163656"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3D30C02C-91FB-4D29-AF49-7903158E8FEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "2B6D9064-844B-4D3F-AAE4-D170DF45EF8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C17A088-2CA1-4818-940F-2FEFA881D598"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "C581B7EE-CD08-4D6E-8858-EA8FA631F84C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3093F6FE-C562-4F62-97B7-CA0D2DDF9BBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9CBFF102-91A9-4BCC-BB43-912896BFCCEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "DAB2A0D7-8F4F-4128-AE09-D2658D793BF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "6A89AE5B-4D1A-4ADA-B572-38B1FC4ED54C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "401980A7-E64A-4773-83EB-C93B50AE0F73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC6E2FC7-2BAF-4C7B-9E0F-D9F844041A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "6E12AB0B-728A-4478-B237-78CBAA2A44C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "0501033A-0D51-41E8-91A9-E72B6EE3F78D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "2A901EFE-90BA-474C-88D2-8A3E7D99C0E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "DF7B3213-520A-49F0-A183-C73A37A56854"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "30F706F3-34F6-4D43-AE5E-C202C700A333"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "FD8B9CD3-063E-481E-BE7C-1628ADA71849"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "12C17130-A0C0-49E1-8525-9D65F0275270"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "4FAA7790-A323-4ECA-834E-F19E59C571F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "9CE09EF7-B024-4D79-9400-C8223CDFBB86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "C339A665-413D-443F-AD04-F71C161235D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "213AC4D5-3B95-4120-B72D-A9327BADE2BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3DD61EDA-98ED-4309-B54F-0CF8B7D07DC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "F7DCB465-A0F7-496E-BE45-0B5FA1508D93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "6D65C03E-7BC3-491A-8621-A8C93FBA0A69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4ECB0B7A-590C-460C-878B-9A78CB37D259"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "D66CF415-6C4A-4AF3-B660-B2E9CF484B51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "31B5B670-ACDE-4A64-97C5-358D79C65080"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EAFE015F-8130-4F10-A553-420F0BB2A132"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "141E541B-8FA5-4829-A413-4F1DC19E9AE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "77CE3494-F7C0-497B-8491-107D31C9A91F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "ACEA385E-3931-4438-A2A9-0357651F9B48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "A57CB118-46CC-4CE8-ACC3-A806CD2C25A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "84F3023F-E65C-4871-A65A-738EFF64D365"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "6DD1F78D-EA98-4825-A0EA-703196DDE5E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "BDDB3FBE-99EC-4763-961B-2C436D864A1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "1B02110E-71FB-495F-86CA-F2A4E55C0E42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "931CC6D7-A42D-4482-B901-B539DFF89C3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "852A1BEC-438F-4D1E-B361-87BD57D50157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "84ED2366-D4BA-4094-94AC-AD6E7AEBB6FF"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=09",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

