From fe139feb88d677a2d3ff0daa55cd2d64534eb52a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 8 Nov 2024 21:03:24 +0000 Subject: [PATCH] Auto-Update: 2024-11-08T21:00:20.824687+00:00 --- CVE-2019/CVE-2019-204xx/CVE-2019-20457.json | 4 +- CVE-2019/CVE-2019-204xx/CVE-2019-20458.json | 4 +- CVE-2019/CVE-2019-204xx/CVE-2019-20459.json | 4 +- CVE-2019/CVE-2019-204xx/CVE-2019-20460.json | 4 +- CVE-2019/CVE-2019-204xx/CVE-2019-20461.json | 4 +- CVE-2019/CVE-2019-204xx/CVE-2019-20462.json | 8 +- CVE-2019/CVE-2019-204xx/CVE-2019-20469.json | 4 +- CVE-2019/CVE-2019-204xx/CVE-2019-20472.json | 4 +- CVE-2020/CVE-2020-118xx/CVE-2020-11859.json | 61 +- CVE-2020/CVE-2020-119xx/CVE-2020-11916.json | 8 +- CVE-2020/CVE-2020-119xx/CVE-2020-11917.json | 8 +- CVE-2020/CVE-2020-119xx/CVE-2020-11918.json | 8 +- CVE-2020/CVE-2020-119xx/CVE-2020-11919.json | 8 +- CVE-2020/CVE-2020-119xx/CVE-2020-11921.json | 4 +- CVE-2020/CVE-2020-119xx/CVE-2020-11926.json | 4 +- CVE-2020/CVE-2020-80xx/CVE-2020-8007.json | 4 +- CVE-2023/CVE-2023-19xx/CVE-2023-1932.json | 4 +- CVE-2023/CVE-2023-19xx/CVE-2023-1973.json | 8 +- CVE-2023/CVE-2023-271xx/CVE-2023-27195.json | 4 +- CVE-2024/CVE-2024-100xx/CVE-2024-10007.json | 8 +- CVE-2024/CVE-2024-100xx/CVE-2024-10027.json | 4 +- CVE-2024/CVE-2024-101xx/CVE-2024-10168.json | 63 ++- CVE-2024/CVE-2024-101xx/CVE-2024-10186.json | 63 ++- CVE-2024/CVE-2024-101xx/CVE-2024-10187.json | 8 +- CVE-2024/CVE-2024-102xx/CVE-2024-10203.json | 8 +- CVE-2024/CVE-2024-102xx/CVE-2024-10269.json | 8 +- CVE-2024/CVE-2024-103xx/CVE-2024-10318.json | 106 +++- CVE-2024/CVE-2024-103xx/CVE-2024-10325.json | 8 +- CVE-2024/CVE-2024-105xx/CVE-2024-10526.json | 4 +- CVE-2024/CVE-2024-106xx/CVE-2024-10621.json | 8 +- CVE-2024/CVE-2024-106xx/CVE-2024-10668.json | 8 +- CVE-2024/CVE-2024-107xx/CVE-2024-10715.json | 58 +- CVE-2024/CVE-2024-108xx/CVE-2024-10824.json | 8 +- CVE-2024/CVE-2024-108xx/CVE-2024-10839.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10914.json | 165 +++++- CVE-2024/CVE-2024-109xx/CVE-2024-10915.json | 179 +++++- CVE-2024/CVE-2024-109xx/CVE-2024-10916.json | 176 +++++- CVE-2024/CVE-2024-109xx/CVE-2024-10922.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10926.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10927.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10928.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10941.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10946.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10947.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10963.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10964.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10965.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10966.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10967.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10968.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10969.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10975.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10987.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10988.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10989.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10990.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10991.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10993.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10994.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10995.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10996.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10997.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10998.json | 8 +- CVE-2024/CVE-2024-109xx/CVE-2024-10999.json | 8 +- CVE-2024/CVE-2024-110xx/CVE-2024-11000.json | 8 +- CVE-2024/CVE-2024-215xx/CVE-2024-21538.json | 8 +- CVE-2024/CVE-2024-244xx/CVE-2024-24409.json | 8 +- CVE-2024/CVE-2024-247xx/CVE-2024-24777.json | 59 +- CVE-2024/CVE-2024-249xx/CVE-2024-24914.json | 8 +- CVE-2024/CVE-2024-254xx/CVE-2024-25431.json | 4 +- CVE-2024/CVE-2024-270xx/CVE-2024-27028.json | 39 +- CVE-2024/CVE-2024-276xx/CVE-2024-27609.json | 39 +- CVE-2024/CVE-2024-301xx/CVE-2024-30140.json | 8 +- CVE-2024/CVE-2024-301xx/CVE-2024-30141.json | 8 +- CVE-2024/CVE-2024-301xx/CVE-2024-30142.json | 8 +- CVE-2024/CVE-2024-360xx/CVE-2024-36062.json | 8 +- CVE-2024/CVE-2024-360xx/CVE-2024-36063.json | 4 +- CVE-2024/CVE-2024-360xx/CVE-2024-36064.json | 4 +- CVE-2024/CVE-2024-382xx/CVE-2024-38286.json | 8 +- CVE-2024/CVE-2024-385xx/CVE-2024-38582.json | 27 +- CVE-2024/CVE-2024-402xx/CVE-2024-40239.json | 4 +- CVE-2024/CVE-2024-402xx/CVE-2024-40240.json | 4 +- CVE-2024/CVE-2024-407xx/CVE-2024-40715.json | 8 +- CVE-2024/CVE-2024-434xx/CVE-2024-43425.json | 8 +- CVE-2024/CVE-2024-434xx/CVE-2024-43426.json | 8 +- CVE-2024/CVE-2024-434xx/CVE-2024-43428.json | 8 +- CVE-2024/CVE-2024-434xx/CVE-2024-43431.json | 8 +- CVE-2024/CVE-2024-434xx/CVE-2024-43434.json | 8 +- CVE-2024/CVE-2024-434xx/CVE-2024-43436.json | 8 +- CVE-2024/CVE-2024-434xx/CVE-2024-43438.json | 8 +- CVE-2024/CVE-2024-434xx/CVE-2024-43440.json | 8 +- CVE-2024/CVE-2024-439xx/CVE-2024-43956.json | 51 +- CVE-2024/CVE-2024-439xx/CVE-2024-43962.json | 51 +- CVE-2024/CVE-2024-439xx/CVE-2024-43968.json | 51 +- CVE-2024/CVE-2024-439xx/CVE-2024-43973.json | 51 +- CVE-2024/CVE-2024-439xx/CVE-2024-43974.json | 61 +- CVE-2024/CVE-2024-439xx/CVE-2024-43979.json | 51 +- CVE-2024/CVE-2024-439xx/CVE-2024-43980.json | 51 +- CVE-2024/CVE-2024-447xx/CVE-2024-44765.json | 25 + CVE-2024/CVE-2024-457xx/CVE-2024-45759.json | 8 +- CVE-2024/CVE-2024-457xx/CVE-2024-45763.json | 4 +- CVE-2024/CVE-2024-457xx/CVE-2024-45764.json | 4 +- CVE-2024/CVE-2024-457xx/CVE-2024-45765.json | 4 +- CVE-2024/CVE-2024-457xx/CVE-2024-45794.json | 8 +- CVE-2024/CVE-2024-469xx/CVE-2024-46947.json | 41 +- CVE-2024/CVE-2024-469xx/CVE-2024-46948.json | 4 +- CVE-2024/CVE-2024-469xx/CVE-2024-46960.json | 4 +- CVE-2024/CVE-2024-469xx/CVE-2024-46961.json | 4 +- CVE-2024/CVE-2024-470xx/CVE-2024-47072.json | 8 +- CVE-2024/CVE-2024-470xx/CVE-2024-47073.json | 4 +- CVE-2024/CVE-2024-471xx/CVE-2024-47190.json | 41 +- CVE-2024/CVE-2024-480xx/CVE-2024-48010.json | 8 +- CVE-2024/CVE-2024-480xx/CVE-2024-48011.json | 8 +- CVE-2024/CVE-2024-482xx/CVE-2024-48290.json | 8 +- CVE-2024/CVE-2024-483xx/CVE-2024-48325.json | 4 +- CVE-2024/CVE-2024-489xx/CVE-2024-48950.json | 8 +- CVE-2024/CVE-2024-489xx/CVE-2024-48951.json | 8 +- CVE-2024/CVE-2024-489xx/CVE-2024-48952.json | 8 +- CVE-2024/CVE-2024-489xx/CVE-2024-48953.json | 8 +- CVE-2024/CVE-2024-489xx/CVE-2024-48954.json | 8 +- CVE-2024/CVE-2024-495xx/CVE-2024-49523.json | 8 +- CVE-2024/CVE-2024-495xx/CVE-2024-49524.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50111.json | 101 +++- CVE-2024/CVE-2024-501xx/CVE-2024-50112.json | 101 +++- CVE-2024/CVE-2024-501xx/CVE-2024-50113.json | 90 ++- CVE-2024/CVE-2024-501xx/CVE-2024-50114.json | 90 ++- CVE-2024/CVE-2024-501xx/CVE-2024-50115.json | 138 ++++- CVE-2024/CVE-2024-501xx/CVE-2024-50116.json | 162 +++++- CVE-2024/CVE-2024-501xx/CVE-2024-50123.json | 90 ++- CVE-2024/CVE-2024-501xx/CVE-2024-50124.json | 114 +++- CVE-2024/CVE-2024-501xx/CVE-2024-50125.json | 144 ++++- CVE-2024/CVE-2024-501xx/CVE-2024-50126.json | 102 +++- CVE-2024/CVE-2024-501xx/CVE-2024-50127.json | 136 ++++- CVE-2024/CVE-2024-501xx/CVE-2024-50128.json | 126 ++++- CVE-2024/CVE-2024-501xx/CVE-2024-50139.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50140.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50141.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50142.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50143.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50144.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50145.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50146.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50147.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50148.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50149.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50150.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50151.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50152.json | 10 +- CVE-2024/CVE-2024-501xx/CVE-2024-50153.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50154.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50155.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50156.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50157.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50158.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50159.json | 10 +- CVE-2024/CVE-2024-501xx/CVE-2024-50160.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50161.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50162.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50163.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50164.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50165.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50166.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50167.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50168.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50169.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50170.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50171.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50172.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50173.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50174.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50175.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50176.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50177.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50178.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50179.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50180.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50181.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50182.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50183.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50184.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50185.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50186.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50187.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50188.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50189.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50190.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50191.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50192.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50193.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50194.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50195.json | 4 +- CVE-2024/CVE-2024-501xx/CVE-2024-50196.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50197.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50198.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50199.json | 4 +- CVE-2024/CVE-2024-502xx/CVE-2024-50200.json | 8 +- CVE-2024/CVE-2024-502xx/CVE-2024-50201.json | 8 +- CVE-2024/CVE-2024-502xx/CVE-2024-50202.json | 4 +- CVE-2024/CVE-2024-502xx/CVE-2024-50203.json | 8 +- CVE-2024/CVE-2024-502xx/CVE-2024-50204.json | 8 +- CVE-2024/CVE-2024-502xx/CVE-2024-50205.json | 4 +- CVE-2024/CVE-2024-502xx/CVE-2024-50206.json | 8 +- CVE-2024/CVE-2024-502xx/CVE-2024-50207.json | 8 +- CVE-2024/CVE-2024-502xx/CVE-2024-50208.json | 4 +- CVE-2024/CVE-2024-502xx/CVE-2024-50209.json | 4 +- CVE-2024/CVE-2024-502xx/CVE-2024-50210.json | 4 +- CVE-2024/CVE-2024-502xx/CVE-2024-50211.json | 8 +- CVE-2024/CVE-2024-503xx/CVE-2024-50334.json | 49 +- CVE-2024/CVE-2024-503xx/CVE-2024-50340.json | 8 +- CVE-2024/CVE-2024-503xx/CVE-2024-50341.json | 8 +- CVE-2024/CVE-2024-503xx/CVE-2024-50342.json | 8 +- CVE-2024/CVE-2024-503xx/CVE-2024-50343.json | 8 +- CVE-2024/CVE-2024-503xx/CVE-2024-50345.json | 8 +- CVE-2024/CVE-2024-503xx/CVE-2024-50378.json | 4 +- CVE-2024/CVE-2024-504xx/CVE-2024-50440.json | 47 +- CVE-2024/CVE-2024-504xx/CVE-2024-50441.json | 47 +- CVE-2024/CVE-2024-504xx/CVE-2024-50445.json | 57 +- CVE-2024/CVE-2024-504xx/CVE-2024-50446.json | 47 +- CVE-2024/CVE-2024-504xx/CVE-2024-50447.json | 47 +- CVE-2024/CVE-2024-504xx/CVE-2024-50448.json | 47 +- CVE-2024/CVE-2024-504xx/CVE-2024-50449.json | 47 +- CVE-2024/CVE-2024-505xx/CVE-2024-50588.json | 4 +- CVE-2024/CVE-2024-505xx/CVE-2024-50589.json | 4 +- CVE-2024/CVE-2024-505xx/CVE-2024-50590.json | 4 +- CVE-2024/CVE-2024-505xx/CVE-2024-50591.json | 4 +- CVE-2024/CVE-2024-505xx/CVE-2024-50592.json | 4 +- CVE-2024/CVE-2024-505xx/CVE-2024-50593.json | 4 +- CVE-2024/CVE-2024-505xx/CVE-2024-50599.json | 4 +- CVE-2024/CVE-2024-506xx/CVE-2024-50634.json | 4 +- CVE-2024/CVE-2024-507xx/CVE-2024-50766.json | 4 +- CVE-2024/CVE-2024-508xx/CVE-2024-50810.json | 21 + CVE-2024/CVE-2024-508xx/CVE-2024-50811.json | 21 + CVE-2024/CVE-2024-509xx/CVE-2024-50966.json | 4 +- CVE-2024/CVE-2024-510xx/CVE-2024-51030.json | 4 +- CVE-2024/CVE-2024-510xx/CVE-2024-51031.json | 4 +- CVE-2024/CVE-2024-510xx/CVE-2024-51032.json | 4 +- CVE-2024/CVE-2024-510xx/CVE-2024-51055.json | 21 + CVE-2024/CVE-2024-511xx/CVE-2024-51152.json | 4 +- CVE-2024/CVE-2024-512xx/CVE-2024-51211.json | 21 + CVE-2024/CVE-2024-514xx/CVE-2024-51409.json | 4 +- CVE-2024/CVE-2024-514xx/CVE-2024-51428.json | 4 +- CVE-2024/CVE-2024-514xx/CVE-2024-51434.json | 4 +- CVE-2024/CVE-2024-515xx/CVE-2024-51504.json | 4 +- CVE-2024/CVE-2024-517xx/CVE-2024-51736.json | 8 +- CVE-2024/CVE-2024-517xx/CVE-2024-51751.json | 8 +- CVE-2024/CVE-2024-517xx/CVE-2024-51754.json | 8 +- CVE-2024/CVE-2024-517xx/CVE-2024-51755.json | 4 +- CVE-2024/CVE-2024-517xx/CVE-2024-51757.json | 8 +- CVE-2024/CVE-2024-517xx/CVE-2024-51758.json | 8 +- CVE-2024/CVE-2024-519xx/CVE-2024-51987.json | 8 +- CVE-2024/CVE-2024-519xx/CVE-2024-51988.json | 8 +- CVE-2024/CVE-2024-519xx/CVE-2024-51989.json | 8 +- CVE-2024/CVE-2024-519xx/CVE-2024-51990.json | 8 +- CVE-2024/CVE-2024-519xx/CVE-2024-51993.json | 8 +- CVE-2024/CVE-2024-519xx/CVE-2024-51994.json | 8 +- CVE-2024/CVE-2024-519xx/CVE-2024-51995.json | 8 +- CVE-2024/CVE-2024-519xx/CVE-2024-51997.json | 56 ++ CVE-2024/CVE-2024-519xx/CVE-2024-51998.json | 8 +- CVE-2024/CVE-2024-520xx/CVE-2024-52043.json | 69 ++- CVE-2024/CVE-2024-79xx/CVE-2024-7982.json | 4 +- CVE-2024/CVE-2024-83xx/CVE-2024-8323.json | 68 ++- CVE-2024/CVE-2024-83xx/CVE-2024-8378.json | 8 +- CVE-2024/CVE-2024-84xx/CVE-2024-8424.json | 8 +- CVE-2024/CVE-2024-84xx/CVE-2024-8442.json | 8 +- CVE-2024/CVE-2024-86xx/CVE-2024-8614.json | 54 +- CVE-2024/CVE-2024-86xx/CVE-2024-8615.json | 54 +- CVE-2024/CVE-2024-88xx/CVE-2024-8810.json | 8 +- CVE-2024/CVE-2024-94xx/CVE-2024-9481.json | 63 ++- CVE-2024/CVE-2024-94xx/CVE-2024-9482.json | 63 ++- CVE-2024/CVE-2024-94xx/CVE-2024-9483.json | 63 ++- CVE-2024/CVE-2024-94xx/CVE-2024-9484.json | 63 ++- CVE-2024/CVE-2024-94xx/CVE-2024-9486.json | 67 ++- CVE-2024/CVE-2024-95xx/CVE-2024-9594.json | 67 ++- CVE-2024/CVE-2024-98xx/CVE-2024-9841.json | 4 +- CVE-2024/CVE-2024-99xx/CVE-2024-9926.json | 8 +- CVE-2024/CVE-2024-99xx/CVE-2024-9946.json | 69 ++- README.md | 76 ++- _state.csv | 586 ++++++++++---------- 278 files changed, 5252 insertions(+), 1009 deletions(-) create mode 100644 CVE-2024/CVE-2024-447xx/CVE-2024-44765.json create mode 100644 CVE-2024/CVE-2024-508xx/CVE-2024-50810.json create mode 100644 CVE-2024/CVE-2024-508xx/CVE-2024-50811.json create mode 100644 CVE-2024/CVE-2024-510xx/CVE-2024-51055.json create mode 100644 CVE-2024/CVE-2024-512xx/CVE-2024-51211.json create mode 100644 CVE-2024/CVE-2024-519xx/CVE-2024-51997.json diff --git a/CVE-2019/CVE-2019-204xx/CVE-2019-20457.json b/CVE-2019/CVE-2019-204xx/CVE-2019-20457.json index 20e35421310..635bb62b12e 100644 --- a/CVE-2019/CVE-2019-204xx/CVE-2019-20457.json +++ b/CVE-2019/CVE-2019-204xx/CVE-2019-20457.json @@ -2,8 +2,8 @@ "id": "CVE-2019-20457", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T18:15:15.083", - "lastModified": "2024-11-08T17:35:00.873", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2019/CVE-2019-204xx/CVE-2019-20458.json b/CVE-2019/CVE-2019-204xx/CVE-2019-20458.json index f9822a91184..f4e768bb5df 100644 --- a/CVE-2019/CVE-2019-204xx/CVE-2019-20458.json +++ b/CVE-2019/CVE-2019-204xx/CVE-2019-20458.json @@ -2,8 +2,8 @@ "id": "CVE-2019-20458", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T18:15:15.170", - "lastModified": "2024-11-08T17:35:01.933", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2019/CVE-2019-204xx/CVE-2019-20459.json b/CVE-2019/CVE-2019-204xx/CVE-2019-20459.json index 5fe32eae4d8..1550c94fde2 100644 --- a/CVE-2019/CVE-2019-204xx/CVE-2019-20459.json +++ b/CVE-2019/CVE-2019-204xx/CVE-2019-20459.json @@ -2,8 +2,8 @@ "id": "CVE-2019-20459", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T18:15:15.227", - "lastModified": "2024-11-08T17:35:03.013", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2019/CVE-2019-204xx/CVE-2019-20460.json b/CVE-2019/CVE-2019-204xx/CVE-2019-20460.json index c9cf7faaad8..af2349cfa94 100644 --- a/CVE-2019/CVE-2019-204xx/CVE-2019-20460.json +++ b/CVE-2019/CVE-2019-204xx/CVE-2019-20460.json @@ -2,8 +2,8 @@ "id": "CVE-2019-20460", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T21:15:05.300", - "lastModified": "2024-11-08T17:35:03.290", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2019/CVE-2019-204xx/CVE-2019-20461.json b/CVE-2019/CVE-2019-204xx/CVE-2019-20461.json index db345f97e1f..097facfecc2 100644 --- a/CVE-2019/CVE-2019-204xx/CVE-2019-20461.json +++ b/CVE-2019/CVE-2019-204xx/CVE-2019-20461.json @@ -2,8 +2,8 @@ "id": "CVE-2019-20461", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T21:15:05.400", - "lastModified": "2024-11-08T17:35:04.320", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2019/CVE-2019-204xx/CVE-2019-20462.json b/CVE-2019/CVE-2019-204xx/CVE-2019-20462.json index 0d5ec15769b..d1402d89f7b 100644 --- a/CVE-2019/CVE-2019-204xx/CVE-2019-20462.json +++ b/CVE-2019/CVE-2019-204xx/CVE-2019-20462.json @@ -2,13 +2,17 @@ "id": "CVE-2019-20462", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T21:15:05.470", - "lastModified": "2024-11-07T21:15:05.470", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en los dispositivos Alecto IVM-100 2019-11-12. El dispositivo viene con una interfaz serial a nivel de placa. Al conectarlo a esta interfaz serial y reiniciar el dispositivo, se revela una gran cantidad de informaci\u00f3n. Esto incluye la contrase\u00f1a de visualizaci\u00f3n y la contrase\u00f1a del punto de acceso wifi que utiliz\u00f3 el dispositivo." } ], "metrics": {}, diff --git a/CVE-2019/CVE-2019-204xx/CVE-2019-20469.json b/CVE-2019/CVE-2019-204xx/CVE-2019-20469.json index 3c3439480e4..661ea8711f8 100644 --- a/CVE-2019/CVE-2019-204xx/CVE-2019-20469.json +++ b/CVE-2019/CVE-2019-204xx/CVE-2019-20469.json @@ -2,8 +2,8 @@ "id": "CVE-2019-20469", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T21:15:05.540", - "lastModified": "2024-11-08T17:35:05.247", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2019/CVE-2019-204xx/CVE-2019-20472.json b/CVE-2019/CVE-2019-204xx/CVE-2019-20472.json index b9786562d70..c6dedcf5d6b 100644 --- a/CVE-2019/CVE-2019-204xx/CVE-2019-20472.json +++ b/CVE-2019/CVE-2019-204xx/CVE-2019-20472.json @@ -2,8 +2,8 @@ "id": "CVE-2019-20472", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T21:15:05.610", - "lastModified": "2024-11-08T17:35:06.070", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2020/CVE-2020-118xx/CVE-2020-11859.json b/CVE-2020/CVE-2020-118xx/CVE-2020-11859.json index 713c8412a05..521f9c9e858 100644 --- a/CVE-2020/CVE-2020-118xx/CVE-2020-11859.json +++ b/CVE-2020/CVE-2020-118xx/CVE-2020-11859.json @@ -2,17 +2,41 @@ "id": "CVE-2020-11859", "sourceIdentifier": "security@opentext.com", "published": "2024-11-06T14:15:04.963", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T19:12:22.900", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS).\u00a0This issue affects iManager before 3.2.3" + }, + { + "lang": "es", + "value": "La vulnerabilidad de validaci\u00f3n de entrada incorrecta en OpenText iManager permite la ejecuci\u00f3n de cross-site scripting (XSS). Este problema afecta a iManager antes de la versi\u00f3n 3.2.3" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@opentext.com", "type": "Secondary", @@ -36,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@opentext.com", "type": "Secondary", @@ -47,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:imanager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.2.3", + "matchCriteriaId": "070D8CF3-3C6D-4436-A8CB-74C206F80FCD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.netiq.com/documentation/imanager-32/imanager323_releasenotes/data/imanager323_releasenotes.html", - "source": "security@opentext.com" + "source": "security@opentext.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-119xx/CVE-2020-11916.json b/CVE-2020/CVE-2020-119xx/CVE-2020-11916.json index 4bda269ce1c..8c17548ae86 100644 --- a/CVE-2020/CVE-2020-119xx/CVE-2020-11916.json +++ b/CVE-2020/CVE-2020-119xx/CVE-2020-11916.json @@ -2,13 +2,17 @@ "id": "CVE-2020-11916", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T18:15:15.310", - "lastModified": "2024-11-07T21:35:02.117", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Siime Eye 14.1.00000001.3.330.0.0.3.14. La contrase\u00f1a del usuario root se codifica mediante una t\u00e9cnica de codificaci\u00f3n antigua y obsoleta. Debido a esta codificaci\u00f3n obsoleta, la probabilidad de \u00e9xito de un atacante en un ataque de pirater\u00eda sin conexi\u00f3n aumenta considerablemente." } ], "metrics": { diff --git a/CVE-2020/CVE-2020-119xx/CVE-2020-11917.json b/CVE-2020/CVE-2020-119xx/CVE-2020-11917.json index 9364b5c0b88..f784599e6f0 100644 --- a/CVE-2020/CVE-2020-119xx/CVE-2020-11917.json +++ b/CVE-2020/CVE-2020-119xx/CVE-2020-11917.json @@ -2,13 +2,17 @@ "id": "CVE-2020-11917", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T18:15:15.370", - "lastModified": "2024-11-07T21:35:03.053", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to disclose their ownership of this type of device. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)" + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Siime Eye 14.1.00000001.3.330.0.0.3.14. Utiliza un valor SSID predeterminado, lo que facilita que los atacantes remotos descubran las ubicaciones f\u00edsicas de muchos dispositivos Siime Eye, violando la privacidad de los usuarios que no desean revelar su propiedad de este tipo de dispositivo. (Se pueden usar varios recursos como wigle.net para asignar SSID a ubicaciones f\u00edsicas)." } ], "metrics": { diff --git a/CVE-2020/CVE-2020-119xx/CVE-2020-11918.json b/CVE-2020/CVE-2020-119xx/CVE-2020-11918.json index f2b9dde4e81..f29514b288e 100644 --- a/CVE-2020/CVE-2020-119xx/CVE-2020-11918.json +++ b/CVE-2020/CVE-2020-119xx/CVE-2020-11918.json @@ -2,13 +2,17 @@ "id": "CVE-2020-11918", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T18:15:15.450", - "lastModified": "2024-11-07T21:35:03.867", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Siime Eye 14.1.00000001.3.330.0.0.3.14. Cuando se crea un archivo de copia de seguridad a trav\u00e9s de la interfaz web, la informaci\u00f3n sobre todos los usuarios, incluidas las contrase\u00f1as, se puede encontrar en texto plano en el archivo de copia de seguridad. Un atacante capaz de acceder a la interfaz web puede crear el archivo de copia de seguridad." } ], "metrics": { diff --git a/CVE-2020/CVE-2020-119xx/CVE-2020-11919.json b/CVE-2020/CVE-2020-119xx/CVE-2020-11919.json index 536c000058b..53bdc8eaa0c 100644 --- a/CVE-2020/CVE-2020-119xx/CVE-2020-11919.json +++ b/CVE-2020/CVE-2020-119xx/CVE-2020-11919.json @@ -2,13 +2,17 @@ "id": "CVE-2020-11919", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T18:15:15.517", - "lastModified": "2024-11-07T21:35:04.650", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Siime Eye 14.1.00000001.3.330.0.0.3.14. No hay protecci\u00f3n CSRF." } ], "metrics": { diff --git a/CVE-2020/CVE-2020-119xx/CVE-2020-11921.json b/CVE-2020/CVE-2020-119xx/CVE-2020-11921.json index 6374a510a60..d345e335ac5 100644 --- a/CVE-2020/CVE-2020-119xx/CVE-2020-11921.json +++ b/CVE-2020/CVE-2020-119xx/CVE-2020-11921.json @@ -2,8 +2,8 @@ "id": "CVE-2020-11921", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T18:15:15.590", - "lastModified": "2024-11-08T17:35:06.297", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2020/CVE-2020-119xx/CVE-2020-11926.json b/CVE-2020/CVE-2020-119xx/CVE-2020-11926.json index 75faf5f90a5..2a7c8f2fb59 100644 --- a/CVE-2020/CVE-2020-119xx/CVE-2020-11926.json +++ b/CVE-2020/CVE-2020-119xx/CVE-2020-11926.json @@ -2,8 +2,8 @@ "id": "CVE-2020-11926", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T18:15:15.667", - "lastModified": "2024-11-08T17:35:07.130", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2020/CVE-2020-80xx/CVE-2020-8007.json b/CVE-2020/CVE-2020-80xx/CVE-2020-8007.json index ca43718e8f6..afc9a77446d 100644 --- a/CVE-2020/CVE-2020-80xx/CVE-2020-8007.json +++ b/CVE-2020/CVE-2020-80xx/CVE-2020-8007.json @@ -2,8 +2,8 @@ "id": "CVE-2020-8007", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T05:15:05.300", - "lastModified": "2024-11-08T16:35:03.883", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1932.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1932.json index f66a6f5d32e..215caae9262 100644 --- a/CVE-2023/CVE-2023-19xx/CVE-2023-1932.json +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1932.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1932", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-07T10:15:04.507", - "lastModified": "2024-11-07T14:35:02.567", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1973.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1973.json index 00dbf2ad26e..d0b1f45dcc9 100644 --- a/CVE-2023/CVE-2023-19xx/CVE-2023-1973.json +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1973.json @@ -2,13 +2,17 @@ "id": "CVE-2023-1973", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-07T10:15:05.400", - "lastModified": "2024-11-07T10:15:05.400", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en el paquete Undertow. Mediante el uso de FormAuthenticationMechanism, un usuario malintencionado podr\u00eda provocar una denegaci\u00f3n de servicio mediante el env\u00edo de solicitudes manipuladas, lo que provocar\u00eda un error de falta de memoria en el servidor y agotar\u00eda su memoria." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27195.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27195.json index f243191f67e..2195dbc0fad 100644 --- a/CVE-2023/CVE-2023-271xx/CVE-2023-27195.json +++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27195.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27195", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T05:15:05.570", - "lastModified": "2024-11-08T15:35:00.963", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10007.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10007.json index abc1f1ff67f..eff44a078de 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10007.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10007.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10007", "sourceIdentifier": "product-cna@github.com", "published": "2024-11-07T21:15:06.193", - "lastModified": "2024-11-07T23:15:03.350", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty program." + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de colisi\u00f3n de rutas y ejecuci\u00f3n de c\u00f3digo arbitrario en GitHub Enterprise Server que permit\u00eda que el escape de contenedores escalara a la ra\u00edz a trav\u00e9s de la ruta ghe-firejail. La explotaci\u00f3n de esta vulnerabilidad requiere acceso de administrador de la empresa a la instancia de GitHub Enterprise Server. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise anteriores a la 3.15 y se corrigi\u00f3 en las versiones 3.14.3, 3.13.6, 3.12.11 y 3.11.17. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa de recompensas por errores de GitHub." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10027.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10027.json index f7762cb2e8e..12298f88801 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10027.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10027.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10027", "sourceIdentifier": "contact@wpscan.com", "published": "2024-11-07T06:15:13.930", - "lastModified": "2024-11-07T17:35:09.033", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10168.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10168.json index 8709d3c644b..9ea05bd816d 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10168.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10168.json @@ -2,20 +2,44 @@ "id": "CVE-2024-10168", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T12:15:03.400", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:27:34.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Active Products Tables para WooCommerce. Use el constructor para crear tablas para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo abreviado woot_button del complemento en todas las versiones hasta la 1.0.6.4 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -47,18 +71,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pluginus:woot:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.6.5", + "matchCriteriaId": "D2B28CF8-C4B8-4710-A379-03877973FD14" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3182136/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://wordpress.org/plugins/profit-products-tables-for-woocommerce/#developers", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a13b13e-72d3-43c9-b5ec-d499f3b22091?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10186.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10186.json index 969c2bc701c..42d0935baca 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10186.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10186.json @@ -2,20 +2,44 @@ "id": "CVE-2024-10186", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T13:15:03.163", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T19:21:48.357", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Event post para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo abreviado events_cal del complemento en todas las versiones hasta la 5.9.6 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -47,18 +71,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avecnous:event_post:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.9.7", + "matchCriteriaId": "200E5297-341A-4BBA-AD63-26F37E7DA840" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3182549/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://wordpress.org/plugins/event-post/#developers", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ae1c32-18a7-4109-a7ea-dfd18fa3a8e2?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10187.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10187.json index 9e9eb61cfac..df527edad9d 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10187.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10187.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10187", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-08T10:15:03.837", - "lastModified": "2024-11-08T10:15:03.837", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento myCred \u2013 Loyalty Points and Rewards para WordPress y WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce prizes, and WooCommerce credits for Gamification para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto mycred_link del complemento en todas las versiones hasta la 2.7.4 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10203.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10203.json index 027eb7d45c3..cb391c6d243 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10203.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10203.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10203", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "published": "2024-11-07T10:15:05.663", - "lastModified": "2024-11-07T10:15:05.663", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines." + }, + { + "lang": "es", + "value": "Las versiones 11.3.2416.21 y anteriores, 11.3.2428.9 y anteriores de Zohocorp ManageEngine EndPoint Central son vulnerables a la eliminaci\u00f3n arbitraria de archivos en las m\u00e1quinas instaladas por el agente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10269.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10269.json index b1f1996a07f..9fc3fde7b30 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10269.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10269.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10269", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-08T07:15:05.487", - "lastModified": "2024-11-08T07:15:05.487", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + }, + { + "lang": "es", + "value": "El complemento Easy SVG Support para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de las cargas de archivos SVG de la API REST en todas las versiones hasta la 3.7 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de autor y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10318.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10318.json index d4fb923fafd..4809a344a1b 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10318.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10318.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10318", "sourceIdentifier": "f5sirt@f5.com", "published": "2024-11-06T17:15:13.680", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T19:51:49.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema de fijaci\u00f3n de sesi\u00f3n en la implementaci\u00f3n de referencia de NGINX OpenID Connect, donde no se verificaba un nonce en el momento de iniciar sesi\u00f3n. Esta falla permite que un atacante fije la sesi\u00f3n de una v\u00edctima a una cuenta controlada por el atacante. Como resultado, aunque el atacante no puede iniciar sesi\u00f3n como la v\u00edctima, puede forzar la sesi\u00f3n para asociarla con la cuenta controlada por el atacante, lo que lleva a un posible uso indebido de la sesi\u00f3n de la v\u00edctima." } ], "metrics": { @@ -57,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "f5sirt@f5.com", "type": "Secondary", @@ -80,6 +104,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + }, { "source": "f5sirt@f5.com", "type": "Secondary", @@ -91,10 +125,76 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:nginx_api_connectivity_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.3.0", + "versionEndExcluding": "1.9.3", + "matchCriteriaId": "E624284B-CE82-453E-826A-9EE55A23EABB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.12.5", + "matchCriteriaId": "DA2D8A1D-8D1C-40AD-BF77-72CC7154DB42" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.2.1", + "versionEndIncluding": "2.4.2", + "matchCriteriaId": "952208F5-8190-43A7-9C76-BE013518C475" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.7.1", + "matchCriteriaId": "46CB1DD5-4B6F-41A4-8A34-9C6C595081A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5.0", + "versionEndExcluding": "2.17.4", + "matchCriteriaId": "1198CC09-9CEE-4695-BB75-8BA04735E653" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:nginx_openid_connect:*:*:*:*:*:nginx_plus:*:*", + "versionEndExcluding": "2024-10-24", + "matchCriteriaId": "55029B4C-3E0B-4159-8422-CE0AB7C1138C" + } + ] + } + ] + } + ], "references": [ { "url": "https://my.f5.com/manage/s/article/K000148232", - "source": "f5sirt@f5.com" + "source": "f5sirt@f5.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10325.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10325.json index 8e4cca4648f..eb576360b89 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10325.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10325.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10325", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-08T12:15:14.380", - "lastModified": "2024-11-08T12:15:14.380", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + }, + { + "lang": "es", + "value": "El complemento Elementor Header & Footer Builder para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de las cargas de archivos SVG de la API REST en todas las versiones hasta la 1.6.45 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de autor y superior, inyecten secuencias de comandos web arbitrarias en las p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10526.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10526.json index 98eaee22b22..a8dffc45f5d 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10526.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10526.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10526", "sourceIdentifier": "cve@rapid7.com", "published": "2024-11-07T11:15:03.973", - "lastModified": "2024-11-07T11:15:03.973", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10621.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10621.json index 85842d674d0..f9f4bbd1d0a 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10621.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10621.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10621", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-08T06:15:13.913", - "lastModified": "2024-11-08T06:15:13.913", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Simple Shortcode for Google Maps para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto pw_map del complemento en todas las versiones hasta la 1.5.4 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10668.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10668.json index 733f7199afb..024f3630bc8 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10668.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10668.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10668", "sourceIdentifier": "cve-coordination@google.com", "published": "2024-11-07T16:15:16.923", - "lastModified": "2024-11-07T16:15:16.923", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\u00a0The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\u00a05d8b9156e0c339d82d3dab0849187e8819ad92c0 or\u00a0Quick Share Windows v1.0.2002.2" + }, + { + "lang": "es", + "value": "Existe una omisi\u00f3n de autenticaci\u00f3n en Google Quickshare mediante la cual un atacante puede cargar un tipo de archivo desconocido a una v\u00edctima. La causa principal de la vulnerabilidad radica en el hecho de que cuando se env\u00eda un frame de transferencia de payload de tipo FILE a Quick Share, el archivo que est\u00e1 contenido en este frame se escribe en el disco en la carpeta Descargas. Quickshare normalmente elimina archivos desconocidos, sin embargo, un atacante puede enviar dos frames de transferencia de payload de tipo FILE y el mismo ID de payload. La l\u00f3gica de eliminaci\u00f3n solo eliminar\u00e1 el primer archivo y no el segundo. Recomendamos actualizar la versi\u00f3n anterior a el commit 5d8b9156e0c339d82d3dab0849187e8819ad92c0 o Quick Share Windows v1.0.2002.2" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10715.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10715.json index d8e4a74f956..c1dc2333175 100644 --- a/CVE-2024/CVE-2024-107xx/CVE-2024-10715.json +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10715.json @@ -2,20 +2,44 @@ "id": "CVE-2024-10715", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T11:15:03.353", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:25:37.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento MapPress Maps for WordPress para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del bloque Map del complemento en todas las versiones hasta la 2.94.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -47,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mappresspro:mappress:*:*:*:*:free:wordpress:*:*", + "versionEndExcluding": "2.94.2", + "matchCriteriaId": "A9E0327F-A277-4109-ACDE-DDB7EFF491AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3180900/mappress-google-maps-for-wordpress", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8d966924-aeab-4397-9555-78291af70efe?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10824.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10824.json index 1166508dff4..54c533c142d 100644 --- a/CVE-2024/CVE-2024-108xx/CVE-2024-10824.json +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10824.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10824", "sourceIdentifier": "product-cna@github.com", "published": "2024-11-07T22:15:20.450", - "lastModified": "2024-11-07T22:15:20.450", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token (PAT) and required that secret scanning be enabled on user-owned repositories. This vulnerability affected GitHub Enterprise Server versions after 3.13.0 but prior to 3.14.0 and was fixed in version 3.13.2." + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n en GitHub Enterprise Server que permit\u00eda a usuarios internos no autorizados acceder a datos confidenciales de alertas de escaneo de secretos destinados \u00fanicamente a propietarios de empresas. Este problema solo lo pod\u00edan aprovechar los miembros de la organizaci\u00f3n con un token de acceso personal (PAT) y requer\u00eda que el escaneo de secretos estuviera habilitado en los repositorios propiedad del usuario. Esta vulnerabilidad afect\u00f3 a las versiones de GitHub Enterprise Server posteriores a la 3.13.0 pero anteriores a la 3.14.0 y se solucion\u00f3 en la versi\u00f3n 3.13.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10839.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10839.json index dc3a9dc895e..8e4168a3501 100644 --- a/CVE-2024/CVE-2024-108xx/CVE-2024-10839.json +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10839.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10839", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "published": "2024-11-08T11:15:03.603", - "lastModified": "2024-11-08T11:15:03.603", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Zohocorp ManageEngine SharePoint Manager Plus versions\u00a04503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option." + }, + { + "lang": "es", + "value": "Las versiones 4503 y anteriores de Zohocorp ManageEngine SharePoint Manager Plus son vulnerables a la entidad externa XML autenticada (XXE) en la opci\u00f3n de administraci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json index ee73f3fb58e..eb7331a95e4 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10914", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-06T14:15:05.310", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T19:53:04.793", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en los sistemas DNS-320, DNS-320LW, DNS-325 y DNS-340L de D-Link hasta 20241028. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n cgi_user_add del archivo /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. La manipulaci\u00f3n del nombre del argumento provoca la inyecci\u00f3n de comandos en el sistema operativo. El ataque se puede lanzar de forma remota. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece ser dif\u00edcil. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { @@ -57,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -124,26 +148,153 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "AF9EF6EB-E5C9-4FE5-9C10-DF206851B226" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A0F5355E-F68D-49FE-9793-1FD9BD9AF3E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "C6EDFB59-D39F-4BE6-99F4-3CFA32F1DFD0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*", + "matchCriteriaId": "45467ABC-BAA9-4EB0-9F97-92E31854CA8B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "DE94B910-8C2C-43FE-84A2-43E36C1B77F8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8042169D-D9FA-4BD6-90D1-E0DE269E42B9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "BC1D7741-D299-4CEF-9053-B90C0D2E0B0D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0646B20C-5642-4CEA-A96C-7E82AD94A281" + } + ] + } + ] + } + ], "references": [ { "url": "https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07?pvs=4", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.283309", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.283309", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.432847", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.dlink.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10915.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10915.json index ec2e32be52b..1d553911c8a 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10915.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10915.