578
CVE-2024/CVE-2024-346xx/CVE-2024-34652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34652",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-09-04T06:15:15.040",
"lastModified": "2024-09-04T13:05:36.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:59:08.393",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -39,10 +59,562 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EC4A2EBA-038B-44D5-84F3-FF326CD1C62D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "40EB3FC1-D79A-40C7-9E2B-573E20780982"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "F1525232-54F0-467F-9575-2445F73F43B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0ABFBBDB-E935-4C54-865A-0E607497DA87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7B738B6B-78CE-4618-B70D-6BC9ED453105"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "2E61388E-2542-4198-8BC6-ABB20930F01A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "3899E3E7-1284-4223-A258-DA691F5D62FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "ECD961EA-6881-4A14-83DE-C6972F6F681C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "18940389-1FBD-48B2-BCF0-1D709C2C3045"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "011CC4F5-6701-41E9-BC7D-CFE6EFF682AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "13E145E2-CE11-4EE5-9085-B4960FE4F52F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "B3556856-6F56-465C-8254-BB3CD8252FF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3BBC8B6-1D2B-47C9-93EE-3D3DC43062F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "02600CDD-6862-4146-88E8-A2E73B7ED534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "2DB353A1-BE96-4FB5-9F4D-0119DC51F24E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "35F40D59-034B-44FB-8DCD-D469B50DE7E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC84021B-9846-40FB-834B-7C5BECEFFEAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "06092D16-EBD5-489C-81D2-F6E0F922AE7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "BC3F8572-578B-4D19-9453-1D03DA55EF70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EEABF42E-578E-4689-B80D-B305467AA72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "E070DA79-8F09-4877-BFBA-3F23564DD8C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9137C66C-4966-4C90-ABE9-7E22F7E29BA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E261C9D8-1E74-44B8-9F11-F5769CF8B7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "D80C2C7A-6F48-48B8-ACAD-720FC797F836"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "18CD523B-530E-4187-8BFF-729CDAC69282"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C28D3CD-DD34-4334-B03F-794B31A4BF48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "EE03013A-AAB3-4426-BB22-E1487D3B3F6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "5A81C86D-F1FE-4166-8F37-D7170E6B30FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3D80783-523A-455E-B1AD-0961086F79E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D5EF09DB-023A-40CB-9C94-020172383EEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "89BE2958-0BEE-4CFD-A0BA-494DE62E7F32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5C5B44E9-BA5B-4CFB-8452-B52B6CC833F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B0329C50-B904-480D-8EBB-F2757049FC81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E1553CEA-FCF4-4A9C-85FE-F7DB7A500443"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "BDE4D65E-8F9B-4810-AED6-95564A97D741"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "A5E68B7B-BA08-4E8C-B60A-B3836C6986BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0AF1EDA0-2712-4C3C-8D8A-89E154BB63DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "88DC0A82-CAF3-4E88-8A4D-8AF79D0C226D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "6239D93F-CA0E-4120-96A1-FB63276EAEE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "CD382E2D-0B51-4908-989A-88E083FC85BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "38B7AB56-AB65-4557-A91C-40CA2FD12351"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "61D507C0-086B-4139-A560-126964DFA579"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "952CA843-7CF0-4424-BDA4-3F2A93E077B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "57B125ED-D939-4CBC-9E96-BBCF02402A69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "07AC19C6-D245-4C3A-90CC-A931A901EA0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "DF85AA7B-E1C7-4946-92B4-E4D545CAACDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "34114DDC-DCDA-4306-8D23-2E628873171F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "B6871BC1-19F4-4F0C-88D8-4000590D8D5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9FA72654-2389-4709-BC70-59EC4349A826"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "85E4E8C1-749F-4A1C-8333-6BAFBF8B64D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "E346DCBD-7DEB-464F-B917-8624BE87D646"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "79C89A24-B07F-43D2-AE83-8F4F03D6C114"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "5697984D-08BA-412F-9BDF-26B658B0ADBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "E4187BA1-226E-4976-A642-2F6DAE85538E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "73F22C26-52FC-42A7-B263-0CC7770A8C6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "BFB2B338-5E04-4136-939F-749A3B163656"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3D30C02C-91FB-4D29-AF49-7903158E8FEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "2B6D9064-844B-4D3F-AAE4-D170DF45EF8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C17A088-2CA1-4818-940F-2FEFA881D598"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "C581B7EE-CD08-4D6E-8858-EA8FA631F84C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3093F6FE-C562-4F62-97B7-CA0D2DDF9BBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9CBFF102-91A9-4BCC-BB43-912896BFCCEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "DAB2A0D7-8F4F-4128-AE09-D2658D793BF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "6A89AE5B-4D1A-4ADA-B572-38B1FC4ED54C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "401980A7-E64A-4773-83EB-C93B50AE0F73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC6E2FC7-2BAF-4C7B-9E0F-D9F844041A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "6E12AB0B-728A-4478-B237-78CBAA2A44C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "0501033A-0D51-41E8-91A9-E72B6EE3F78D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "2A901EFE-90BA-474C-88D2-8A3E7D99C0E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "DF7B3213-520A-49F0-A183-C73A37A56854"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "30F706F3-34F6-4D43-AE5E-C202C700A333"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "FD8B9CD3-063E-481E-BE7C-1628ADA71849"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "12C17130-A0C0-49E1-8525-9D65F0275270"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "4FAA7790-A323-4ECA-834E-F19E59C571F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "9CE09EF7-B024-4D79-9400-C8223CDFBB86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "C339A665-413D-443F-AD04-F71C161235D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "213AC4D5-3B95-4120-B72D-A9327BADE2BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3DD61EDA-98ED-4309-B54F-0CF8B7D07DC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "F7DCB465-A0F7-496E-BE45-0B5FA1508D93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "6D65C03E-7BC3-491A-8621-A8C93FBA0A69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4ECB0B7A-590C-460C-878B-9A78CB37D259"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "D66CF415-6C4A-4AF3-B660-B2E9CF484B51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "31B5B670-ACDE-4A64-97C5-358D79C65080"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EAFE015F-8130-4F10-A553-420F0BB2A132"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "141E541B-8FA5-4829-A413-4F1DC19E9AE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "77CE3494-F7C0-497B-8491-107D31C9A91F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "ACEA385E-3931-4438-A2A9-0357651F9B48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "A57CB118-46CC-4CE8-ACC3-A806CD2C25A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "84F3023F-E65C-4871-A65A-738EFF64D365"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "6DD1F78D-EA98-4825-A0EA-703196DDE5E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "BDDB3FBE-99EC-4763-961B-2C436D864A1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "1B02110E-71FB-495F-86CA-F2A4E55C0E42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "931CC6D7-A42D-4482-B901-B539DFF89C3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "852A1BEC-438F-4D1E-B361-87BD57D50157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "84ED2366-D4BA-4094-94AC-AD6E7AEBB6FF"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=09",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-346xx/CVE-2024-34661.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34661",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-09-04T06:15:17.003",
"lastModified": "2024-09-04T13:05:36.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:57:44.563",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -39,10 +59,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:assistant:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.1.00.7",
"matchCriteriaId": "C84786FD-F2FB-4511-9561-C60B734E42CE"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-369xx/CVE-2024-36972.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36972",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-10T15:15:52.617",
"lastModified": "2024-07-03T02:03:56.627",
"lastModified": "2024-09-05T16:35:20.120",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: af_unix: actualice unix_sk(sk)->oob_skb bajo el bloqueo sk_receive_queue. Billy Jheng Bing-Jhong inform\u00f3 de una ejecuci\u00f3n entre __unix_gc() y queue_oob(). __unix_gc() intenta recolectar basura de sockets en vuelo close()d, y luego, si el socket tiene MSG_OOB en unix_sk(sk)->oob_skb, GC eliminar\u00e1 la referencia y establecer\u00e1 NULL sin bloqueo. Sin embargo, el socket del par a\u00fan puede enviar el mensaje MSG_OOB y queue_oob() puede actualizar unix_sk(sk)->oob_skb simult\u00e1neamente, lo que lleva a la desreferencia del puntero NULL. [0] Para solucionar el problema, actualicemos unix_sk(sk)->oob_skb bajo el bloqueo de sk_receive_queue y lo llevemos a todos los lugares donde toquemos oob_skb. Tenga en cuenta que posponemos kfree_skb() en Manage_oob() para silenciar el falso positivo de Lockdep (consulte [1]). [0]: ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000008 PF: acceso de escritura del supervisor en modo kernel PF: error_code(0x0002) - p\u00e1gina no presente PGD 8000000009f5e067 P4D 8000000009f5e067 PUD 9f5d067 PMD 0 Ups: 02 [#1] SMP ADELANTADO PTI CPU: 3 PID: 50 Comm: kworker/3:1 No contaminado 6.9.0-rc5-00191-gd091e579b864 #110 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0- gd239552ce722-prebuilt.qemu.org 01/04/2014 Cola de trabajo: eventos retrasados_fput RIP: 0010:skb_dequeue (./include/linux/skbuff.h:2386 ./include/linux/skbuff.h:2402 net/core/skbuff. c:3847) C\u00f3digo: 39 e3 74 3e 8b 43 10 48 89 ef 83 e8 01 89 43 10 49 8b 44 24 08 49 c7 44 24 08 00 00 00 00 49 8b 14 24 49 c7 04 24 00 0 00 00 <48 > 89 42 08 48 89 10 e8 e7 c5 42 00 4c 89 e0 5b 5d 41 5c c3 cc cc RSP: 0018:ffffc900001bfd48 EFLAGS: 00000002 RAX: 0000000000000000 RBX: 80088f5ae8 RCX: 00000000361289f9 RDX: 0000000000000000 RSI: 0000000000000206 RDI: ffff8880088f5b00 RBP: ffff8880088f5b00 R08: 0000000000080000 R09: 0000000000000001 R10: 0000000000000003 R11: 00000000000000001 R12: ffff8880056b6a00 R13: ffff8880088f5280 R14: 0000000000000001 R15: ffff8880088f5a80 FS: 0000000000000000(0000) GS:ffff88807dd80000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0 : 0000000080050033 CR2: 0000000000000008 CR3: 0000000006314000 CR4: 00000000007506f0 PKRU: 55555554 Seguimiento de llamadas: unix_release_sock (net/unix/af_unix.c:654) ix_release (net/unix/af_unix.c:1050) __sock_release (net/socket. c:660) sock_close (net/socket.c:1423) __fput (fs/file_table.c:423) retrasado_fput (fs/file_table.c:444 (discriminador 3)) Process_one_work (kernel/workqueue.c:3259) trabajador_thread ( kernel/workqueue.c:3329 kernel/workqueue.c:3416) kthread (kernel/kthread.c:388) ret_from_fork (arch/x86/kernel/process.c:153) ret_from_fork_asm (arch/x86/entry/entry_64.S :257) M\u00f3dulos vinculados en: CR2: 0000000000000008"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",

60
CVE-2024/CVE-2024-384xx/CVE-2024-38482.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38482",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-02T04:17:27.750",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-05T16:04:53.577",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:cloudlink:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1",
"versionEndExcluding": "8.1",
"matchCriteriaId": "C3117E62-5F21-4DC3-8164-3CAD329DC225"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227493/dsa-2024-343-security-update-for-dell-cloudlink-vulnerability",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-406xx/CVE-2024-40645.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40645",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-31T19:15:11.870",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-05T17:09:16.947",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,18 +81,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.5.10",
"versionEndIncluding": "1.5.10.41",
"matchCriteriaId": "DDC1FAD4-EE15-41FF-BDF0-685E7885E4F6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/lib/pages/fogconfigurationpage.class.php#L2860-L2896",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/FOGProject/fogproject/commit/9469606a18bf8887740cceed6593a2e0380b5e0c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-59mq-q8g5-2f4f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}

97
CVE-2024/CVE-2024-40xx/CVE-2024-4079.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4079",
"sourceIdentifier": "security@ni.com",
"published": "2024-07-23T14:15:14.353",
"lastModified": "2024-07-24T12:55:13.223",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:12:19.830",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@ni.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "security@ni.com",
"type": "Secondary",
@ -51,10 +81,71 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2020",
"matchCriteriaId": "E9BBCA76-7B4C-4CC5-A782-489CA4223C04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2021:-:*:*:*:*:*:*",
"matchCriteriaId": "9F184512-5D11-47F4-8555-EA6FF93C106F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2021:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BF28259A-30A6-4BB1-B262-A006AB74AFFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-due-to-missing-bounds-check-in-labview.html",
"source": "security@ni.com"
"source": "security@ni.com",
"tags": [
"Vendor Advisory"
]
}
]
}

97
CVE-2024/CVE-2024-40xx/CVE-2024-4080.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4080",
"sourceIdentifier": "security@ni.com",
"published": "2024-07-23T14:15:14.590",
"lastModified": "2024-07-24T12:55:13.223",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:16:23.233",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@ni.com",
"type": "Secondary",
@ -84,6 +104,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security@ni.com",
"type": "Secondary",
@ -95,10 +125,71 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2020",
"matchCriteriaId": "E9BBCA76-7B4C-4CC5-A782-489CA4223C04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2021:-:*:*:*:*:*:*",
"matchCriteriaId": "9F184512-5D11-47F4-8555-EA6FF93C106F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2021:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BF28259A-30A6-4BB1-B262-A006AB74AFFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html",
"source": "security@ni.com"
"source": "security@ni.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-411xx/CVE-2024-41108.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41108",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-31T19:15:12.110",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-05T16:27:50.103",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,18 +81,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.5.10",
"versionEndExcluding": "1.5.10.41",
"matchCriteriaId": "0DD7BD8A-1B66-4868-92EC-0C2A142B937E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/service/hostinfo.php",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/service/hostname.php",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-p3f9-4jj4-fm2g",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-411xx/CVE-2024-41123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41123",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T15:15:13.213",
"lastModified": "2024-08-01T16:45:25.400",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-05T16:12:21.557",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,22 +81,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "3.3.3",
"matchCriteriaId": "E5CFEABA-B7D5-4D35-9C56-CC81B839DD36"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-419xx/CVE-2024-41946.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41946",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T15:15:14.100",
"lastModified": "2024-08-01T16:45:25.400",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-05T16:09:45.503",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,22 +81,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "3.3.3",
"matchCriteriaId": "E5CFEABA-B7D5-4D35-9C56-CC81B839DD36"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-419xx/CVE-2024-41954.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41954",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-31T20:15:06.587",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-05T16:18:09.940",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +81,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.5.10",
"versionEndIncluding": "1.5.10.41",
"matchCriteriaId": "DDC1FAD4-EE15-41FF-BDF0-685E7885E4F6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FOGProject/fogproject/commit/97ed6d51608e52fc087ca1d2f03d6b8df612fc90",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-pcqm-h8cx-282c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

93
CVE-2024/CVE-2024-420xx/CVE-2024-42063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42063",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:06.053",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:42:12.670",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,102 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: marcar la pila de programas bpf con kmsan_unposion_memory en modo int\u00e9rprete syzbot inform\u00f3 usos de memoria uninit durante map_{lookup,delete}_elem. ========== ERROR: KMSAN: valor uninit en __dev_map_lookup_elem kernel/bpf/devmap.c:441 [en l\u00ednea] ERROR: KMSAN: valor uninit en dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap. c:796 __dev_map_lookup_elem kernel/bpf/devmap.c:441 [en l\u00ednea] dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796 ____bpf_map_lookup_elem kernel/bpf/helpers.c:42 [en l\u00ednea] bpf_map_lookup_elem+0x5c/0x80 kernel / bpf/helpers.c:38 ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997 __bpf_prog_run256+0xb5/0xe0 kernel/bpf/core.c:2237 ========== El reproductor debe estar en el modo int\u00e9rprete. El reproductor de C est\u00e1 intentando ejecutar el siguiente programa bpf: 0: (18) r0 = 0x0 2: (18) r1 = map[id:49] 4: (b7) r8 = 16777216 5: (7b) *(u64 * )(r10 -8) = r8 6: (bf) r2 = r10 7: (07) r2 += -229 ^^^^^^^^^^ 8: (b7) r3 = 8 9: (b7) r4 = 0 10: (85) llamar a dev_map_lookup_elem#1543472 11: (95) salir Se debe a la \"clave * vac\u00eda\" (r2) pasada al ayudante. bpf permite el acceso a la memoria de pila uninit para el programa bpf con los privilegios correctos. Este parche usa kmsan_unpoison_memory() para marcar la pila como inicializada. Esto deber\u00eda abordar diferentes informes de syzbot sobre el argumento uninit \"void *key\" durante map_{lookup,delete}_elem."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"matchCriteriaId": "11DA4D7A-BB0A-4555-8D1D-ECCC5108F772"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.37",
"matchCriteriaId": "D72E033B-5323-4C4D-8818-36E1EBC3535F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.8",
"matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3189983c26108cf0990e5c46856dc9feb9470d12",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b30f3197a6cd080052d5d4973f9a6b479fd9fff5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e8742081db7d01f980c6161ae1e8a1dbc1e30979",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