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10915", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-06T14:15:05.783", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:11:10.973", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en los sistemas DNS-320, DNS-320LW, DNS-325 y DNS-340L de D-Link hasta 20241028. Se ha calificado como cr\u00edtica. Este problema afecta a la funci\u00f3n cgi_user_add del archivo /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. La manipulaci\u00f3n del grupo de argumentos provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que su explotaci\u00f3n es dif\u00edcil. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { @@ -57,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -106,8 +130,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -124,26 +158,155 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "AF9EF6EB-E5C9-4FE5-9C10-DF206851B226" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A0F5355E-F68D-49FE-9793-1FD9BD9AF3E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "C6EDFB59-D39F-4BE6-99F4-3CFA32F1DFD0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*", + "matchCriteriaId": "45467ABC-BAA9-4EB0-9F97-92E31854CA8B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "DE94B910-8C2C-43FE-84A2-43E36C1B77F8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8042169D-D9FA-4BD6-90D1-E0DE269E42B9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "BC1D7741-D299-4CEF-9053-B90C0D2E0B0D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0646B20C-5642-4CEA-A96C-7E82AD94A281" + } + ] + } + ] + } + ], "references": [ { "url": "https://netsecfish.notion.site/Command-Injection-Vulnerability-in-group-parameter-for-D-Link-NAS-12d6b683e67c803fa1a0c0d236c9a4c5?pvs=4", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.283310", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.283310", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.432848", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.dlink.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10916.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10916.json index 2c32937f8a8..e0aada98c4c 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10916.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10916.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10916", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-06T15:15:12.123", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:11:37.567", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en D-Link DNS-320, DNS-320LW, DNS-325 y DNS-340L hasta 20241028. Afecta a una parte desconocida del archivo /xml/info.xml del componente HTTP GET Request Handler. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { @@ -57,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -106,8 +130,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -120,26 +154,152 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "AF9EF6EB-E5C9-4FE5-9C10-DF206851B226" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A0F5355E-F68D-49FE-9793-1FD9BD9AF3E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "C6EDFB59-D39F-4BE6-99F4-3CFA32F1DFD0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*", + "matchCriteriaId": "45467ABC-BAA9-4EB0-9F97-92E31854CA8B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "DE94B910-8C2C-43FE-84A2-43E36C1B77F8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8042169D-D9FA-4BD6-90D1-E0DE269E42B9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "BC1D7741-D299-4CEF-9053-B90C0D2E0B0D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0646B20C-5642-4CEA-A96C-7E82AD94A281" + } + ] + } + ] + } + ], "references": [ { "url": "https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.283311", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.283311", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.432849", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.dlink.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10922.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10922.json index 4c3b45dde20..c90ff79fa89 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10922.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10922.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10922", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-07T02:15:02.847", - "lastModified": "2024-11-07T02:15:02.847", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Featured Posts Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.25. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Featured Posts Scroll para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.25 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de un nonce en una funci\u00f3n. Esto permite que atacantes no autenticados actualicen configuraciones e inyecten scripts web maliciosos a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador de un sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10926.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10926.json index ff461d3b91d..5aee7d4452d 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10926.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10926.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10926", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-06T21:15:04.927", - "lastModified": "2024-11-06T21:15:04.927", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Section. The manipulation of the argument p leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en IBPhoenix ibWebAdmin hasta la versi\u00f3n 1.0.2 y se ha clasificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del archivo /toggle_fold_panel.php del componente Tabelas Section. La manipulaci\u00f3n del argumento p conduce a cross-site scripting. El ataque puede iniciarse de forma remota. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10927.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10927.json index 18374b4626c..b4e151d2aee 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10927.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10927.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10927", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-06T23:15:03.623", - "lastModified": "2024-11-06T23:15:03.623", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en MonoCMS hasta 20240528. Se ha clasificado como problem\u00e1tica. Se trata de una funci\u00f3n desconocida del archivo /monofiles/account.php del componente Account Information Page. La manipulaci\u00f3n del argumento userid provoca cross-site scripting. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10928.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10928.json index 4e7a70eebf8..72c48334d74 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10928.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10928.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10928", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-06T23:15:04.007", - "lastModified": "2024-11-06T23:15:04.007", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en MonoCMS hasta 20240528. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /monofiles/opensaved.php del componente Posts Page. La manipulaci\u00f3n del argumento filtcategory/filtstatus provoca cross-site scripting. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10941.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10941.json index b65fdf9847e..270ac6f7f7b 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10941.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10941.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10941", "sourceIdentifier": "security@mozilla.org", "published": "2024-11-06T21:15:05.213", - "lastModified": "2024-11-06T21:15:05.213", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126." + }, + { + "lang": "es", + "value": "Un sitio web malicioso podr\u00eda haber incluido un iframe con una URL mal formada, lo que provoc\u00f3 un bloqueo del navegador que no se pod\u00eda explotar. Esta vulnerabilidad afecta a Firefox anterior a la versi\u00f3n 126." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10946.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10946.json index 4b010beaa28..0f6a26c7d55 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10946.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10946.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10946", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-07T04:15:03.277", - "lastModified": "2024-11-07T04:15:03.277", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This affects an unknown part of the file /interlib/admin/SysLib?cmdACT=inputLIBCODE&mod=batchXSL&xsl=editLIBCODE.xsl&libcodes=&ROWID=. The manipulation of the argument sql leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System hasta la versi\u00f3n 2.0.1. Afecta a una parte desconocida del archivo /interlib/admin/SysLib?cmdACT=inputLIBCODE&mod=batchXSL&xsl=editLIBCODE.xsl&libcodes=&ROWID=. La manipulaci\u00f3n del argumento sql provoca una inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10947.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10947.json index 14e35df22d4..4f28dad9575 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10947.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10947.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10947", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-07T04:15:03.590", - "lastModified": "2024-11-07T04:15:03.590", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This vulnerability affects unknown code of the file /interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl. The manipulation of the argument bookrecno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System hasta la versi\u00f3n 2.0.1. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl. La manipulaci\u00f3n del argumento bookrecno conduce a una inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10963.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10963.json index a88264108e3..63b8ae9ce46 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10963.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10963.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10963", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-07T16:15:17.150", - "lastModified": "2024-11-08T07:15:06.500", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en pam_access debido al manejo inadecuado de tokens en access.conf, interpretados como nombres de host. Esta falla permite a los atacantes eludir las restricciones de acceso falsificando nombres de host, lo que debilita las configuraciones dise\u00f1adas para limitar el acceso a TTY o servicios espec\u00edficos. La falla plantea un riesgo en entornos que dependen de estas configuraciones para el control de acceso local." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10964.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10964.json index d6607e492bb..68ccff77204 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10964.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10964.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10964", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-07T17:15:06.500", - "lastModified": "2024-11-07T17:15:06.500", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en emqx neuron hasta la versi\u00f3n 2.10.0. Se ve afectada la funci\u00f3n handle_add_plugin de la librer\u00eda cmd.library del archivo plugins/restful/plugin_handle.c. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. Es posible lanzar el ataque de forma remota. Se recomienda aplicar un parche para solucionar este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10965.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10965.json index ddf32db66e4..89daafd9fb5 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10965.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10965.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10965", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-07T17:15:06.890", - "lastModified": "2024-11-07T17:15:06.890", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en emqx neuron hasta la versi\u00f3n 2.10.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /api/v2/schema del componente JSON File Handler. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque se puede lanzar de forma remota. El parche se llama c9ce39747e0372aaa2157b2b56174914a12c06d8. Se recomienda aplicar un parche para solucionar este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10966.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10966.json index 539d08a1712..b18a650edf6 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10966.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10966.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10966", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-07T18:15:16.033", - "lastModified": "2024-11-07T18:15:16.033", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en TOTOLINK X18 9.1.0cu.2024_B20220329. Este problema afecta a algunas funciones desconocidas del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento enable provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10967.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10967.json index 389fce89d8c..d221ccd48ff 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10967.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10967.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10967", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-07T18:15:16.393", - "lastModified": "2024-11-07T18:15:16.393", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file /Doctor/delete_user_appointment_request.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en code-projects E-Health Care System 1.0. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo /Doctor/delete_user_appointment_request.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10968.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10968.json index 67af482acde..304493c6cae 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10968.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10968.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10968", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-07T20:15:15.633", - "lastModified": "2024-11-07T20:15:15.633", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /contact_process.php. The manipulation of the argument fnm leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en 1000 Projects Bookstore Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /contact_process.php. La manipulaci\u00f3n del argumento fnm conduce a una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10969.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10969.json index a265d613b82..515be8fe5cf 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10969.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10969.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10969", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-07T20:15:15.930", - "lastModified": "2024-11-07T20:15:15.930", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login_process.php of the component Login. The manipulation of the argument unm leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en 1000 Projects Bookstore Management System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a una funcionalidad desconocida del archivo /admin/login_process.php del componente Login. La manipulaci\u00f3n del argumento unm provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10975.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10975.json index 55df7680def..20d07a3b771 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10975.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10975.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10975", "sourceIdentifier": "security@hashicorp.com", "published": "2024-11-07T21:15:06.383", - "lastModified": "2024-11-07T21:15:06.383", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Nomad Community and Nomad Enterprise (\"Nomad\") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15." + }, + { + "lang": "es", + "value": "La especificaci\u00f3n de vol\u00famenes de Nomad Community y Nomad Enterprise (\"Nomad\") es vulnerable a la creaci\u00f3n arbitraria de vol\u00famenes entre espacios de nombres mediante escrituras no autorizadas en vol\u00famenes de la Interfaz de almacenamiento de contenedores (CSI). Esta vulnerabilidad, identificada como CVE-2024-10975, se ha corregido en Nomad Community Edition 1.9.2 y Nomad Enterprise 1.9.2, 1.8.7 y 1.7.15." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10987.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10987.json index 72dddbb6a7f..c02c32404f9 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10987.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10987.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10987", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T04:15:15.190", - "lastModified": "2024-11-08T04:15:15.190", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects E-Health Care System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Doctor/user_appointment.php. The manipulation of the argument schedule_id/schedule_date/schedule_day/start_time/end_time/booking leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en code-projects E-Health Care System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /Doctor/user_appointment.php. La manipulaci\u00f3n del argumento schedule_id/schedule_date/schedule_day/start_time/end_time/booking conduce a una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10988.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10988.json index 5515f672c2d..cdf18aab189 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10988.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10988.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10988", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T04:15:15.503", - "lastModified": "2024-11-08T04:15:15.503", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects E-Health Care System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Doctor/doctor_login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en code-projects E-Health Care System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /Doctor/doctor_login.php. La manipulaci\u00f3n del argumento email provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Tambi\u00e9n pueden verse afectados otros par\u00e1metros." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10989.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10989.json index aceb0d8edef..bbd1e4cfa57 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10989.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10989.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10989", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T04:15:15.783", - "lastModified": "2024-11-08T04:15:15.783", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in code-projects E-Health Care System 1.0. This affects an unknown part of the file /Admin/detail.php. The manipulation of the argument s_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory confuses the vulnerability class of this issue." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects E-Health Care System 1.0. Afecta a una parte desconocida del archivo /Admin/detail.php. La manipulaci\u00f3n del argumento s_id provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores confunde la clase de vulnerabilidad de este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10990.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10990.json index d2b985b9575..13b6842b575 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10990.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10990.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10990", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T05:15:05.690", - "lastModified": "2024-11-08T05:15:05.690", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Online Veterinary Appointment System 1.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/services/view_service.php. La manipulaci\u00f3n del argumento id conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10991.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10991.json index 133a0a9a07e..d02e337361e 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10991.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10991.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10991", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T05:15:06.127", - "lastModified": "2024-11-08T05:15:06.127", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como cr\u00edtica, en Codezips Hospital Appointment System 1.0. Este problema afecta a algunos procesos desconocidos del archivo /editBranchResult.php. La manipulaci\u00f3n del ID del argumento conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10993.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10993.json index 656d5922013..2729609e526 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10993.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10993.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10993", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T06:15:14.243", - "lastModified": "2024-11-08T06:15:14.243", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Codezips Online Institute Management System 1.0. Se trata de una funci\u00f3n desconocida del archivo /manage_website.php. La manipulaci\u00f3n del argumento website_image permite la carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10994.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10994.json index 009905267f3..c3e00779aca 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10994.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10994.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10994", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T06:15:14.540", - "lastModified": "2024-11-08T06:15:14.540", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Codezips Online Institute Management System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /edit_user.php. La manipulaci\u00f3n del argumento image permite la carga sin restricciones. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10995.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10995.json index bcee884a054..ecba12fd45a 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10995.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10995.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10995", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T07:15:07.263", - "lastModified": "2024-11-08T07:15:07.263", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /removeDoctorResult.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Codezips Hospital Appointment System 1.0 y se clasific\u00f3 como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /removeDoctorResult.php. La manipulaci\u00f3n del argumento Name conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha revelado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10996.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10996.json index 10d6aef3972..8aa4fb0d100 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10996.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10996.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10996", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T07:15:08.117", - "lastModified": "2024-11-08T07:15:08.117", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/process_category_edit.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en 1000 Projects Bookstore Management System 1.0. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del archivo /admin/process_category_edit.php. La manipulaci\u00f3n del argumento cat provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10997.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10997.json index 810e800a678..db0134d65db 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10997.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10997.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10997", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T07:15:08.647", - "lastModified": "2024-11-08T07:15:08.647", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /book_list.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en 1000 Projects Bookstore Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /book_list.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10998.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10998.json index b92406624ac..14d2c15f779 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10998.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10998.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10998", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T08:15:12.913", - "lastModified": "2024-11-08T08:15:12.913", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/process_category_add.php. The manipulation of the argument cat leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en 1000 Projects Bookstore Management System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /admin/process_category_add.php. La manipulaci\u00f3n del argumento cat provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10999.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10999.json index 3cac2bda580..2241e670023 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10999.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10999.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10999", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T08:15:14.597", - "lastModified": "2024-11-08T08:15:14.597", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en CodeAstro Real Estate Management System 1.0. Se ve afectada una funci\u00f3n desconocida del archivo /aboutadd.php del componente About Us Page. La manipulaci\u00f3n del argumento aimage permite la carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11000.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11000.json index 402ff8bbb1c..19bc14ebe3a 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11000.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11000.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11000", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T08:15:15.283", - "lastModified": "2024-11-08T08:15:15.283", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en CodeAstro Real Estate Management System 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /aboutedit.php del componente About Us Page. La manipulaci\u00f3n del argumento aimage permite la carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21538.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21538.json index d9288f9092e..a524a2e855b 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21538.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21538.json @@ -2,13 +2,17 @@ "id": "CVE-2024-21538", "sourceIdentifier": "report@snyk.io", "published": "2024-11-08T05:15:06.453", - "lastModified": "2024-11-08T05:15:06.453", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string." + }, + { + "lang": "es", + "value": "Las versiones del paquete cross-spawn anteriores a la 7.0.5 son vulnerables a la denegaci\u00f3n de servicio por expresi\u00f3n regular (ReDoS) debido a una desinfecci\u00f3n de entrada incorrecta. Un atacante puede aumentar el uso de la CPU y hacer que el programa se bloquee manipulando una cadena muy grande y bien manipulada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24409.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24409.json index 7fc856955fe..16edff6f2e4 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24409.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24409.json @@ -2,13 +2,17 @@ "id": "CVE-2024-24409", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "published": "2024-11-08T08:15:15.917", - "lastModified": "2024-11-08T08:15:15.917", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to\u00a0Privilege Escalation in the\u00a0Modify Computers option." + }, + { + "lang": "es", + "value": "Las versiones 7203 y anteriores de Zohocorp ManageEngine ADManager Plus son vulnerables a la escalada de privilegios en la opci\u00f3n Modificar equipos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24777.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24777.json index 8f5f284ac34..f4c82eb8410 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24777.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24777.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24777", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-10-30T14:15:04.457", - "lastModified": "2024-11-01T12:57:03.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T19:00:37.240", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -51,10 +71,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*", + "matchCriteriaId": "FCC94B2E-4651-4E98-90A1-CB53CC2E24CC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1FD255E3-0DBF-440C-AC6A-90B30DB59B34" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1981", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24914.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24914.json index c49d050c8f9..f5f8098a6a0 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24914.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24914.json @@ -2,13 +2,17 @@ "id": "CVE-2024-24914", "sourceIdentifier": "cve@checkpoint.com", "published": "2024-11-07T12:15:24.327", - "lastModified": "2024-11-07T12:15:24.327", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available." + }, + { + "lang": "es", + "value": "Los usuarios autenticados de Gaia pueden inyectar c\u00f3digo o comandos mediante variables globales a trav\u00e9s de solicitudes HTTP especiales. Hay disponible una soluci\u00f3n de seguridad que mitiga esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25431.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25431.json index dcc0ed67f95..549b3bc5a8b 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25431.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25431.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25431", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T17:15:06.023", - "lastModified": "2024-11-08T17:15:06.023", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27028.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27028.json index 7c4d95fbc44..2e4f987a627 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27028.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27028.json @@ -2,7 +2,7 @@ "id": "CVE-2024-27028", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.030", - "lastModified": "2024-11-05T10:16:20.500", + "lastModified": "2024-11-08T19:35:02.793", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: spi-mt65xx: corrige el acceso al puntero NULL en el controlador de interrupciones. El b\u00fafer TX en spi_transfer puede ser un puntero NULL, por lo que el controlador de interrupciones puede terminar escribiendo en la memoria no v\u00e1lida y causar accidentes. Agregue una marca a trans->tx_buf antes de usarlo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1784053cf10a14c4ebd8a890bad5cfe1bee51713", diff --git a/CVE-2024/CVE-2024-276xx/CVE-2024-27609.json b/CVE-2024/CVE-2024-276xx/CVE-2024-27609.json index a70f0446f0c..49de80e7e68 100644 --- a/CVE-2024/CVE-2024-276xx/CVE-2024-27609.json +++ b/CVE-2024/CVE-2024-276xx/CVE-2024-27609.json @@ -2,7 +2,7 @@ "id": "CVE-2024-27609", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-01T00:15:49.513", - "lastModified": "2024-04-01T01:12:59.077", + "lastModified": "2024-11-08T19:35:15.910", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Bonita antes de 2023.2-u2 permite XSS almacenado a trav\u00e9s de una pantalla de interfaz de usuario en el panel de administraci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://documentation.bonitasoft.com/bonita/latest/release-notes#_fixes_in_bonita_runtime_including_bonita_applications_2", diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30140.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30140.json index 8937becb512..f21cda23e36 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30140.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30140.json @@ -2,13 +2,17 @@ "id": "CVE-2024-30140", "sourceIdentifier": "psirt@hcl.com", "published": "2024-11-07T09:15:03.480", - "lastModified": "2024-11-07T09:15:03.480", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page." + }, + { + "lang": "es", + "value": "HCL BigFix Compliance se ve afectado por redirecciones y reenv\u00edos no validados. El encabezado HOST puede ser manipulado por un atacante y, como resultado, puede contaminar la memoria cach\u00e9 web y devolver la p\u00e1gina a los usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30141.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30141.json index 945e5531246..b335f5a54c2 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30141.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30141.json @@ -2,13 +2,17 @@ "id": "CVE-2024-30141", "sourceIdentifier": "psirt@hcl.com", "published": "2024-11-07T09:15:03.707", - "lastModified": "2024-11-07T09:15:03.707", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data." + }, + { + "lang": "es", + "value": "HCL BigFix Compliance es vulnerable a la generaci\u00f3n de mensajes de error que contienen informaci\u00f3n confidencial. Los mensajes de error detallados pueden proporcionar informaci\u00f3n incitativa o exponer informaci\u00f3n sobre su entorno, usuarios o datos asociados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30142.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30142.json index 5c830ceffc4..4e2b594e95b 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30142.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30142.json @@ -2,13 +2,17 @@ "id": "CVE-2024-30142", "sourceIdentifier": "psirt@hcl.com", "published": "2024-11-07T09:15:03.907", - "lastModified": "2024-11-07T09:15:03.907", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel." + }, + { + "lang": "es", + "value": "HCL BigFix Compliance se ve afectado por la falta de una bandera de seguridad en una cookie. Si no se establece una bandera de seguridad, un atacante puede robar las cookies mediante XSS, lo que da como resultado un acceso no autorizado o las cookies de sesi\u00f3n podr\u00edan transferirse a trav\u00e9s de un canal no cifrado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36062.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36062.json index b63ca1669ec..6879ef7df3f 100644 --- a/CVE-2024/CVE-2024-360xx/CVE-2024-36062.json +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36062.json @@ -2,13 +2,17 @@ "id": "CVE-2024-36062", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T22:15:20.680", - "lastModified": "2024-11-07T22:15:20.680", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callassistant.android.ui.call.incall.InCallActivity component." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n com.callassistant.android (tambi\u00e9n conocida como AI Call Assistant & Screener) 1.174 para Android permite que cualquier aplicaci\u00f3n instalada (sin permisos) realice llamadas telef\u00f3nicas sin interacci\u00f3n del usuario enviando una intenci\u00f3n manipulada a trav\u00e9s del componente com.callassistant.android.ui.call.incall.InCallActivity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36063.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36063.json index 467ef1e6412..dcb7b9a7809 100644 --- a/CVE-2024/CVE-2024-360xx/CVE-2024-36063.json +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36063.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36063", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T22:15:20.740", - "lastModified": "2024-11-08T17:35:12.793", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36064.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36064.json index 04eb513973b..a119b7bdbd4 100644 --- a/CVE-2024/CVE-2024-360xx/CVE-2024-36064.json +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36064.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36064", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T22:15:20.790", - "lastModified": "2024-11-08T17:35:13.630", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-382xx/CVE-2024-38286.json b/CVE-2024/CVE-2024-382xx/CVE-2024-38286.json index f0a885660ef..7133e90295e 100644 --- a/CVE-2024/CVE-2024-382xx/CVE-2024-38286.json +++ b/CVE-2024/CVE-2024-382xx/CVE-2024-38286.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38286", "sourceIdentifier": "security@apache.org", "published": "2024-11-07T08:15:13.007", - "lastModified": "2024-11-07T08:15:13.007", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process." + }, + { + "lang": "es", + "value": "Vulnerabilidad de asignaci\u00f3n de recursos sin l\u00edmites o limitaci\u00f3n de recursos en Apache Tomcat. Este problema afecta a Apache Tomcat: desde la versi\u00f3n 11.0.0-M1 hasta la 11.0.0-M20, desde la versi\u00f3n 10.1.0-M1 hasta la 10.1.24, desde la versi\u00f3n 9.0.13 hasta la 9.0.89. Tambi\u00e9n pueden verse afectadas versiones anteriores no compatibles. Se recomienda a los usuarios que actualicen a la versi\u00f3n 11.0.0-M21, 10.1.25 o 9.0.90, que soluciona el problema. Apache Tomcat, en determinadas configuraciones de cualquier plataforma, permite a un atacante provocar un error OutOfMemoryError abusando del proceso de enlace TLS." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38582.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38582.json index 889dd2bfdc7..88f83245f6d 100644 --- a/CVE-2024/CVE-2024-385xx/CVE-2024-38582.json +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38582.json @@ -2,7 +2,7 @@ "id": "CVE-2024-38582", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-19T14:15:18.273", - "lastModified": "2024-07-15T07:15:10.780", + "lastModified": "2024-11-08T19:35:16.800", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nilfs2: soluciona un posible bloqueo en nilfs_detach_log_writer() Syzbot ha informado de un posible bloqueo en nilfs_detach_log_writer() llamado durante el desmontaje de nilfs2. El an\u00e1lisis revel\u00f3 que esto se debe a que nilfs_segctor_sync(), que se sincroniza con el hilo del escritor de registros, puede ser llamado despu\u00e9s de que nilfs_segctor_destroy() finalice ese hilo, como se muestra en el seguimiento de llamadas a continuaci\u00f3n: nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread --> Apagar el hilo del escritor de registros Flush_work nilfs_iput_work_func nilfs_dispose_list iput nilfs_evict_inode nilfs_transaction_commit nilfs_construct_segment (si el inodo necesita sincronizaci\u00f3n) nilfs_segctor_sync --> Intente sincronizar con el hilo del escritor de registros *** DEADLOCK *** Solucione este problema cambiando nilfs_segctor_sync() para que el hilo del escritor de registros regrese normalmente sin sincronizarse despu\u00e9s de que termine y forzando las tareas que ya est\u00e1n esperando a completarse una vez que finaliza el hilo. La eliminaci\u00f3n de metadatos del inodo omitido se procesar\u00e1 en conjunto en el trabajo de limpieza posterior en nilfs_segctor_destroy()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, "references": [ { "url": "https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd", diff --git a/CVE-2024/CVE-2024-402xx/CVE-2024-40239.json b/CVE-2024/CVE-2024-402xx/CVE-2024-40239.json index 1f3731a5217..22bb23448ba 100644 --- a/CVE-2024/CVE-2024-402xx/CVE-2024-40239.json +++ b/CVE-2024/CVE-2024-402xx/CVE-2024-40239.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40239", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T18:15:17.000", - "lastModified": "2024-11-08T18:15:17.000", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-402xx/CVE-2024-40240.json b/CVE-2024/CVE-2024-402xx/CVE-2024-40240.json index 98436dd156b..a7dd293caf9 100644 --- a/CVE-2024/CVE-2024-402xx/CVE-2024-40240.json +++ b/CVE-2024/CVE-2024-402xx/CVE-2024-40240.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40240", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T18:15:17.130", - "lastModified": "2024-11-08T18:15:17.130", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40715.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40715.json index c0a6f36edae..90a07d7b440 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40715.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40715.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40715", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-07T17:15:08.083", - "lastModified": "2024-11-07T17:15:08.083", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en Veeam Backup & Replication Enterprise Manager que permite a los atacantes eludir la autenticaci\u00f3n. Los atacantes deben poder realizar un ataque Man-in-the-Middle (MITM) para aprovechar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43425.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43425.json index d3e13a70927..eb486cda0ce 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43425.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43425.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43425", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-07T14:15:15.280", - "lastModified": "2024-11-07T15:35:11.837", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Moodle. Se requieren restricciones adicionales para evitar el riesgo de ejecuci\u00f3n remota de c\u00f3digo en los tipos de preguntas calculadas. Nota: Esto requiere la capacidad de agregar o actualizar preguntas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43426.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43426.json index 13487a74a7e..776c40c9fb3 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43426.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43426.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43426", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-07T14:15:15.510", - "lastModified": "2024-11-07T14:15:15.510", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en pdfTeX. Una desinfecci\u00f3n insuficiente en el filtro de notaci\u00f3n TeX result\u00f3 en un riesgo de lectura arbitraria de archivos en sitios donde pdfTeX est\u00e1 disponible, como aquellos con TeX Live instalado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43428.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43428.json index f9dd5729a9b..19cd4188b0c 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43428.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43428.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43428", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-07T14:15:15.703", - "lastModified": "2024-11-07T14:15:15.703", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "To address a cache poisoning risk in Moodle, additional validation for local storage was required." + }, + { + "lang": "es", + "value": "Para abordar un riesgo de envenenamiento de cach\u00e9 en Moodle, se requiri\u00f3 una validaci\u00f3n adicional para el almacenamiento local." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43431.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43431.json index 9f0852ed23a..90ed9e4fce6 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43431.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43431.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43431", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-07T14:15:15.877", - "lastModified": "2024-11-07T16:35:19.497", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Moodle. La falta de comprobaciones de capacidad hizo posible eliminar insignias a las que un usuario no ten\u00eda permiso de acceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43434.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43434.json index 43a487910ac..3608d5a7724 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43434.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43434.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43434", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-07T14:15:16.067", - "lastModified": "2024-11-07T16:35:20.220", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability." + }, + { + "lang": "es", + "value": "La funci\u00f3n de env\u00edo masivo de mensajes en el informe de no respuestas del m\u00f3dulo de comentarios de Moodle ten\u00eda una verificaci\u00f3n de token CSRF incorrecta, lo que generaba una vulnerabilidad CSRF." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43436.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43436.json index 9517da79ba4..0a42f81f4c6 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43436.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43436.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43436", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-07T14:15:16.247", - "lastModified": "2024-11-07T16:35:20.957", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla de riesgo de inyecci\u00f3n SQL en la herramienta de edici\u00f3n XMLDB disponible para los administradores del sitio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43438.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43438.json index 1c6b61a937c..a9540ab280e 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43438.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43438.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43438", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-07T14:15:16.430", - "lastModified": "2024-11-07T17:35:22.537", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Feedback. Los mensajes masivos en el informe de no participantes de la actividad no verificaban los destinatarios de los mensajes que pertenec\u00edan al conjunto de usuarios que devolv\u00eda el informe." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43440.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43440.json index 99e16371d3c..4701322a322 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43440.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43440.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43440", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-07T14:15:16.610", - "lastModified": "2024-11-07T15:35:12.597", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in moodle. A local file may include risks when restoring block backups." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Moodle. Un archivo local puede incluir riesgos al restaurar copias de seguridad de bloques." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43956.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43956.json index 22f6a7a7174..0db94700f42 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43956.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43956.json @@ -2,17 +2,41 @@ "id": "CVE-2024-43956", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-01T15:15:49.933", - "lastModified": "2024-11-01T20:24:53.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:41:30.417", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Caseproof, LLC Memberpress permite acceder a funcionalidades que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a Memberpress: desde n/a hasta 1.11.34." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -47,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:caseproof:memberpress:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.11.35", + "matchCriteriaId": "D50F3A71-5CA7-4D1C-99CB-ACF86C4401C5" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/memberpress/wordpress-memberpress-plugin-1-11-29-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43962.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43962.json index 82d317019f3..e45b969d6de 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43962.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43962.json @@ -2,17 +2,41 @@ "id": "CVE-2024-43962", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-01T15:15:50.143", - "lastModified": "2024-11-01T20:24:53.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:42:40.120", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4." + }, + { + "lang": "es", + "value": " Vulnerabilidad de autorizaci\u00f3n faltante en LWS LWS Affiliation permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a LWS Affiliation: desde n/a hasta 2.3.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -47,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lws:affiliation:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.3.5", + "matchCriteriaId": "9BFFDBB4-3276-4807-AB98-5EC979E467AB" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/lws-affiliation/wordpress-lws-affiliation-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43968.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43968.json index 0183edd8e8e..1eaba8f38cf 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43968.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43968.json @@ -2,17 +2,41 @@ "id": "CVE-2024-43968", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-01T15:15:50.347", - "lastModified": "2024-11-01T20:24:53.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:43:04.257", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6." + }, + { + "lang": "es", + "value": " La vulnerabilidad de control de acceso roto en Automattic Newspack permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Newspack: desde n/a hasta 3.8.6." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -47,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:newspack:newspack:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.8.7", + "matchCriteriaId": "501CF971-487D-4999-A9BB-BC0216E1F10C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/newspack-plugin/wordpress-newspack-plugin-3-8-7-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43973.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43973.json index 3f77ce14477..18c8c799e4b 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43973.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43973.json @@ -2,17 +2,41 @@ "id": "CVE-2024-43973", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-01T15:15:50.553", - "lastModified": "2024-11-01T20:24:53.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:43:24.907", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11." + }, + { + "lang": "es", + "value": " La vulnerabilidad de autorizaci\u00f3n faltante en AyeCode Ltd GetPaid permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a GetPaid: desde n/a hasta 2.8.11." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -47,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ayecode:getpaid:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.8.12", + "matchCriteriaId": "416D33C4-F85E-4271-BB73-E25306EA965F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/invoicing/wordpress-payment-forms-buy-now-buttons-and-invoicing-system-getpaid-plugin-2-8-11-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43974.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43974.json index af16ed7fa7a..9db208aa606 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43974.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43974.json @@ -2,17 +2,41 @@ "id": "CVE-2024-43974", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-01T15:15:50.760", - "lastModified": "2024-11-01T20:24:53.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:43:53.387", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en CozyThemes ReviveNews permite acceder a funcionalidades que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a ReviveNews: desde n/a hasta 1.0.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -47,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cozythemes:revivenews:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.3", + "matchCriteriaId": "89E912C1-F9D0-41A2-B28B-67F1ABB8C83C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/revivenews/wordpress-revivenews-theme-1-0-2-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43979.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43979.json index a03513ed33d..a549525d7e8 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43979.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43979.json @@ -2,17 +2,41 @@ "id": "CVE-2024-43979", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-01T15:15:50.970", - "lastModified": "2024-11-01T20:24:53.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:44:42.717", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10." + }, + { + "lang": "es", + "value": " La vulnerabilidad de autorizaci\u00f3n faltante en CozyThemes Blockbooster permite acceder a funcionalidades que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a Blockbooster: desde n/a hasta 1.0.10." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -47,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cozythemes:blockbooster:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.11", + "matchCriteriaId": "ED25C303-3749-4FB9-BF7E-EECA879FDC0F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/blockbooster/wordpress-blockbooster-theme-1-0-10-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43980.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43980.json index f1295477a12..7c0d7f22789 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43980.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43980.json @@ -2,17 +2,41 @@ "id": "CVE-2024-43980", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-01T15:15:51.173", - "lastModified": "2024-11-01T20:24:53.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:45:07.137", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fota WP: from n/a through 1.4.1." + }, + { + "lang": "es", + "value": " La vulnerabilidad de autorizaci\u00f3n faltante en CozyThemes Fota WP permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Fota WP: desde n/a hasta 1.4.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -47,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cozythemes:fotawp:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.4.2", + "matchCriteriaId": "94EF1BAE-20D2-47FA-AA08-817259CF4E02" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/fotawp/wordpress-fotawp-theme-1-4-1-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-447xx/CVE-2024-44765.json b/CVE-2024/CVE-2024-447xx/CVE-2024-44765.json new file mode 100644 index 00000000000..0cecd91f4dd --- /dev/null +++ b/CVE-2024/CVE-2024-447xx/CVE-2024-44765.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-44765", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-08T19:15:05.590", + "lastModified": "2024-11-08T19:15:05.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH v2.0.0 to v2.4.2 allows attackers to escalate privileges and access sensitive information via manipulation of the Nginx configuration file." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://mgt-commerce.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/EagleTube/CloudPanel/tree/main/CVE-2024-44765", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45759.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45759.json index 98e9520ae10..89eab83c854 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45759.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45759.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45759", "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-08T03:15:03.647", - "lastModified": "2024-11-08T03:15:03.647", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system." + }, + { + "lang": "es", + "value": "Dell PowerProtect Data Domain, versiones anteriores a 8.1.0.0, 7.13.1.10, 7.10.1.40 y 7.7.5.50, contiene una vulnerabilidad de escalada de privilegios. Un atacante local con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n no autorizada de determinados comandos para sobrescribir la configuraci\u00f3n del sistema de la aplicaci\u00f3n. La explotaci\u00f3n puede provocar la denegaci\u00f3n de servicio del sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45763.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45763.json index df3d0fc1ce7..047346f7654 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45763.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45763.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45763", "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-08T17:15:06.243", - "lastModified": "2024-11-08T17:15:06.243", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45764.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45764.json index 8de7e440e77..70a457b7f6e 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45764.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45764.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45764", "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-08T16:15:23.070", - "lastModified": "2024-11-08T16:15:23.070", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45765.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45765.json index 481457f4032..eefcef051af 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45765.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45765.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45765", "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-08T16:15:23.350", - "lastModified": "2024-11-08T16:15:23.350", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45794.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45794.json index 4a74d5a0070..77ca47e052b 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45794.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45794.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45794", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-07T18:15:17.150", - "lastModified": "2024-11-07T18:15:17.150", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "devtron es una plataforma de integraci\u00f3n de herramientas de c\u00f3digo abierto para Kubernetes. En las versiones afectadas, un usuario autenticado (con el permiso m\u00ednimo) podr\u00eda utilizar y explotar la inyecci\u00f3n SQL para permitir la ejecuci\u00f3n de consultas SQL maliciosas a trav\u00e9s de la API CreateUser (/orchestrator/user). Este problema se ha solucionado en la versi\u00f3n 0.7.2 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46947.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46947.json index 15cd3206995..187d03e26b6 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46947.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46947.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46947", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T16:15:23.957", - "lastModified": "2024-11-08T16:15:23.957", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:35:17.037", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], "references": [ { "url": "https://mender.io/blog/cve-2024-46947-cve-2024-47190-ssrf-issues-in-mender-enterprise-server", diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46948.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46948.json index 9b59c1b34f3..372a5b4938e 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46948.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46948.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46948", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T16:15:24.050", - "lastModified": "2024-11-08T16:15:24.050", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46960.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46960.json index 9b86c3aaba1..a792beac7d4 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46960.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46960.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46960", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T22:15:20.870", - "lastModified": "2024-11-08T17:35:15.030", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46961.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46961.json index 277412c5b14..e6e522d1228 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46961.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46961.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46961", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T22:15:20.923", - "lastModified": "2024-11-08T17:35:15.877", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47072.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47072.json index 29cd8ad1726..47ce1eef211 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47072.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47072.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47072", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-08T00:15:14.937", - "lastModified": "2024-11-08T00:15:14.937", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver." + }, + { + "lang": "es", + "value": "XStream es una librer\u00eda sencilla para serializar objetos en formato XML y viceversa. Esta vulnerabilidad puede permitir que un atacante remoto finalice la aplicaci\u00f3n con un error de desbordamiento de pila que resulte en una denegaci\u00f3n de servicio solo al manipular el flujo de entrada procesado cuando XStream est\u00e1 configurado para usar BinaryStreamDriver. Se ha aplicado un parche a XStream 1.4.21 para detectar la manipulaci\u00f3n en el flujo de entrada binario que causa el desbordamiento de pila y genera una InputManipulationException en su lugar. Se recomienda a los usuarios que actualicen la versi\u00f3n. Los usuarios que no puedan actualizar la versi\u00f3n pueden detectar el StackOverflowError en el c\u00f3digo del cliente que llama a XStream si XStream est\u00e1 configurado para usar BinaryStreamDriver." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47073.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47073.json index 75f13c4447c..40e8acbe788 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47073.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47073.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47073", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-07T18:15:17.417", - "lastModified": "2024-11-08T17:35:16.707", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47190.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47190.json index 47401ba386f..a481622e236 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47190.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47190.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47190", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T16:15:24.163", - "lastModified": "2024-11-08T16:15:24.163", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:35:17.860", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "Northern.tech Hosted Mender before 2024.07.11 allows SSRF." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], "references": [ { "url": "https://mender.io/blog/cve-2024-46947-cve-2024-47190-ssrf-issues-in-mender-enterprise-server", diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48010.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48010.json index fd9fac0345e..b77aef65ea7 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48010.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48010.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48010", "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-08T03:15:03.933", - "lastModified": "2024-11-08T03:15:03.933", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application." + }, + { + "lang": "es", + "value": "Dell PowerProtect DD, versiones anteriores a 8.1.0.0, 7.13.1.10, 7.10.1.40 y 7.7.5.50, contiene una vulnerabilidad de control de acceso. Un atacante remoto con privilegios elevados podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda una escalada de privilegios en la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48011.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48011.json index 3547a690dd9..1dab0799647 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48011.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48011.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48011", "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-08T03:15:04.160", - "lastModified": "2024-11-08T03:15:04.160", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure." + }, + { + "lang": "es", + "value": "Dell PowerProtect DD, versiones anteriores a 7.7.5.50, contiene una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un agente no autorizado. Un atacante con pocos privilegios y acceso remoto podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la divulgaci\u00f3n de informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-482xx/CVE-2024-48290.json b/CVE-2024/CVE-2024-482xx/CVE-2024-48290.json index cc80cab30aa..38f8796bcf6 100644 --- a/CVE-2024/CVE-2024-482xx/CVE-2024-48290.json +++ b/CVE-2024/CVE-2024-482xx/CVE-2024-48290.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48290", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T18:15:17.580", - "lastModified": "2024-11-07T21:35:10.377", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet." + }, + { + "lang": "es", + "value": "Un problema en la implementaci\u00f3n de Bluetooth Low Energy de Realtek RTL8762E BLE SDK v1.4.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante el suministro de un paquete ll_terminate_ind manipulado espec\u00edficamente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-483xx/CVE-2024-48325.json b/CVE-2024/CVE-2024-483xx/CVE-2024-48325.json index b818fb350a9..a762cca3e0b 100644 --- a/CVE-2024/CVE-2024-483xx/CVE-2024-48325.json +++ b/CVE-2024/CVE-2024-483xx/CVE-2024-48325.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48325", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-06T23:15:04.367", - "lastModified": "2024-11-07T15:35:13.317", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48950.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48950.json index 04e0baf72fc..6aaee897207 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48950.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48950.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48950", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T17:15:08.373", - "lastModified": "2024-11-07T20:35:12.187", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Logpoint anterior a la versi\u00f3n 7.5.0. Se expuso un endpoint utilizado por Distributed Logpoint Setup, lo que permit\u00eda a atacantes no autenticados eludir las protecciones y la autenticaci\u00f3n de CSRF." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48951.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48951.json index dde11edcb0a..e14c3424f79 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48951.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48951.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48951", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T17:15:08.443", - "lastModified": "2024-11-07T20:35:13.070", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Logpoint antes de la versi\u00f3n 7.5.0. Server-Side Request Forgery (SSRF) en SOAR se puede utilizar para filtrar el token de API de Logpoint, lo que conduce a la omisi\u00f3n de la autenticaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48952.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48952.json index a6820c6e769..ca704806e7b 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48952.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48952.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48952", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T17:15:08.510", - "lastModified": "2024-11-07T20:35:13.947", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Logpoint antes de la versi\u00f3n 7.5.0. SOAR usa una clave secreta JWT est\u00e1tica para generar tokens que permiten el acceso a los endpoints de la API de SOAR sin autenticaci\u00f3n. Esta vulnerabilidad de clave est\u00e1tica permite a los atacantes crear claves secretas JWT personalizadas para el acceso no autorizado a estos endpoints." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48953.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48953.json index c8ae4f29a05..1e912610285 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48953.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48953.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48953", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T17:15:08.570", - "lastModified": "2024-11-07T21:35:11.563", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Logpoint antes de la versi\u00f3n 7.5.0. Los endpoints para crear, editar o eliminar m\u00f3dulos de autenticaci\u00f3n de terceros carec\u00edan de las comprobaciones de autorizaci\u00f3n adecuadas. Esto permit\u00eda que los usuarios no autenticados registraran sus propios complementos de autenticaci\u00f3n en Logpoint, lo que daba lugar a un acceso no autorizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48954.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48954.json index 83d2d6ec2fc..a7fb20b94fb 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48954.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48954.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48954", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T17:15:08.650", - "lastModified": "2024-11-07T21:35:12.417", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Logpoint antes de la versi\u00f3n 7.5.0. La entrada no validada durante la configuraci\u00f3n de EventHub Collector por parte de un usuario autenticado provoca la ejecuci\u00f3n de c\u00f3digo remoto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49523.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49523.json index 076e286a93c..0fc98464863 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49523.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49523.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49523", "sourceIdentifier": "psirt@adobe.com", "published": "2024-11-07T22:15:20.977", - "lastModified": "2024-11-07T22:15:20.977", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + }, + { + "lang": "es", + "value": "Las versiones 6.5.20 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que un atacante podr\u00eda aprovechar para inyectar secuencias de comandos maliciosas en campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de una v\u00edctima cuando esta accede a la p\u00e1gina que contiene el campo vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49524.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49524.json index 7f626b354d4..e2f78da739e 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49524.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49524.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49524", "sourceIdentifier": "psirt@adobe.com", "published": "2024-11-07T22:15:21.200", - "lastModified": "2024-11-07T22:15:21.200", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated URL or provide specific input to trigger the vulnerability." + }, + { + "lang": "es", + "value": "Las versiones 6.5.20 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) basada en DOM que un atacante podr\u00eda aprovechar para ejecutar c\u00f3digo arbitrario en el contexto de la sesi\u00f3n del navegador de la v\u00edctima. Al manipular un elemento DOM a trav\u00e9s de una URL manipulada o una entrada del usuario, el atacante puede inyectar secuencias de comandos maliciosas que se ejecutan cuando se procesa la p\u00e1gina. Este tipo de ataque requiere la interacci\u00f3n del usuario, ya que la v\u00edctima tendr\u00eda que acceder a una URL manipulada o proporcionar una entrada espec\u00edfica para activar la vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50111.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50111.json index cf15c9b8e3b..efed4fcb85f 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50111.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50111.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50111", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.433", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:32:08.217", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,108 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LoongArch: Habilitar IRQ si do_ale() se activa en un contexto habilitado para irq. La excepci\u00f3n de acceso no alineado se puede activar en un contexto habilitado para irq, como el modo de usuario; en este caso, do_ale() puede llamar a get_user(), lo que puede provocar una suspensi\u00f3n. Entonces obtendremos: ERROR: funci\u00f3n inactiva llamada desde un contexto no v\u00e1lido en arch/loongarch/kernel/access-helper.h:7 in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 129, nombre: modprobe preempt_count: 0, esperado: 0 Profundidad de anidaci\u00f3n de RCU: 0, esperado: 0 CPU: 0 UID: 0 PID: 129 Comm: modprobe Contaminado: GW 6.12.0-rc1+ #1723 Contaminado: [W]=WARN Pila: 9000000105e0bd48 0000000000000000 9000000003803944 9000000105e08000 9000000105e0bc70 9000000105e0bc78 000000000000000 0000000000000000 9000000105e0bc78 0000000000000001 9000000185e0ba07 9000000105e0b890 ffffffffffffffff 9000000105e0bc78 73924b81763be05b 9000000100194500 000000000000020c 00000000000000a 0000000000000000 000000000000003 000000000000023f0 000000000000e1401 00000000072f8000 0000007ffbb0e260 0000000000000000 000000000000000 9000000005437650 90000000055d5000 0000000000000000 0000000000000003 0000007ffbb0e1f0 000000000000000 000005567b00490 0000000000000000 9000000003803964 0000007ffbb0dfec 000000000000000b0 0000000000000007 0000000000000003 0000000000071c1d ... Seguimiento de llamadas: [<9000000003803964>] show_stack+0x64/0x1a0 [<9000000004c57464>] dump_stack_lvl+0x74/0xb0 [<9000000003861ab4>] __might_resched+0x154/0x1a0 [<900000000380c96c>] emulate_load_store_insn+0x6c/0xf60 [<9000000004c58118>] do_ale+0x78/0x180 [<9000000003801bc8>] handle_ale+0x128/0x1e0 Entonces habilite IRQ si se activa una excepci\u00f3n de acceso no alineado en un contexto habilitado para irq para solucionarlo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "1F471FD6-0481-4141-8A03-00D7CE67C49C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/69cc6fad5df4ce652d969be69acc60e269e5eea1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8915ed160dbd32b5ef5864df9a9fc11db83a77bb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/afbfb3568d78082078acc8bb2b29bb47af87253c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50112.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50112.json index d0cb4f03ce5..1de4b113759 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50112.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50112.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50112", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.497", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:36:03.797", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,108 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/lam: Deshabilitar ADDRESS_MASKING en la mayor\u00eda de los casos. El enmascaramiento de direcciones lineales (LAM) tiene una debilidad relacionada con la ejecuci\u00f3n transitoria como se describe en el documento SLAM[1]. A menos que se habilite la separaci\u00f3n del espacio de direcciones lineales (LASS), esta debilidad puede ser explotable. Hasta que el kernel agregue soporte para LASS[2], solo permita LAM para COMPILE_TEST, o cuando las mitigaciones de especulaci\u00f3n se hayan deshabilitado en el momento de la compilaci\u00f3n, de lo contrario, mantenga LAM deshabilitado. No hay procesadores en el mercado que admitan LAM todav\u00eda, por lo que actualmente nadie se ve afectado por este problema. [1] SLAM: https://download.vusec.net/papers/slam_sp24.pdf [2] LASS: https://lore.kernel.org/lkml/20230609183632.48706-1-alexander.shishkin@linux.intel.com/ [ dhansen: actualizaci\u00f3n MITIGACIONES_DE_ESPECULACI\u00d3N -> MITIGACIONES_DE_CPU ]" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "1F471FD6-0481-4141-8A03-00D7CE67C49C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3267cb6d3a174ff83d6287dcd5b0047bbd912452", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/60a5ba560f296ad8da153f6ad3f70030bfa3958f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/690599066488d16db96ac0d6340f9372fc56f337", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50113.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50113.json index e6c010e8697..fc4488c1727 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50113.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50113.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50113", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.560", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:37:04.953", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,95 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firewire: core: fix invalid port index for parent device En una confirmaci\u00f3n 24b7f8e5cd65 (\"firewire: core: use helper functions for self ID sequence\"), la enumeraci\u00f3n sobre la secuencia de auto-identificaci\u00f3n se refactoriz\u00f3 con algunas funciones auxiliares con pruebas KUnit. Se garantiza que estas funciones auxiliares funcionar\u00e1n como se espera mediante las pruebas KUnit, sin embargo, su aplicaci\u00f3n incluye un error para asignar un valor no v\u00e1lido al \u00edndice del puerto conectado al dispositivo principal. Este error afecta al caso en que cualquier dispositivo de nodo adicional que tenga tres o m\u00e1s puertos est\u00e9 conectado al controlador 1394 OHCI. En el caso, la ruta para actualizar la cach\u00e9 del \u00e1rbol podr\u00eda alcanzar WARN_ON() y obtener un fallo de protecci\u00f3n general debido al acceso a una direcci\u00f3n no v\u00e1lida calculada por el valor no v\u00e1lido. Esta confirmaci\u00f3n corrige el error para asignar el \u00edndice de puerto correcto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "35973F0F-C32F-4D88-B0FE-C75F65A0002B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/90753a38bc3d058820981f812a908a99f7b337c1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f6a6780e0b9bbcf311a727afed06fee533a5e957", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50114.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50114.json index 3b3d505106b..2647ff9851e 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50114.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50114.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50114", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.630", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T19:11:43.650", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,95 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: arm64: Anular el registro del redistribuidor en caso de creaci\u00f3n fallida de una vCPU. Alex informa que syzkaller ha conseguido activar un use-after-free al desmantelar una m\u00e1quina virtual: ERROR: KASAN: slab-use-after-free en kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c:5769 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffffff801c6890d0 por la tarea syz.3.2219/10758 CPU: 3 UID: 0 PID: 10758 Comm: syz.3.2219 No contaminado 6.11.0-rc6-dirty #64 Nombre del hardware: linux,dummy-virt (DT) Rastreo de llamadas: dump_backtrace+0x17c/0x1a8 arch/arm64/kernel/stacktrace.c:317 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:324 __dump_stack lib/dump_stack.c:93 [en l\u00ednea] dump_stack_lvl+0x94/0xc0 lib/dump_stack.c:119 print_report+0x144/0x7a4 mm/kasan/report.c:377 kasan_report+0xcc/0x128 mm/kasan/report.c:601 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c:5769 kvm_vm_release+0x4c/0x60 virt/kvm/kvm_main.c:1409 __fput+0x198/0x71c fs/file_table.c:422 ____fput+0x20/0x30 fs/file_table.c:450 task_work_run+0x1cc/0x23c kernel/task_work.c:228 do_notify_resume+0x144/0x1a0 include/linux/resume_user_mode.h:50 el0_svc+0x64/0x68 arch/arm64/kernel/entry-common.c:169 el0t_64_sync_handler+0x90/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Tras una inspecci\u00f3n m\u00e1s detallada, parece que no eliminamos correctamente el registro MMIO para una vCPU que falla en la creaci\u00f3n tarde en el juego, por ejemplo, una vCPU con el mismo ID ya existe en la VM. Es importante considerar el contexto de la confirmaci\u00f3n que introdujo este error al mover la anulaci\u00f3n del registro fuera de __kvm_vgic_vcpu_destroy(). Ese cambio busc\u00f3 correctamente evitar una inversi\u00f3n de srcu v. config_lock al dividir el desmontaje de la vCPU en dos partes, una protegida por config_lock. Corrija el use-after-free mientras evita la inversi\u00f3n del bloqueo agregando una anulaci\u00f3n del registro con caso especial a __kvm_vgic_vcpu_destroy(). Esto es seguro porque las vCPU fallidas se eliminan fuera de config_lock." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "35973F0F-C32F-4D88-B0FE-C75F65A0002B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/6bcc2890b883ba1d16b8942937750565f6e9db0d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ae8f8b37610269009326f4318df161206c59843e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50115.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50115.json index 264a7d9b5d3..c3235ccb03f 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50115.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50115.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50115", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.700", - "lastModified": "2024-11-08T16:15:46.980", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-08T19:14:49.233", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,151 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: nSVM: Ignorar nCR3[4:0] al cargar PDPTE desde la memoria Ignorar nCR3[4:0] al cargar PDPTE desde la memoria para SVM anidado, ya que los bits 4:0 de CR3 se ignoran cuando se utiliza la paginaci\u00f3n PAE y, por lo tanto, VMRUN no aplica la alineaci\u00f3n de 32 bytes de nCR3. En el peor de los casos, no ignorar los bits 4:0 puede dar como resultado una lectura fuera de los l\u00edmites, por ejemplo, si la p\u00e1gina de destino est\u00e1 al final de un memslot y el VMM no est\u00e1 utilizando p\u00e1ginas de protecci\u00f3n. Seg\u00fan el APM: El registro CR3 apunta a la direcci\u00f3n base de la tabla de punteros de directorio de p\u00e1ginas. La tabla de punteros de directorio de p\u00e1gina est\u00e1 alineada en un l\u00edmite de 32 bytes, y se supone que los 5 bits de direcci\u00f3n bajos 4:0 son 0. Y el SDM es mucho m\u00e1s expl\u00edcito: 4:0 Ignorado. Tenga en cuenta que KVM hace esto correctamente al cargar PDPTR, es solo el flujo nSVM el que est\u00e1 da\u00f1ado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.2", + "versionEndExcluding": "5.10.229", + "matchCriteriaId": "D1CC38D5-4E73-4234-A39C-C214E4AF4851" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.170", + "matchCriteriaId": "A9BA1C73-2D2E-45E3-937B-276A28AEB5FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.115", + "matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2c4adc9b192a0815fe58a62bc0709449416cc884", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/426682afec71ea3f889b972d038238807b9443e4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/58cb697d80e669c56197f703e188867c8c54c494", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6876793907cbe19d42e9edc8c3315a21e06c32ae", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/76ce386feb14ec9a460784fcd495d8432acce7a5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f559b2e9c5c5308850544ab59396b7d53cfc67bd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50116.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50116.json index 71ba1a6fabe..d48dc3d2198 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50116.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50116.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50116", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.763", - "lastModified": "2024-11-08T16:15:47.147", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-08T19:17:01.350", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,179 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: se corrige un error del kernel debido a la falta de limpieza del indicador de retraso del b\u00fafer Syzbot inform\u00f3 que despu\u00e9s de que nilfs2 lee una imagen de sistema de archivos corrupta y se degrada a solo lectura, la comprobaci\u00f3n BUG_ON para el indicador de retraso del b\u00fafer en submission_bh_wbc() puede fallar, lo que provoca un error del kernel. Esto se debe a que el indicador de retraso del b\u00fafer no se borra al borrar los indicadores de estado del b\u00fafer para descartar una p\u00e1gina/folio o un encabezado de b\u00fafer. Por lo tanto, solucione esto. Esto se volvi\u00f3 necesario cuando se expandi\u00f3 el uso de la propia rutina de limpieza de p\u00e1ginas de nilfs2. Esta inconsistencia de estado no ocurre si el b\u00fafer se escribe normalmente mediante la escritura de registro." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.10", + "versionEndExcluding": "4.19.323", + "matchCriteriaId": "4275189E-11C2-4607-92FC-0606E12A465F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.285", + "matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.229", + "matchCriteriaId": "1A03CABE-9B43-4E7F-951F-10DEEADAA426" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.170", + "matchCriteriaId": "A9BA1C73-2D2E-45E3-937B-276A28AEB5FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.115", + "matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/033bc52f35868c2493a2d95c56ece7fc155d7cb3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/27524f65621f490184f2ace44cd8e5f3685af4a3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/412a30b1b28d6073ba29c46a2b0f324c5936293f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6ed469df0bfbef3e4b44fca954a781919db9f7ab", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/743c78d455e784097011ea958b27396001181567", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/822203f6355f4b322d21e7115419f6b98284be25", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9f2ab98371c2f2488bf3bf3f9b2a73510545e9c1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c6f58ff2d4c552927fe9a187774e668ebba6c7aa", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50123.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50123.json index 2fe0453bb36..d9272d39d0a 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50123.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50123.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50123", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.367", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:03:49.163", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,95 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Agregue la invocaci\u00f3n BPF_LINK_TYPE faltante para sockmap Hay una lectura fuera de los l\u00edmites en bpf_link_show_fdinfo() para el fd del enlace sockmap. Arr\u00e9glelo agregando la invocaci\u00f3n BPF_LINK_TYPE faltante para el enlace sockmap Agregue tambi\u00e9n comentarios para bpf_link_type para evitar actualizaciones faltantes en el futuro." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.10", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "DB1EF597-EE20-41B9-A601-99CB57D64A94" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/6d79f12c0ce2bc8ff5f109093df1734bd6450615", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c2f803052bc7a7feb2e03befccc8e49b6ff1f5f5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50124.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50124.json index cef425aaf45..6c5a837837e 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50124.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50124.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50124", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.487", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:04:05.847", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,123 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: ISO: Se corrigi\u00f3 que UAF en iso_sock_timeout conn->sk pudiera haberse desvinculado/liberado mientras se esperaba a iso_conn_lock, por lo que esto verifica si conn->sk a\u00fan es v\u00e1lido verificando si es parte de iso_sk_list." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0", + "versionEndExcluding": "6.1.115", + "matchCriteriaId": "1D4E0070-638A-4AE7-A4DC-10C3C08F90F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/14bcb721d241e62fdd18f6f434a2ed2ab6e71a9b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/246b435ad668596aa0e2bbb9d491b6413861211a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/876ac72d535fa94f4ac57bba651987c6f990f646", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d75aad1d3143ca68cda52ff80ac392e1bbd84325", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50125.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50125.json index 0be46357c73..24c8ae38456 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50125.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50125.