142
CVE-2024/CVE-2024-421xx/CVE-2024-42148.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42148",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.453",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:46:27.683",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bnx2x: corrige m\u00faltiples \u00edndices de matriz UBSAN fuera de los l\u00edmites. Corrige las advertencias de UBSAN que ocurren cuando se usa un sistema con 32 n\u00facleos de CPU f\u00edsicos o m\u00e1s, o cuando el usuario define un n\u00famero. de colas Ethernet mayores o iguales a FP_SB_MAX_E1x usando el par\u00e1metro del m\u00f3dulo num_queues. Actualmente hay una lectura/escritura fuera de los l\u00edmites que se produce en la matriz \"struct stats_query_entry query\" presente dentro de la estructura \"bnx2x_fw_stats_req\" en \"drivers/net/ethernet/broadcom/bnx2x/bnx2x.h\". Mirando la definici\u00f3n de la matriz \"struct stats_query_entry query\": struct stats_query_entry query[FP_SB_MAX_E1x+ BNX2X_FIRST_QUEUE_QUERY_IDX]; FP_SB_MAX_E1x se define como el n\u00famero m\u00e1ximo de interrupciones de ruta r\u00e1pida y tiene un valor de 16, mientras que BNX2X_FIRST_QUEUE_QUERY_IDX tiene un valor de 3, lo que significa que la matriz tiene un tama\u00f1o total de 19. Dado que los accesos a \"struct stats_query_entry query\" est\u00e1n compensados por BNX2X_FIRST_QUEUE_QUERY_IDX, eso significa que el n\u00famero total de colas Ethernet no debe exceder FP_SB_MAX_E1x (16). Sin embargo, una de estas colas est\u00e1 reservada para FCOE y, por lo tanto, el n\u00famero de colas Ethernet debe establecerse en [FP_SB_MAX_E1x -1] (15) si FCOE est\u00e1 habilitado o [FP_SB_MAX_E1x] (16) si no lo est\u00e1. Esto tambi\u00e9n se describe en un comentario en el c\u00f3digo fuente en drivers/net/ethernet/broadcom/bnx2x/bnx2x.h justo encima de la definici\u00f3n de macro de FP_SB_MAX_E1x. A continuaci\u00f3n se muestra la parte de esta explicaci\u00f3n que es importante para este parche /* * El n\u00famero total de colas L2, vectores MSIX y contextos HW (CID) est\u00e1 * controlado por el n\u00famero de bloques de estado de ruta r\u00e1pida admitidos por el * dispositivo (HW /FW). Cada bloque de estado de ruta r\u00e1pida (FP-SB), tambi\u00e9n conocido como bloque de estado no predeterminado *, representa un contexto de interrupciones independiente que puede * servir a una cola de red L2 normal. Sin embargo, las colas L2 especiales, como * como la cola FCoE, no requieren un FP-SB y otros componentes como * el CNIC pueden consumir FP-SB, lo que reduce el n\u00famero de colas L2 posibles * * Si el n\u00famero m\u00e1ximo de FP-SB disponibles es X, entonces : * a. Si se admite CNIC, consume 1 FP-SB, por lo que el n\u00famero m\u00e1ximo de * colas L2 regulares es Y=X-1 * b. En el modo MF, el n\u00famero real de colas L2 es Y= (X-1/MF_factor) * c. Si se admite la cola FCoE L2, el n\u00famero real de colas L2 * es Y+1 * d. El n\u00famero de irqs (vectores MSIX) es Y+1 (uno adicional para * interrupciones de ruta lenta) o Y+2 si se admite CNIC (un contexto de interrupci\u00f3n * FP adicional para el CNIC). * e. El n\u00famero de contexto de HW (recuento de CID) siempre es X o X+1 si se admite la cola FCoE * L2. El cid para la cola FCoE L2 siempre es X. */ Sin embargo, este controlador tambi\u00e9n admite NIC que usan el controlador E2, que puede manejar m\u00e1s colas debido a que tiene m\u00e1s FP-SB representado por FP_SB_MAX_E2. Al observar las confirmaciones cuando se agreg\u00f3 el soporte E2, originalmente se usaban los par\u00e1metros E1x: commit f2e0899f0f27 (\"bnx2x: Add 57712 support\"). En aquel entonces, FP_SB_MAX_E2 se configur\u00f3 en 16 al igual que E1x. Sin embargo, el controlador se actualiz\u00f3 posteriormente para aprovechar al m\u00e1ximo el E2 en lugar de limitarlo a las capacidades del E1x. Pero hasta donde sabemos, la \"consulta stats_query_entry\" de la matriz todav\u00eda se limitaba a usar el FP-SB disponible para las tarjetas E1x como parte de una sobrese\u00f1al cuando se actualiz\u00f3 el controlador para aprovechar al m\u00e1ximo el E2, y ahora con el Al ser consciente el controlador del mayor tama\u00f1o de cola admitido por las NIC E2, se generan las advertencias de UBSAN que se ven en los seguimientos de pila a continuaci\u00f3n. Este parche aumenta el tama\u00f1o de la matriz \"stats_query_entry query\" reemplazando FP_SB_MAX_E1x con FP_SB_MAX_E2 para que sea lo suficientemente grande como para manejar ambos tipos de NIC. Seguimientos de pila: UBSAN: ---truncado---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3",
"versionEndExcluding": "4.19.318",
"matchCriteriaId": "CB7FC3A4-F8FE-40B5-B8D0-0DE2A8D111A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.280",
"matchCriteriaId": "625DBFAB-C3D0-4309-A27F-12D6428FB38F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.222",
"matchCriteriaId": "00696AC5-EE29-437F-97F9-C4D66608B327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.163",
"matchCriteriaId": "A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.98",
"matchCriteriaId": "E09E92A5-27EF-40E4-926A-B1CDC8270551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.39",
"matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.9",
"matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0edae06b4c227bcfaf3ce21208d49191e1009d3b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/134061163ee5ca4759de5c24ca3bd71608891ba7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8b17cec33892a66bbd71f8d9a70a45e2072ae84f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9504a1550686f53b0bab4cab31d435383b1ee2ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b9ea38e767459111a511ed4fb74abc37db95a59d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cbe53087026ad929cd3950508397e8892a6a2a0f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cfb04472ce33bee2579caf4dc9f4242522f6e26e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f1313ea92f82451923e28ab45a4aaa0e70e80b98",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

129
CVE-2024/CVE-2024-422xx/CVE-2024-42288.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42288",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.523",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:38:38.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,144 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Correcci\u00f3n de posible corrupci\u00f3n de la memoria Init Control Block est\u00e1 desreferenciada incorrectamente. Desreferenciar correctamente ICB"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"matchCriteriaId": "9B9D49AA-E82F-497B-A047-F07DF6F16995"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.224",
"matchCriteriaId": "5CCEDF13-293D-4E64-B501-4409D0365AFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.165",
"matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.103",
"matchCriteriaId": "E45EAC72-8329-4F99-8276-86AF9BB3496A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

141
CVE-2024/CVE-2024-422xx/CVE-2024-42289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42289",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.590",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:37:49.057",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,158 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: qla2xxx: durante la eliminaci\u00f3n de vport, env\u00ede el cierre de sesi\u00f3n as\u00edncrono expl\u00edcitamente. Durante la eliminaci\u00f3n de vport, se observa que durante la descarga sufrimos un bloqueo debido a entradas obsoletas en la matriz de comandos pendientes. Para todas estas entradas de E/S obsoletas, se emiti\u00f3 y cancel\u00f3 eh_abort (fast_fail_io = 2009h), pero las E/S no se pudieron completar mientras la eliminaci\u00f3n de vport estaba en proceso de eliminaci\u00f3n. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 000000000000001c #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Vaya: 0000 [#1] Cola de trabajo PREEMPT SMP NOPTI: qla2xxx_wq qla_do_work [ qla2xxx] RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046 RAX: 00000000000000000 RBX: 0000000000000021 RCX: 0000000001 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0 RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: 10: ffff8ce378aac8a0 R11 : ffffa1e1e150f9d8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 00000000000000000 FS: 0000000000000000(0000) ffff8d217f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000002089acc000 0000000000350ee0 Seguimiento de llamadas: qla2xxx_qpair_sp_free_dma+0x417/0x4e0 ? qla2xxx_qpair_sp_compl+0x10d/0x1a0 ? qla2x00_status_entry+0x768/0x2830? newidle_balance+0x2f0/0x430? dequeue_entity+0x100/0x3c0? qla24xx_process_response_queue+0x6a1/0x19e0? __programaci\u00f3n+0x2d5/0x1140 ? qla_do_work+0x47/0x60 ? proceso_one_work+0x267/0x440? proceso_one_work+0x440/0x440? hilo_trabajador+0x2d/0x3d0? proceso_one_work+0x440/0x440? khilo+0x156/0x180? set_kthread_struct+0x50/0x50? ret_from_fork+0x22/0x30 Env\u00eda el cierre de sesi\u00f3n as\u00edncrono expl\u00edcitamente para todos los puertos durante la eliminaci\u00f3n de vport."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"matchCriteriaId": "0B4EF915-550B-45E5-B2CA-648FEACD60FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.282",
"matchCriteriaId": "A8961D98-9ACF-4188-BA88-44038B14BC28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.224",
"matchCriteriaId": "5CCEDF13-293D-4E64-B501-4409D0365AFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.165",
"matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.103",
"matchCriteriaId": "E45EAC72-8329-4F99-8276-86AF9BB3496A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

94
CVE-2024/CVE-2024-423xx/CVE-2024-42307.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42307",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.843",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:49:58.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: cifs: corrige el posible uso de puntero nulo en destroy_workqueue en la ruta de error init_cifs Dan Carpenter inform\u00f3 una advertencia del verificador est\u00e1tico de Smack: fs/smb/client/cifsfs.c:1981 error init_cifs(): Anteriormente asumimos que 'serverclose_wq' podr\u00eda ser nulo (ver l\u00ednea 1895). El parche que introdujo la cola de trabajo serverclose utiliz\u00f3 un orden incorrecto en las rutas de error en init_cifs() para liberarlo de errores."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.85",
"versionEndExcluding": "6.1.103",
"matchCriteriaId": "42EE7040-F6B8-41B6-B886-9DB62292B991"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.26",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "F1D7BCB0-C58B-481A-9E7D-8CAD84EF38AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.5",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "E6C7329B-0935-4016-B115-BC78DC87A38E"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