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50125", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.550", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:04:33.913", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,153 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: SCO: Se corrige que UAF en sco_sock_timeout conn->sk pueda haberse desvinculado/liberado mientras se esperaba sco_conn_lock, por lo que esto verifica si conn->sk a\u00fan es v\u00e1lido verificando si es parte de sco_sk_list." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15", + "versionEndExcluding": "6.1.115", + "matchCriteriaId": "7A9290B0-2AD4-446E-B1DB-DA1FA8D39207" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:4.14.263:*:*:*:*:*:*:*", + "matchCriteriaId": "C20561F0-C119-4858-8A45-53627BDB3A85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:4.19.207:*:*:*:*:*:*:*", + "matchCriteriaId": "FE4696E1-1AF7-48BF-A760-D1647592A16C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.4.148:*:*:*:*:*:*:*", + "matchCriteriaId": "EB3797F7-1847-4EA2-9831-1204B46DDBA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.10.67:*:*:*:*:*:*:*", + "matchCriteriaId": "3D53E7BD-B23C-452F-8A0A-5C0A9F3B544D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13.19:*:*:*:*:*:*:*", + "matchCriteriaId": "6EE38667-C006-40E7-9160-BA9129F4EB63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.14.6:*:*:*:*:*:*:*", + "matchCriteriaId": "4D94E8C9-DE54-40B9-97B2-454977B0E224" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1bf4470a3939c678fb822073e9ea77a0560bc6bb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/80b05fbfa998480fb3d5299d93eab946f51e9c36", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9ddda5d967e84796e7df1b54a55f36b4b9f21079", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d30803f6a972b5b9e26d1d43b583c7ec151de04b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50126.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50126.json index ef67175a94a..e570b3937f5 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50126.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50126.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50126", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.607", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:03:02.093", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,109 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: sched: usar la secci\u00f3n cr\u00edtica del lado de lectura de RCU en taprio_dump(). Corrija el posible use-after-free en 'taprio_dump()' agregando all\u00ed la secci\u00f3n cr\u00edtica del lado de lectura de RCU. Nunca visto en x86 pero encontrado en un sistema arm64 habilitado para KASAN al investigar https://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa: [T15862] ERROR: KASAN: slab-use-after-free en taprio_dump+0xa0c/0xbb0 [T15862] Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff0000d4bb88f8 por la tarea repro/15862 [T15862] [T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro No contaminado 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2 [T15862] Nombre del hardware: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 24/05/2024 [T15862] Seguimiento de llamadas: [T15862] dump_backtrace+0x20c/0x220 [T15862] show_stack+0x2c/0x40 [T15862] dump_stack_lvl+0xf8/0x174 [T15862] print_report+0x170/0x4d8 [T15862] kasan_report+0xb8/0x1d4 [T15862] __asan_report_load4_noabort+0x20/0x2c [T15862] taprio_dump+0xa0c/0xbb0 [T15862] El comando tc_fill_qdisc_notify.isra.0_0x330_0x3a0_tc_modify_qdisc_0x7b8_0x1838_rtnetlink_rcv_msg_0x3c8_0xc20_netlink_rcv_skb_0x1f8_0x3d4_rtnetlink_rcv_0x28_0x40_netlink_unicast_0x51c_0x790_netlink_sendmsg_0x79c_0xc20_tc_sendmsg_0x1a ... [T15862] ____sys_sendmsg+0x6c0/0x840 [T15862] ___sys_sendmsg+0x1ac/0x1f0 [T15862] __sys_sendmsg+0x110/0x1d0 [T15862] __arm64_sys_sendmsg+0x74/0xb0 [T15862] invoke_syscall+0x88/0x2e0 [T15862] el0_svc_common.constprop.0+0xe4/0x2a0 [T15862] do_el0_svc+0x44/0x60 [T15862] el0_svc+0x50/0x184 [T15862] el0t_64_sync_handler+0x120/0x12c [T15862] el0t_64_sync+0x190/0x194 [T15862] [T15862] Asignado por la tarea 15857: [T15862] kasan_save_stack+0x3c/0x70 [T15862] kasan_save_track+0x20/0x3c [T15862] kasan_save_alloc_info+0x40/0x60 [T15862] __kasan_kmalloc+0xd4/0xe0 [T15862] __kmalloc_cache_noprof+0x194/0x334 [T15862] taprio_change+0x45c/0x2fe0 [T15862] tc_modify_qdisc+0x6a8/0x1838 [T15862] rtnetlink_rcv_msg+0x3c8/0xc20 [T15862] netlink_rcv_skb+0x1f8/0x3d4 [T15862] rtnetlink_rcv+0x28/0x40 [T15862] netlink_unicast+0x51c/0x790 [T15862] netlink_sendmsg+0x79c/0xc20 [T15862] __sock_sendmsg+0xe0/0x1a0 [T15862] ____sys_sendmsg+0x6c0/0x840 [T15862] ___sys_sendmsg+0x1ac/0x1f0 [T15862] __sys_sendmsg+0x110/0x1d0 [T15862] __arm64_sys_sendmsg+0x74/0xb0 [T15862] invoke_syscall+0x88/0x2e0 [T15862] el0_svc_common.constprop.0+0xe4/0x2a0 [T15862] do_el0_svc+0x44/0x60 [T15862] el0_svc+0x50/0x184 [T15862] el0t_64_sync_handler+0x120/0x12c [T15862] el0t_64_sync+0x190/0x194 [T15862] [T15862] Liberado por la tarea 6192: [T15862] kasan_save_stack+0x3c/0x70 [T15862] kasan_save_track+0x20/0x3c [T15862] kasan_save_free_info+0x4c/0x80 [T15862] poison_slab_object+0x110/0x160 [T15862] __kasan_slab_free+0x3c/0x74 [T15862] kfree+0x134/0x3c0 [T15862] taprio_free_sched_cb+0x18c/0x220 [T15862] rcu_core+0x920/0x1b7c [T15862] rcu_core_si+0x10/0x1c [T15862] handle_softirqs+0x2e8/0xd64 [T15862] __do_softirq+0x14/0x20" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "73E6DF5B-2C48-44A0-904B-A1EC3684F9D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/5d282467245f267c0b9ada3f7f309ff838521536", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b22db8b8befe90b61c98626ca1a2fbb0505e9fe3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e4369cb6acf6b895ac2453cc1cdf2f4326122c6d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50127.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50127.json index 7b33f2a342f..b21d031e7b6 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50127.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50127.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50127", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.670", - "lastModified": "2024-11-08T16:15:47.393", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-08T19:42:39.257", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,35 +15,151 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: sched: arreglado use-after-free en taprio_change(). En 'taprio_change()', el puntero 'admin' puede quedar colgando debido al cambio/eliminaci\u00f3n de sched causado por 'advance_sched()', y la secci\u00f3n cr\u00edtica protegida por 'q->current_entry_lock' es demasiado peque\u00f1a para evitar tal escenario (que causa el use-after-free detectado por KASAN). Solucione esto al preferir 'rcu_replace_pointer()' sobre 'rcu_assign_pointer()' para actualizar 'admin' inmediatamente antes de un intento de liberaci\u00f3n de programaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.2", + "versionEndExcluding": "5.15.170", + "matchCriteriaId": "5E0E5D44-4829-4DA4-B7F0-72BF46B9065C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.115", + "matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0d4c0d2844e4eac3aed647f948fd7e60eea56a61", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2240f9376f20f8b6463232b4ca7292569217237f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2f868ce6013548a713c431c679ef73747a66fcf3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8a283a19026aaae8a773fd8061263cfa315b127f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/999612996df28d81f163dad530d7f8026e03aec6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f504465970aebb2467da548f7c1efbbf36d0f44b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fe371f084073e8672a2d7d46b335c3c060d1e301", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50128.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50128.json index c9890359d28..93e1d082dd9 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50128.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50128.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50128", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.730", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T19:39:38.027", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,137 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: wwan: fix global oob in wwan_rtnl_policy. La variable wwan_rtnl_link_ops asigna un maxtype *mayor* que lleva a una lectura global fuera de los l\u00edmites al analizar los atributos netlink. Exactamente la misma causa del error que el oob corregido en la confirmaci\u00f3n b33fb5b801c6 (\"net: qualcomm: rmnet: fix global oob in rmnet_policy\"). ======================================================================= ERROR: KASAN: global fuera de los l\u00edmites en la librer\u00eda validation_nla/nlattr.c:388 [en l\u00ednea] ERROR: KASAN: global fuera de los l\u00edmites en la librer\u00eda __nla_validate_parse+0x19d7/0x29a0/nlattr.c:603 Lectura de tama\u00f1o 1 en la direcci\u00f3n ffffffff8b09cb60 por la tarea syz.1.66276/323862 CPU: 0 PID: 323862 Comm: syz.1.66276 No contaminado 6.1.70 #1 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 01/04/2014 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [en l\u00ednea] print_report+0x14f/0x750 mm/kasan/report.c:395 kasan_report+0x139/0x170 mm/kasan/report.c:495 validation_nla lib/nlattr.c:388 [en l\u00ednea] __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603 __nla_parse+0x3c/0x50 lib/nlattr.c:700 nla_parse_nested_deprecated include/net/netlink.h:1269 [en l\u00ednea] __rtnl_newlink net/core/rtnetlink.c:3514 [en l\u00ednea] rtnl_newlink+0x7bc/0x1fd0 net/core/rtnetlink.c:3623 rtnetlink_rcv_msg+0x794/0xef0 net/core/rtnetlink.c:6122 netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [en l\u00ednea] netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352 netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:716 [en l\u00ednea] __sock_sendmsg net/socket.c:728 [en l\u00ednea] ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499 ___sys_sendmsg+0x21c/0x290 net/socket.c:2553 __sys_sendmsg net/socket.c:2582 [en l\u00ednea] __do_sys_sendmsg net/socket.c:2591 [en l\u00ednea] __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589 do_syscall_x64 arch/x86/entry/common.c:51 [en l\u00ednea] do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f67b19a24ad RSP: 002b:00007f67b17febb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f67b1b45f80 RCX: 00007f67b19a24ad RDX: 0000000000000000 RSI: 0000000020005e40 RDI: 0000000000000004 RBP: 00007f67b1a1e01d R08: 000000000000000 R09: 0000000000000000 R10: 000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd2513764f R14: 00007ffd251376e0 R15: 00007f67b17fed40 La direcci\u00f3n con errores pertenece a la variable: wwan_rtnl_policy+0x20/0x40 La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: page:ffffea00002c2700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb09c flags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000001000 ffffea00002c2708 ffffea00002c2708 000000000000000 raw: 000000000000000 0000000000000000 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado la informaci\u00f3n del propietario de la p\u00e1gina no est\u00e1 presente (\u00bfnunca se estableci\u00f3?) Estado de la memoria alrededor de la direcci\u00f3n con errores: ffffffff8b09ca00: 05 f9 f9 f9 05 f9 f9 f9 00 01 f9 f9 01 f9 f9 ffffffff8b09ca80: 00 00 00 05 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 >ffffffff8b09cb00: 00 00 00 00 05 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 ^ ffffffff8b09cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =================================================================== Seg\u00fan el comentario de `nla_parse_nested_deprecated`, use el tama\u00f1o correcto `IFLA_WWAN_MAX` aqu\u00ed para solucionar este problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.14", + "versionEndExcluding": "5.15.170", + "matchCriteriaId": "53E8194F-DD7E-4112-80DD-3E7EF9172D6D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.115", + "matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/47dd5447cab8ce30a847a0337d5341ae4c7476a7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/69076f8435c1c5dae5f814eaf4c361d1f00b22a3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9683804e36668f6093fb06e202eed2f188ba437e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a3ffce63dcc0c208edd4d196e17baed22ebcb643", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c9a0aed51977198df005d0a623090e38e2d77d7b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50139.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50139.json index baefb9ee0dc..e900396bc77 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50139.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50139.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50139", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:05.903", - "lastModified": "2024-11-07T10:15:05.903", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix shift-out-of-bounds bug\n\nFix a shift-out-of-bounds bug reported by UBSAN when running\nVM with MTE enabled host kernel.\n\nUBSAN: shift-out-of-bounds in arch/arm64/kvm/sys_regs.c:1988:14\nshift exponent 33 is too large for 32-bit type 'int'\nCPU: 26 UID: 0 PID: 7629 Comm: qemu-kvm Not tainted 6.12.0-rc2 #34\nHardware name: IEI NF5280R7/Mitchell MB, BIOS 00.00. 2024-10-12 09:28:54 10/14/2024\nCall trace:\n dump_backtrace+0xa0/0x128\n show_stack+0x20/0x38\n dump_stack_lvl+0x74/0x90\n dump_stack+0x18/0x28\n __ubsan_handle_shift_out_of_bounds+0xf8/0x1e0\n reset_clidr+0x10c/0x1c8\n kvm_reset_sys_regs+0x50/0x1c8\n kvm_reset_vcpu+0xec/0x2b0\n __kvm_vcpu_set_target+0x84/0x158\n kvm_vcpu_set_target+0x138/0x168\n kvm_arch_vcpu_ioctl_vcpu_init+0x40/0x2b0\n kvm_arch_vcpu_ioctl+0x28c/0x4b8\n kvm_vcpu_ioctl+0x4bc/0x7a8\n __arm64_sys_ioctl+0xb4/0x100\n invoke_syscall+0x70/0x100\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x3c/0x158\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x194/0x198" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: arm64: Corregir error de desplazamiento fuera de los l\u00edmites Corrige un error de desplazamiento fuera de los l\u00edmites informado por UBSAN al ejecutar una m\u00e1quina virtual con un kernel de host habilitado para MTE. UBSAN: desplazamiento fuera de los l\u00edmites en arch/arm64/kvm/sys_regs.c:1988:14 el exponente de desplazamiento 33 es demasiado grande para el tipo de 32 bits 'int' CPU: 26 UID: 0 PID: 7629 Comm: qemu-kvm No contaminado 6.12.0-rc2 #34 Nombre del hardware: IEI NF5280R7/Mitchell MB, BIOS 00.00. 2024-10-12 09:28:54 14/10/2024 Seguimiento de llamadas: dump_backtrace+0xa0/0x128 show_stack+0x20/0x38 dump_stack_lvl+0x74/0x90 dump_stack+0x18/0x28 __ubsan_handle_shift_out_of_bounds+0xf8/0x1e0 reset_clidr+0x10c/0x1c8 kvm_reset_sys_regs+0x50/0x1c8 kvm_reset_vcpu+0xec/0x2b0 __kvm_vcpu_set_target+0x84/0x158 kvm_vcpu_set_target+0x138/0x168 kvm_arch_vcpu_ioctl_vcpu_init+0x40/0x2b0 kvm_arch_vcpu_ioctl+0x28c/0x4b8 kvm_vcpu_ioctl+0x4bc/0x7a8 __arm64_sys_ioctl+0xb4/0x100 invocar_llamada_al_sistema+0x70/0x100 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x3c/0x158 el0t_64_sync_handler+0x120/0x130 el0t_64_sync+0x194/0x198" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50140.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50140.json index 4c6f7fa165b..edafb22dbfb 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50140.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50140.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50140", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:05.980", - "lastModified": "2024-11-07T10:15:05.980", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq->__lock ]\n -> task_tick_mm_cid()\n -> task_work_add()\n -> __kasan_record_aux_stack()\n -> kasan_save_stack()\n -> stack_depot_save_flags()\n -> alloc_pages_mpol_noprof()\n -> __alloc_pages_noprof()\n\t -> get_page_from_freelist()\n\t -> rmqueue()\n\t -> rmqueue_pcplist()\n\t -> __rmqueue_pcplist()\n\t -> rmqueue_bulk()\n\t -> rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can't sleep while holding\nit. IOW, we can't call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched/core: Deshabilitar la asignaci\u00f3n de p\u00e1ginas en task_tick_mm_cid() Con KASAN y PREEMPT_RT habilitados, llamar a task_work_add() en task_tick_mm_cid() puede causar el siguiente splat. [ 63.696416] ERROR: funci\u00f3n inactiva llamada desde un contexto no v\u00e1lido en kernel/locking/spinlock_rt.c:48 [ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe [ 63.696416] preempt_count: 10001, esperado: 0 [ 63.696416] Profundidad de anidaci\u00f3n de RCU: 1, esperado: 1 Este problema es causado por el siguiente seguimiento de llamada. sched_tick() [ adquirir rq->__lock ] -> task_tick_mm_cid() -> task_work_add() -> __kasan_record_aux_stack() -> kasan_save_stack() -> stack_depot_save_flags() -> alloc_pages_mpol_noprof() -> __alloc_pages_noprof() -> get_page_from_freelist() -> rmqueue() -> rmqueue_pcplist() -> __rmqueue_pcplist() -> rmqueue_bulk() -> rt_spin_lock() El bloqueo rq es un raw_spinlock_t. No podemos dormir mientras lo mantenemos. Es decir, no podemos llamar a alloc_pages() en stack_depot_save_flags(). La funci\u00f3n task_tick_mm_cid() con su llamada task_work_add() fue introducida por el commit 223baf9d17f2 (\"sched: Fix performance regression presented by mm_cid\") en el kernel v6.4. Afortunadamente, hay una variante kasan_record_aux_stack_noalloc() que llama a stack_depot_save_flags() pero no le permite asignar nuevas p\u00e1ginas. Para permitir que task_tick_mm_cid() use task_work sin asignaci\u00f3n de p\u00e1ginas, se agrega un nuevo indicador TWAF_NO_ALLOC para habilitar la llamada a kasan_record_aux_stack_noalloc() en lugar de kasan_record_aux_stack() si est\u00e1 configurado. La funci\u00f3n task_tick_mm_cid() se modifica para agregar este nuevo indicador. La posible desventaja es la falta de seguimiento de pila en un informe KASAN debido a la nueva asignaci\u00f3n de p\u00e1gina requerida cuando se llama a task_work_add_noallloc(), lo que deber\u00eda ser poco com\u00fan." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50141.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50141.json index 17f82258062..d0d5ae77f3f 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50141.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50141.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50141", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.090", - "lastModified": "2024-11-08T16:15:47.743", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50142.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50142.json index a00dd01fccd..b291baee9d9 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50142.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50142.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50142", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.170", - "lastModified": "2024-11-08T16:15:47.830", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50143.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50143.json index ee7ca9b9599..4b4068ba81e 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50143.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50143.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50143", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.243", - "lastModified": "2024-11-08T16:15:47.907", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50144.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50144.json index 85e7dfec3a5..737f23a2efa 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50144.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50144.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50144", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.310", - "lastModified": "2024-11-07T10:15:06.310", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: fix unbalanced rpm put() with fence_fini()\n\nCurrently we can call fence_fini() twice if something goes wrong when\nsending the GuC CT for the tlb request, since we signal the fence and\nreturn an error, leading to the caller also calling fini() on the error\npath in the case of stack version of the flow, which leads to an extra\nrpm put() which might later cause device to enter suspend when it\nshouldn't. It looks like we can just drop the fini() call since the\nfence signaller side will already call this for us.\n\nThere are known mysterious splats with device going to sleep even with\nan rpm ref, and this could be one candidate.\n\nv2 (Matt B):\n - Prefer warning if we detect double fini()\n\n(cherry picked from commit cfcbc0520d5055825f0647ab922b655688605183)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: corregir rpm put() desequilibrado con fence_fini() Actualmente podemos llamar a fence_fini() dos veces si algo sale mal al enviar el GuC CT para la solicitud tlb, ya que se\u00f1alamos a fence y devolvemos un error, lo que lleva a que el llamador tambi\u00e9n llame a fini() en la ruta de error en el caso de la versi\u00f3n de pila del flujo, lo que lleva a un rpm put() adicional que m\u00e1s tarde podr\u00eda hacer que el dispositivo entre en suspensi\u00f3n cuando no deber\u00eda. Parece que podemos simplemente descartar la llamada a fini() ya que el lado del se\u00f1alizador de fence ya lo llamar\u00e1 por nosotros. Hay splats misteriosos conocidos con el dispositivo entrando en suspensi\u00f3n incluso con una referencia rpm, y este podr\u00eda ser un candidato. v2 (Matt B): - Preferimos advertencia si detectamos fini() doble (seleccionado de el commit cfcbc0520d5055825f0647ab922b655688605183)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50145.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50145.json index 40d84016a3c..15174606589 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50145.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50145.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50145", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.373", - "lastModified": "2024-11-07T10:15:06.373", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()\n\nbuild_skb() returns NULL in case of a memory allocation failure so handle\nit inside __octep_oq_process_rx() to avoid NULL pointer dereference.\n\n__octep_oq_process_rx() is called during NAPI polling by the driver. If\nskb allocation fails, keep on pulling packets out of the Rx DMA queue: we\nshouldn't break the polling immediately and thus falsely indicate to the\noctep_napi_poll() that the Rx pressure is going down. As there is no\nassociated skb in this case, don't process the packets and don't push them\nup the network stack - they are skipped.\n\nHelper function is implemented to unmmap/flush all the fragment buffers\nused by the dropped packet. 'alloc_failures' counter is incremented to\nmark the skb allocation error in driver statistics.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeon_ep: Agregar manejo de fallas de asignaci\u00f3n de SKB en __octep_oq_process_rx() build_skb() devuelve NULL en caso de una falla de asignaci\u00f3n de memoria, por lo que se maneja dentro de __octep_oq_process_rx() para evitar la desreferencia del puntero NULL. __octep_oq_process_rx() es llamado durante el sondeo NAPI por el controlador. Si la asignaci\u00f3n de skb falla, sigue extrayendo paquetes de la cola DMA de Rx: no deber\u00edamos interrumpir el sondeo inmediatamente y, por lo tanto, indicar falsamente a octep_napi_poll() que la presi\u00f3n de Rx est\u00e1 disminuyendo. Como no hay un skb asociado en este caso, no procesa los paquetes y no los empuja hacia arriba en la pila de red: se omiten. Se implementa una funci\u00f3n auxiliar para desmapear/vaciar todos los buferes de fragmentos utilizados por el paquete descartado. El contador 'alloc_failures' se incrementa para marcar el error de asignaci\u00f3n de skb en las estad\u00edsticas del controlador. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50146.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50146.json index a14ec42e3be..1ce78ca1d93 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50146.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50146.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50146", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.443", - "lastModified": "2024-11-07T10:15:06.443", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Don't call cleanup on profile rollback failure\n\nWhen profile rollback fails in mlx5e_netdev_change_profile, the netdev\nprofile var is left set to NULL. Avoid a crash when unloading the driver\nby not calling profile->cleanup in such a case.\n\nThis was encountered while testing, with the original trigger that\nthe wq rescuer thread creation got interrupted (presumably due to\nCtrl+C-ing modprobe), which gets converted to ENOMEM (-12) by\nmlx5e_priv_init, the profile rollback also fails for the same reason\n(signal still active) so the profile is left as NULL, leading to a crash\nlater in _mlx5e_remove.\n\n [ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Unload vfs: mode(OFFLOADS), nvfs(2), necvfs(0), active vports(2)\n [ 734.525513] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.557372] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.559187] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: new profile init failed, -12\n [ 734.560153] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.589378] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.591136] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n [ 745.537492] BUG: kernel NULL pointer dereference, address: 0000000000000008\n [ 745.538222] #PF: supervisor read access in kernel mode\n\n [ 745.551290] Call Trace:\n [ 745.551590] \n [ 745.551866] ? __die+0x20/0x60\n [ 745.552218] ? page_fault_oops+0x150/0x400\n [ 745.555307] ? exc_page_fault+0x79/0x240\n [ 745.555729] ? asm_exc_page_fault+0x22/0x30\n [ 745.556166] ? mlx5e_remove+0x6b/0xb0 [mlx5_core]\n [ 745.556698] auxiliary_bus_remove+0x18/0x30\n [ 745.557134] device_release_driver_internal+0x1df/0x240\n [ 745.557654] bus_remove_device+0xd7/0x140\n [ 745.558075] device_del+0x15b/0x3c0\n [ 745.558456] mlx5_rescan_drivers_locked.part.0+0xb1/0x2f0 [mlx5_core]\n [ 745.559112] mlx5_unregister_device+0x34/0x50 [mlx5_core]\n [ 745.559686] mlx5_uninit_one+0x46/0xf0 [mlx5_core]\n [ 745.560203] remove_one+0x4e/0xd0 [mlx5_core]\n [ 745.560694] pci_device_remove+0x39/0xa0\n [ 745.561112] device_release_driver_internal+0x1df/0x240\n [ 745.561631] driver_detach+0x47/0x90\n [ 745.562022] bus_remove_driver+0x84/0x100\n [ 745.562444] pci_unregister_driver+0x3b/0x90\n [ 745.562890] mlx5_cleanup+0xc/0x1b [mlx5_core]\n [ 745.563415] __x64_sys_delete_module+0x14d/0x2f0\n [ 745.563886] ? kmem_cache_free+0x1b0/0x460\n [ 745.564313] ? lockdep_hardirqs_on_prepare+0xe2/0x190\n [ 745.564825] do_syscall_64+0x6d/0x140\n [ 745.565223] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n [ 745.565725] RIP: 0033:0x7f1579b1288b" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: No llamar a cleanup en caso de fallo en la reversi\u00f3n del perfil Cuando la reversi\u00f3n del perfil falla en mlx5e_netdev_change_profile, la variable de perfil netdev se deja establecida en NULL. Evite un bloqueo al descargar el controlador al no llamar a profile->cleanup en tal caso. Esto se encontr\u00f3 durante la prueba, con el disparador original de que la creaci\u00f3n del hilo wq rescuer se interrumpi\u00f3 (presumiblemente debido a Ctrl+C-ing modprobe), que se convierte a ENOMEM (-12) por mlx5e_priv_init, la reversi\u00f3n del perfil tambi\u00e9n falla por la misma raz\u00f3n (la se\u00f1al sigue activa) por lo que el perfil se deja como NULL, lo que lleva a un bloqueo m\u00e1s adelante en _mlx5e_remove. [ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Descargar vfs: modo(OFFLOADS), nvfs(2), necvfs(0), vports(2) activos [ 734.525513] cola de trabajo: Error al crear un kthread de rescate para wq \"mlx5e\": -EINTR [ 734.557372] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init fall\u00f3, err=-12 [ 734.559187] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: nuevo Error en la inicializaci\u00f3n del perfil, -12 [734.560153] workqueue: Error al crear un kthread de rescate para wq \"mlx5e\": -EINTR [734.589378] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init fall\u00f3, err=-12 [734.591136] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: error al revertir al perfil original, -12 [745.537492] ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000008 [745.538222] #PF: acceso de lectura del supervisor en modo kernel [ 745.551290] Seguimiento de llamadas: [ 745.551590] [ 745.551866] ? __die+0x20/0x60 [ 745.552218] ? page_fault_oops+0x150/0x400 [ 745.555307] ? exc_page_fault+0x79/0x240 [ 745.555729] ? asm_exc_page_fault+0x22/0x30 [ 745.556166] ? mlx5e_remove+0x6b/0xb0 [mlx5_core] [ 745.556698] bus_auxiliar_eliminar+0x18/0x30 [ 745.557134] dispositivo_liberaci\u00f3n_controlador_interno+0x1df/0x240 [ 745.557654] bus_eliminar_dispositivo+0xd7/0x140 [ 745.558075] dispositivo_del+0x15b/0x3c0 [ 745.558456] mlx5_rescan_drivers_locked.part.0+0xb1/0x2f0 [mlx5_core] [ 745.559112] mlx5_anular_registro_dispositivo+0x34/0x50 [mlx5_core] [ 745.559686] mlx5_uninit_one+0x46/0xf0 [mlx5_core] [ 745.560203] remove_one+0x4e/0xd0 [mlx5_core] [ 745.560694] pci_device_remove+0x39/0xa0 [ 745.561112] device_release_driver_internal+0x1df/0x240 [ 745.561631] driver_detach+0x47/0x90 [ 745.562022] bus_remove_driver+0x84/0x100 [ 745.562444] pci_unregister_driver+0x3b/0x90 [ 745.562890] mlx5_cleanup+0xc/0x1b [mlx5_core] [ 745.563415] __x64_sys_delete_module+0x14d/0x2f0 [ 745.563886] ? kmem_cache_free+0x1b0/0x460 [ 745.564313] ? lockdep_hardirqs_on_prepare+0xe2/0x190 [ 745.564825] hacer_syscall_64+0x6d/0x140 [ 745.565223] entrada_SYSCALL_64_after_hwframe+0x4b/0x53 [ 745.565725] RIP: 0033:0x7f1579b1288b" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50147.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50147.json index 4ea83dec174..7bbc70e6ef3 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50147.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50147.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50147", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.507", - "lastModified": "2024-11-07T10:15:06.507", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix command bitmask initialization\n\nCommand bitmask have a dedicated bit for MANAGE_PAGES command, this bit\nisn't Initialize during command bitmask Initialization, only during\nMANAGE_PAGES.\n\nIn addition, mlx5_cmd_trigger_completions() is trying to trigger\ncompletion for MANAGE_PAGES command as well.\n\nHence, in case health error occurred before any MANAGE_PAGES command\nhave been invoke (for example, during mlx5_enable_hca()),\nmlx5_cmd_trigger_completions() will try to trigger completion for\nMANAGE_PAGES command, which will result in null-ptr-deref error.[1]\n\nFix it by Initialize command bitmask correctly.\n\nWhile at it, re-write the code for better understanding.\n\n[1]\nBUG: KASAN: null-ptr-deref in mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]\nWrite of size 4 at addr 0000000000000214 by task kworker/u96:2/12078\nCPU: 10 PID: 12078 Comm: kworker/u96:2 Not tainted 6.9.0-rc2_for_upstream_debug_2024_04_07_19_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nWorkqueue: mlx5_health0000:08:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core]\nCall Trace:\n \n dump_stack_lvl+0x7e/0xc0\n kasan_report+0xb9/0xf0\n kasan_check_range+0xec/0x190\n mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]\n mlx5_cmd_flush+0x94/0x240 [mlx5_core]\n enter_error_state+0x6c/0xd0 [mlx5_core]\n mlx5_fw_fatal_reporter_err_work+0xf3/0x480 [mlx5_core]\n process_one_work+0x787/0x1490\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? pwq_dec_nr_in_flight+0xda0/0xda0\n ? assign_work+0x168/0x240\n worker_thread+0x586/0xd30\n ? rescuer_thread+0xae0/0xae0\n kthread+0x2df/0x3b0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x2d/0x70\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_asm+0x11/0x20\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: Arreglar la inicializaci\u00f3n de la m\u00e1scara de bits del comando La m\u00e1scara de bits del comando tiene un bit dedicado para el comando MANAGE_PAGES, este bit no se inicializa durante la inicializaci\u00f3n de la m\u00e1scara de bits del comando, solo durante MANAGE_PAGES. Adem\u00e1s, mlx5_cmd_trigger_completions() tambi\u00e9n intenta activar la finalizaci\u00f3n del comando MANAGE_PAGES. Por lo tanto, en caso de que se produzca un error de estado antes de que se haya invocado cualquier comando MANAGE_PAGES (por ejemplo, durante mlx5_enable_hca()), mlx5_cmd_trigger_completions() intentar\u00e1 activar la finalizaci\u00f3n del comando MANAGE_PAGES, lo que dar\u00e1 como resultado un error null-ptr-deref.[1] Arr\u00e9glalo inicializando la m\u00e1scara de bits del comando correctamente. Mientras lo haces, reescribe el c\u00f3digo para una mejor comprensi\u00f3n. [1] ERROR: KASAN: null-ptr-deref en mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core] Escritura de tama\u00f1o 4 en la direcci\u00f3n 0000000000000214 por la tarea kworker/u96:2/12078 CPU: 10 PID: 12078 Comm: kworker/u96:2 No contaminado 6.9.0-rc2_for_upstream_debug_2024_04_07_19_01 #1 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Cola de trabajo: mlx5_health0000:08:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core] Seguimiento de llamadas: dump_stack_lvl+0x7e/0xc0 kasan_report+0xb9/0xf0 kasan_check_range+0xec/0x190 mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core] mlx5_cmd_flush+0x94/0x240 [mlx5_core] enter_error_state+0x6c/0xd0 [mlx5_core] mlx5_fw_fatal_reporter_err_work+0xf3/0x480 [mlx5_core] process_one_work+0x787/0x1490 ? lockdep_hardirqs_on_prepare+0x400/0x400 ? pwq_dec_nr_in_flight+0xda0/0xda0 ? asignar_trabajo+0x168/0x240 subproceso_trabajador+0x586/0xd30 ? subproceso_rescatador+0xae0/0xae0 subproceso_k+0x2df/0x3b0 ? subproceso_k_completo_y_salir+0x20/0x20 ret_de_la_bifurcaci\u00f3n+0x2d/0x70 ? subproceso_k_completo_y_salir+0x20/0x20 ret_de_la_bifurcaci\u00f3n_asm+0x11/0x20 " } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50148.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50148.json index a5b4f5f5c4a..bd5e42eacbb 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50148.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50148.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50148", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.570", - "lastModified": "2024-11-08T16:15:47.973", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50149.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50149.json index a789a916d07..1ed3627dc11 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50149.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50149.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50149", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.640", - "lastModified": "2024-11-07T10:15:06.640", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't free job in TDR\n\nFreeing job in TDR is not safe as TDR can pass the run_job thread\nresulting in UAF. It is only safe for free job to naturally be called by\nthe scheduler. Rather free job in TDR, add to pending list.\n\n(cherry picked from commit ea2f6a77d0c40d97f4a4dc93fee4afe15d94926d)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: No liberar trabajo en TDR Liberar trabajo en TDR no es seguro, ya que TDR puede pasar el subproceso run_job, lo que genera una UAF. Solo es seguro que el programador llame naturalmente al trabajo libre. En lugar de liberar trabajo en TDR, agr\u00e9guelo a la lista de pendientes. (seleccionado de el commit ea2f6a77d0c40d97f4a4dc93fee4afe15d94926d)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50150.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50150.json index b0e1d5752a2..6b907fc5df0 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50150.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50150.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50150", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.707", - "lastModified": "2024-11-08T16:15:48.077", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50151.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50151.json index 9d99b5b0dbf..0c8fc3e3093 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50151.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50151.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50151", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.780", - "lastModified": "2024-11-08T16:15:48.230", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50152.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50152.json index 4c959f554ea..081e5d4aeda 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50152.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50152.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50152", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.850", - "lastModified": "2024-11-07T10:15:06.850", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning\uff1a\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n'ea is initialized to NULL' -> 'first successful memory allocation for\nea' -> 'something failed, goto sea_exit' -> 'first memory release for ea'\n-> 'goto replay_again' -> 'second goto sea_exit before allocate memory\nfor ea' -> 'second memory release for ea resulted in double free'.\n\nRe-initialie 'ea' to NULL near to the replay_again label, it can fix this\ndouble free problem." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning?\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n'ea is initialized to NULL' -> 'first successful memory allocation for\nea' -> 'something failed, goto sea_exit' -> 'first memory release for ea'\n-> 'goto replay_again' -> 'second goto sea_exit before allocate memory\nfor ea' -> 'second memory release for ea resulted in double free'.\n\nRe-initialie 'ea' to NULL near to the replay_again label, it can fix this\ndouble free problem." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: se corrige una posible doble liberaci\u00f3n en smb2_set_ea() Advertencia del comprobador est\u00e1tico de Clang (scan-build): fs/smb/client/smb2ops.c:1304:2: Intento de liberar memoria liberada. 1304 | kfree(ea); | ^~~~~~~~~ Hay una doble liberaci\u00f3n en tal caso: 'ea se inicializa a NULL' -> 'primera asignaci\u00f3n de memoria exitosa para ea' -> 'algo fall\u00f3, goto sea_exit' -> 'primera liberaci\u00f3n de memoria para ea' -> 'goto replay_again' -> 'segundo goto sea_exit antes de asignar memoria para ea' -> 'la segunda liberaci\u00f3n de memoria para ea result\u00f3 en una doble liberaci\u00f3n'. Reinicialice 'ea' a NULL cerca de la etiqueta replay_again, puede solucionar este problema de doble liberaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50153.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50153.json index 7630848020c..200bb683537 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50153.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50153.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50153", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.917", - "lastModified": "2024-11-08T16:15:48.317", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50154.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50154.json index 91fca24d6cc..f288032bdb0 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50154.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50154.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50154", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.987", - "lastModified": "2024-11-07T10:15:06.987", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req->sk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer->entry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req->sk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req->sk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req->sk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req->sk\n\nLet's not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp/dccp: No use timer_pending() en reqsk_queue_unlink(). Martin KaFai Lau inform\u00f3 de un use-after-free [0] en reqsk_timer_handler(). \"\"\" Estamos viendo un use-after-free de un programa bpf adjunto a trace_tcp_retransmit_synack. El programa pasa el req->sk al ayudante del kernel bpf_sk_storage_get_tracing que comprueba si hay valores nulos antes de usarlo. \"\"\" El commit 83fccfc3940c (\"inet: soluciona un posible bloqueo en reqsk_queue_unlink()\") agreg\u00f3 timer_pending() en reqsk_queue_unlink() para no llamar a del_timer_sync() desde reqsk_timer_handler(), pero introdujo una peque\u00f1a ventana de ejecuci\u00f3n. Antes de que se llame al temporizador, expire_timers() llama a detach_timer(timer, true) para borrar timer->entry.pprev y lo marca como no pendiente. Si reqsk_queue_unlink() comprueba timer_pending() justo despu\u00e9s de que expire_timers() llame a detach_timer(), TCP no detectar\u00e1 del_timer_sync(); el temporizador reqsk seguir\u00e1 funcionando y enviar\u00e1 varios SYN+ACK hasta que expire. El UAF informado podr\u00eda ocurrir si se cierra req->sk antes de la expiraci\u00f3n del temporizador, que es 63 s por defecto. El escenario ser\u00eda 1. inet_csk_complete_hashdance() llama a inet_csk_reqsk_queue_drop(), pero se omite del_timer_sync() 2. se ejecuta el temporizador reqsk y se programa nuevamente 3. se acepta req->sk y reqsk_put() decrementa rsk_refcnt, pero el temporizador reqsk a\u00fan tiene otro, e inet_csk_accept() no borra req->sk para sockets que no sean TFO 4. se cierra sk 5. se ejecuta nuevamente el temporizador reqsk y BPF toca req->sk No usemos timer_pending() pasando el contexto del llamador a __inet_csk_reqsk_queue_drop(). Tenga en cuenta que el temporizador reqsk est\u00e1 fijado, por lo que el problema no ocurre en la mayor\u00eda de los casos de uso. [1] [0] ERROR: KFENCE: lectura de use-after-free en bpf_sk_storage_get_tracing+0x2e/0x1b0 Lectura de use-after-free en 0x00000000a891fb3a (en kfence-#1): bpf_sk_storage_get_tracing+0x2e/0x1b0 bpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda bpf_trace_run2+0x4c/0xc0 tcp_rtx_synack+0xf9/0x100 reqsk_timer_handler+0xda/0x3d0 run_timer_softirq+0x292/0x8a0 irq_exit_rcu+0xf5/0x320 sysvec_apic_timer_interrupt+0x6d/0x80 asm_sysvec_apic_timer_interrupt+0x16/0x20 intel_idle_irq+0x5a/0xa0 cpuidle_enter_state+0x94/0x273 cpu_startup_entry+0x15e/0x260 start_secondary+0x8a/0x90 secondary_startup_64_no_verify+0xfa/0xfb kfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, tama\u00f1o=2376, cach\u00e9=TCPv6 asignado por la tarea 0 en la CPU 9 en 260507.901592s: sk_prot_alloc+0x35/0x140 sk_clone_lock+0x1f/0x3f0 inet_csk_clone_lock+0x15/0x160 tcp_create_openreq_child+0x1f/0x410 tcp_v6_syn_recv_sock+0x1da/0x700 tcp_check_req+0x1fb/0x510 tcp_v6_rcv+0x98b/0x1420 ipv6_list_rcv+0x2258/0x26e0 napi_complete_done+0x5b1/0x2990 mlx5e_napi_poll+0x2ae/0x8d0 net_rx_action+0x13e/0x590 irq_exit_rcu+0xf5/0x320 common_interrupt+0x80/0x90 asm_common_interrupt+0x22/0x40 cpuidle_enter_state+0xfb/0x273 cpu_startup_entry+0x15e/0x260 start_secondary+0x8a/0x90 secondary_startup_64_no_verify+0xfa/0xfb liberado por la tarea 0 en la CPU 9 a las 260507.927527 s: rcu_core_si+0x4ff/0xf10 irq_exit_rcu+0xf5/0x320 sysvec_apic_timer_interrupt+0x6d/0x80 asm_sysvec_apic_timer_interrupt+0x16/0x20 cpu_idle_entrada_estado+0xfb/0x273 cpu_inicio_entrada+0x15e/0x260 inicio_secundario+0x8a/0x90 inicio_secundario_64_sin_verificaci\u00f3n+0xfa/0xfb" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50155.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50155.json index 6fc8afbb27f..c82f33ae697 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50155.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50155.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50155", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.060", - "lastModified": "2024-11-07T10:15:07.060", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: use cond_resched() in nsim_dev_trap_report_work()\n\nI am still seeing many syzbot reports hinting that syzbot\nmight fool nsim_dev_trap_report_work() with hundreds of ports [1]\n\nLets use cond_resched(), and system_unbound_wq\ninstead of implicit system_wq.\n\n[1]\nINFO: task syz-executor:20633 blocked for more than 143 seconds.\n Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006\n...\nNMI backtrace for cpu 1\nCPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events nsim_dev_trap_report_work\n RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210\nCode: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0\nRSP: 0018:ffffc90000a187e8 EFLAGS: 00000246\nRAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00\nRDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577\nR10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000\nR13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00\nFS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\nCall Trace:\n \n \n \n __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]\n nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netdevsim: use cond_resched() en nsim_dev_trap_report_work() Todav\u00eda veo muchos informes de syzbot que insin\u00faan que syzbot podr\u00eda enga\u00f1ar a nsim_dev_trap_report_work() con cientos de puertos [1] Usemos cond_resched() y system_unbound_wq en lugar de system_wq impl\u00edcito. [1] INFORMACI\u00d3N: tarea syz-executor:20633 bloqueada durante m\u00e1s de 143 segundos. No contaminada 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" deshabilita este mensaje. tarea:syz-executor estado:D pila:25856 pid:20633 tgid:20633 ppid:1 indicadores:0x00004006 ... Seguimiento NMI para CPU 1 CPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 No contaminado 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 Cola de trabajo: eventos nsim_dev_trap_report_work RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210 C\u00f3digo: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0 RSP: 0018:ffffc90000a187e8 EFLAGS: 00000246 RAX: 00000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00 RDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577 R10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000 R13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00 FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Seguimiento de llamadas: __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 spin_unlock_bh include/linux/spinlock.h:396 [en l\u00ednea] nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [en l\u00ednea] nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850 process_one_work kernel/workqueue.c:3229 [en l\u00ednea] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 subproceso de trabajo+0x870/0xd30 kernel/workqueue.c:3391 subproceso de trabajo+0x2f0/0x390 kernel/kthread.c:389 ret_de_la_bifurcaci\u00f3n+0x4b/0x80 arch/x86/kernel/process.c:147 ret_de_la_bifurcaci\u00f3n_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 " } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50156.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50156.json index 919d8d09542..c6467afc9fd 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50156.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50156.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50156", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.127", - "lastModified": "2024-11-07T10:15:07.127", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Avoid NULL dereference in msm_disp_state_print_regs()\n\nIf the allocation in msm_disp_state_dump_regs() failed then\n`block->state` can be NULL. The msm_disp_state_print_regs() function\n_does_ have code to try to handle it with:\n\n if (*reg)\n dump_addr = *reg;\n\n...but since \"dump_addr\" is initialized to NULL the above is actually\na noop. The code then goes on to dereference `dump_addr`.\n\nMake the function print \"Registers not stored\" when it sees a NULL to\nsolve this. Since we're touching the code, fix\nmsm_disp_state_print_regs() not to pointlessly take a double-pointer\nand properly mark the pointer as `const`.\n\nPatchwork: https://patchwork.freedesktop.org/patch/619657/" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm: Evitar la desreferenciaci\u00f3n NULL en msm_disp_state_print_regs() Si la asignaci\u00f3n en msm_disp_state_dump_regs() falla, entonces `block->state` puede ser NULL. La funci\u00f3n msm_disp_state_print_regs() _s\u00ed_ tiene c\u00f3digo para intentar manejarlo con: if (*reg) dump_addr = *reg; ...pero como \"dump_addr\" se inicializa a NULL, lo anterior es en realidad un noop. Luego, el c\u00f3digo contin\u00faa para desreferenciar `dump_addr`. Haga que la funci\u00f3n imprima \"Registros no almacenados\" cuando vea un NULL para resolver esto. Ya que estamos tocando el c\u00f3digo, arregle msm_disp_state_print_regs() para que no tome un puntero doble sin sentido y marque correctamente el puntero como `const`. Parche: https://patchwork.freedesktop.org/patch/619657/" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50157.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50157.json index 40631c5000f..446f05a71c8 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50157.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50157.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50157", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.193", - "lastModified": "2024-11-07T10:15:07.193", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop\n\nDriver waits indefinitely for the fifo occupancy to go below a threshold\nas soon as the pacing interrupt is received. This can cause soft lockup on\none of the processors, if the rate of DB is very high.\n\nAdd a loop count for FPGA and exit the __wait_for_fifo_occupancy_below_th\nif the loop is taking more time. Pacing will be continuing until the\noccupancy is below the threshold. This is ensured by the checks in\nbnxt_re_pacing_timer_exp and further scheduling the work for pacing based\non the fifo occupancy." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/bnxt_re: Evitar bloqueos de CPU debido al bucle de comprobaci\u00f3n de ocupaci\u00f3n fifo El controlador espera indefinidamente a que la ocupaci\u00f3n fifo baje de un umbral tan pronto como se recibe la interrupci\u00f3n de ritmo. Esto puede provocar un bloqueo suave en uno de los procesadores, si la tasa de DB es muy alta. Agregue un recuento de bucles para FPGA y salga de __wait_for_fifo_occupancy_below_th si el bucle est\u00e1 tomando m\u00e1s tiempo. El ritmo continuar\u00e1 hasta que la ocupaci\u00f3n est\u00e9 por debajo del umbral. Esto se garantiza mediante las comprobaciones en bnxt_re_pacing_timer_exp y la programaci\u00f3n adicional del trabajo para el ritmo en funci\u00f3n de la ocupaci\u00f3n fifo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50158.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50158.json index 646b379476f..5f0a6ffbfbc 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50158.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50158.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50158", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.260", - "lastModified": "2024-11-07T10:15:07.260", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix out of bound check\n\nDriver exports pacing stats only on GenP5 and P7 adapters. But while\nparsing the pacing stats, driver has a check for \"rdev->dbr_pacing\". This\ncaused a trace when KASAN is enabled.\n\nBUG: KASAN: slab-out-of-bounds in bnxt_re_get_hw_stats+0x2b6a/0x2e00 [bnxt_re]\nWrite of size 8 at addr ffff8885942a6340 by task modprobe/4809" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/bnxt_re: Se ha corregido la comprobaci\u00f3n fuera de los l\u00edmites. El controlador exporta estad\u00edsticas de ritmo solo en adaptadores GenP5 y P7. Pero al analizar las estad\u00edsticas de ritmo, el controlador tiene una comprobaci\u00f3n para \"rdev->dbr_pacing\". Esto provoc\u00f3 un seguimiento cuando KASAN est\u00e1 habilitado. ERROR: KASAN: slab-out-of-bounds en bnxt_re_get_hw_stats+0x2b6a/0x2e00 [bnxt_re] Escritura de tama\u00f1o 8 en la direcci\u00f3n ffff8885942a6340 por la tarea modprobe/4809" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50159.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50159.json index f1a2bdb92e7..d2beb756357 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50159.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50159.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50159", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.333", - "lastModified": "2024-11-07T10:15:07.333", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()\n\nClang static checker(scan-build) throws below warning\uff1a\n | drivers/firmware/arm_scmi/driver.c:line 2915, column 2\n | Attempt to free released memory.\n\nWhen devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup()\nwill run twice which causes double free of 'dbg->name'.\n\nRemove the redundant scmi_debugfs_common_cleanup() to fix this problem." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()\n\nClang static checker(scan-build) throws below warning?\n | drivers/firmware/arm_scmi/driver.c:line 2915, column 2\n | Attempt to free released memory.\n\nWhen devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup()\nwill run twice which causes double free of 'dbg->name'.\n\nRemove the redundant scmi_debugfs_common_cleanup() to fix this problem." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scmi: Se corrige la doble liberaci\u00f3n en scmi_debugfs_common_setup() El verificador est\u00e1tico de Clang (scan-build) arroja la siguiente advertencia: | drivers/firmware/arm_scmi/driver.c:line 2915, column 2 | Intenta liberar la memoria liberada. Cuando devm_add_action_or_reset() falla, scmi_debugfs_common_cleanup() se ejecutar\u00e1 dos veces, lo que provoca una doble liberaci\u00f3n de 'dbg->name'. Elimina el scmi_debugfs_common_cleanup() redundante para solucionar este problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50160.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50160.json index 47ed3d922b2..f042b6520c1 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50160.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50160.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50160", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.403", - "lastModified": "2024-11-07T10:15:07.403", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda/cs8409: Fix possible NULL dereference\n\nIf snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then\nNULL pointer dereference will occur in the next line.\n\nSince dolphin_fixups function is a hda_fixup function which is not supposed\nto return any errors, add simple check before dereference, ignore the fail.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda/cs8409: Se corrige una posible desreferencia de NULL. Si snd_hda_gen_add_kctl no puede asignar memoria y devuelve NULL, se producir\u00e1 una desreferencia de puntero NULL en la siguiente l\u00ednea. Dado que la funci\u00f3n dolphin_fixups es una funci\u00f3n hda_fixup que no deber\u00eda devolver ning\u00fan error, se debe agregar una comprobaci\u00f3n simple antes de la desreferencia e ignorar el error. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50161.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50161.json index c5d9485d05f..8f016d02ded 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50161.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50161.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50161", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.480", - "lastModified": "2024-11-07T10:15:07.480", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check the remaining info_cnt before repeating btf fields\n\nWhen trying to repeat the btf fields for array of nested struct, it\ndoesn't check the remaining info_cnt. The following splat will be\nreported when the value of ret * nelems is greater than BTF_FIELDS_MAX:\n\n ------------[ cut here ]------------\n UBSAN: array-index-out-of-bounds in ../kernel/bpf/btf.c:3951:49\n index 11 is out of range for type 'btf_field_info [11]'\n CPU: 6 UID: 0 PID: 411 Comm: test_progs ...... 6.11.0-rc4+ #1\n Tainted: [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ...\n Call Trace:\n \n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n ubsan_epilogue+0x9/0x40\n __ubsan_handle_out_of_bounds+0x6f/0x80\n ? kallsyms_lookup_name+0x48/0xb0\n btf_parse_fields+0x992/0xce0\n map_create+0x591/0x770\n __sys_bpf+0x229/0x2410\n __x64_sys_bpf+0x1f/0x30\n x64_sys_call+0x199/0x9f0\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7fea56f2cc5d\n ......\n \n ---[ end trace ]---\n\nFix it by checking the remaining info_cnt in btf_repeat_fields() before\nrepeating the btf fields." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Verificar el info_cnt restante antes de repetir los campos btf Al intentar repetir los campos btf para una matriz de estructuras anidadas, no verifica el info_cnt restante. Se informar\u00e1 el siguiente error cuando el valor de ret * nelems sea mayor que BTF_FIELDS_MAX: ------------[ cortar aqu\u00ed ]------------ UBSAN: array-index-out-of-bounds en ../kernel/bpf/btf.c:3951:49 el \u00edndice 11 est\u00e1 fuera de rango para el tipo 'btf_field_info [11]' CPU: 6 UID: 0 PID: 411 Comm: test_progs ...... 6.11.0-rc4+ #1 Tainted: [O]=OOT_MODULE Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ... Seguimiento de llamadas: dump_stack_lvl+0x57/0x70 dump_stack+0x10/0x20 ubsan_epilogue+0x9/0x40 __ubsan_handle_fuera_de_l\u00edmites+0x6f/0x80 ? kallsyms_lookup_name+0x48/0xb0 btf_parse_fields+0x992/0xce0 map_create+0x591/0x770 __sys_bpf+0x229/0x2410 __x64_sys_bpf+0x1f/0x30 x64_sys_call+0x199/0x9f0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7fea56f2cc5d ...... ---[ fin del seguimiento ]--- Arr\u00e9glelo comprobando el info_cnt restante en btf_repeat_fields() antes de repetir los campos btf." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50162.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50162.json index 6cdd1cc2846..03231932229 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50162.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50162.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50162", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.553", - "lastModified": "2024-11-07T10:15:07.553", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: devmap: provide rxq after redirect\n\nrxq contains a pointer to the device from where\nthe redirect happened. Currently, the BPF program\nthat was executed after a redirect via BPF_MAP_TYPE_DEVMAP*\ndoes not have it set.\n\nThis is particularly bad since accessing ingress_ifindex, e.g.\n\nSEC(\"xdp\")\nint prog(struct xdp_md *pkt)\n{\n return bpf_redirect_map(&dev_redirect_map, 0, 0);\n}\n\nSEC(\"xdp/devmap\")\nint prog_after_redirect(struct xdp_md *pkt)\n{\n bpf_printk(\"ifindex %i\", pkt->ingress_ifindex);\n return XDP_PASS;\n}\n\ndepends on access to rxq, so a NULL pointer gets dereferenced:\n\n<1>[ 574.475170] BUG: kernel NULL pointer dereference, address: 0000000000000000\n<1>[ 574.475188] #PF: supervisor read access in kernel mode\n<1>[ 574.475194] #PF: error_code(0x0000) - not-present page\n<6>[ 574.475199] PGD 0 P4D 0\n<4>[ 574.475207] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n<4>[ 574.475217] CPU: 4 UID: 0 PID: 217 Comm: kworker/4:1 Not tainted 6.11.0-rc5-reduced-00859-g780801200300 #23\n<4>[ 574.475226] Hardware name: Intel(R) Client Systems NUC13ANHi7/NUC13ANBi7, BIOS ANRPL357.0026.2023.0314.1458 03/14/2023\n<4>[ 574.475231] Workqueue: mld mld_ifc_work\n<4>[ 574.475247] RIP: 0010:bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c\n<4>[ 574.475257] Code: cc cc cc cc cc cc cc 80 00 00 00 cc cc cc cc cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 66 90 55 48 89 e5 f3 0f 1e fa 48 8b 57 20 <48> 8b 52 00 8b 92 e0 00 00 00 48 bf f8 a6 d5 c4 5d a0 ff ff be 0b\n<4>[ 574.475263] RSP: 0018:ffffa62440280c98 EFLAGS: 00010206\n<4>[ 574.475269] RAX: ffffa62440280cd8 RBX: 0000000000000001 RCX: 0000000000000000\n<4>[ 574.475274] RDX: 0000000000000000 RSI: ffffa62440549048 RDI: ffffa62440280ce0\n<4>[ 574.475278] RBP: ffffa62440280c98 R08: 0000000000000002 R09: 0000000000000001\n<4>[ 574.475281] R10: ffffa05dc8b98000 R11: ffffa05f577fca40 R12: ffffa05dcab24000\n<4>[ 574.475285] R13: ffffa62440280ce0 R14: ffffa62440549048 R15: ffffa62440549000\n<4>[ 574.475289] FS: 0000000000000000(0000) GS:ffffa05f4f700000(0000) knlGS:0000000000000000\n<4>[ 574.475294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n<4>[ 574.475298] CR2: 0000000000000000 CR3: 000000025522e000 CR4: 0000000000f50ef0\n<4>[ 574.475303] PKRU: 55555554\n<4>[ 574.475306] Call Trace:\n<4>[ 574.475313] \n<4>[ 574.475318] ? __die+0x23/0x70\n<4>[ 574.475329] ? page_fault_oops+0x180/0x4c0\n<4>[ 574.475339] ? skb_pp_cow_data+0x34c/0x490\n<4>[ 574.475346] ? kmem_cache_free+0x257/0x280\n<4>[ 574.475357] ? exc_page_fault+0x67/0x150\n<4>[ 574.475368] ? asm_exc_page_fault+0x26/0x30\n<4>[ 574.475381] ? bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c\n<4>[ 574.475386] bq_xmit_all+0x158/0x420\n<4>[ 574.475397] __dev_flush+0x30/0x90\n<4>[ 574.475407] veth_poll+0x216/0x250 [veth]\n<4>[ 574.475421] __napi_poll+0x28/0x1c0\n<4>[ 574.475430] net_rx_action+0x32d/0x3a0\n<4>[ 574.475441] handle_softirqs+0xcb/0x2c0\n<4>[ 574.475451] do_softirq+0x40/0x60\n<4>[ 574.475458] \n<4>[ 574.475461] \n<4>[ 574.475464] __local_bh_enable_ip+0x66/0x70\n<4>[ 574.475471] __dev_queue_xmit+0x268/0xe40\n<4>[ 574.475480] ? selinux_ip_postroute+0x213/0x420\n<4>[ 574.475491] ? alloc_skb_with_frags+0x4a/0x1d0\n<4>[ 574.475502] ip6_finish_output2+0x2be/0x640\n<4>[ 574.475512] ? nf_hook_slow+0x42/0xf0\n<4>[ 574.475521] ip6_finish_output+0x194/0x300\n<4>[ 574.475529] ? __pfx_ip6_finish_output+0x10/0x10\n<4>[ 574.475538] mld_sendpack+0x17c/0x240\n<4>[ 574.475548] mld_ifc_work+0x192/0x410\n<4>[ 574.475557] process_one_work+0x15d/0x380\n<4>[ 574.475566] worker_thread+0x29d/0x3a0\n<4>[ 574.475573] ? __pfx_worker_thread+0x10/0x10\n<4>[ 574.475580] ? __pfx_worker_thread+0x10/0x10\n<4>[ 574.475587] kthread+0xcd/0x100\n<4>[ 574.475597] ? __pfx_kthread+0x10/0x10\n<4>[ 574.475606] ret_from_fork+0x31/0x50\n<4>[ 574.475615] ? __pfx_kthread+0x10/0x10\n<4>[ 574.475623] ret_from_fork_asm+0x1a/0x\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: devmap: proporcionar rxq despu\u00e9s de la redirecci\u00f3n rxq contiene un puntero al dispositivo desde donde se produjo la redirecci\u00f3n. Actualmente, el programa BPF que se ejecut\u00f3 despu\u00e9s de una redirecci\u00f3n a trav\u00e9s de BPF_MAP_TYPE_DEVMAP* no lo tiene configurado. Esto es particularmente malo ya que se accede a ingress_ifindex, p. ej. SEC(\"xdp\") int prog(struct xdp_md *pkt) { return bpf_redirect_map(&dev_redirect_map, 0, 0); } SEC(\"xdp/devmap\") int prog_after_redirect(struct xdp_md *pkt) { bpf_printk(\"ifindex %i\", pkt->ingress_ifindex); return XDP_PASS; } depende del acceso a rxq, por lo que un puntero NULL se desreferencia: <1>[ 574.475170] ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000000 <1>[ 574.475188] #PF: acceso de lectura del supervisor en modo n\u00facleo <1>[ 574.475194] #PF: error_code(0x0000) - p\u00e1gina no presente <6>[ 574.475199] PGD 0 P4D 0 <4>[ 574.475207] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI <4>[ 574.475217] CPU: 4 UID: 0 PID: 217 Comm: kworker/4:1 No contaminado 6.11.0-rc5-reduced-00859-g780801200300 #23 <4>[ 574.475226] Nombre del hardware: Intel(R) Client Systems NUC13ANHi7/NUC13ANBi7, BIOS ANRPL357.0026.2023.0314.1458 14/03/2023 <4>[ 574.475231] Cola de trabajo: mld mld_ifc_work <4>[ 574.475247] RIP: 0010:bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c <4>[ 574.475257] C\u00f3digo: cc cc cc cc cc cc cc 80 00 00 00 cc cc cc cc cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 66 90 55 48 89 e5 f3 0f 1e fa 48 8b 57 20 <48> 8b 52 00 8b 92 e0 00 00 00 48 bf f8 a6 d5 c4 5d a0 ff ff be 0b <4>[ 574.475263] RSP: 0018:ffffa62440280c98 EFLAGS: 00010206 <4>[ 574.475269] RAX: ffffa62440280cd8 RBX: 00000000000000001 RCX: 0000000000000000 <4>[ 574.475274] RDX: 0000000000000000 RSI: ffffa62440549048 RDI: ffffa62440280ce0 <4>[ 574.475278] RBP: ffffa62440280c98 R08: 0000000000000002 R09: 0000000000000001 <4>[ 574.475281] R10: ffffa05dc8b98000 R11: ffffa05f577fca40 R12: ffffa05dcab24000 <4>[ 574.475285] R13: ffffa62440280ce0 R14: ffffa62440549048 R15: ffffa62440549000 <4>[ 574.475289] FS: 000000000000000(0000) GS:ffffa05f4f700000(0000) knlGS:0000000000000000 <4>[ 574.475294] CS: 0010 DS: 0000 ES: 0000 CR0: 000000080050033 <4>[ 574.475298] CR2: 0000000000000000 CR3: 000000025522e000 CR4: 0000000000f50ef0 <4>[ 574.475303] PKRU: 55555554 <4>[ 574.475306] Rastreo de llamadas: <4>[ 574.475313] <4>[ 574.475318] ? __die+0x23/0x70 <4>[ 574.475329] ? page_fault_oops+0x180/0x4c0 <4>[ 574.475339] ? asm_exc_page_fault+0x26/0x30 <4>[ 574.475381] ? bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c <4>[ 574.475386] bq_xmit_all+0x158/0x420 <4>[ 574.475397] __dev_flush+0x30/0x90 <4>[ 574.475407] veth_poll+0x216/0x250 [veth] <4>[ 574.475421] __napi_poll+0x28/0x1c0 <4>[ 574.475430] net_rx_action+0x32d/0x3a0 <4>[ 574.475441] selinux_ip_postroute+0x213/0x420 <4>[ 574.475491] ? nf_hook_slow+0x42/0xf0 <4>[ 574.475521] ip6_finish_output+0x194/0x300 <4>[ 574.475529] ? __pfx_ip6_finish_output+0x10/0x10 <4>[ 574.475538] mld_sendpack+0x17c/0x240 <4>[ 574.475548] mld_ifc_work+0x192/0x410 <4>[ 574.475557] proceso_uno_trabajo+0x15d/0x380 <4>[ 574.475566] subproceso_trabajador+0x29d/0x3a0 <4>[ 574.475573] ? __pfx_worker_thread+0x10/0x10 <4>[ 574.475580] ? __pfx_worker_thread+0x10/0x10 <4>[ 574.475587] kthread+0xcd/0x100 <4>[ 574.475597] ? __pfx_kthread+0x10/0x10 <4>[ 574.475606] ret_from_fork+0x31/0x50 <4>[ 574.475615] ? __pfx_kthread+0x10/0x10 <4>[ 574.475623] ret_from_fork_asm+0x1a/0x ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50163.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50163.json index d12c8c15090..6b2ba095568 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50163.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50163.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50163", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.627", - "lastModified": "2024-11-07T10:15:07.627", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make sure internal and UAPI bpf_redirect flags don't overlap\n\nThe bpf_redirect_info is shared between the SKB and XDP redirect paths,\nand the two paths use the same numeric flag values in the ri->flags\nfield (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that\nif skb bpf_redirect_neigh() is used with a non-NULL params argument and,\nsubsequently, an XDP redirect is performed using the same\nbpf_redirect_info struct, the XDP path will get confused and end up\ncrashing, which syzbot managed to trigger.\n\nWith the stack-allocated bpf_redirect_info, the structure is no longer\nshared between the SKB and XDP paths, so the crash doesn't happen\nanymore. However, different code paths using identically-numbered flag\nvalues in the same struct field still seems like a bit of a mess, so\nthis patch cleans that up by moving the flag definitions together and\nredefining the three flags in BPF_F_REDIRECT_INTERNAL to not overlap\nwith the flags used for XDP. It also adds a BUILD_BUG_ON() check to make\nsure the overlap is not re-introduced by mistake." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Aseg\u00farese de que los indicadores bpf_redirect internos y de UAPI no se superpongan El bpf_redirect_info se comparte entre las rutas de redireccionamiento de SKB y XDP, y las dos rutas usan los mismos valores de indicador num\u00e9rico en el campo ri->flags (espec\u00edficamente, BPF_F_BROADCAST == BPF_F_NEXTHOP). Esto significa que si se usa skb bpf_redirect_neigh() con un argumento params distinto de NULL y, posteriormente, se realiza una redirecci\u00f3n de XDP usando la misma estructura bpf_redirect_info, la ruta de XDP se confundir\u00e1 y terminar\u00e1 fallando, lo que syzbot logr\u00f3 activar. Con el bpf_redirect_info asignado a la pila, la estructura ya no se comparte entre las rutas de SKB y XDP, por lo que el bloqueo ya no ocurre. Sin embargo, el uso de diferentes rutas de c\u00f3digo que utilizan valores de indicadores numerados de manera id\u00e9ntica en el mismo campo de estructura sigue pareciendo un poco confuso, por lo que este parche soluciona el problema juntando las definiciones de indicadores y redefiniendo los tres indicadores en BPF_F_REDIRECT_INTERNAL para que no se superpongan con los indicadores utilizados para XDP. Tambi\u00e9n agrega una comprobaci\u00f3n BUILD_BUG_ON() para asegurarse de que la superposici\u00f3n no se vuelva a introducir por error." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50164.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50164.json index 536451b3e38..63f60e70bb9 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50164.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50164.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50164", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.697", - "lastModified": "2024-11-07T10:15:07.697", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overloading of MEM_UNINIT's meaning\n\nLonial reported an issue in the BPF verifier where check_mem_size_reg()\nhas the following code:\n\n if (!tnum_is_const(reg->var_off))\n /* For unprivileged variable accesses, disable raw\n * mode so that the program is required to\n * initialize all the memory that the helper could\n * just partially fill up.\n */\n meta = NULL;\n\nThis means that writes are not checked when the register containing the\nsize of the passed buffer has not a fixed size. Through this bug, a BPF\nprogram can write to a map which is marked as read-only, for example,\n.rodata global maps.\n\nThe problem is that MEM_UNINIT's initial meaning that \"the passed buffer\nto the BPF helper does not need to be initialized\" which was added back\nin commit 435faee1aae9 (\"bpf, verifier: add ARG_PTR_TO_RAW_STACK type\")\ngot overloaded over time with \"the passed buffer is being written to\".\n\nThe problem however is that checks such as the above which were added later\nvia 06c1c049721a (\"bpf: allow helpers access to variable memory\") set meta\nto NULL in order force the user to always initialize the passed buffer to\nthe helper. Due to the current double meaning of MEM_UNINIT, this bypasses\nverifier write checks to the memory (not boundary checks though) and only\nassumes the latter memory is read instead.\n\nFix this by reverting MEM_UNINIT back to its original meaning, and having\nMEM_WRITE as an annotation to BPF helpers in order to then trigger the\nBPF verifier checks for writing to memory.\n\nSome notes: check_arg_pair_ok() ensures that for ARG_CONST_SIZE{,_OR_ZERO}\nwe can access fn->arg_type[arg - 1] since it must contain a preceding\nARG_PTR_TO_MEM. For check_mem_reg() the meta argument can be removed\naltogether since we do check both BPF_READ and BPF_WRITE. Same for the\nequivalent check_kfunc_mem_size_reg()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Se corrige la sobrecarga del significado de MEM_UNINIT Lonial inform\u00f3 de un problema en el verificador BPF donde check_mem_size_reg() tiene el siguiente c\u00f3digo: if (!tnum_is_const(reg->var_off)) /* Para accesos a variables sin privilegios, deshabilitar el modo sin formato * para que el programa deba * inicializar toda la memoria que el ayudante podr\u00eda * llenar parcialmente. */ meta = NULL; Esto significa que las escrituras no se verifican cuando el registro que contiene el tama\u00f1o del b\u00fafer pasado no tiene un tama\u00f1o fijo. A trav\u00e9s de este error, un programa BPF puede escribir en un mapa que est\u00e1 marcado como de solo lectura, por ejemplo, mapas globales .rodata. El problema es que el significado inicial de MEM_UNINIT de que \"el buffer pasado al ayudante BPF no necesita ser inicializado\" que se agreg\u00f3 en el commit 435faee1aae9 (\"bpf, verificador: agregar tipo ARG_PTR_TO_RAW_STACK\") se sobrecarg\u00f3 con el tiempo con \"se est\u00e1 escribiendo en el b\u00fafer pasado\". Sin embargo, el problema es que las comprobaciones como la anterior que se agregaron m\u00e1s tarde a trav\u00e9s de 06c1c049721a (\"bpf: permitir que los ayudantes accedan a la memoria variable\") establecen meta en NULL para obligar al usuario a inicializar siempre el b\u00fafer pasado al ayudante. Debido al doble significado actual de MEM_UNINIT, esto omite las comprobaciones de escritura del verificador en la memoria (aunque no las comprobaciones de los l\u00edmites) y solo supone que se lee la \u00faltima memoria en su lugar. Solucione esto revirtiendo MEM_UNINIT a su significado original y haciendo que MEM_WRITE sea una anotaci\u00f3n para los ayudantes de BPF para luego activar las comprobaciones del verificador de BPF para escribir en la memoria. Algunas notas: check_arg_pair_ok() garantiza que para ARG_CONST_SIZE{,_OR_ZERO} podamos acceder a fn->arg_type[arg - 1] ya que debe contener un ARG_PTR_TO_MEM anterior. Para check_mem_reg(), el argumento meta se puede eliminar por completo ya que verificamos tanto BPF_READ como BPF_WRITE. Lo mismo para el check_kfunc_mem_size_reg() equivalente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50165.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50165.json index b322e8a2f9a..88217337012 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50165.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50165.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50165", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.770", - "lastModified": "2024-11-07T10:15:07.770", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Preserve param->string when parsing mount options\n\nIn bpf_parse_param(), keep the value of param->string intact so it can\nbe freed later. Otherwise, the kmalloc area pointed to by param->string\nwill be leaked as shown below:\n\nunreferenced object 0xffff888118c46d20 (size 8):\n comm \"new_name\", pid 12109, jiffies 4295580214\n hex dump (first 8 bytes):\n 61 6e 79 00 38 c9 5c 7e any.8.\\~\n backtrace (crc e1b7f876):\n [<00000000c6848ac7>] kmemleak_alloc+0x4b/0x80\n [<00000000de9f7d00>] __kmalloc_node_track_caller_noprof+0x36e/0x4a0\n [<000000003e29b886>] memdup_user+0x32/0xa0\n [<0000000007248326>] strndup_user+0x46/0x60\n [<0000000035b3dd29>] __x64_sys_fsconfig+0x368/0x3d0\n [<0000000018657927>] x64_sys_call+0xff/0x9f0\n [<00000000c0cabc95>] do_syscall_64+0x3b/0xc0\n [<000000002f331597>] entry_SYSCALL_64_after_hwframe+0x4b/0x53" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: preservar param->string al analizar las opciones de montaje. En bpf_parse_param(), mantenga intacto el valor de param->string para que pueda liberarse m\u00e1s tarde. De lo contrario, el \u00e1rea kmalloc a la que apunta param->string se filtrar\u00e1 como se muestra a continuaci\u00f3n: objeto sin referencia 0xffff888118c46d20 (tama\u00f1o 8): comm \"new_name\", pid 12109, jiffies 4295580214 volcado hexadecimal (primeros 8 bytes): 61 6e 79 00 38 c9 5c 7e any.8.\\~ backtrace (crc e1b7f876): [<00000000c6848ac7>] kmemleak_alloc+0x4b/0x80 [<00000000de9f7d00>] __kmalloc_node_track_caller_noprof+0x36e/0x4a0 [<000000003e29b886>] memdup_user+0x32/0xa0 [<0000000007248326>] strndup_user+0x46/0x60 [<0000000035b3dd29>] __x64_sys_fsconfig+0x368/0x3d0 [<0000000018657927>] x64_sys_call+0xff/0x9f0 [<00000000c0cabc95>] do_syscall_64+0x3b/0xc0 [<000000002f331597>] entrada_SYSCALL_64_after_hwframe+0x4b/0x53" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50166.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50166.json index c75086d9cb0..729792c73eb 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50166.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50166.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50166", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.830", - "lastModified": "2024-11-07T10:15:07.830", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsl/fman: Fix refcount handling of fman-related devices\n\nIn mac_probe() there are multiple calls to of_find_device_by_node(),\nfman_bind() and fman_port_bind() which takes references to of_dev->dev.\nNot all references taken by these calls are released later on error path\nin mac_probe() and in mac_remove() which lead to reference leaks.\n\nAdd references release." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fsl/fman: se ha corregido el manejo de refcount de dispositivos relacionados con fman En mac_probe() hay m\u00faltiples llamadas a of_find_device_by_node(), fman_bind() y fman_port_bind() que toman referencias a of_dev->dev. No todas las referencias tomadas por estas llamadas se liberan m\u00e1s tarde en la ruta de error en mac_probe() y en mac_remove(), lo que provoca fugas de referencias. Agregar referencias release." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50167.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50167.json index 945d87e180d..06c57086af0 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50167.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50167.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50167", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.893", - "lastModified": "2024-11-08T16:15:48.403", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50168.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50168.json index 3afffd72c0f..2926a72e031 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50168.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50168.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50168", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.960", - "lastModified": "2024-11-08T16:15:48.493", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50169.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50169.json index 0e6c5e22e20..567490034ff 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50169.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50169.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50169", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:08.033", - "lastModified": "2024-11-07T10:15:08.033", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Update rx_bytes on read_skb()\n\nMake sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt()\ncalls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn't lie) after\nvsock_transport::read_skb().\n\nWhile here, also inform the peer that we've freed up space and it has more\ncredit.\n\nFailing to update rx_bytes after packet is dequeued leads to a warning on\nSOCK_STREAM recv():\n\n[ 233.396654] rx_queue is empty, but rx_bytes is non-zero\n[ 233.396702] WARNING: CPU: 11 PID: 40601 at net/vmw_vsock/virtio_transport_common.c:589" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vsock: Actualizar rx_bytes en read_skb() Aseg\u00farese de que las llamadas a virtio_transport_inc_rx_pkt() y virtio_transport_dec_rx_pkt() est\u00e9n equilibradas (es decir, virtio_vsock_sock::rx_bytes no mienta) despu\u00e9s de vsock_transport::read_skb(). Mientras est\u00e9 aqu\u00ed, tambi\u00e9n informe al par que hemos liberado espacio y que tiene m\u00e1s cr\u00e9dito. Si no se actualiza rx_bytes despu\u00e9s de que se saca el paquete de la cola, se genera una advertencia en SOCK_STREAM recv(): [ 233.396654] rx_queue est\u00e1 vac\u00edo, pero rx_bytes no es cero [ 233.396702] ADVERTENCIA: CPU: 11 PID: 40601 en net/vmw_vsock/virtio_transport_common.c:589" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50170.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50170.json index dd477be71ba..e648f351b48 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50170.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50170.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50170", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:08.093", - "lastModified": "2024-11-07T10:15:08.093", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmasp: fix potential memory leak in bcmasp_xmit()\n\nThe bcmasp_xmit() returns NETDEV_TX_OK without freeing skb\nin case of mapping fails, add dev_kfree_skb() to fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: bcmasp: corrige una posible p\u00e9rdida de memoria en bcmasp_xmit(). bcmasp_xmit() devuelve NETDEV_TX_OK sin liberar skb en caso de que falle el mapeo, agregue dev_kfree_skb() para solucionarlo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50171.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50171.json index f72e2c9827d..0ed45143b3b 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50171.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50171.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50171", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:08.160", - "lastModified": "2024-11-08T16:15:48.577", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50172.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50172.json index ed4848fe48c..e604fe4514c 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50172.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50172.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50172", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:08.227", - "lastModified": "2024-11-07T10:15:08.227", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix a possible memory leak\n\nIn bnxt_re_setup_chip_ctx() when bnxt_qplib_map_db_bar() fails\ndriver is not freeing the memory allocated for \"rdev->chip_ctx\"." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/bnxt_re: Se corrige una posible p\u00e9rdida de memoria En bnxt_re_setup_chip_ctx() cuando bnxt_qplib_map_db_bar() falla, el controlador no libera la memoria asignada para \"rdev->chip_ctx\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50173.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50173.json index 217484385eb..a88686cadba 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50173.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50173.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50173", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:14.840", - "lastModified": "2024-11-08T06:15:14.840", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup()\n\nThe group variable can't be used to retrieve ptdev in our second loop,\nbecause it points to the previously iterated list_head, not a valid\ngroup. Get the ptdev object from the scheduler instead." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/panthor: Se corrige el acceso a una variable no inicializada en tick_ctx_cleanup() La variable de grupo no se puede usar para recuperar ptdev en nuestro segundo bucle, porque apunta a list_head iterado previamente, no a un grupo v\u00e1lido. En su lugar, obtenga el objeto ptdev del programador." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50174.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50174.json index 58146083f11..d8e3862e54d 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50174.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50174.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50174", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:14.923", - "lastModified": "2024-11-08T06:15:14.923", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix race when converting group handle to group object\n\nXArray provides it's own internal lock which protects the internal array\nwhen entries are being simultaneously added and removed. However there\nis still a race between retrieving the pointer from the XArray and\nincrementing the reference count.\n\nTo avoid this race simply hold the internal XArray lock when\nincrementing the reference count, this ensures there cannot be a racing\ncall to xa_erase()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/panthor: Se corrige la ejecuci\u00f3n al convertir el identificador de grupo en un objeto de grupo XArray proporciona su propio bloqueo interno que protege la matriz interna cuando se agregan y eliminan entradas simult\u00e1neamente. Sin embargo, todav\u00eda hay una ejecuci\u00f3n entre recuperar el puntero de XArray e incrementar el recuento de referencias. Para evitar esta ejecuci\u00f3n, simplemente mantenga el bloqueo interno de XArray al incrementar el recuento de referencias, esto garantiza que no pueda haber una llamada de ejecuci\u00f3n a xa_erase()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50175.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50175.json index 5ff08e03caa..d5f04e8a034 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50175.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50175.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50175", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:14.987", - "lastModified": "2024-11-08T06:15:14.987", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: qcom: camss: Remove use_count guard in stop_streaming\n\nThe use_count check was introduced so that multiple concurrent Raw Data\nInterfaces RDIs could be driven by different virtual channels VCs on the\nCSIPHY input driving the video pipeline.\n\nThis is an invalid use of use_count though as use_count pertains to the\nnumber of times a video entity has been opened by user-space not the number\nof active streams.\n\nIf use_count and stream-on count don't agree then stop_streaming() will\nbreak as is currently the case and has become apparent when using CAMSS\nwith libcamera's released softisp 0.3.\n\nThe use of use_count like this is a bit hacky and right now breaks regular\nusage of CAMSS for a single stream case. Stopping qcam results in the splat\nbelow, and then it cannot be started again and any attempts to do so fails\nwith -EBUSY.\n\n[ 1265.509831] WARNING: CPU: 5 PID: 919 at drivers/media/common/videobuf2/videobuf2-core.c:2183 __vb2_queue_cancel+0x230/0x2c8 [videobuf2_common]\n...\n[ 1265.510630] Call trace:\n[ 1265.510636] __vb2_queue_cancel+0x230/0x2c8 [videobuf2_common]\n[ 1265.510648] vb2_core_streamoff+0x24/0xcc [videobuf2_common]\n[ 1265.510660] vb2_ioctl_streamoff+0x5c/0xa8 [videobuf2_v4l2]\n[ 1265.510673] v4l_streamoff+0x24/0x30 [videodev]\n[ 1265.510707] __video_do_ioctl+0x190/0x3f4 [videodev]\n[ 1265.510732] video_usercopy+0x304/0x8c4 [videodev]\n[ 1265.510757] video_ioctl2+0x18/0x34 [videodev]\n[ 1265.510782] v4l2_ioctl+0x40/0x60 [videodev]\n...\n[ 1265.510944] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 0 in active state\n[ 1265.511175] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 1 in active state\n[ 1265.511398] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 2 in active st\n\nOne CAMSS specific way to handle multiple VCs on the same RDI might be:\n\n- Reference count each pipeline enable for CSIPHY, CSID, VFE and RDIx.\n- The video buffers are already associated with msm_vfeN_rdiX so\n release video buffers when told to do so by stop_streaming.\n- Only release the power-domains for the CSIPHY, CSID and VFE when\n their internal refcounts drop.\n\nEither way refusing to release video buffers based on use_count is\nerroneous and should be reverted. The silicon enabling code for selecting\nVCs is perfectly fine. Its a \"known missing feature\" that concurrent VCs\nwon't work with CAMSS right now.\n\nInitial testing with this code didn't show an error but, SoftISP and \"real\"\nusage with Google Hangouts breaks the upstream code pretty quickly, we need\nto do a partial revert and take another pass at VCs.\n\nThis commit partially reverts commit 89013969e232 (\"media: camss: sm8250:\nPipeline starting and stopping for multiple virtual channels\")" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: qcom: camss: Eliminar la protecci\u00f3n use_count en stop_streaming La comprobaci\u00f3n use_count se introdujo para que varias interfaces de datos sin procesar (RDI) simult\u00e1neas pudieran ser controladas por diferentes canales virtuales VC en la entrada CSIPHY que controlan la canalizaci\u00f3n de v\u00eddeo. Sin embargo, este es un uso inv\u00e1lido de use_count, ya que use_count pertenece a la cantidad de veces que una entidad de v\u00eddeo ha sido abierta por el espacio de usuario, no a la cantidad de transmisiones activas. Si use_count y stream-on count no coinciden, stop_streaming() se romper\u00e1, como es el caso actualmente y se ha hecho evidente al usar CAMSS con el softisp 0.3 lanzado por libcamera. El uso de use_count de esta manera es un poco chapucero y, en este momento, interrumpe el uso regular de CAMSS para un solo caso de transmisi\u00f3n. Detener qcam da como resultado el splat a continuaci\u00f3n, y luego no se puede iniciar de nuevo y cualquier intento de hacerlo falla con -EBUSY. [ 1265.509831] ADVERTENCIA: CPU: 5 PID: 919 en drivers/media/common/videobuf2/videobuf2-core.c:2183 __vb2_queue_cancel+0x230/0x2c8 [videobuf2_common] ... [ 1265.510630] Rastreo de llamadas: [ 1265.510636] __vb2_queue_cancel+0x230/0x2c8 [videobuf2_common] [ 1265.510648] vb2_core_streamoff+0x24/0xcc [videobuf2_common] [ 1265.510660] vb2_ioctl_streamoff+0x5c/0xa8 [videobuf2_v4l2] [ 1265.510673] v4l_streamoff+0x24/0x30 [videodev] [ 1265.510707] __video_do_ioctl+0x190/0x3f4 [videodev] [ 1265.510732] video_usercopy+0x304/0x8c4 [videodev] [ 1265.510757] video_ioctl2+0x18/0x34 [videodev] [ 1265.510782] v4l2_ioctl+0x40/0x60 [videodev] ... [ 1265.510944] videobuf2_common: error del controlador: la operaci\u00f3n stop_streaming deja el b\u00fafer 0 en estado activo [ 1265.511175] videobuf2_common: error del controlador: la operaci\u00f3n stop_streaming deja el b\u00fafer 1 en estado activo [ 1265.511398] videobuf2_common: error del controlador: la operaci\u00f3n stop_streaming deja el buffer 2 en st activo Una forma espec\u00edfica de CAMSS para manejar m\u00faltiples VC en el mismo RDI podr\u00eda ser: - Conteo de referencia de cada canalizaci\u00f3n habilitada para CSIPHY, CSID, VFE y RDIx. - Los b\u00faferes de video ya est\u00e1n asociados con msm_vfeN_rdiX, por lo que libera los b\u00faferes de video cuando stop_streaming te lo indica. - Solo libera los dominios de energ\u00eda para CSIPHY, CSID y VFE cuando sus recuentos de referencia internos caen. De cualquier manera, negarse a liberar b\u00faferes de video seg\u00fan use_count es err\u00f3neo y debe revertirse. El c\u00f3digo de habilitaci\u00f3n de silicio para seleccionar VC est\u00e1 perfectamente bien. Es una \"caracter\u00edstica faltante conocida\" que los VC simult\u00e1neos no funcionar\u00e1n con CAMSS en este momento. Las pruebas iniciales con este c\u00f3digo no mostraron ning\u00fan error, pero SoftISP y el uso \"real\" con Google Hangouts rompen el c\u00f3digo ascendente con bastante rapidez. Necesitamos hacer una reversi\u00f3n parcial y volver a pasar por los VC. Esta confirmaci\u00f3n revierte parcialmente el commit 89013969e232 (\"media: camss: sm8250: Pipeline iniciando y deteni\u00e9ndose para m\u00faltiples canales virtuales\")" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50176.