21
CVE-2024/CVE-2024-428xx/CVE-2024-42885.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-42885",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-05T16:15:07.720",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page."
}
],
"metrics": {},
"references": [
{
"url": "https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932b",
"source": "cve@mitre.org"
}
]
}

73
CVE-2024/CVE-2024-443xx/CVE-2024-44383.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-44383",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-04T13:15:06.753",
"lastModified": "2024-09-04T16:09:24.827",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-05T17:38:48.020",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm."
},
{
"lang": "es",
"value": "WAYOS FBM-291W v19.09.11 es vulnerable a la ejecuci\u00f3n de comandos a trav\u00e9s de msp_info_htm."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wayos:fbm-291w_firmware:19.09.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82D73CBC-D075-4232-8E11-BCF9E1D4AB8A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wayos:fbm-291w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9373FFB-B5E8-4761-8946-9E8FC27FC38A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/wayos_%20FBM_291W.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-444xx/CVE-2024-44400.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-44400",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-04T13:15:06.867",
"lastModified": "2024-09-04T16:09:24.827",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-05T17:37:42.787",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgrade_filter_asp."
},
{
"lang": "es",
"value": "D-Link DI-8400 16.07.26A1 es vulnerable a la inyecci\u00f3n de comandos a trav\u00e9s de upgrade_filter_asp."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:di-8400_firmware:16.07.26a1:*:*:*:*:*:*:*",
"matchCriteriaId": "7293D6F3-30C0-4805-A662-ADAC551BAB7A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:di-8400:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "75CE4566-1587-4A8E-8D4E-8693149670DF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8400-16.07.26A1_Command_Injection.md/D-link_DI_8400-16.07.26A1_Command_Injection.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-445xx/CVE-2024-44587.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44587",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-05T14:15:10.700",
"lastModified": "2024-09-05T14:35:24.337",
"vulnStatus": "Received",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

21
CVE-2024/CVE-2024-447xx/CVE-2024-44727.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44727",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-05T17:15:12.617",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/Sourcecodehero%20Event%20Management%20System/CVE-2024-44727.MD",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-447xx/CVE-2024-44728.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44728",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-05T17:15:12.730",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/Sourcecodehero%20Event%20Management%20System/CVE-2024-44728.md",
"source": "cve@mitre.org"
}
]
}

85
CVE-2024/CVE-2024-449xx/CVE-2024-44931.json
View File

@ -2,28 +2,101 @@
"id": "CVE-2024-44931",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.447",
"lastModified": "2024-08-26T12:47:20.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:58:45.847",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: gpio: evita posibles fugas de especulaci\u00f3n en gpio_device_get_desc() El espacio de usuario puede desencadenar una lectura especulativa de una direcci\u00f3n fuera de la matriz de descriptores de gpio. Los usuarios pueden hacerlo llamando a gpio_ioctl() con un desplazamiento fuera de rango. La compensaci\u00f3n se copia del usuario y luego se usa como \u00edndice de matriz para obtener el descriptor de gpio sin desinfecci\u00f3n en gpio_device_get_desc(). Este cambio garantiza que la compensaci\u00f3n se desinfecte mediante el uso de array_index_nospec() para mitigar cualquier posibilidad de fugas de informaci\u00f3n especulativa. Este error fue descubierto y resuelto utilizando Coverity Static Analysis Security Testing (SAST) por Synopsys, Inc."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"matchCriteriaId": "84C35A98-08C9-4674-8AC8-9CC0757B7699"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.5",
"matchCriteriaId": "D074AE50-4A5E-499C-A2FD-75FD60DEA560"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

84
CVE-2024/CVE-2024-449xx/CVE-2024-44936.json
View File

@ -2,24 +2,98 @@
"id": "CVE-2024-44936",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.700",
"lastModified": "2024-08-26T12:47:20.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:53:43.867",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: rt5033: Bring back i2c_set_clientdata\n\nCommit 3a93da231c12 (\"power: supply: rt5033: Use devm_power_supply_register() helper\")\nreworked the driver to use devm. While at it, the i2c_set_clientdata\nwas dropped along with the remove callback. Unfortunately other parts\nof the driver also rely on i2c clientdata so this causes kernel oops.\n\nBring the call back to fix the driver."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: power: Supply: rt5033: traer de vuelta i2c_set_clientdata Commit 3a93da231c12 (\"power: Supply: rt5033: Use devm_power_supply_register() helper\") reelabor\u00f3 el controlador para usar devm. Mientras lo hac\u00eda, i2c_set_clientdata se elimin\u00f3 junto con la devoluci\u00f3n de llamada de eliminaci\u00f3n. Desafortunadamente, otras partes del controlador tambi\u00e9n dependen de los datos del cliente i2c, por lo que esto provoca fallos en el kernel. Devuelva la llamada para reparar el controlador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.10.5",
"matchCriteriaId": "F07BD0FF-07AF-4DAD-8EB1-09FB50ABDC47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c5d0871b0af0184abc6f7f52f8705b39a6251ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d3911f1639e67fc7b12aae0efa5a540976d7443b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

128
CVE-2024/CVE-2024-449xx/CVE-2024-44971.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44971",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-04T19:15:31.367",
"lastModified": "2024-09-05T12:53:21.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:54:36.607",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,141 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: bcm_sf2: Se corrige una posible p\u00e9rdida de memoria en bcm_sf2_mdio_register() bcm_sf2_mdio_register() llama a of_phy_find_device() y luego a phy_device_remove() en un bucle para eliminar los dispositivos PHY existentes. of_phy_find_device() finalmente llama a bus_find_device(), que llama a get_device() en el struct device * devuelto para incrementar el refcount. La implementaci\u00f3n actual no disminuye el refcount, lo que causa una p\u00e9rdida de memoria. Esta confirmaci\u00f3n agrega la llamada phy_device_free() faltante para disminuir el refcount a trav\u00e9s de put_device() para equilibrar el refcount."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.10.224",
"matchCriteriaId": "3723F85C-99C4-4BA1-A411-426E0591769E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.165",
"matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.105",
"matchCriteriaId": "89BEB24B-0F37-4C92-A397-564DA7CD8EE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.46",
"matchCriteriaId": "FA11941E-81FB-484C-B583-881EEB488340"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.5",
"matchCriteriaId": "D074AE50-4A5E-499C-A2FD-75FD60DEA560"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

102
CVE-2024/CVE-2024-449xx/CVE-2024-44974.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44974",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-04T20:15:07.100",
"lastModified": "2024-09-05T12:53:21.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:54:29.037",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,109 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: pm: evitar posible UaF al seleccionar endp select_local_address() y select_signal_address() seleccionan una entrada de endpoint de la lista dentro de una secci\u00f3n protegida de RCU, pero devuelven una referencia a ella, para leerla m\u00e1s tarde. Si se desreferencia la entrada despu\u00e9s del desbloqueo de RCU, leer informaci\u00f3n podr\u00eda causar un Use-after-Free. Una soluci\u00f3n simple es copiar la informaci\u00f3n requerida mientras se est\u00e1 dentro de la secci\u00f3n protegida de RCU para evitar cualquier riesgo de UaF m\u00e1s adelante. Es posible que el ID de la direcci\u00f3n deba modificarse m\u00e1s tarde para manejar el caso ID0 m\u00e1s tarde, por lo que una copia parece ser una buena opci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7",
"versionEndExcluding": "6.6.48",
"matchCriteriaId": "3C120709-9CC8-4B99-81CC-CA805D1EABD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.7",
"matchCriteriaId": "D2AFDFD1-D95A-4EB7-843B-5E7659518B67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