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50176.json index 27ebfb5089e..418beef8193 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50176.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50176.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50176", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.050", - "lastModified": "2024-11-08T06:15:15.050", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: k3-r5: Fix error handling when power-up failed\n\nBy simply bailing out, the driver was violating its rule and internal\nassumptions that either both or no rproc should be initialized. E.g.,\nthis could cause the first core to be available but not the second one,\nleading to crashes on its shutdown later on while trying to dereference\nthat second instance." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: remoteproc: k3-r5: Se corrige el manejo de errores cuando falla el encendido. Con solo salir del sistema, el controlador estaba violando su regla y suposiciones internas de que se deben inicializar ambos rproc o ninguno. Por ejemplo, esto podr\u00eda provocar que el primer n\u00facleo est\u00e9 disponible pero no el segundo, lo que provocar\u00eda fallas en su apagado m\u00e1s adelante al intentar desreferenciar esa segunda instancia." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50177.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50177.json index 0e70e4e8b51..0ee3ae92a2d 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50177.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50177.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50177", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.117", - "lastModified": "2024-11-08T06:15:15.117", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix a UBSAN warning in DML2.1\n\nWhen programming phantom pipe, since cursor_width is explicity set to 0,\nthis causes calculation logic to trigger overflow for an unsigned int\ntriggering the kernel's UBSAN check as below:\n\n[ 40.962845] UBSAN: shift-out-of-bounds in /tmp/amd.EfpumTkO/amd/amdgpu/../display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c:3312:34\n[ 40.962849] shift exponent 4294967170 is too large for 32-bit type 'unsigned int'\n[ 40.962852] CPU: 1 PID: 1670 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu\n[ 40.962854] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F21 01/10/2024\n[ 40.962856] Call Trace:\n[ 40.962857] \n[ 40.962860] dump_stack_lvl+0x48/0x70\n[ 40.962870] dump_stack+0x10/0x20\n[ 40.962872] __ubsan_handle_shift_out_of_bounds+0x1ac/0x360\n[ 40.962878] calculate_cursor_req_attributes.cold+0x1b/0x28 [amdgpu]\n[ 40.963099] dml_core_mode_support+0x6b91/0x16bc0 [amdgpu]\n[ 40.963327] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.963331] ? CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport+0x18b8/0x2790 [amdgpu]\n[ 40.963534] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.963536] ? dml_core_mode_support+0xb3db/0x16bc0 [amdgpu]\n[ 40.963730] dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu]\n[ 40.963906] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.963909] ? dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu]\n[ 40.964078] core_dcn4_mode_support+0x72/0xbf0 [amdgpu]\n[ 40.964247] dml2_top_optimization_perform_optimization_phase+0x1d3/0x2a0 [amdgpu]\n[ 40.964420] dml2_build_mode_programming+0x23d/0x750 [amdgpu]\n[ 40.964587] dml21_validate+0x274/0x770 [amdgpu]\n[ 40.964761] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.964763] ? resource_append_dpp_pipes_for_plane_composition+0x27c/0x3b0 [amdgpu]\n[ 40.964942] dml2_validate+0x504/0x750 [amdgpu]\n[ 40.965117] ? dml21_copy+0x95/0xb0 [amdgpu]\n[ 40.965291] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.965295] dcn401_validate_bandwidth+0x4e/0x70 [amdgpu]\n[ 40.965491] update_planes_and_stream_state+0x38d/0x5c0 [amdgpu]\n[ 40.965672] update_planes_and_stream_v3+0x52/0x1e0 [amdgpu]\n[ 40.965845] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.965849] dc_update_planes_and_stream+0x71/0xb0 [amdgpu]\n\nFix this by adding a guard for checking cursor width before triggering\nthe size calculation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: se corrige una advertencia de UBSAN en DML2.1 Al programar una tuber\u00eda fantasma, dado que cursor_width se establece expl\u00edcitamente en 0, esto hace que la l\u00f3gica de c\u00e1lculo active un desbordamiento para un int sin signo que activa la comprobaci\u00f3n UBSAN del kernel como se muestra a continuaci\u00f3n: [ 40.962845] UBSAN: desplazamiento fuera de los l\u00edmites en /tmp/amd.EfpumTkO/amd/amdgpu/../display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c:3312:34 [ 40.962849] El exponente de desplazamiento 4294967170 es demasiado grande para el tipo de 32 bits 'unsigned int' [ 40.962852] CPU: 1 PID: 1670 Comm: gnome-shell Contaminado: GW OE 6.5.0-41-generic #41~22.04.2-Ubuntu [ 40.962854] Nombre del hardware: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F21 01/10/2024 [ 40.962856] Seguimiento de llamadas: [ 40.962857] [ 40.962860] dump_stack_lvl+0x48/0x70 [ 40.962870] dump_stack+0x10/0x20 [ 40.962872] __ubsan_handle_shift_out_of_bounds+0x1ac/0x360 [ 40.962878] CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport+0x18b8/0x2790 [amdgpu] [ 40.963534] ? srso_alias_return_thunk+0x5/0x7f [ 40.963536] ? srso_alias_return_thunk+0x5/0x7f [ 40.963909] ? srso_alias_return_thunk+0x5/0x7f [ 40.964763] ? recurso_agregar_dpp_tuber\u00edas_para_composici\u00f3n_de_planos+0x27c/0x3b0 [amdgpu] [ 40.964942] dml2_validate+0x504/0x750 [amdgpu] [ 40.965117] ? dml21_copy+0x95/0xb0 [amdgpu] [ 40.965291] ? srso_alias_return_thunk+0x5/0x7f [ 40.965295] dcn401_validate_bandwidth+0x4e/0x70 [amdgpu] [ 40.965491] update_planes_and_stream_state+0x38d/0x5c0 [amdgpu] [ 40.965672] update_planes_and_stream_v3+0x52/0x1e0 [amdgpu] [ 40.965845] ? srso_alias_return_thunk+0x5/0x7f [ 40.965849] dc_update_planes_and_stream+0x71/0xb0 [amdgpu] Solucione esto agregando una protecci\u00f3n para verificar el ancho del cursor antes de activar el c\u00e1lculo del tama\u00f1o." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50178.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50178.json index 60ece7503f9..6a6571c4353 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50178.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50178.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50178", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.180", - "lastModified": "2024-11-08T06:15:15.180", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: loongson3: Use raw_smp_processor_id() in do_service_request()\n\nUse raw_smp_processor_id() instead of plain smp_processor_id() in\ndo_service_request(), otherwise we may get some errors with the driver\nenabled:\n\n BUG: using smp_processor_id() in preemptible [00000000] code: (udev-worker)/208\n caller is loongson3_cpufreq_probe+0x5c/0x250 [loongson3_cpufreq]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: loongson3: Use raw_smp_processor_id() en do_service_request() Use raw_smp_processor_id() en lugar de smp_processor_id() simple en do_service_request(), de lo contrario podemos obtener algunos errores con el controlador habilitado: ERROR: uso de smp_processor_id() en c\u00f3digo preemptible [00000000]: (udev-worker)/208 el que llama es loongson3_cpufreq_probe+0x5c/0x250 [loongson3_cpufreq]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50179.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50179.json index 145e2c3bc94..3a35ac059a6 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50179.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50179.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50179", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.250", - "lastModified": "2024-11-08T16:15:48.650", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50180.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50180.json index 9c682669457..f07d5e7fafb 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50180.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50180.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50180", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.313", - "lastModified": "2024-11-08T16:15:48.727", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50181.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50181.json index 7ea47b6d88c..12cf016e74f 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50181.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50181.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50181", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.390", - "lastModified": "2024-11-08T06:15:15.390", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D\n\nFor i.MX7D DRAM related mux clock, the clock source change should ONLY\nbe done done in low level asm code without accessing DRAM, and then\ncalling clk API to sync the HW clock status with clk tree, it should never\ntouch real clock source switch via clk API, so CLK_SET_PARENT_GATE flag\nshould NOT be added, otherwise, DRAM's clock parent will be disabled when\nDRAM is active, and system will hang." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: imx: eliminar CLK_SET_PARENT_GATE para mux DRAM para i.MX7D Para el reloj mux relacionado con DRAM i.MX7D, el cambio de fuente de reloj S\u00d3LO debe realizarse en c\u00f3digo asm de bajo nivel sin acceder a DRAM, y luego llamar a la API clk para sincronizar el estado del reloj de HW con el \u00e1rbol clk, nunca debe tocar el cambio de fuente de reloj real a trav\u00e9s de la API clk, por lo que el indicador CLK_SET_PARENT_GATE NO debe agregarse, de lo contrario, el reloj padre de DRAM se deshabilitar\u00e1 cuando DRAM est\u00e9 activo y el sistema se colgar\u00e1." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50182.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50182.json index c455597aca3..26036cdcc74 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50182.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50182.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50182", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.450", - "lastModified": "2024-11-08T06:15:15.450", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecretmem: disable memfd_secret() if arch cannot set direct map\n\nReturn -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). This\nis the case for example on some arm64 configurations, where marking 4k\nPTEs in the direct map not present can only be done if the direct map is\nset up at 4k granularity in the first place (as ARM's break-before-make\nsemantics do not easily allow breaking apart large/gigantic pages).\n\nMore precisely, on arm64 systems with !can_set_direct_map(),\nset_direct_map_invalid_noflush() is a no-op, however it returns success\n(0) instead of an error. This means that memfd_secret will seemingly\n\"work\" (e.g. syscall succeeds, you can mmap the fd and fault in pages),\nbut it does not actually achieve its goal of removing its memory from the\ndirect map.\n\nNote that with this patch, memfd_secret() will start erroring on systems\nwhere can_set_direct_map() returns false (arm64 with\nCONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n and\nCONFIG_KFENCE=n), but that still seems better than the current silent\nfailure. Since CONFIG_RODATA_FULL_DEFAULT_ENABLED defaults to 'y', most\narm64 systems actually have a working memfd_secret() and aren't be\naffected.\n\nFrom going through the iterations of the original memfd_secret patch\nseries, it seems that disabling the syscall in these scenarios was the\nintended behavior [1] (preferred over having\nset_direct_map_invalid_noflush return an error as that would result in\nSIGBUSes at page-fault time), however the check for it got dropped between\nv16 [2] and v17 [3], when secretmem moved away from CMA allocations.\n\n[1]: https://lore.kernel.org/lkml/20201124164930.GK8537@kernel.org/\n[2]: https://lore.kernel.org/lkml/20210121122723.3446-11-rppt@kernel.org/#t\n[3]: https://lore.kernel.org/lkml/20201125092208.12544-10-rppt@kernel.org/" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: secretmem: deshabilitar memfd_secret() si arch no puede establecer el mapa directo Devolver -ENOSYS de la llamada al sistema memfd_secret() si !can_set_direct_map(). Este es el caso, por ejemplo, de algunas configuraciones arm64, donde marcar 4k PTE en el mapa directo como no presentes solo se puede hacer si el mapa directo se configura con una granularidad de 4k en primer lugar (ya que la sem\u00e1ntica break-before-make de ARM no permite dividir f\u00e1cilmente p\u00e1ginas grandes/gigantescas). M\u00e1s precisamente, en sistemas arm64 con !can_set_direct_map(), set_direct_map_invalid_noflush() es una operaci\u00f3n sin efecto, sin embargo, devuelve \u00e9xito (0) en lugar de un error. Esto significa que memfd_secret aparentemente \"funcionar\u00e1\" (por ejemplo, la llamada al sistema tiene \u00e9xito, puede mmap el fd y el error en las p\u00e1ginas), pero en realidad no logra su objetivo de eliminar su memoria del mapa directo. Tenga en cuenta que con este parche, memfd_secret() comenzar\u00e1 a generar errores en sistemas donde can_set_direct_map() devuelve falso (arm64 con CONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n y CONFIG_KFENCE=n), pero eso parece mejor que el error silencioso actual. Dado que CONFIG_RODATA_FULL_DEFAULT_ENABLED tiene como valor predeterminado 'y', la mayor\u00eda de los sistemas arm64 tienen en realidad un memfd_secret() en funcionamiento y no se ven afectados. Al revisar las iteraciones de la serie de parches memfd_secret originales, parece que deshabilitar la llamada al sistema en estos escenarios era el comportamiento previsto [1] (preferible a que set_direct_map_invalid_noflush devuelva un error ya que eso generar\u00eda SIGBUS en el momento de la falla de la p\u00e1gina); sin embargo, la verificaci\u00f3n se abandon\u00f3 entre v16 [2] y v17 [3], cuando secretmem se alej\u00f3 de las asignaciones de CMA. [1]: https://lore.kernel.org/lkml/20201124164930.GK8537@kernel.org/ [2]: https://lore.kernel.org/lkml/20210121122723.3446-11-rppt@kernel.org/#t [3]: https://lore.kernel.org/lkml/20201125092208.12544-10-rppt@kernel.org/" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50183.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50183.json index 0a2a446d607..8c3bf87cc2f 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50183.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50183.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50183", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.520", - "lastModified": "2024-11-08T06:15:15.520", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance\n\nDeleting an NPIV instance requires all fabric ndlps to be released before\nan NPIV's resources can be torn down. Failure to release fabric ndlps\nbeforehand opens kref imbalance race conditions. Fix by forcing the DA_ID\nto complete synchronously with usage of wait_queue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: garantizar la finalizaci\u00f3n del manejo de DA_ID antes de eliminar una instancia de NPIV Eliminar una instancia de NPIV requiere que se liberen todos los ndlps de fabric antes de que se puedan eliminar los recursos de un NPIV. Si no se liberan los ndlps de fabric de antemano, se abren condiciones de ejecuci\u00f3n por desequilibrio de kref. Se soluciona forzando a que DA_ID se complete de manera sincr\u00f3nica con el uso de wait_queue." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50184.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50184.json index aec8a2e962c..43fd2266048 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50184.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50184.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50184", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.580", - "lastModified": "2024-11-08T16:15:48.820", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50185.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50185.json index a9fb4b1543b..9a8d029de13 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50185.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50185.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50185", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.640", - "lastModified": "2024-11-08T06:15:15.640", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: maneja de manera consistente la corrupci\u00f3n de DSS. La implementaci\u00f3n de pares con errores puede enviar opciones de DSS corruptas, lo que genera varias advertencias de manera constante en la ruta de datos. Use afirmaciones DEBUG_NET para evitar el splat en algunas compilaciones y manejar el error de manera consistente, volcando los MIB relacionados y realizando una copia de seguridad o un restablecimiento seg\u00fan el tipo de subflujo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50186.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50186.json index ca38de82e17..9484226e7f4 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50186.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50186.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50186", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.700", - "lastModified": "2024-11-08T06:15:15.700", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: explicitly clear the sk pointer, when pf->create fails\n\nWe have recently noticed the exact same KASAN splat as in commit\n6cd4a78d962b (\"net: do not leave a dangling sk pointer, when socket\ncreation fails\"). The problem is that commit did not fully address the\nproblem, as some pf->create implementations do not use sk_common_release\nin their error paths.\n\nFor example, we can use the same reproducer as in the above commit, but\nchanging ping to arping. arping uses AF_PACKET socket and if packet_create\nfails, it will just sk_free the allocated sk object.\n\nWhile we could chase all the pf->create implementations and make sure they\nNULL the freed sk object on error from the socket, we can't guarantee\nfuture protocols will not make the same mistake.\n\nSo it is easier to just explicitly NULL the sk pointer upon return from\npf->create in __sock_create. We do know that pf->create always releases the\nallocated sk object on error, so if the pointer is not NULL, it is\ndefinitely dangling." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: borrar expl\u00edcitamente el puntero sk, cuando pf->create falla Recientemente hemos notado exactamente el mismo splat de KASAN que en el commit 6cd4a78d962b (\"net: no deje un puntero sk colgando, cuando falla la creaci\u00f3n del socket\"). El problema es que el commit no solucion\u00f3 completamente el problema, ya que algunas implementaciones de pf->create no usan sk_common_release en sus rutas de error. Por ejemplo, podemos usar el mismo reproductor que en el commit anterior, pero cambiando ping a arping. arping usa el socket AF_PACKET y si packet_create falla, solo sk_free el objeto sk asignado. Si bien podr\u00edamos perseguir todas las implementaciones de pf->create y asegurarnos de que anulen el objeto sk liberado en caso de error del socket, no podemos garantizar que los protocolos futuros no cometan el mismo error. Por lo tanto, es m\u00e1s f\u00e1cil simplemente convertir expl\u00edcitamente en NULL el puntero sk al regresar de pf->create en __sock_create. Sabemos que pf->create siempre libera el objeto sk asignado en caso de error, por lo que si el puntero no es NULL, definitivamente est\u00e1 colgado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50187.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50187.json index b143811bfe7..a4ee2f17b9b 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50187.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50187.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50187", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.770", - "lastModified": "2024-11-08T06:15:15.770", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Stop the active perfmon before being destroyed\n\nUpon closing the file descriptor, the active performance monitor is not\nstopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`,\nthe active performance monitor's pointer (`vc4->active_perfmon`) is still\nretained.\n\nIf we open a new file descriptor and submit a few jobs with performance\nmonitors, the driver will attempt to stop the active performance monitor\nusing the stale pointer in `vc4->active_perfmon`. However, this pointer\nis no longer valid because the previous process has already terminated,\nand all performance monitors associated with it have been destroyed and\nfreed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/vc4: Detener el monitor de rendimiento activo antes de ser destruido Al cerrar el descriptor de archivo, el monitor de rendimiento activo no se detiene. Aunque todos los monitores de rendimiento se destruyen en `vc4_perfmon_close_file()`, el puntero del monitor de rendimiento activo (`vc4->active_perfmon`) a\u00fan se conserva. Si abrimos un nuevo descriptor de archivo y enviamos algunos trabajos con monitores de rendimiento, el controlador intentar\u00e1 detener el monitor de rendimiento activo utilizando el puntero obsoleto en `vc4->active_perfmon`. Sin embargo, este puntero ya no es v\u00e1lido porque el proceso anterior ya ha finalizado y todos los monitores de rendimiento asociados con \u00e9l han sido destruidos y liberados. Para solucionar esto, cuando el monitor de rendimiento activo pertenece a un proceso determinado, det\u00e9ngalo expl\u00edcitamente antes de destruirlo y liberarlo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50188.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50188.json index 04f0cd06404..fefa796c540 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50188.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50188.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50188", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.830", - "lastModified": "2024-11-08T06:15:15.830", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: dp83869: fix memory corruption when enabling fiber\n\nWhen configuring the fiber port, the DP83869 PHY driver incorrectly\ncalls linkmode_set_bit() with a bit mask (1 << 10) rather than a bit\nnumber (10). This corrupts some other memory location -- in case of\narm64 the priv pointer in the same structure.\n\nSince the advertising flags are updated from supported at the end of the\nfunction the incorrect line isn't needed at all and can be removed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: phy: dp83869: se corrige la corrupci\u00f3n de memoria al habilitar la fibra Al configurar el puerto de fibra, el controlador PHY DP83869 llama incorrectamente a linkmode_set_bit() con una m\u00e1scara de bits (1 << 10) en lugar de un n\u00famero de bit (10). Esto corrompe alguna otra ubicaci\u00f3n de memoria; en el caso de arm64, el puntero priv en la misma estructura. Dado que los indicadores de publicidad se actualizan desde supported al final de la funci\u00f3n, la l\u00ednea incorrecta no es necesaria en absoluto y se puede eliminar." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50189.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50189.json index 6a19fe790d1..9c3de11f76d 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50189.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50189.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50189", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.900", - "lastModified": "2024-11-08T06:15:15.900", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Switch to device-managed dmam_alloc_coherent()\n\nUsing the device-managed version allows to simplify clean-up in probe()\nerror path.\n\nAdditionally, this device-managed ensures proper cleanup, which helps to\nresolve memory errors, page faults, btrfs going read-only, and btrfs\ndisk corruption." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: amd_sfh: Cambiar a la versi\u00f3n administrada por el dispositivo dmam_alloc_coherent() El uso de la versi\u00f3n administrada por el dispositivo permite simplificar la limpieza en la ruta de error de probe(). Adem\u00e1s, esta versi\u00f3n administrada por el dispositivo garantiza una desinfecci\u00f3n adecuada, lo que ayuda a resolver errores de memoria, fallas de p\u00e1gina, btrfs que pasa a ser de solo lectura y corrupci\u00f3n de disco de btrfs." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50190.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50190.json index 6319295a604..9f50d02687f 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50190.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50190.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50190", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.957", - "lastModified": "2024-11-08T06:15:15.957", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memleak in ice_init_tx_topology()\n\nFix leak of the FW blob (DDP pkg).\n\nMake ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoid\ncopying whole FW blob. Copy just the topology section, and only when\nneeded. Reuse the buffer allocated for the read of the current topology.\n\nThis was found by kmemleak, with the following trace for each PF:\n [] kmemdup_noprof+0x1d/0x50\n [] ice_init_ddp_config+0x100/0x220 [ice]\n [] ice_init_dev+0x6f/0x200 [ice]\n [] ice_init+0x29/0x560 [ice]\n [] ice_probe+0x21d/0x310 [ice]\n\nConstify ice_cfg_tx_topo() @buf parameter.\nThis cascades further down to few more functions." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: se corrige la p\u00e9rdida de memoria en ice_init_tx_topology() Se corrige la p\u00e9rdida del blob de FW (paquete DDP). Se hace que ice_cfg_tx_topo() sea constante y correcto, de modo que ice_init_tx_topology() pueda evitar copiar todo el blob de FW. Se copia solo la secci\u00f3n de topolog\u00eda y solo cuando es necesario. Se reutiliza el b\u00fafer asignado para la lectura de la topolog\u00eda actual. Esto fue encontrado por kmemleak, con el siguiente rastro para cada PF: [] kmemdup_noprof+0x1d/0x50 [] ice_init_ddp_config+0x100/0x220 [ice] [] ice_init_dev+0x6f/0x200 [ice] [] ice_init+0x29/0x560 [ice] [] ice_probe+0x21d/0x310 [ice] Par\u00e1metros de conversi\u00f3n de ice_cfg_tx_topo() @buf. Esto se aplica en cascada a algunas funciones m\u00e1s." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50191.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50191.json index c1aa4dd39e6..ecf64f9ad34 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50191.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50191.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50191", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.027", - "lastModified": "2024-11-08T06:15:16.027", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: don't set SB_RDONLY after filesystem errors\n\nWhen the filesystem is mounted with errors=remount-ro, we were setting\nSB_RDONLY flag to stop all filesystem modifications. We knew this misses\nproper locking (sb->s_umount) and does not go through proper filesystem\nremount procedure but it has been the way this worked since early ext2\ndays and it was good enough for catastrophic situation damage\nmitigation. Recently, syzbot has found a way (see link) to trigger\nwarnings in filesystem freezing because the code got confused by\nSB_RDONLY changing under its hands. Since these days we set\nEXT4_FLAGS_SHUTDOWN on the superblock which is enough to stop all\nfilesystem modifications, modifying SB_RDONLY shouldn't be needed. So\nstop doing that." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: no establecer SB_RDONLY despu\u00e9s de errores del sistema de archivos Cuando el sistema de archivos se monta con errors=remount-ro, est\u00e1bamos estableciendo el indicador SB_RDONLY para detener todas las modificaciones del sistema de archivos. Sab\u00edamos que esto omite el bloqueo adecuado (sb->s_umount) y no pasa por el procedimiento de remontaje del sistema de archivos adecuado, pero ha sido la forma en que funcion\u00f3 desde los primeros d\u00edas de ext2 y fue lo suficientemente bueno para la mitigaci\u00f3n de da\u00f1os en situaciones catastr\u00f3ficas. Recientemente, syzbot encontr\u00f3 una forma (ver enlace) de activar advertencias en el congelamiento del sistema de archivos porque el c\u00f3digo se confundi\u00f3 con SB_RDONLY cambiando bajo sus manos. Desde estos d\u00edas establecemos EXT4_FLAGS_SHUTDOWN en el superbloque, lo cual es suficiente para detener todas las modificaciones del sistema de archivos, no deber\u00eda ser necesario modificar SB_RDONLY. As\u00ed que deje de hacer eso." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50192.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50192.json index 506dc70f138..83c0c2811cb 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50192.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50192.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50192", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.100", - "lastModified": "2024-11-08T06:15:16.100", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v4: Don't allow a VMOVP on a dying VPE\n\nKunkun Jiang reported that there is a small window of opportunity for\nuserspace to force a change of affinity for a VPE while the VPE has already\nbeen unmapped, but the corresponding doorbell interrupt still visible in\n/proc/irq/.\n\nPlug the race by checking the value of vmapp_count, which tracks whether\nthe VPE is mapped ot not, and returning an error in this case.\n\nThis involves making vmapp_count common to both GICv4.1 and its v4.0\nancestor." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: irqchip/gic-v4: No permitir un VMOVP en un VPE moribundo Kunkun Jiang inform\u00f3 que hay una peque\u00f1a ventana de oportunidad para que el espacio de usuario fuerce un cambio de afinidad para un VPE mientras el VPE ya ha sido desasignado, pero la interrupci\u00f3n del timbre correspondiente a\u00fan es visible en /proc/irq/. Conecte la ejecuci\u00f3n verificando el valor de vmapp_count, que rastrea si el VPE est\u00e1 asignado o no, y devuelve un error en este caso. Esto implica hacer que vmapp_count sea com\u00fan tanto para GICv4.1 como para su antecesor v4.0." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50193.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50193.json index 926efd5773b..3522c1e0666 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50193.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50193.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50193", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.153", - "lastModified": "2024-11-08T06:15:16.153", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/entry_32: Clear CPU buffers after register restore in NMI return\n\nCPU buffers are currently cleared after call to exc_nmi, but before\nregister state is restored. This may be okay for MDS mitigation but not for\nRDFS. Because RDFS mitigation requires CPU buffers to be cleared when\nregisters don't have any sensitive data.\n\nMove CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/entry_32: Borrar los b\u00faferes de la CPU despu\u00e9s de restaurar el registro en el retorno NMI Los b\u00faferes de la CPU se borran actualmente despu\u00e9s de la llamada a exc_nmi, pero antes de que se restaure el estado del registro. Esto puede ser adecuado para la mitigaci\u00f3n de MDS, pero no para RDFS. Porque la mitigaci\u00f3n de RDFS requiere que se borren los b\u00faferes de la CPU cuando los registros no tienen datos confidenciales. Mueva CLEAR_CPU_BUFFERS despu\u00e9s de RESTORE_ALL_NMI." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50194.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50194.json index 3743d44ae49..277e170129c 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50194.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50194.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50194", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.217", - "lastModified": "2024-11-08T16:15:48.940", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50195.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50195.json index c83163971e7..062beb61cf9 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50195.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50195.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50195", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.280", - "lastModified": "2024-11-08T16:15:49.030", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50196.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50196.json index 62f1dfb04ab..14553f7aa57 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50196.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50196.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50196", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.347", - "lastModified": "2024-11-08T06:15:16.347", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: ocelot: fix system hang on level based interrupts\n\nThe current implementation only calls chained_irq_enter() and\nchained_irq_exit() if it detects pending interrupts.\n\n```\nfor (i = 0; i < info->stride; i++) {\n\turegmap_read(info->map, id_reg + 4 * i, ®);\n\tif (!reg)\n\t\tcontinue;\n\n\tchained_irq_enter(parent_chip, desc);\n```\n\nHowever, in case of GPIO pin configured in level mode and the parent\ncontroller configured in edge mode, GPIO interrupt might be lowered by the\nhardware. In the result, if the interrupt is short enough, the parent\ninterrupt is still pending while the GPIO interrupt is cleared;\nchained_irq_enter() never gets called and the system hangs trying to\nservice the parent interrupt.\n\nMoving chained_irq_enter() and chained_irq_exit() outside the for loop\nensures that they are called even when GPIO interrupt is lowered by the\nhardware.\n\nThe similar code with chained_irq_enter() / chained_irq_exit() functions\nwrapping interrupt checking loop may be found in many other drivers:\n```\ngrep -r -A 10 chained_irq_enter drivers/pinctrl\n```" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: ocelot: arregla el bloqueo del sistema en interrupciones basadas en niveles La implementaci\u00f3n actual solo llama a chained_irq_enter() y chained_irq_exit() si detecta interrupciones pendientes. ``` for (i = 0; i < info->stride; i++) { uregmap_read(info->map, id_reg + 4 * i, \u00ae); if (!reg) continue; chained_irq_enter(parent_chip, desc); ``` Sin embargo, en el caso de que el pin GPIO est\u00e9 configurado en modo de nivel y el controlador principal est\u00e9 configurado en modo de borde, el hardware puede reducir la interrupci\u00f3n GPIO. Como resultado, si la interrupci\u00f3n es lo suficientemente corta, la interrupci\u00f3n principal sigue pendiente mientras se borra la interrupci\u00f3n GPIO; chained_irq_enter() nunca se llama y el sistema se cuelga al intentar dar servicio a la interrupci\u00f3n principal. Mover chained_irq_enter() y chained_irq_exit() fuera del bucle for garantiza que se llamen incluso cuando el hardware reduce la interrupci\u00f3n GPIO. El c\u00f3digo similar con las funciones chained_irq_enter() / chained_irq_exit() que envuelven el bucle de verificaci\u00f3n de interrupciones se puede encontrar en muchos otros controladores: ``` grep -r -A 10 chained_irq_enter drivers/pinctrl ```" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50197.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50197.json index b3489470c57..e4c3c33c081 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50197.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50197.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50197", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.407", - "lastModified": "2024-11-08T06:15:16.407", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: intel: platform: fix error path in device_for_each_child_node()\n\nThe device_for_each_child_node() loop requires calls to\nfwnode_handle_put() upon early returns to decrement the refcount of\nthe child node and avoid leaking memory if that error path is triggered.\n\nThere is one early returns within that loop in\nintel_platform_pinctrl_prepare_community(), but fwnode_handle_put() is\nmissing.\n\nInstead of adding the missing call, the scoped version of the loop can\nbe used to simplify the code and avoid mistakes in the future if new\nearly returns are added, as the child node is only used for parsing, and\nit is never assigned." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: intel: platform: fix error path in device_for_each_child_node() El bucle device_for_each_child_node() requiere llamadas a fwnode_handle_put() en retornos tempranos para decrementar el refcount del nodo secundario y evitar fugas de memoria si se activa esa ruta de error. Hay un retorno temprano dentro de ese bucle en intel_platform_pinctrl_prepare_community(), pero falta fwnode_handle_put(). En lugar de agregar la llamada faltante, la versi\u00f3n con \u00e1mbito del bucle se puede usar para simplificar el c\u00f3digo y evitar errores en el futuro si se agregan nuevos retornos tempranos, ya que el nodo secundario solo se usa para analizar y nunca se asigna." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50198.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50198.json index 8fd44fb8bb4..14c4ac9160a 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50198.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50198.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50198", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.467", - "lastModified": "2024-11-08T06:15:16.467", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: veml6030: fix IIO device retrieval from embedded device\n\nThe dev pointer that is received as an argument in the\nin_illuminance_period_available_show function references the device\nembedded in the IIO device, not in the i2c client.\n\ndev_to_iio_dev() must be used to accessthe right data. The current\nimplementation leads to a segmentation fault on every attempt to read\nthe attribute because indio_dev gets a NULL assignment.\n\nThis bug has been present since the first appearance of the driver,\napparently since the last version (V6) before getting applied. A\nconstant attribute was used until then, and the last modifications might\nhave not been tested again." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: light: veml6030: fix IIO device retrieval from built-in device El puntero dev que se recibe como argumento en la funci\u00f3n in_illuminance_period_available_show hace referencia al dispositivo integrado en el dispositivo IIO, no en el cliente i2c. Se debe utilizar dev_to_iio_dev() para acceder a los datos correctos. La implementaci\u00f3n actual genera un error de segmentaci\u00f3n en cada intento de leer el atributo porque indio_dev obtiene una asignaci\u00f3n NULL. Este error ha estado presente desde la primera aparici\u00f3n del controlador, aparentemente desde la \u00faltima versi\u00f3n (V6) antes de aplicarse. Hasta entonces se utilizaba un atributo constante y es posible que no se hayan vuelto a probar las \u00faltimas modificaciones." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50199.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50199.json index 15b55193b79..cce11309068 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50199.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50199.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50199", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.527", - "lastModified": "2024-11-08T16:15:49.507", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50200.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50200.json index dcdec15ffaf..9ffe8ce2a0c 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50200.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50200.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50200", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.593", - "lastModified": "2024-11-08T06:15:16.593", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: correct tree corruption on spanning store\n\nPatch series \"maple_tree: correct tree corruption on spanning store\", v3.\n\nThere has been a nasty yet subtle maple tree corruption bug that appears\nto have been in existence since the inception of the algorithm.\n\nThis bug seems far more likely to happen since commit f8d112a4e657\n(\"mm/mmap: avoid zeroing vma tree in mmap_region()\"), which is the point\nat which reports started to be submitted concerning this bug.\n\nWe were made definitely aware of the bug thanks to the kind efforts of\nBert Karwatzki who helped enormously in my being able to track this down\nand identify the cause of it.\n\nThe bug arises when an attempt is made to perform a spanning store across\ntwo leaf nodes, where the right leaf node is the rightmost child of the\nshared parent, AND the store completely consumes the right-mode node.\n\nThis results in mas_wr_spanning_store() mitakenly duplicating the new and\nexisting entries at the maximum pivot within the range, and thus maple\ntree corruption.\n\nThe fix patch corrects this by detecting this scenario and disallowing the\nmistaken duplicate copy.\n\nThe fix patch commit message goes into great detail as to how this occurs.\n\nThis series also includes a test which reliably reproduces the issue, and\nasserts that the fix works correctly.\n\nBert has kindly tested the fix and confirmed it resolved his issues. Also\nMikhail Gavrilov kindly reported what appears to be precisely the same\nbug, which this fix should also resolve.\n\n\nThis patch (of 2):\n\nThere has been a subtle bug present in the maple tree implementation from\nits inception.\n\nThis arises from how stores are performed - when a store occurs, it will\noverwrite overlapping ranges and adjust the tree as necessary to\naccommodate this.\n\nA range may always ultimately span two leaf nodes. In this instance we\nwalk the two leaf nodes, determine which elements are not overwritten to\nthe left and to the right of the start and end of the ranges respectively\nand then rebalance the tree to contain these entries and the newly\ninserted one.\n\nThis kind of store is dubbed a 'spanning store' and is implemented by\nmas_wr_spanning_store().\n\nIn order to reach this stage, mas_store_gfp() invokes\nmas_wr_preallocate(), mas_wr_store_type() and mas_wr_walk() in turn to\nwalk the tree and update the object (mas) to traverse to the location\nwhere the write should be performed, determining its store type.\n\nWhen a spanning store is required, this function returns false stopping at\nthe parent node which contains the target range, and mas_wr_store_type()\nmarks the mas->store_type as wr_spanning_store to denote this fact.