90
CVE-2024/CVE-2024-449xx/CVE-2024-44981.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44981",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-04T20:15:07.533",
"lastModified": "2024-09-05T12:53:21.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:54:19.377",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,95 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: workqueue: Se corrige el error de 'desbordamiento de sustracci\u00f3n' de UBSAN en shift_and_mask() UBSAN informa el siguiente error de 'desbordamiento de sustracci\u00f3n' al arrancar en una m\u00e1quina virtual en Android: | Error interno: UBSAN: desbordamiento de sustracci\u00f3n de enteros: 00000000f2005515 [#1] PREEMPT SMP | M\u00f3dulos vinculados en: | CPU: 0 PID: 1 Comm: swapper/0 No contaminado 6.10.0-00006-g3cbe9e5abd46-dirty #4 | Nombre del hardware: linux,dummy-virt (DT) | pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : cancel_delayed_work+0x34/0x44 | lr : cancelar_trabajo_retrasado+0x2c/0x44 | sp : ffff80008002ba60 | x29: ffff80008002ba60 x28: 0000000000000000 x27: 0000000000000000 | x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 | x23: 0000000000000000 x22: 0000000000000000 x21: ffff1f65014cd3c0 | x20: ffffc0e84c9d0da0 x19: ffffc0e84cab3558 x18: ffff800080009058 | x17: 00000000247ee1f8 x16: 00000000247ee1f8 x15: 00000000bdcb279d | x14: 0000000000000001 x13: 0000000000000075 x12: 00000a0000000000 | x11: ffff1f6501499018 x10: 00984901651fffff x9 : ffff5e7cc35af000 | x8 : 0000000000000001 x7 : 3d4d455453595342 x6 : 000000004e514553 | x5 : ffff1f6501499265 x4 : ffff1f650ff60b10 x3 : 0000000000000620 | x2 : ffff80008002ba78 x1 : 0000000000000000 x0 : 0000000000000000 | Rastreo de llamadas: | cancel_delayed_work+0x34/0x44 | deferred_probe_extend_timeout+0x20/0x70 | driver_register+0xa8/0x110 | __platform_driver_register+0x28/0x3c | syscon_init+0x24/0x38 | hacer_una_initcall+0xe4/0x338 | hacer_initcall_level+0xac/0x178 | hacer_initcalls+0x5c/0xa0 | hacer_configuraci\u00f3n_b\u00e1sica+0x20/0x30 | kernel_init_freeable+0x8c/0xf8 | kernel_init+0x28/0x1b4 | ret_from_fork+0x10/0x20 | C\u00f3digo: f9000fbf 97fffa2f 39400268 37100048 (d42aa2a0) | ---[ fin de seguimiento 000000000000000 ]--- | P\u00e1nico del n\u00facleo: no se sincroniza: UBSAN: desbordamiento de sustracci\u00f3n de enteros: excepci\u00f3n fatal Esto se debe a que shift_and_mask() usa una funci\u00f3n inmediata con signo para construir la m\u00e1scara y se la llama con un desplazamiento de 31 (WORK_OFFQ_POOL_SHIFT), por lo que termina disminuyendo desde INT_MIN. Use una constante sin signo '1U' para generar la m\u00e1scara en shift_and_mask()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.10.7",
"matchCriteriaId": "E55C1263-DF43-41EF-8DA8-2BA68DF4FFFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/38f7e14519d39cf524ddc02d4caee9b337dad703",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/90a6a844b2d9927d192758438a4ada33d8cd9de5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

126
CVE-2024/CVE-2024-449xx/CVE-2024-44985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44985",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-04T20:15:07.777",
"lastModified": "2024-09-05T12:53:21.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:54:11.313",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,137 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ipv6: evitar posible UAF en ip6_xmit() Si skb_expand_head() devuelve NULL, skb se ha liberado y el dst/idev asociado tambi\u00e9n podr\u00eda haberse liberado. Debemos utilizar rcu_read_lock() para evitar un posible UAF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.166",
"matchCriteriaId": "1E86C365-0589-4961-B85C-B76395A12CC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.107",
"matchCriteriaId": "53954FF8-CB48-4302-BC4C-9DA7A88F44A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.48",
"matchCriteriaId": "9DE9201A-CE6B-4726-BABB-8265EA0F8AE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.7",
"matchCriteriaId": "D2AFDFD1-D95A-4EB7-843B-5E7659518B67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

126
CVE-2024/CVE-2024-449xx/CVE-2024-44986.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44986",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-04T20:15:07.833",
"lastModified": "2024-09-05T12:53:21.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:54:04.127",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,137 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: se ha corregido un posible UAF en ip6_finish_output2() Si skb_expand_head() devuelve NULL, se ha liberado skb y tambi\u00e9n se podr\u00eda haber liberado el dst/idev asociado. Necesitamos mantener rcu_read_lock() para asegurarnos de que el dst y el idev asociado est\u00e9n activos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14",
"versionEndExcluding": "5.15.166",
"matchCriteriaId": "9F971490-28BA-4CF2-B6ED-DC618507AC3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.107",
"matchCriteriaId": "53954FF8-CB48-4302-BC4C-9DA7A88F44A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.48",
"matchCriteriaId": "9DE9201A-CE6B-4726-BABB-8265EA0F8AE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.7",
"matchCriteriaId": "D2AFDFD1-D95A-4EB7-843B-5E7659518B67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

162
CVE-2024/CVE-2024-449xx/CVE-2024-44987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44987",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-04T20:15:07.890",
"lastModified": "2024-09-05T12:53:21.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:53:54.687",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,179 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: evitar UAF en ip6_send_skb() syzbot inform\u00f3 de un UAF en ip6_send_skb() [1] Despu\u00e9s de que ip6_local_out() haya regresado, ya no podemos desreferenciar rt de forma segura, a menos que mantengamos rcu_read_lock(). Se ha solucionado un problema similar en el commit a688caa34beb (\"ipv6: tomar bloqueo rcu en rawv6_send_hdrinc()\") Otro problema potencial en ip6_finish_output2() se maneja en un parche independiente. [1] ERROR: KASAN: slab-use-after-free en ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88806dde4858 por la tarea syz.1.380/6530 CPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 No contaminado 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:93 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 descripci\u00f3n_direcci\u00f3n_impresi\u00f3n mm/kasan/report.c:377 [en l\u00ednea] informe_impresi\u00f3n+0x169/0x550 mm/kasan/report.c:488 informe_kasan+0x143/0x180 mm/kasan/report.c:601 ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 tramas_pendientes_de_env\u00edo_sin_formato_v6+0x75c/0x9e0 net/ipv6/raw.c:588 env\u00edo_sin_formato_v6+0x19c7/0x23c0 net/ipv6/raw.c:926 env\u00edo_sin_formato_v6_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 sock_write_iter+0x2dd/0x400 net/socket.c:1160 do_iter_readv_writev+0x60a/0x890 vfs_writev+0x37c/0xbb0 fs/read_write.c:971 do_writev+0x1b1/0x350 fs/read_write.c:1018 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f DESCANSE EN P\u00c9RDIDA: 0033:0x7f936bf79e79 C\u00f3digo: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000014 RAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79 RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004 RBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 00000000000000246 R12: 00000000000000000 R13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8 Asignado por la tarea 6530: kasan_save_stack mm/kasan/common.c:47 [en l\u00ednea] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [en l\u00ednea] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [en l\u00ednea] slab_post_alloc_hook mm/slub.c:3988 [en l\u00ednea] slab_alloc_node mm/slub.c:4037 [en l\u00ednea] kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044 dst_alloc+0x12b/0x190 net/core/dst.c:89 ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670 make_blackhole net/xfrm/xfrm_policy.c:3120 [en l\u00ednea] xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313 ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257 rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597 ___sys_sendmsg net/socket.c:2651 [en l\u00ednea] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Liberado por la tarea 45: kasan_save_stack mm/kasan/common.c:47 [en l\u00ednea] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [en l\u00ednea] slab_free_hook mm/slub.c:2252 ---truncado---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.32",
"versionEndExcluding": "4.19.321",
"matchCriteriaId": "9ADDB000-FDCD-401B-AD98-165AB6788080"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.283",
"matchCriteriaId": "8E6B390A-0CE6-44FC-8CD5-BE8226D6D24C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.225",
"matchCriteriaId": "C57B46A9-B105-4792-8481-1870DEFB436A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.166",
"matchCriteriaId": "913ED6CD-8ACF-48AF-AA18-7880881DD402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.107",
"matchCriteriaId": "53954FF8-CB48-4302-BC4C-9DA7A88F44A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.48",
"matchCriteriaId": "9DE9201A-CE6B-4726-BABB-8265EA0F8AE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.7",
"matchCriteriaId": "D2AFDFD1-D95A-4EB7-843B-5E7659518B67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

56
CVE-2024/CVE-2024-450xx/CVE-2024-45096.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45096",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-05T16:15:07.810",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-548"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7167255",
"source": "psirt@us.ibm.com"
}
]
}

56
CVE-2024/CVE-2024-450xx/CVE-2024-45097.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45097",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-05T16:15:08.050",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-650"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7167255",
"source": "psirt@us.ibm.com"
}
]
}

56
CVE-2024/CVE-2024-450xx/CVE-2024-45098.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45098",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-05T16:15:08.283",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-650"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7167255",
"source": "psirt@us.ibm.com"
}
]
}

25
CVE-2024/CVE-2024-451xx/CVE-2024-45171.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-45171",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-05T16:15:08.477",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup files allows an authenticated user to upload arbitrary files. The only condition is that the filename contains a .cbkf string. Therefore, webshell.cbkf.php is considered a valid file name for the C-MOR web application. Uploaded files are stored within the directory \"/srv/www/backups\" on the C-MOR system, and can thus be accessed via the URL https://<HOST>/backup/upload_<FILENAME>. Due to broken access control, low-privileged authenticated users can also use this file upload functionality."
}
],
"metrics": {},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-026.txt",
"source": "cve@mitre.org"
},
{
"url": "https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030",
"source": "cve@mitre.org"
}
]
}

4
CVE-2024/CVE-2024-451xx/CVE-2024-45173.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45173",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-05T15:15:16.680",
"lastModified": "2024-09-05T15:15:16.680",
"vulnStatus": "Received",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

25
CVE-2024/CVE-2024-451xx/CVE-2024-45175.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-45175",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-05T16:15:08.553",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a path traversal attack, has access to the login data of all configured cameras, or the configured FTP server."
}
],
"metrics": {},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-028.txt",
"source": "cve@mitre.org"
},
{
"url": "https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-451xx/CVE-2024-45176.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-45176",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-05T16:15:08.630",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to insufficient user input validation."
}
],
"metrics": {},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-020.txt",
"source": "cve@mitre.org"
},
{
"url": "https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030",
"source": "cve@mitre.org"
}
]
}

41
CVE-2024/CVE-2024-451xx/CVE-2024-45178.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45178",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-05T15:15:16.780",
"lastModified": "2024-09-05T15:15:16.780",
"vulnStatus": "Received",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to download arbitrary files from the C-MOR system via a path traversal attack. It was found out that different functionalities are vulnerable to path traversal attacks, due to insufficient user input validation. For instance, the download functionality for backups provided by the script download-bkf.pml is vulnerable to a path traversal attack via the parameter bkf. This enables an authenticated user to download arbitrary files as Linux user www-data from the C-MOR system. Another path traversal attack is in the script show-movies.pml, which can be exploited via the parameter cam."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-025.txt",

68
CVE-2024/CVE-2024-451xx/CVE-2024-45195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45195",
"sourceIdentifier": "security@apache.org",
"published": "2024-09-04T09:15:04.397",
"lastModified": "2024-09-04T13:05:36.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:44:25.040",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,30 @@
"value": "Vulnerabilidad Direct Request (\"Navegaci\u00f3n forzada\") en Apache OFBiz. Este problema afecta a Apache OFBiz: anterior a la versi\u00f3n 18.12.16. Se recomienda a los usuarios que actualicen a la versi\u00f3n 18.12.16, que soluciona el problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -28,22 +51,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.12.16",
"matchCriteriaId": "51868E3D-516B-4DF1-8889-161D53E47ACE"
}
]
}
]
}
],
"references": [
{
"url": "https://issues.apache.org/jira/browse/OFBIZ-13130",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://ofbiz.apache.org/download.html",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Product"
]
},
{
"url": "https://ofbiz.apache.org/security.html",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-453xx/CVE-2024-45392.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-45392",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-05T17:15:12.807",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-8qfx-h7pm-2587",
"source": "security-advisories@github.com"
}
]
}

65
CVE-2024/CVE-2024-455xx/CVE-2024-45507.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45507",
"sourceIdentifier": "security@apache.org",
"published": "2024-09-04T09:15:04.520",
"lastModified": "2024-09-04T16:35:11.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:53:39.760",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -55,22 +75,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.12.16",
"matchCriteriaId": "51868E3D-516B-4DF1-8889-161D53E47ACE"
}
]
}
]
}
],
"references": [
{
"url": "https://issues.apache.org/jira/browse/OFBIZ-13132",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://ofbiz.apache.org/download.html",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Product"
]
},
{
"url": "https://ofbiz.apache.org/security.html",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

25
CVE-2024/CVE-2024-455xx/CVE-2024-45589.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-45589",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-05T16:15:08.737",
"lastModified": "2024-09-05T17:44:56.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters."
}
],
"metrics": {},
"references": [
{
"url": "https://benrogozinski.github.io/CVE-2024-45589/",
"source": "cve@mitre.org"
},
{
"url": "https://help.rapididentity.com/docs/rapididentity-lts-release-notes",
"source": "cve@mitre.org"
}
]
}

89
CVE-2024/CVE-2024-50xx/CVE-2024-5067.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5067",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-07-24T23:15:09.610",
"lastModified": "2024-07-25T12:36:39.947",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:29:32.287",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -51,22 +81,69 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.11",
"versionEndExcluding": "17.0.5",
"matchCriteriaId": "2BF8BC38-C7F7-4123-A27A-0E77FBC9709E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.1",
"versionEndExcluding": "17.1.3",
"matchCriteriaId": "08FB7225-89F0-46D7-81AB-003D5D3BE137"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2",
"versionEndExcluding": "17.2.1",
"matchCriteriaId": "579D177F-35DB-4988-82DD-0A5AA1AEDBA1"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458504",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462427",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2462303",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://hackerone.com/reports/2502047",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

62
CVE-2024/CVE-2024-61xx/CVE-2024-6148.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6148",
"sourceIdentifier": "secure@citrix.com",
"published": "2024-07-10T21:15:10.730",
"lastModified": "2024-07-11T13:05:54.930",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-05T17:51:48.560",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,12 +59,68 @@
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:*:html5:*:*",
"versionEndExcluding": "2404.1",
"matchCriteriaId": "D74AF5CA-6403-4E3A-B651-C1C28389C562"
}
]
}
]
}
],
"references": [
{
"url": "https://support.citrix.com/article/CTX678037",
"source": "secure@citrix.com"
"source": "secure@citrix.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-69xx/CVE-2024-6945.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6945",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-21T08:15:07.140",
"lastModified": "2024-07-22T13:00:31.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T16:14:31.237",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flute-cms:flute:0.2.2.4:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3CA6F1D1-169A-4F33-9CD4-38470172278E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE5-1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.272067",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.272067",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.375189",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-69xx/CVE-2024-6946.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6946",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-21T09:15:02.353",
"lastModified": "2024-07-22T13:00:31.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T16:14:28.857",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flute-cms:flute:0.2.2.4:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3CA6F1D1-169A-4F33-9CD4-38470172278E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE5-2.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.272068",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.272068",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.375214",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-69xx/CVE-2024-6947.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6947",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-21T09:15:03.267",
"lastModified": "2024-07-22T13:00:31.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T16:14:25.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flute-cms:flute:0.2.2.4:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3CA6F1D1-169A-4F33-9CD4-38470172278E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.272069",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.272069",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.376785",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

98
CVE-2024/CVE-2024-70xx/CVE-2024-7057.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7057",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-07-25T01:15:10.040",
"lastModified": "2024-07-25T12:36:39.947",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:33:21.630",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -51,14 +81,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.7",
"versionEndExcluding": "17.0.5",
"matchCriteriaId": "7D2AF178-30AD-4287-A7BE-881FBF897438"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.7",
"versionEndExcluding": "17.0.5",
"matchCriteriaId": "B7B134A8-6F60-4450-A98C-857ED5AD5BFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.1",
"versionEndExcluding": "17.1.3",
"matchCriteriaId": "2AAB2105-E23B-4B5B-B1FB-63E2B406C15D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.1",
"versionEndExcluding": "17.1.3",
"matchCriteriaId": "08FB7225-89F0-46D7-81AB-003D5D3BE137"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2",
"versionEndExcluding": "17.2.1",
"matchCriteriaId": "BDEB6BD0-A0F9-4ECD-8BB1-DAD86FDB23DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2",
"versionEndExcluding": "17.2.1",
"matchCriteriaId": "579D177F-35DB-4988-82DD-0A5AA1AEDBA1"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458501",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2475135",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

93
CVE-2024/CVE-2024-70xx/CVE-2024-7060.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7060",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-07-24T23:15:09.817",
"lastModified": "2024-07-25T12:36:39.947",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:30:34.897",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -51,10 +81,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.4",
"versionEndExcluding": "17.0.5",
"matchCriteriaId": "7B522ADA-8F6C-4824-8FE9-502D1DB8073A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.4",
"versionEndExcluding": "17.0.5",
"matchCriteriaId": "D429C82D-08BB-4729-B81E-9694960DA273"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.1",
"versionEndExcluding": "17.1.3",
"matchCriteriaId": "2AAB2105-E23B-4B5B-B1FB-63E2B406C15D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.1",
"versionEndExcluding": "17.1.3",
"matchCriteriaId": "08FB7225-89F0-46D7-81AB-003D5D3BE137"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2",
"versionEndExcluding": "17.2.1",
"matchCriteriaId": "BDEB6BD0-A0F9-4ECD-8BB1-DAD86FDB23DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2",
"versionEndExcluding": "17.2.1",
"matchCriteriaId": "579D177F-35DB-4988-82DD-0A5AA1AEDBA1"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437894",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
}
]
}

93
CVE-2024/CVE-2024-70xx/CVE-2024-7091.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7091",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-07-24T23:15:10.013",
"lastModified": "2024-07-25T12:36:39.947",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:32:20.553",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -51,10 +81,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.6",
"versionEndExcluding": "17.0.5",
"matchCriteriaId": "54882984-51EE-4D34-85F3-95446D04F86B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.6",
"versionEndExcluding": "17.0.5",
"matchCriteriaId": "7714A7CC-0AB7-4381-8F8F-A80685E39DC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.1",
"versionEndExcluding": "17.1.3",
"matchCriteriaId": "2AAB2105-E23B-4B5B-B1FB-63E2B406C15D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.1",
"versionEndExcluding": "17.1.3",
"matchCriteriaId": "08FB7225-89F0-46D7-81AB-003D5D3BE137"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2",
"versionEndExcluding": "17.2.1",
"matchCriteriaId": "BDEB6BD0-A0F9-4ECD-8BB1-DAD86FDB23DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2",
"versionEndExcluding": "17.2.1",
"matchCriteriaId": "579D177F-35DB-4988-82DD-0A5AA1AEDBA1"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/408469",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
}
]
}

61
CVE-2024/CVE-2024-78xx/CVE-2024-7834.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-7834",
"sourceIdentifier": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"published": "2024-09-04T13:15:07.030",
"lastModified": "2024-09-04T16:09:24.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:52:06.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation is caused by Overwolf\nloading and executing certain dynamic link library files from a user-writeable\nfolder in SYSTEM context on launch. This allows an attacker with unprivileged\naccess to the system to run arbitrary code with SYSTEM privileges by placing a\nmalicious .dll file in the respective location."
},
{
"lang": "es",
"value": "Una escalada de privilegios locales se produce cuando Overwolf carga y ejecuta determinados archivos de librer\u00eda de v\u00ednculos din\u00e1micos desde una carpeta que permite la escritura del usuario en el contexto del SYSTEM al iniciarse. Esto permite que un atacante con acceso sin privilegios al sistema ejecute c\u00f3digo arbitrario con privilegios del SYSTEM colocando un archivo .dll malicioso en la ubicaci\u00f3n correspondiente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"type": "Secondary",
@ -47,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:overwolf:overwolf:*:*:*:*:*:*:*:*",
"versionEndExcluding": "250.1.1",
"matchCriteriaId": "CA50C3FD-7195-4480-B383-1340702378BF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cirosec.de/sa/sa-2024-004",
"source": "a341c0d1-ebf7-493f-a84e-38cf86618674"
"source": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-78xx/CVE-2024-7884.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7884",
"sourceIdentifier": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"published": "2024-09-05T13:15:11.390",
"lastModified": "2024-09-05T13:15:11.390",
"vulnStatus": "Received",
"lastModified": "2024-09-05T17:45:07.877",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

47
CVE-2024/CVE-2024-82xx/CVE-2024-8289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8289",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-04T09:15:04.977",
"lastModified": "2024-09-04T13:05:36.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:41:58.350",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,26 +51,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:multivendorx:multivendorx:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.2.1",
"matchCriteriaId": "39E4105E-53C3-4F72-8E05-1F0632E3E123"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L382",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L641",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L705",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/trunk/api/class-mvx-rest-vendors-controller.php?rev=3145638",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a85fbaff-d566-4ed2-8943-c174e0c4d2d8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

50
CVE-2024/CVE-2024-84xx/CVE-2024-8413.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-8413",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-09-04T11:15:12.780",
"lastModified": "2024-09-04T13:05:36.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-05T17:40:36.953",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/raspcontrol . An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially hijacking their session details.\n\nReferences list"
},
{
"lang": "es",
"value": "Vulnerabilidad de cross site scripting (XSS) a trav\u00e9s del par\u00e1metro action en index.php. C\u00f3digo base del producto afectado https://github.com/Bioshox/Raspcontrol y bifurcaciones como https://github.com/harmon25/raspcontrol. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un payload de JavaScript especialmente manipulado a un usuario autenticado y secuestrando parcialmente los detalles de su sesi\u00f3n. Lista de referencias"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -47,10 +71,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:raspcontrol_project:raspcontrol:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3292D8A2-245A-46AB-8E3F-687C66498853"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-raspcontrol",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More