\n\nWhen we go to perform the store in mas_wr_spanning_store(), we first\ndetermine the elements AFTER the END of the range we wish to store (that\nis, to the right of the entry to be inserted) - we do this by walking to\nthe NEXT pivot in the tree (i.e. r_mas.last + 1), starting at the node we\nhave just determined contains the range over which we intend to write.\n\nWe then turn our attention to the entries to the left of the entry we are\ninserting, whose state is represented by l_mas, and copy these into a 'big\nnode', which is a special node which contains enough slots to contain two\nleaf node's worth of data.\n\nWe then copy the entry we wish to store immediately after this - the copy\nand the insertion of the new entry is performed by mas_store_b_node().\n\nAfter this we copy the elements to the right of the end of the range which\nwe are inserting, if we have not exceeded the length of the node (i.e. \nr_mas.offset <= r_mas.end).\n\nHerein lies the bug - under very specific circumstances, this logic can\nbreak and corrupt the maple tree.\n\nConsider the following tree:\n\nHeight\n 0 Root Node\n / \\\n pivot = 0xffff / \\ pivot = ULONG_MAX\n / \n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: maple_tree: corregir la corrupci\u00f3n del \u00e1rbol en el almac\u00e9n de expansi\u00f3n Serie de parches \"maple_tree: corregir la corrupci\u00f3n del \u00e1rbol en el almac\u00e9n de expansi\u00f3n\", v3. Ha habido un error de corrupci\u00f3n del \u00e1rbol de maple desagradable pero sutil que parece haber existido desde el inicio del algoritmo. Este error parece mucho m\u00e1s probable que ocurra desde el commit f8d112a4e657 (\"mm/mmap: evitar poner a cero el \u00e1rbol vma en mmap_region()\"), que es el punto en el que comenzaron a enviarse informes sobre este error. Nos enteramos definitivamente del error gracias a los amables esfuerzos de Bert Karwatzki, quien me ayud\u00f3 enormemente a poder rastrearlo e identificar la causa. El error surge cuando se intenta realizar un almacenamiento de expansi\u00f3n en dos nodos de hoja, donde el nodo de hoja derecho es el hijo m\u00e1s a la derecha del padre compartido, y el almacenamiento consume por completo el nodo de modo derecho. Esto da como resultado que mas_wr_spanning_store() duplique por error las entradas nuevas y existentes en el pivote m\u00e1ximo dentro del rango, y por lo tanto la corrupci\u00f3n del \u00e1rbol de maple. El parche de correcci\u00f3n corrige esto detectando este escenario y no permitiendo la copia duplicada err\u00f3nea. El mensaje de confirmaci\u00f3n del parche de correcci\u00f3n detalla en gran medida c\u00f3mo ocurre esto. Esta serie tambi\u00e9n incluye una prueba que reproduce el problema de manera confiable y afirma que la correcci\u00f3n funciona correctamente. Bert ha probado amablemente la correcci\u00f3n y confirm\u00f3 que resolvi\u00f3 sus problemas. Adem\u00e1s, Mikhail Gavrilov inform\u00f3 amablemente lo que parece ser exactamente el mismo error, que esta correcci\u00f3n tambi\u00e9n deber\u00eda resolver. Este parche (de 2): Ha habido un error sutil presente en la implementaci\u00f3n del \u00e1rbol de maple desde su inicio. Esto surge de c\u00f3mo se realizan los almacenamientos: cuando se produce un almacenamiento, sobrescribir\u00e1 los rangos superpuestos y ajustar\u00e1 el \u00e1rbol seg\u00fan sea necesario para adaptarse a esto. Un rango siempre puede abarcar en \u00faltima instancia dos nodos de hoja. En este caso, recorremos los dos nodos de hoja, determinamos qu\u00e9 elementos no se sobrescriben a la izquierda y a la derecha del inicio y el final de los rangos respectivamente y luego reequilibramos el \u00e1rbol para que contenga estas entradas y la reci\u00e9n insertada. Este tipo de almacenamiento se denomina \"almac\u00e9n de expansi\u00f3n\" y se implementa mediante mas_wr_spanning_store(). Para llegar a esta etapa, mas_store_gfp() invoca a mas_wr_preallocate(), mas_wr_store_type() y mas_wr_walk() a su vez para recorrer el \u00e1rbol y actualizar el objeto (mas) para atravesar la ubicaci\u00f3n donde se debe realizar la escritura, determinando su tipo de almacenamiento. Cuando se requiere un almacenamiento de expansi\u00f3n, esta funci\u00f3n devuelve falso y se detiene en el nodo principal que contiene el rango de destino, y mas_wr_store_type() marca mas->store_type como wr_spanning_store para denotar este hecho. Cuando vamos a realizar el almacenamiento en mas_wr_spanning_store(), primero determinamos los elementos DESPU\u00c9S del FINAL del rango que deseamos almacenar (es decir, a la derecha de la entrada que se insertar\u00e1); lo hacemos caminando hasta el SIGUIENTE pivote en el \u00e1rbol (es decir, r_mas.last + 1), comenzando en el nodo que acabamos de determinar que contiene el rango sobre el que pretendemos escribir. Luego dirigimos nuestra atenci\u00f3n a las entradas a la izquierda de la entrada que estamos insertando, cuyo estado est\u00e1 representado por l_mas, y las copiamos en un \"nodo grande\", que es un nodo especial que contiene suficientes ranuras para contener los datos de dos nodos hoja. Luego copiamos la entrada que deseamos almacenar inmediatamente despu\u00e9s de esto; la copia y la inserci\u00f3n de la nueva entrada se realiza mediante mas_store_b_node(). Despu\u00e9s de esto, copiamos los elementos a la derecha del final del rango que estamos insertando, si no hemos excedido la longitud del nodo (es decir, r_mas.offset <= r_mas.end). ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50201.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50201.json index 3bbc5e5a941..7c9a6db3c94 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50201.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50201.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50201", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.663", - "lastModified": "2024-11-08T06:15:16.663", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: Fix encoder->possible_clones\n\nInclude the encoder itself in its possible_clones bitmask.\nIn the past nothing validated that drivers were populating\npossible_clones correctly, but that changed in commit\n74d2aacbe840 (\"drm: Validate encoder->possible_clones\").\nLooks like radeon never got the memo and is still not\nfollowing the rules 100% correctly.\n\nThis results in some warnings during driver initialization:\nBogus possible_clones: [ENCODER:46:TV-46] possible_clones=0x4 (full encoder mask=0x7)\nWARNING: CPU: 0 PID: 170 at drivers/gpu/drm/drm_mode_config.c:615 drm_mode_config_validate+0x113/0x39c\n...\n\n(cherry picked from commit 3b6e7d40649c0d75572039aff9d0911864c689db)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/radeon: Fix encoder->possible_clones Incluir el codificador en s\u00ed mismo en su m\u00e1scara de bits possible_clones. En el pasado, nada validaba que los controladores estuvieran completando possible_clones correctamente, pero eso cambi\u00f3 en el commit 74d2aacbe840 (\"drm: Validate encoder->possible_clones\"). Parece que Radeon nunca recibi\u00f3 la nota y todav\u00eda no sigue las reglas correctamente al 100%. Esto genera algunas advertencias durante la inicializaci\u00f3n del controlador: Possible_clones falsos: [ENCODER:46:TV-46] possible_clones=0x4 (full encoder mask=0x7) ADVERTENCIA: CPU: 0 PID: 170 en drivers/gpu/drm/drm_mode_config.c:615 drm_mode_config_validate+0x113/0x39c ... (seleccionado de el commit 3b6e7d40649c0d75572039aff9d0911864c689db)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50202.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50202.json index 4d5771fd2f2..60bc4f6d9a2 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50202.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50202.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50202", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.723", - "lastModified": "2024-11-08T16:15:49.583", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50203.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50203.json index 635413a87fb..7e1e7f5136e 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50203.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50203.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50203", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.787", - "lastModified": "2024-11-08T06:15:16.787", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix address emission with tag-based KASAN enabled\n\nWhen BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_image\nstruct on the stack is passed during the size calculation pass and\nan address on the heap is passed during code generation. This may\ncause a heap buffer overflow if the heap address is tagged because\nemit_a64_mov_i64() will emit longer code than it did during the size\ncalculation pass. The same problem could occur without tag-based\nKASAN if one of the 16-bit words of the stack address happened to\nbe all-ones during the size calculation pass. Fix the problem by\nassuming the worst case (4 instructions) when calculating the size\nof the bpf_tramp_image address emission." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, arm64: Se corrige la emisi\u00f3n de direcciones con KASAN basado en etiquetas habilitado Cuando BPF_TRAMP_F_CALL_ORIG est\u00e1 habilitado, la direcci\u00f3n de una estructura bpf_tramp_image en la pila se pasa durante el paso de c\u00e1lculo de tama\u00f1o y se pasa una direcci\u00f3n en el mont\u00f3n durante la generaci\u00f3n de c\u00f3digo. Esto puede causar un desbordamiento del b\u00fafer del mont\u00f3n si la direcci\u00f3n del mont\u00f3n est\u00e1 etiquetada porque emit_a64_mov_i64() emitir\u00e1 un c\u00f3digo m\u00e1s largo que el que emiti\u00f3 durante el paso de c\u00e1lculo de tama\u00f1o. El mismo problema podr\u00eda ocurrir sin KASAN basado en etiquetas si una de las palabras de 16 bits de la direcci\u00f3n de la pila fuera todo unos durante el paso de c\u00e1lculo de tama\u00f1o. Solucione el problema asumiendo el peor caso (4 instrucciones) al calcular el tama\u00f1o de la emisi\u00f3n de la direcci\u00f3n bpf_tramp_image." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50204.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50204.json index 110eaead52f..ffb38732d8a 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50204.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50204.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50204", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.853", - "lastModified": "2024-11-08T06:15:16.853", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: don't try and remove empty rbtree node\n\nWhen copying a namespace we won't have added the new copy into the\nnamespace rbtree until after the copy succeeded. Calling free_mnt_ns()\nwill try to remove the copy from the rbtree which is invalid. Simply\nfree the namespace skeleton directly." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs: no intente eliminar un nodo rbtree vac\u00edo Al copiar un espacio de nombres, no habremos agregado la nueva copia al rbtree del espacio de nombres hasta que la copia haya tenido \u00e9xito. Al llamar a free_mnt_ns() se intentar\u00e1 eliminar la copia del rbtree que no es v\u00e1lida. Simplemente libere el esqueleto del espacio de nombres directamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50205.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50205.json index 0d15d366431..613108359da 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50205.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50205.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50205", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.903", - "lastModified": "2024-11-08T16:15:49.670", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50206.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50206.json index 7f219c28a53..eb69f3a7b63 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50206.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50206.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50206", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.963", - "lastModified": "2024-11-08T06:15:16.963", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: mtk_eth_soc: fix memory corruption during fq dma init\n\nThe loop responsible for allocating up to MTK_FQ_DMA_LENGTH buffers must\nonly touch as many descriptors, otherwise it ends up corrupting unrelated\nmemory. Fix the loop iteration count accordingly." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethernet: mtk_eth_soc: se corrige la corrupci\u00f3n de memoria durante la inicializaci\u00f3n de fq DMA. El bucle responsable de asignar hasta b\u00faferes MTK_FQ_DMA_LENGTH solo debe tocar la cantidad de descriptores, de lo contrario, termina corrompiendo la memoria no relacionada. Corrija el recuento de iteraciones del bucle en consecuencia." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50207.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50207.json index f40f32c9e76..b985ee83bad 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50207.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50207.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50207", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:17.053", - "lastModified": "2024-11-08T06:15:17.053", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix reader locking when changing the sub buffer order\n\nThe function ring_buffer_subbuf_order_set() updates each\nring_buffer_per_cpu and installs new sub buffers that match the requested\npage order. This operation may be invoked concurrently with readers that\nrely on some of the modified data, such as the head bit (RB_PAGE_HEAD), or\nthe ring_buffer_per_cpu.pages and reader_page pointers. However, no\nexclusive access is acquired by ring_buffer_subbuf_order_set(). Modifying\nthe mentioned data while a reader also operates on them can then result in\nincorrect memory access and various crashes.\n\nFix the problem by taking the reader_lock when updating a specific\nring_buffer_per_cpu in ring_buffer_subbuf_order_set()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ring-buffer: corrige el bloqueo del lector al cambiar el orden de los subbuffer La funci\u00f3n ring_buffer_subbuf_order_set() actualiza cada ring_buffer_per_cpu e instala nuevos subbuffers que coinciden con el orden de p\u00e1ginas solicitado. Esta operaci\u00f3n se puede invocar simult\u00e1neamente con lectores que dependen de algunos de los datos modificados, como el bit de cabecera (RB_PAGE_HEAD) o los punteros ring_buffer_per_cpu.pages y reader_page. Sin embargo, ring_buffer_subbuf_order_set() no adquiere acceso exclusivo. Modificar los datos mencionados mientras un lector tambi\u00e9n opera sobre ellos puede provocar un acceso incorrecto a la memoria y varios fallos. Solucione el problema tomando el reader_lock al actualizar un ring_buffer_per_cpu espec\u00edfico en ring_buffer_subbuf_order_set()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50208.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50208.json index 05e6d7a125a..4a97140e37f 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50208.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50208.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50208", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:17.203", - "lastModified": "2024-11-08T16:15:49.743", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50209.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50209.json index 4d433832fa9..b1c40f585b1 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50209.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50209.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50209", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:17.287", - "lastModified": "2024-11-08T16:15:49.810", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50210.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50210.json index c9816727980..c1ada44c3e2 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50210.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50210.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50210", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:17.350", - "lastModified": "2024-11-08T16:15:49.890", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50211.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50211.json index 3749053cd92..959fd82c557 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50211.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50211.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50211", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:17.410", - "lastModified": "2024-11-08T06:15:17.410", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: refactor inode_bmap() to handle error\n\nRefactor inode_bmap() to handle error since udf_next_aext() can return\nerror now. On situations like ftruncate, udf_extend_file() can now\ndetect errors and bail out early without resorting to checking for\nparticular offsets and assuming internal behavior of these functions." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: refactorizar inode_bmap() para controlar el error Refactorizar inode_bmap() para controlar el error, ya que udf_next_aext() ahora puede devolver un error. En situaciones como ftruncate, udf_extend_file() ahora puede detectar errores y salir antes sin recurrir a la comprobaci\u00f3n de desplazamientos particulares y asumir el comportamiento interno de estas funciones." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50334.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50334.json index 126fcfe3971..7b992e4c84c 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50334.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50334.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50334", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-29T15:15:12.560", - "lastModified": "2024-11-01T12:57:35.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T19:51:58.433", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "baseSeverity": "HIGH" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } ] }, "weaknesses": [ @@ -73,10 +95,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:erudika:scoold:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.64.0", + "matchCriteriaId": "DE234DC7-9FDB-4DE5-9EC7-B8A3E420E481" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Erudika/scoold/security/advisories/GHSA-fhwp-f6g7-rr3p", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50340.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50340.json index 5ddf3c55607..daa2aae9039 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50340.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50340.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50340", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-06T21:15:05.527", - "lastModified": "2024-11-06T21:15:05.527", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "symfony/runtime es un m\u00f3dulo para el framework PHP Symphony que permite desacoplar las aplicaciones PHP del estado global. Cuando la directiva php `register_argv_argc` est\u00e1 establecida en `on` y los usuarios llaman a cualquier URL con una cadena de consulta especialmente manipulada, pueden cambiar el entorno o el modo de depuraci\u00f3n utilizado por el n\u00facleo al procesar la solicitud. A partir de las versiones 5.4.46, 6.4.14 y 7.1.7, `SymfonyRuntime` ahora ignora los valores `argv` para los entornos de ejecuci\u00f3n PHP que no sean SAPI. Se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50341.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50341.json index 6045c3652a0..4778dd57167 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50341.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50341.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50341", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-06T21:15:05.747", - "lastModified": "2024-11-06T21:15:05.747", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the `Security::login` method now ensure to call the configured `user_checker`. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "symfony/security-bundle es un m\u00f3dulo para el framework PHP Symphony que proporciona una integraci\u00f3n estrecha del componente Security en el framework full-stack Symfony. El `user_checker` personalizado definido en un firewall no se llama cuando se inicia sesi\u00f3n mediante programaci\u00f3n con el m\u00e9todo `Security::login`, lo que provoca inicios de sesi\u00f3n no deseados. A partir de las versiones 6.4.10, 7.0.10 y 7.1.3, el m\u00e9todo `Security::login` ahora se asegura de llamar al `user_checker` configurado. Se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50342.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50342.json index 195d20b77c8..112bc5581f9 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50342.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50342.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50342", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-06T21:15:05.963", - "lastModified": "2024-11-06T21:15:05.963", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "symfony/http-client es un m\u00f3dulo para el framework PHP Symphony que proporciona m\u00e9todos potentes para obtener recursos HTTP de forma sincr\u00f3nica o asincr\u00f3nica. Al utilizar `NoPrivateNetworkHttpClient`, todav\u00eda se filtra cierta informaci\u00f3n interna durante la resoluci\u00f3n del host, lo que lleva a una posible enumeraci\u00f3n de IP/puerto. A partir de las versiones 5.4.46, 6.4.14 y 7.1.7, `NoPrivateNetworkHttpClient` ahora filtra las IP bloqueadas antes para evitar dichas filtraciones. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50343.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50343.json index f22223f3210..b2e0daba924 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50343.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50343.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50343", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-06T21:15:06.180", - "lastModified": "2024-11-06T21:15:06.180", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "symfony/validator es un m\u00f3dulo para el framework PHP Symphony que proporciona herramientas para validar valores. Es posible enga\u00f1ar a un `Validator` configurado con una expresi\u00f3n regular utilizando los metacaracteres `$`, con una entrada que termina en `\\n`. Symfony a partir de las versiones 5.4.43, 6.4.11 y 7.1.4 ahora utiliza el modificador de expresi\u00f3n regular `D` para que coincida con toda la entrada. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50345.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50345.json index cf1fa25466a..5cfd987c620 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50345.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50345.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50345", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-06T21:15:06.383", - "lastModified": "2024-11-06T21:15:06.383", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "symfony/http-foundation es un m\u00f3dulo para el framework PHP Symphony que define una capa orientada a objetos para la especificaci\u00f3n HTTP. La clase `Request` no analiza las URI con caracteres especiales de la misma forma que lo hacen los navegadores. Como resultado, un atacante puede enga\u00f1ar a un validador que se basa en la clase `Request` para redirigir a los usuarios a otro dominio. Los m\u00e9todos `Request::create` ahora afirman que la URI no contiene caracteres no v\u00e1lidos seg\u00fan lo definido por https://url.spec.whatwg.org/. Este problema ha sido corregido en las versiones 5.4.46, 6.4.14 y 7.1.7. Se recomienda a los usuarios que actualicen. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50378.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50378.json index f95465becb3..a143197d74c 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50378.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50378.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50378", "sourceIdentifier": "security@apache.org", "published": "2024-11-08T15:15:06.143", - "lastModified": "2024-11-08T18:35:04.843", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-504xx/CVE-2024-50440.json b/CVE-2024/CVE-2024-504xx/CVE-2024-50440.json index abbcb2f42e2..48176a6a333 100644 --- a/CVE-2024/CVE-2024-504xx/CVE-2024-50440.json +++ b/CVE-2024/CVE-2024-504xx/CVE-2024-50440.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50440", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-28T18:15:05.567", - "lastModified": "2024-10-29T14:34:50.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:33:29.843", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codepen:codepen:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.3", + "matchCriteriaId": "36D114B7-B63F-4CF3-885F-C2A1BCC48F57" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/codepen-embedded-pen-shortcode/wordpress-codepen-embedded-pens-shortcode-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-504xx/CVE-2024-50441.json b/CVE-2024/CVE-2024-504xx/CVE-2024-50441.json index c074bacc990..57a88d77e85 100644 --- a/CVE-2024/CVE-2024-504xx/CVE-2024-50441.json +++ b/CVE-2024/CVE-2024-504xx/CVE-2024-50441.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50441", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-28T18:15:05.790", - "lastModified": "2024-10-29T14:34:50.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:33:47.027", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cozythemes:cozy_blocks:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0.16", + "matchCriteriaId": "67AB92D8-6AD3-4D27-A0AD-AA0FBC02580B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cozy-addons/wordpress-cozy-blocks-plugin-2-0-15-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-504xx/CVE-2024-50445.json b/CVE-2024/CVE-2024-504xx/CVE-2024-50445.json index 439edbb405b..70f6bf7fc8e 100644 --- a/CVE-2024/CVE-2024-504xx/CVE-2024-50445.json +++ b/CVE-2024/CVE-2024-504xx/CVE-2024-50445.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50445", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-28T18:15:06.000", - "lastModified": "2024-10-29T14:34:50.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:35:35.287", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:merkulove:selection_lite:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.14", + "matchCriteriaId": "3A83CD18-794D-41D6-84E5-6452775E6EEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/selection-lite/wordpress-selection-lite-plugin-1-13-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-504xx/CVE-2024-50446.json b/CVE-2024/CVE-2024-504xx/CVE-2024-50446.json index 55ed7c1e019..e3791a82b53 100644 --- a/CVE-2024/CVE-2024-504xx/CVE-2024-50446.json +++ b/CVE-2024/CVE-2024-504xx/CVE-2024-50446.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50446", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-28T18:15:06.203", - "lastModified": "2024-10-29T14:34:50.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:35:58.357", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:futuriowp:futurio_extra:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0.12", + "matchCriteriaId": "C80F9830-2AB1-45C0-9ECA-97610C7E9F56" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/futurio-extra/wordpress-futurio-extra-plugin-2-0-11-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-504xx/CVE-2024-50447.json b/CVE-2024/CVE-2024-504xx/CVE-2024-50447.json index dfbaa1e7acf..9c774dd2857 100644 --- a/CVE-2024/CVE-2024-504xx/CVE-2024-50447.json +++ b/CVE-2024/CVE-2024-504xx/CVE-2024-50447.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50447", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-28T18:15:06.473", - "lastModified": "2024-10-29T14:34:50.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:07:10.317", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:envothemes:envo\\'s_elementor_templates_\\&_widgets_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.4.20", + "matchCriteriaId": "F7BC5F24-C03A-49B6-8255-9FD0B4B0D311" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/envo-elementor-for-woocommerce/wordpress-envo-s-elementor-templates-widgets-for-woocommerce-plugin-1-4-19-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-504xx/CVE-2024-50448.json b/CVE-2024/CVE-2024-504xx/CVE-2024-50448.json index c44dd7da2ed..9bfca37d71c 100644 --- a/CVE-2024/CVE-2024-504xx/CVE-2024-50448.json +++ b/CVE-2024/CVE-2024-504xx/CVE-2024-50448.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50448", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-28T18:15:06.707", - "lastModified": "2024-10-29T14:34:50.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:32:15.587", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yithemes:yith_woocommerce_product_add-ons:*:*:*:*:free:wordpress:*:*", + "versionEndExcluding": "4.14.2", + "matchCriteriaId": "C22D03EE-D67D-41B8-9577-A087323808AB" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/yith-woocommerce-product-add-ons/wordpress-yith-woocommerce-product-add-ons-plugin-4-14-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-504xx/CVE-2024-50449.json b/CVE-2024/CVE-2024-504xx/CVE-2024-50449.json index 1082b1fb884..59e133fb91f 100644 --- a/CVE-2024/CVE-2024-504xx/CVE-2024-50449.json +++ b/CVE-2024/CVE-2024-504xx/CVE-2024-50449.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50449", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-28T18:15:06.907", - "lastModified": "2024-10-29T14:34:50.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:32:59.137", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redefiningtheweb:pdf_generator_addon_for_elementor_page_builder:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.7.5", + "matchCriteriaId": "27A26CCF-6301-4616-90A8-3FD3940842D0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/pdf-generator-addon-for-elementor-page-builder/wordpress-pdf-generator-addon-for-elementor-page-builder-plugin-1-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50588.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50588.json index 2090caa8ab6..6cfd9b37d09 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50588.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50588.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50588", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2024-11-08T09:15:07.680", - "lastModified": "2024-11-08T16:35:17.883", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50589.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50589.json index 6f1b79237d2..c0242b978e6 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50589.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50589.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50589", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2024-11-08T12:15:14.707", - "lastModified": "2024-11-08T16:35:18.097", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50590.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50590.json index 711d4a3ce12..2d063e230b6 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50590.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50590.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50590", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2024-11-08T12:15:14.820", - "lastModified": "2024-11-08T16:35:18.987", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50591.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50591.json index 2fab8198bbf..830cc792e73 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50591.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50591.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50591", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2024-11-08T12:15:14.933", - "lastModified": "2024-11-08T16:35:19.220", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50592.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50592.json index 13e4b5d53b0..009c815f256 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50592.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50592.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50592", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2024-11-08T13:15:03.670", - "lastModified": "2024-11-08T16:35:19.463", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50593.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50593.json index 2cf2ba7e60f..7566d935474 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50593.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50593.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50593", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2024-11-08T12:15:15.037", - "lastModified": "2024-11-08T16:35:19.707", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50599.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50599.json index 1bcff5ecd06..49d099a549b 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50599.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50599.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50599", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T21:15:06.880", - "lastModified": "2024-11-08T16:35:19.980", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50634.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50634.json index ad7d5be2740..61a66d2539e 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50634.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50634.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50634", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T17:15:06.570", - "lastModified": "2024-11-08T17:15:06.570", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-507xx/CVE-2024-50766.json b/CVE-2024/CVE-2024-507xx/CVE-2024-50766.json index 9ba60d3302b..7bb3e37a97f 100644 --- a/CVE-2024/CVE-2024-507xx/CVE-2024-50766.json +++ b/CVE-2024/CVE-2024-507xx/CVE-2024-50766.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50766", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T22:15:21.403", - "lastModified": "2024-11-08T17:35:18.630", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50810.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50810.json new file mode 100644 index 00000000000..dd6917bf34d --- /dev/null +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50810.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-50810", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-08T19:15:05.877", + "lastModified": "2024-11-08T19:15:05.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "hopetree izone lts c011b48 contains a Cross Site Scripting (XSS) vulnerability in the article comment function. In \\apps\\comment\\views.py, AddCommintView() does not securely filter user input and renders it directly to the frontend page through templates." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Hopetree/izone/issues/289", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50811.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50811.json new file mode 100644 index 00000000000..5b54f5bcf74 --- /dev/null +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50811.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-50811", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-08T19:15:06.020", + "lastModified": "2024-11-08T19:15:06.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\\\apps\\\\tool\\\\apis\\\\bd_push.py does not securely filter user input through push_urls() and get_urls()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Hopetree/izone/issues/290", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50966.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50966.json index 0dec4506ef9..2667faa190f 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50966.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50966.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50966", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T16:15:50.097", - "lastModified": "2024-11-08T18:35:05.110", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51030.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51030.json index 186e0b60203..7416dda163b 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51030.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51030.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51030", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T18:15:17.463", - "lastModified": "2024-11-08T18:15:17.463", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51031.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51031.json index 28215aac2b5..a37fe19cfaa 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51031.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51031.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51031", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T18:15:17.553", - "lastModified": "2024-11-08T18:15:17.553", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51032.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51032.json index eeecad6db11..ae58ced1b1f 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51032.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51032.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51032", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T18:15:17.650", - "lastModified": "2024-11-08T18:15:17.650", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51055.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51055.json new file mode 100644 index 00000000000..8835cfde5b9 --- /dev/null +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51055.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-51055", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-08T19:15:06.190", + "lastModified": "2024-11-08T19:15:06.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/havok89/Hoosk/issues/66", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51152.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51152.json index 66a55ae43bb..f4e74ebd0a5 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51152.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51152.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51152", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T18:15:17.753", - "lastModified": "2024-11-08T18:15:17.753", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-512xx/CVE-2024-51211.json b/CVE-2024/CVE-2024-512xx/CVE-2024-51211.json new file mode 100644 index 00000000000..139dc10e480 --- /dev/null +++ b/CVE-2024/CVE-2024-512xx/CVE-2024-51211.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-51211", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-08T19:15:06.347", + "lastModified": "2024-11-08T19:15:06.347", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/kutsa1/My-CVE/tree/main/CVE-2024-51211", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51409.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51409.json index 365b275b7bd..dc05158e52c 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51409.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51409.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51409", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-06T23:15:04.460", - "lastModified": "2024-11-07T16:35:22.453", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51428.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51428.json index 2872f6ac2af..595f297bc3b 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51428.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51428.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51428", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T18:15:17.677", - "lastModified": "2024-11-08T17:35:19.500", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51434.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51434.json index 01fb26c86a2..0cbe00a83b9 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51434.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51434.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51434", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-07T22:15:21.467", - "lastModified": "2024-11-08T17:35:20.360", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51504.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51504.json index 28f5f369c7e..028a59df2a5 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51504.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51504.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51504", "sourceIdentifier": "security@apache.org", "published": "2024-11-07T10:15:08.297", - "lastModified": "2024-11-07T17:35:23.373", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51736.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51736.json index 8ae4c5f8ee8..e1ff90280c9 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51736.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51736.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51736", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-06T21:15:06.600", - "lastModified": "2024-11-06T21:15:06.600", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Symphony process es un m\u00f3dulo para el framework PHP Symphony que ejecuta comandos en subprocesos. En Windows, cuando un archivo ejecutable llamado `cmd.exe` se encuentra en el directorio de trabajo actual, la clase `Process` lo llamar\u00e1 al preparar los argumentos del comando, lo que puede provocar un secuestro. Este problema se ha solucionado en las versiones de lanzamiento 5.4.46, 6.4.14 y 7.1.7. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51751.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51751.json index 7fe10f8ea57..c2d25f91af5 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51751.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51751.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51751", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-06T20:15:05.557", - "lastModified": "2024-11-06T20:15:05.557", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. This issue has been addressed in release version 5.5.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Gradio es un paquete Python de c\u00f3digo abierto dise\u00f1ado para permitir compilaciones r\u00e1pidas de una aplicaci\u00f3n web o de demostraci\u00f3n. Si se utilizan los componentes File o UploadButton como parte de la aplicaci\u00f3n Gradio para obtener una vista previa del contenido de un archivo, un atacante con acceso a la aplicaci\u00f3n podr\u00eda abusar de estos componentes para leer archivos arbitrarios del servidor de aplicaciones. Este problema se ha solucionado en la versi\u00f3n 5.5.0 y se recomienda a todos los usuarios que la actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51754.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51754.json index c52a8bb49d9..2dcaa487b87 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51754.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51754.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51754", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-06T20:15:05.817", - "lastModified": "2024-11-06T20:15:05.817", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue." + }, + { + "lang": "es", + "value": "Twig es un lenguaje de plantillas para PHP. En un entorno aislado, un atacante puede llamar a `__toString()` en un objeto incluso si la pol\u00edtica de seguridad no permite el m\u00e9todo `__toString()` cuando el objeto es parte de una matriz o una lista de argumentos (argumentos para una funci\u00f3n o un filtro, por ejemplo). Este problema se ha corregido en las versiones 3.11.2 y 3.14.1. Se recomienda a todos los usuarios que actualicen. No se conocen workarounds para este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51755.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51755.json index c17304c368d..f7d491ae52f 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51755.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51755.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51755", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-06T20:15:06.077", - "lastModified": "2024-11-07T16:15:17.740", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51757.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51757.json index 0eff2bbfbfe..00a4a0210d8 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51757.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51757.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51757", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-06T20:15:06.337", - "lastModified": "2024-11-06T21:15:06.807", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "happy-dom es una implementaci\u00f3n de JavaScript de un navegador web sin su interfaz gr\u00e1fica de usuario. Las versiones de happy-dom anteriores a la 15.10.2 pueden ejecutar c\u00f3digo en el host a trav\u00e9s de una etiqueta de script. Esto ejecutar\u00eda c\u00f3digo en el contexto de usuario de happy-dom. Se recomienda a los usuarios que actualicen a la versi\u00f3n 15.10.2. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51758.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51758.json index 65c8984a07e..ac2be93d861 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51758.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51758.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51758", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-07T18:15:17.787", - "lastModified": "2024-11-07T20:35:16.200", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the `default_filesystem_disk` config option. This allows the user to easily swap their storage driver to something production-ready like `s3` when deploying their app, without having to touch multiple configuration options and potentially forgetting about some. The default disk is set to `public` when you first install Filament, since this allows users to quickly get started developing with a functional disk that allows features such as file upload previews locally without the need to set up an S3 disk with temporary URL support. However, some features of Filament such as exports also rely on storage, and the files that are stored contain data that should often not be public. This is not an issue for the many deployed applications, since many use a secure default disk such as S3 in production. However, [CWE-1188](https://cwe.mitre.org/data/definitions/1188.html) suggests that having the `public` disk as the default disk in Filament is a security vulnerability itself. As such, we have implemented a measure to protect users whereby if the `public` disk is set as the default disk, the exports feature will automatically swap it out for the `local` disk, if that exists. Users who set the default disk to `local` or `s3` already are not affected. If a user wants to continue to use the `public` disk for exports, they can by setting the export disk deliberately. This change has been included in the 3.2.123 release and all users who use the `public` disk are advised to upgrade." + }, + { + "lang": "es", + "value": "Filament es una colecci\u00f3n de componentes full-stack para el desarrollo acelerado de Laravel. Todas las caracter\u00edsticas de Filament que interact\u00faan con el almacenamiento usan la opci\u00f3n de configuraci\u00f3n `default_filesystem_disk`. Esto permite al usuario cambiar f\u00e1cilmente su controlador de almacenamiento a algo listo para producci\u00f3n como `s3` al implementar su aplicaci\u00f3n, sin tener que tocar m\u00faltiples opciones de configuraci\u00f3n y potencialmente olvidarse de algunas. El disco predeterminado est\u00e1 configurado como `public` cuando instala Filament por primera vez, ya que esto permite a los usuarios comenzar r\u00e1pidamente a desarrollar con un disco funcional que permite caracter\u00edsticas como vistas previas de carga de archivos localmente sin la necesidad de configurar un disco S3 con soporte de URL temporal. Sin embargo, algunas caracter\u00edsticas de Filament, como las exportaciones, tambi\u00e9n dependen del almacenamiento, y los archivos que se almacenan contienen datos que a menudo no deber\u00edan ser p\u00fablicos. Esto no es un problema para las muchas aplicaciones implementadas, ya que muchas usan un disco predeterminado seguro como S3 en producci\u00f3n. Sin embargo, [CWE-1188](https://cwe.mitre.org/data/definitions/1188.html) sugiere que tener el disco \"p\u00fablico\" como el disco predeterminado en Filament es una vulnerabilidad de seguridad en s\u00ed misma. Como tal, hemos implementado una medida para proteger a los usuarios mediante la cual si el disco \"p\u00fablico\" se establece como el disco predeterminado, la funci\u00f3n de exportaciones lo cambiar\u00e1 autom\u00e1ticamente por el disco \"local\", si existe. Los usuarios que ya configuran el disco predeterminado como \"local\" o \"s3\" no se ven afectados. Si un usuario desea continuar usando el disco \"p\u00fablico\" para las exportaciones, puede hacerlo configurando el disco de exportaci\u00f3n deliberadamente. Este cambio se ha incluido en la versi\u00f3n 3.2.123 y se recomienda a todos los usuarios que usan el disco \"p\u00fablico\" que actualicen." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51987.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51987.json index c2bd9fd1a30..c0eb2e2cde6 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51987.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51987.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51987", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-08T00:15:15.233", - "lastModified": "2024-11-08T00:15:15.233", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captured in pooled `HttpClient` instances, which may be used by a different user. Instead of using `AddUserAccessTokenHttpClient` to create an `HttpClient` that automatically adds a managed token to outgoing requests, you can use the `HttpConext.GetUserAccessTokenAsync` extension method or the `IUserTokenManagementService.GetAccessTokenAsync` method. This issue is fixed in Duende.AccessTokenManagement.OpenIdConnect 3.0.1. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Duende.AccessTokenManagement.OpenIdConnect es un conjunto de librer\u00edas .NET que administran tokens de acceso de OAuth y OpenId Connect. Los clientes HTTP creados por `AddUserAccessTokenHttpClient` pueden usar el token de acceso de un usuario diferente despu\u00e9s de que se actualice el token. Esto ocurre porque un token actualizado se capturar\u00e1 en instancias `HttpClient` agrupadas, que pueden ser utilizadas por un usuario diferente. En lugar de usar `AddUserAccessTokenHttpClient` para crear un `HttpClient` que agregue autom\u00e1ticamente un token administrado a las solicitudes salientes, puede usar el m\u00e9todo de extensi\u00f3n `HttpConext.GetUserAccessTokenAsync` o el m\u00e9todo `IUserTokenManagementService.GetAccessTokenAsync`. Este problema se solucion\u00f3 en Duende.AccessTokenManagement.OpenIdConnect 3.0.1. Se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51988.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51988.json index 1fd8eeb214f..0f82cf54be3 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51988.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51988.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51988", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-06T20:15:06.513", - "lastModified": "2024-11-06T20:15:06.513", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the `configure` permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HTTP API access. could delete queues it had no (deletion) permissions for. This issue has been addressed in version 3.12.11 of the open source rabbitMQ release and in versions 1.5.2, 3.13.0, and 4.0.0 of the tanzu release. Users are advised to upgrade. Users unable to upgrade may disable management plugin and use, for example, Prometheus and Grafana for monitoring." + }, + { + "lang": "es", + "value": "RabbitMQ es un agente de mensajer\u00eda y transmisi\u00f3n de m\u00faltiples protocolos con numerosas funciones. En las versiones afectadas, la eliminaci\u00f3n de colas a trav\u00e9s de la API HTTP no verificaba el permiso `configure` del usuario. Los usuarios que ten\u00edan todo lo siguiente: 1. Credenciales v\u00e1lidas, 2. Algunos permisos para el host virtual de destino y 3. Acceso a la API HTTP pod\u00edan eliminar colas para las que no ten\u00edan permisos (de eliminaci\u00f3n). Este problema se ha solucionado en la versi\u00f3n 3.12.11 de la versi\u00f3n de c\u00f3digo abierto rabbitMQ y en las versiones 1.5.2, 3.13.0 y 4.0.0 de la versi\u00f3n tanzu. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden deshabilitar el complemento de administraci\u00f3n y usar, por ejemplo, Prometheus y Grafana para la supervisi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51989.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51989.json index 80c9ce72841..f339aafa40f 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51989.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51989.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51989", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-07T18:15:17.953", - "lastModified": "2024-11-07T18:15:17.953", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. The issue arises from an un-sanitized parameter which could allow attackers to inject malicious JavaScript into the application. Users who self-host and have the login system enabled are affected. Exploitation of this vulnerability could expose user data, access to user sessions or take unintended actions on behalf of users. To exploit this vulnerability, an attacker would need to convince a user to click a malicious account confirmation link. It is highly recommended to update to version `v1.48.1` or later to mitigate this risk. There are no known workarounds for this vulnerability.\n\n### Solution\n\nUpdate to version `v1.48.1` or later where input sanitization has been applied to the account confirmation process. If updating is not immediately possible," + }, + { + "lang": "es", + "value": "Password Pusher es una aplicaci\u00f3n de c\u00f3digo abierto para comunicar informaci\u00f3n confidencial a trav\u00e9s de la web. Se identific\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) en la aplicaci\u00f3n PasswordPusher, que afecta a las versiones `v1.41.1` hasta `v.1.48.0` incluida. El problema surge de un par\u00e1metro no desinfectado que podr\u00eda permitir a los atacantes inyectar JavaScript malicioso en la aplicaci\u00f3n. Los usuarios que alojan el sistema ellos mismos y tienen habilitado el sistema de inicio de sesi\u00f3n se ven afectados. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda exponer los datos del usuario, el acceso a las sesiones del usuario o realizar acciones no deseadas en nombre de los usuarios. Para explotar esta vulnerabilidad, un atacante tendr\u00eda que convencer a un usuario de que haga clic en un enlace de confirmaci\u00f3n de cuenta malicioso. Se recomienda encarecidamente actualizar a la versi\u00f3n `v1.48.1` o posterior para mitigar este riesgo. No existen workarounds para esta vulnerabilidad. ### Soluci\u00f3n Actualice a la versi\u00f3n `v1.48.1` o posterior donde se haya aplicado la desinfecci\u00f3n de entrada al proceso de confirmaci\u00f3n de cuenta. Si la actualizaci\u00f3n no es posible de inmediato," } ], "metrics": { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51990.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51990.json index 92b3d0f85f0..495c8896562 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51990.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51990.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51990", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-07T01:15:03.497", - "lastModified": "2024-11-07T01:15:03.497", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:25.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause `jj` to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from unknown sources." + }, + { + "lang": "es", + "value": "jj, o Jujutsu, es un VCS compatible con Git escrito en rust. En las versiones afectadas, los repositorios Git especialmente manipulados pueden hacer que `jj` escriba archivos fuera del clon. Este problema se ha solucionado en la versi\u00f3n 0.23.0. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben evitar clonar repositorios de fuentes desconocidas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51993.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51993.json index 5403f22318a..d104f081c24 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51993.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51993.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51993", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-07T18:15:18.203", - "lastModified": "2024-11-07T19:35:10.383", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backups independently of the iTop application.\n\n### Patches\nSanitize parameter\n\n### References\nN\u00b07631 - Password is stored in clear in the database." + }, + { + "lang": "es", + "value": "Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI basada en la web. Un atacante que acceda a un archivo de copia de seguridad o a la base de datos puede leer algunas contrase\u00f1as de usuarios mal configurados. Este problema se ha solucionado en la versi\u00f3n 3.2.0 y se recomienda a todos los usuarios que actualicen. Se recomienda a los usuarios que no puedan actualizar que encripten sus copias de seguridad independientemente de la aplicaci\u00f3n iTop. ### Patches Sanitize parameter ### Referencias N\u00b07631 - La contrase\u00f1a se almacena sin cifrar en la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51994.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51994.json index a7b2a55e0b0..9ebfb483518 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51994.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51994.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51994", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-07T18:15:18.470", - "lastModified": "2024-11-07T19:35:10.640", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting (XSS) vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI basada en la web. En las versiones afectadas, cargar un archivo de texto que contenga alg\u00fan script de Java en el portal activar\u00e1 una vulnerabilidad de tipo Cross-site Scripting (XSS). Este problema se ha solucionado en la versi\u00f3n 3.2.0 y se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51995.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51995.json index 102ac939b51..6e2caca1e38 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51995.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51995.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51995", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-07T18:15:18.787", - "lastModified": "2024-11-07T19:35:10.887", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.php` to the `ajax.render.php` page which does not allow arbitrary `routes` to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI basada en la web. Un atacante puede solicitar cualquier \u00abruta\u00bb que queramos siempre que especifiquemos una \u00aboperaci\u00f3n\u00bb que est\u00e9 permitida. Este problema se ha solucionado en la versi\u00f3n 3.2.0 aplicando el mismo patr\u00f3n de control de acceso que en \u00abUI.php\u00bb a la p\u00e1gina \u00abajax.render.php\u00bb, que no permite enviar \u00abrutas\u00bb arbitrarias. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51997.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51997.json new file mode 100644 index 00000000000..1d2d68525b9 --- /dev/null +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51997.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-51997", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-08T19:15:06.487", + "lastModified": "2024-11-08T19:15:06.487", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) token, generated by AS, could be manipulated by MITM attacker, but the verifier (CoCo Verification Demander like KBS) could still verify it successfully. In the payload of ART token, the \u2018jwk\u2019 could be replaced by attacker with his own pub key. Then attacker can use his own corresponding private key to sign the crafted ART token. Based on current code implementation (v0.8.0), such replacement and modification can not be detected. This issue has been addressed in version 0.8.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/confidential-containers/trustee/security/advisories/GHSA-7jc6-j236-vvjw", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51998.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51998.json index f6299922761..682668fd597 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51998.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51998.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51998", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-08T00:15:15.490", - "lastModified": "2024-11-08T00:15:15.490", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and `ALLOW_FILE_URI` false or not defined. The check used for URL protocol, `is_safe_url`, allows `file:` as a URL scheme. It later checks if local files are permitted, but one of the preconditions for the check is that the URL starts with `file://`. The issue comes with the fact that the file URI scheme is not required to have double slashes. This issue has been addressed in version 0.47.06 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "changedetection.io es una herramienta de detecci\u00f3n de cambios de p\u00e1ginas web de c\u00f3digo abierto y gratuita. La validaci\u00f3n del esquema de URI de archivo no es la adecuada y hace que un atacante pueda leer cualquier archivo del sistema. Este problema solo afecta a las instancias con un controlador web habilitado y con `ALLOW_FILE_URI` falso o no definido. La comprobaci\u00f3n utilizada para el protocolo URL, `is_safe_url`, permite `file:` como esquema de URL. M\u00e1s adelante, comprueba si se permiten archivos locales, pero una de las condiciones previas para la comprobaci\u00f3n es que la URL comience con `file://`. El problema surge del hecho de que no se requiere que el esquema de URI de archivo tenga barras dobles. Este problema se ha solucionado en la versi\u00f3n 0.47.06 y se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52043.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52043.json index 8d3ee4efb71..7d05df30671 100644 --- a/CVE-2024/CVE-2024-520xx/CVE-2024-52043.json +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52043.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52043", "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "published": "2024-11-06T08:15:03.420", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:39:36.233", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,9 +59,41 @@ "baseSeverity": "MEDIUM" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + }, { "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "type": "Secondary", @@ -73,18 +105,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:humhub:humhub:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.16.2", + "matchCriteriaId": "A2803295-4D8A-4643-B5C4-C027FF8CD278" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/advisories/GHSA-3q4w-rf2j-fx5x", - "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://https://github.com/humhub/humhub", - "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.vulsec.org/advisories", - "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7982.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7982.json index 38b14784519..2e9aab69800 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7982.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7982.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7982", "sourceIdentifier": "contact@wpscan.com", "published": "2024-11-08T06:15:17.470", - "lastModified": "2024-11-08T15:35:11.250", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-83xx/CVE-2024-8323.json b/CVE-2024/CVE-2024-83xx/CVE-2024-8323.json index c2565753e16..4f41fc35af9 100644 --- a/CVE-2024/CVE-2024-83xx/CVE-2024-8323.json +++ b/CVE-2024/CVE-2024-83xx/CVE-2024-8323.json @@ -2,20 +2,44 @@ "id": "CVE-2024-8323", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T12:15:03.950", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:30:11.340", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018fontFamily\u2019 attribute in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del atributo 'fontFamily' en todas las versiones hasta la 3.2.6 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -47,22 +71,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fatcatapps:easy_pricing_tables:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.2.7", + "matchCriteriaId": "863B0D55-9349-46BD-BEAF-C6B20662EB96" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/easy-pricing-tables/trunk/includes/ept-block.php#L18", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3181961/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://wordpress.org/plugins/easy-pricing-tables/#developers", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68fb1fd3-16aa-467f-b5f6-a6126b05e088?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-83xx/CVE-2024-8378.json b/CVE-2024/CVE-2024-83xx/CVE-2024-8378.json index 34282a8880d..eb8bc39da36 100644 --- a/CVE-2024/CVE-2024-83xx/CVE-2024-8378.json +++ b/CVE-2024/CVE-2024-83xx/CVE-2024-8378.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8378", "sourceIdentifier": "contact@wpscan.com", "published": "2024-11-07T16:15:18.057", - "lastModified": "2024-11-07T20:35:16.537", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wp_handle_upload, but not for example for code that uses wp_handle_sideload which is often used to upload attachments via raw POST data." + }, + { + "lang": "es", + "value": "El c\u00f3digo de desinfecci\u00f3n del complemento Safe SVG para WordPress anterior a la versi\u00f3n 2.2.6 solo se ejecuta para rutas que llaman a wp_handle_upload, pero no, por ejemplo, para el c\u00f3digo que usa wp_handle_sideload, que a menudo se usa para cargar archivos adjuntos a trav\u00e9s de datos POST sin procesar." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8424.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8424.json index 96c1cee0c63..7f27bd18f61 100644 --- a/CVE-2024/CVE-2024-84xx/CVE-2024-8424.json +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8424.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8424", "sourceIdentifier": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "published": "2024-11-08T00:15:15.807", - "lastModified": "2024-11-08T00:15:15.807", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions.\nThis issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00." + }, + { + "lang": "es", + "value": "La vulnerabilidad de administraci\u00f3n incorrecta de privilegios en WatchGuard EPDR, Panda AD360 y Panda Dome en Windows (m\u00f3dulo PSANHost.exe) permite la eliminaci\u00f3n arbitraria de archivos con permisos del SYSTEM. Este problema afecta a EPDR: antes de 8.00.23.0000; Panda AD360: antes de 8.00.23.0000; Panda Dome: antes de 22.03.00." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8442.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8442.json index 11a1f69779a..482543b15df 100644 --- a/CVE-2024/CVE-2024-84xx/CVE-2024-8442.json +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8442.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8442", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-07T13:15:03.310", - "lastModified": "2024-11-07T13:15:03.310", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Blog widget in all versions up to, and including, 3.15.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del widget Blog del complemento en todas las versiones hasta la 3.15.18 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8614.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8614.json index a3bdfb77308..bb169d48919 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8614.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8614.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8614", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T09:15:04.520", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:23:41.563", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.6.8", + "matchCriteriaId": "4E13573D-5C1A-4A25-95F3-EC81FFD3411D" + } + ] + } + ] + } + ], "references": [ { "url": "https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7832f8fe-2b41-4cfb-a734-db4ec88d91a3?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8615.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8615.json index fa0d5b17a37..c345e58ae26 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8615.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8615.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8615", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T09:15:04.773", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:24:28.737", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.6.8", + "matchCriteriaId": "4E13573D-5C1A-4A25-95F3-EC81FFD3411D" + } + ] + } + ] + } + ], "references": [ { "url": "https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd718d44-4921-4deb-af5a-43e5f3926914?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8810.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8810.json index 5607e61c815..c3154e212e7 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8810.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8810.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8810", "sourceIdentifier": "product-cna@github.com", "published": "2024-11-07T22:15:21.520", - "lastModified": "2024-11-07T22:15:21.520", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. This vulnerability was reported via the GitHub Bug Bounty program." + }, + { + "lang": "es", + "value": "Una aplicaci\u00f3n de GitHub instalada en organizaciones podr\u00eda actualizar algunos permisos de acceso de lectura a acceso de escritura sin la aprobaci\u00f3n de un administrador de la organizaci\u00f3n. Un atacante necesitar\u00eda una cuenta con acceso de administrador para instalar una aplicaci\u00f3n de GitHub maliciosa. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucion\u00f3 en las versiones 3.14.1, 3.13.4, 3.12.9, 3.11.15 y 3.10.17. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa de recompensas por errores de GitHub." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9481.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9481.json index 6fdf02058a0..d1bef5210ec 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9481.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9481.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9481", "sourceIdentifier": "security@nortonlifelock.com", "published": "2024-10-04T13:15:12.610", - "lastModified": "2024-10-04T13:50:43.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:49:03.597", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security@nortonlifelock.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "security@nortonlifelock.com", "type": "Secondary", @@ -51,10 +81,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avast:antivirus:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "24092400", + "matchCriteriaId": "332D750A-C14D-4E7D-8296-99B46A1155A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avg:antivirus:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "24092400", + "matchCriteriaId": "D2EB9416-935A-4FF0-AD75-DFCDD6BC1AFF" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.norton.com/sp/static/external/tools/security-advisories.html", - "source": "security@nortonlifelock.com" + "source": "security@nortonlifelock.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9482.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9482.json index 1856576e527..ae478307ae7 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9482.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9482.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9482", "sourceIdentifier": "security@nortonlifelock.com", "published": "2024-10-04T13:15:12.803", - "lastModified": "2024-10-04T13:50:43.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:49:58.077", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security@nortonlifelock.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "security@nortonlifelock.com", "type": "Secondary", @@ -51,10 +81,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avast:antivirus:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "24092400", + "matchCriteriaId": "332D750A-C14D-4E7D-8296-99B46A1155A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avg:antivirus:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "24092400", + "matchCriteriaId": "D2EB9416-935A-4FF0-AD75-DFCDD6BC1AFF" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.norton.com/sp/static/external/tools/security-advisories.html", - "source": "security@nortonlifelock.com" + "source": "security@nortonlifelock.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9483.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9483.json index 48c6ee6a384..655c467158f 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9483.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9483.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9483", "sourceIdentifier": "security@nortonlifelock.com", "published": "2024-10-04T13:15:12.980", - "lastModified": "2024-10-04T13:50:43.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:54:30.980", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security@nortonlifelock.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "security@nortonlifelock.com", "type": "Secondary", @@ -51,10 +81,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avast:antivirus:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "24092400", + "matchCriteriaId": "332D750A-C14D-4E7D-8296-99B46A1155A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avg:antivirus:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "24092400", + "matchCriteriaId": "D2EB9416-935A-4FF0-AD75-DFCDD6BC1AFF" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.norton.com/sp/static/external/tools/security-advisories.html", - "source": "security@nortonlifelock.com" + "source": "security@nortonlifelock.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9484.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9484.json index fb4b93b0e7d..f81c6d8fb10 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9484.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9484.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9484", "sourceIdentifier": "security@nortonlifelock.com", "published": "2024-10-04T13:15:13.167", - "lastModified": "2024-10-04T13:50:43.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:55:14.283", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security@nortonlifelock.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "security@nortonlifelock.com", "type": "Secondary", @@ -51,10 +81,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avast:antivirus:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "24092400", + "matchCriteriaId": "332D750A-C14D-4E7D-8296-99B46A1155A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avg:antivirus:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "24092400", + "matchCriteriaId": "D2EB9416-935A-4FF0-AD75-DFCDD6BC1AFF" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.norton.com/sp/static/external/tools/security-advisories.html", - "source": "security@nortonlifelock.com" + "source": "security@nortonlifelock.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9486.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9486.json index f6a97560816..aa9f022ec25 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9486.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9486.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9486", "sourceIdentifier": "jordan@liggitt.net", "published": "2024-10-15T21:15:11.573", - "lastModified": "2024-10-16T16:38:14.557", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:56:54.807", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "jordan@liggitt.net", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + }, { "source": "jordan@liggitt.net", "type": "Secondary", @@ -51,18 +81,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kubernetes:image_builder:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.1.38", + "matchCriteriaId": "C86E5438-1480-4C06-9A5E-C96F0756E07B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kubernetes-sigs/image-builder/pull/1595", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/kubernetes/kubernetes/issues/128006", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9594.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9594.json index a69a763d531..fb163193b01 100644 --- a/CVE-2024/CVE-2024-95xx/CVE-2024-9594.json +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9594.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9594", "sourceIdentifier": "jordan@liggitt.net", "published": "2024-10-15T21:15:11.790", - "lastModified": "2024-10-16T16:38:14.557", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:50:48.720", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + }, { "source": "jordan@liggitt.net", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + }, { "source": "jordan@liggitt.net", "type": "Secondary", @@ -51,18 +81,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kubernetes:image_builder:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.1.38", + "matchCriteriaId": "C86E5438-1480-4C06-9A5E-C96F0756E07B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kubernetes-sigs/image-builder/pull/1596", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/kubernetes/kubernetes/issues/128007", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9841.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9841.json index 2c82d1f7a12..a6eb6d28983 100644 --- a/CVE-2024/CVE-2024-98xx/CVE-2024-9841.json +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9841.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9841", "sourceIdentifier": "security@opentext.com", "published": "2024-11-08T18:15:17.853", - "lastModified": "2024-11-08T18:15:17.853", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9926.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9926.json index 8c5f1728497..49dd60d2a22 100644 --- a/CVE-2024/CVE-2024-99xx/CVE-2024-9926.json +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9926.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9926", "sourceIdentifier": "contact@wpscan.com", "published": "2024-11-07T15:15:05.860", - "lastModified": "2024-11-07T20:35:17.120", - "vulnStatus": "Received", + "lastModified": "2024-11-08T19:01:03.880", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form" + }, + { + "lang": "es", + "value": "El complemento Jetpack WordPress no tiene la autorizaci\u00f3n adecuada en uno de sus endpoints REST, lo que permite que cualquier usuario autenticado, como un suscriptor, lea datos de comentarios arbitrarios enviados a trav\u00e9s del formulario de contacto de Jetpack." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9946.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9946.json index 063d5204782..149896c8db5 100644 --- a/CVE-2024/CVE-2024-99xx/CVE-2024-9946.json +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9946.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9946", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T07:15:04.977", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-08T20:38:07.557", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,18 +81,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:heateor:super_socializer:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "7.14", + "matchCriteriaId": "E5A41B8D-6C25-4E98-A269-644CD918F05D" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3172935/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3180581/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c394b8b6-b7f6-4ba7-8a2b-98160cc286a8?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 139f7a76485..208893e4398 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-08T19:00:24.086080+00:00 +2024-11-08T21:00:20.824687+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-08T18:35:05.110000+00:00 +2024-11-08T20:56:54.807000+00:00 ``` ### Last Data Feed Release @@ -33,54 +33,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -268695 +268701 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `6` -- [CVE-2024-25431](CVE-2024/CVE-2024-254xx/CVE-2024-25431.json) (`2024-11-08T17:15:06.023`) -- [CVE-2024-40239](CVE-2024/CVE-2024-402xx/CVE-2024-40239.json) (`2024-11-08T18:15:17.000`) -- [CVE-2024-40240](CVE-2024/CVE-2024-402xx/CVE-2024-40240.json) (`2024-11-08T18:15:17.130`) -- [CVE-2024-45763](CVE-2024/CVE-2024-457xx/CVE-2024-45763.json) (`2024-11-08T17:15:06.243`) -- [CVE-2024-50634](CVE-2024/CVE-2024-506xx/CVE-2024-50634.json) (`2024-11-08T17:15:06.570`) -- [CVE-2024-51030](CVE-2024/CVE-2024-510xx/CVE-2024-51030.json) (`2024-11-08T18:15:17.463`) -- [CVE-2024-51031](CVE-2024/CVE-2024-510xx/CVE-2024-51031.json) (`2024-11-08T18:15:17.553`) -- [CVE-2024-51032](CVE-2024/CVE-2024-510xx/CVE-2024-51032.json) (`2024-11-08T18:15:17.650`) -- [CVE-2024-51152](CVE-2024/CVE-2024-511xx/CVE-2024-51152.json) (`2024-11-08T18:15:17.753`) -- [CVE-2024-9841](CVE-2024/CVE-2024-98xx/CVE-2024-9841.json) (`2024-11-08T18:15:17.853`) +- [CVE-2024-44765](CVE-2024/CVE-2024-447xx/CVE-2024-44765.json) (`2024-11-08T19:15:05.590`) +- [CVE-2024-50810](CVE-2024/CVE-2024-508xx/CVE-2024-50810.json) (`2024-11-08T19:15:05.877`) +- [CVE-2024-50811](CVE-2024/CVE-2024-508xx/CVE-2024-50811.json) (`2024-11-08T19:15:06.020`) +- [CVE-2024-51055](CVE-2024/CVE-2024-510xx/CVE-2024-51055.json) (`2024-11-08T19:15:06.190`) +- [CVE-2024-51211](CVE-2024/CVE-2024-512xx/CVE-2024-51211.json) (`2024-11-08T19:15:06.347`) +- [CVE-2024-51997](CVE-2024/CVE-2024-519xx/CVE-2024-51997.json) (`2024-11-08T19:15:06.487`) ### CVEs modified in the last Commit -Recently modified CVEs: `39` +Recently modified CVEs: `270` -- [CVE-2024-23309](CVE-2024/CVE-2024-233xx/CVE-2024-23309.json) (`2024-11-08T18:27:00.643`) -- [CVE-2024-28214](CVE-2024/CVE-2024-282xx/CVE-2024-28214.json) (`2024-11-08T17:35:11.637`) -- [CVE-2024-33699](CVE-2024/CVE-2024-336xx/CVE-2024-33699.json) (`2024-11-08T17:09:29.790`) -- [CVE-2024-33700](CVE-2024/CVE-2024-337xx/CVE-2024-33700.json) (`2024-11-08T17:06:16.147`) -- [CVE-2024-35297](CVE-2024/CVE-2024-352xx/CVE-2024-35297.json) (`2024-11-08T17:35:11.890`) -- [CVE-2024-35314](CVE-2024/CVE-2024-353xx/CVE-2024-35314.json) (`2024-11-08T18:15:16.867`) -- [CVE-2024-36063](CVE-2024/CVE-2024-360xx/CVE-2024-36063.json) (`2024-11-08T17:35:12.793`) -- [CVE-2024-36064](CVE-2024/CVE-2024-360xx/CVE-2024-36064.json) (`2024-11-08T17:35:13.630`) -- [CVE-2024-3754](CVE-2024/CVE-2024-37xx/CVE-2024-3754.json) (`2024-11-08T17:35:14.477`) -- [CVE-2024-46960](CVE-2024/CVE-2024-469xx/CVE-2024-46960.json) (`2024-11-08T17:35:15.030`) -- [CVE-2024-46961](CVE-2024/CVE-2024-469xx/CVE-2024-46961.json) (`2024-11-08T17:35:15.877`) -- [CVE-2024-47073](CVE-2024/CVE-2024-470xx/CVE-2024-47073.json) (`2024-11-08T17:35:16.707`) -- [CVE-2024-47493](CVE-2024/CVE-2024-474xx/CVE-2024-47493.json) (`2024-11-08T18:15:17.240`) -- [CVE-2024-49522](CVE-2024/CVE-2024-495xx/CVE-2024-49522.json) (`2024-11-08T18:06:01.930`) -- [CVE-2024-50117](CVE-2024/CVE-2024-501xx/CVE-2024-50117.json) (`2024-11-08T17:53:01.860`) -- [CVE-2024-50118](CVE-2024/CVE-2024-501xx/CVE-2024-50118.json) (`2024-11-08T18:02:21.617`) -- [CVE-2024-50119](CVE-2024/CVE-2024-501xx/CVE-2024-50119.json) (`2024-11-08T18:03:02.373`) -- [CVE-2024-50120](CVE-2024/CVE-2024-501xx/CVE-2024-50120.json) (`2024-11-08T18:04:08.080`) -- [CVE-2024-50121](CVE-2024/CVE-2024-501xx/CVE-2024-50121.json) (`2024-11-08T18:05:13.947`) -- [CVE-2024-50378](CVE-2024/CVE-2024-503xx/CVE-2024-50378.json) (`2024-11-08T18:35:04.843`) -- [CVE-2024-50766](CVE-2024/CVE-2024-507xx/CVE-2024-50766.json) (`2024-11-08T17:35:18.630`) -- [CVE-2024-50966](CVE-2024/CVE-2024-509xx/CVE-2024-50966.json) (`2024-11-08T18:35:05.110`) -- [CVE-2024-51428](CVE-2024/CVE-2024-514xx/CVE-2024-51428.json) (`2024-11-08T17:35:19.500`) -- [CVE-2024-51434](CVE-2024/CVE-2024-514xx/CVE-2024-51434.json) (`2024-11-08T17:35:20.360`) -- [CVE-2024-9579](CVE-2024/CVE-2024-95xx/CVE-2024-9579.json) (`2024-11-08T18:08:02.683`) +- [CVE-2024-51988](CVE-2024/CVE-2024-519xx/CVE-2024-51988.json) (`2024-11-08T19:01:25.633`) +- [CVE-2024-51989](CVE-2024/CVE-2024-519xx/CVE-2024-51989.json) (`2024-11-08T19:01:03.880`) +- [CVE-2024-51990](CVE-2024/CVE-2024-519xx/CVE-2024-51990.json) (`2024-11-08T19:01:25.633`) +- [CVE-2024-51993](CVE-2024/CVE-2024-519xx/CVE-2024-51993.json) (`2024-11-08T19:01:03.880`) +- [CVE-2024-51994](CVE-2024/CVE-2024-519xx/CVE-2024-51994.json) (`2024-11-08T19:01:03.880`) +- [CVE-2024-51995](CVE-2024/CVE-2024-519xx/CVE-2024-51995.json) (`2024-11-08T19:01:03.880`) +- [CVE-2024-51998](CVE-2024/CVE-2024-519xx/CVE-2024-51998.json) (`2024-11-08T19:01:03.880`) +- [CVE-2024-52043](CVE-2024/CVE-2024-520xx/CVE-2024-52043.json) (`2024-11-08T20:39:36.233`) +- [CVE-2024-7982](CVE-2024/CVE-2024-79xx/CVE-2024-7982.json) (`2024-11-08T19:01:03.880`) +- [CVE-2024-8323](CVE-2024/CVE-2024-83xx/CVE-2024-8323.json) (`2024-11-08T20:30:11.340`) +- [CVE-2024-8378](CVE-2024/CVE-2024-83xx/CVE-2024-8378.json) (`2024-11-08T19:01:03.880`) +- [CVE-2024-8424](CVE-2024/CVE-2024-84xx/CVE-2024-8424.json) (`2024-11-08T19:01:03.880`) +- [CVE-2024-8442](CVE-2024/CVE-2024-84xx/CVE-2024-8442.json) (`2024-11-08T19:01:03.880`) +- [CVE-2024-8614](CVE-2024/CVE-2024-86xx/CVE-2024-8614.json) (`2024-11-08T20:23:41.563`) +- [CVE-2024-8615](CVE-2024/CVE-2024-86xx/CVE-2024-8615.json) (`2024-11-08T20:24:28.737`) +- [CVE-2024-8810](CVE-2024/CVE-2024-88xx/CVE-2024-8810.json) (`2024-11-08T19:01:03.880`) +- [CVE-2024-9481](CVE-2024/CVE-2024-94xx/CVE-2024-9481.json) (`2024-11-08T20:49:03.597`) +- [CVE-2024-9482](CVE-2024/CVE-2024-94xx/CVE-2024-9482.json) (`2024-11-08T20:49:58.077`) +- [CVE-2024-9483](CVE-2024/CVE-2024-94xx/CVE-2024-9483.json) (`2024-11-08T20:54:30.980`) +- [CVE-2024-9484](CVE-2024/CVE-2024-94xx/CVE-2024-9484.json) (`2024-11-08T20:55:14.283`) +- [CVE-2024-9486](CVE-2024/CVE-2024-94xx/CVE-2024-9486.json) (`2024-11-08T20:56:54.807`) +- [CVE-2024-9594](CVE-2024/CVE-2024-95xx/CVE-2024-9594.json) (`2024-11-08T20:50:48.720`) +- [CVE-2024-9841](CVE-2024/CVE-2024-98xx/CVE-2024-9841.json) (`2024-11-08T19:01:03.880`) +- [CVE-2024-9926](CVE-2024/CVE-2024-99xx/CVE-2024-9926.json) (`2024-11-08T19:01:03.880`) +- [CVE-2024-9946](CVE-2024/CVE-2024-99xx/CVE-2024-9946.json) (`2024-11-08T20:38:07.557`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 730c1fc9e23..06691e3f896 100644 --- a/_state.csv +++ b/_state.csv @@ -137365,24 +137365,24 @@ CVE-2019-20453,0,0,ec8e3999418c1ef666416d17e524522ace7d8baa1ec904d9c33aa7eb859a0 CVE-2019-20454,0,0,49062a80eed619a841ac3351fb2011c193b2ec707ecac6a198cdc12c186489e3,2024-03-27T16:05:17.853000 CVE-2019-20455,0,0,daf31bba9026c418b4aea3791f020711fbed6d99c9cd896a0c42be955fa8a697,2024-02-14T01:17:43.863000 CVE-2019-20456,0,0,5ffdec9dafee7fd301766358bf501920942dc3a2787a156bca775d7e0de56f68,2020-02-26T15:10:12.293000 -CVE-2019-20457,0,1,498b33a192eb9ea723e0d29a775becc01e8062462799f52291644b0641cbbbc1,2024-11-08T17:35:00.873000 -CVE-2019-20458,0,1,3b02c2de0647be1ffa16af5ae9f7b0d6a937760667b5415f46a33a5486dc8fd5,2024-11-08T17:35:01.933000 -CVE-2019-20459,0,1,690c57bd6faf73002fb6e71ea05cf45c34b34bcccc8e0f8cd51a35044a93b42f,2024-11-08T17:35:03.013000 +CVE-2019-20457,0,1,c373dc9007702029fa68ce51517195e1655002a53ff575ffbb2531a7a490f5c6,2024-11-08T19:01:03.880000 +CVE-2019-20458,0,1,1d8ac4d70ce655b77a31661c019cd12a7509d4224b83165406a5f433dbb6caf6,2024-11-08T19:01:03.880000 +CVE-2019-20459,0,1,03bc49fc6d4410e1daa81a39a567dc5cf0e028de0919a874c948f1166530821c,2024-11-08T19:01:03.880000 CVE-2019-2046,0,0,ad2b3932c8d1e3d30b7050d3687fe386b72bd21c29795965d8e46543b88b60b4,2021-07-21T11:39:23.747000 -CVE-2019-20460,0,1,1798ecef4219805c4d1ae45a8502b82005b7d63fcbafe2950ed04124e4f3ea10,2024-11-08T17:35:03.290000 -CVE-2019-20461,0,1,e71e073bc8f70bc743b78a1ac891115617c83ae193cb6d11969fa0a0a6b5ddd5,2024-11-08T17:35:04.320000 -CVE-2019-20462,0,0,567c854a4edddf702eaec19045fce6895673674c9c079164c69d5b6928e7bec0,2024-11-07T21:15:05.470000 +CVE-2019-20460,0,1,8cb68240c086229bc9d44b44567be1e3aa40a9cc511a96b11ec67502d00c8ee5,2024-11-08T19:01:03.880000 +CVE-2019-20461,0,1,c847ea7abcb6469e4e25c943df07538c22c70bd0a8b8780726743145e28bf7e2,2024-11-08T19:01:03.880000 +CVE-2019-20462,0,1,d2e46e9035cf8febd9b1fe45727ca8c1bc32e1486f978cee8a527f052e1afff8,2024-11-08T19:01:03.880000 CVE-2019-20463,0,0,4ff5adb0065b0740b37d188956763d99d2a5544f1d74340b30686c0709a88df2,2024-07-30T01:15:10.510000 CVE-2019-20464,0,0,cbf249cf6488e4eee761ec744b712531e70e62139008cf34f74f29db6d2926c8,2024-08-01T13:41:54.067000 CVE-2019-20465,0,0,83158f972c198287d63c03423cdc407b3f1ecccb5d05534f06f3b912f7b5b865,2024-07-30T01:15:10.720000 CVE-2019-20466,0,0,6241978aad639e96077d2394097e0ff1d681f48a22d0b06be89495f0fee8e276,2024-08-01T13:41:54.913000 CVE-2019-20467,0,0,a262a0da4323f751e5d424d90d285d640c26baf67cd9492208f20dcec2dfc94f,2024-07-30T01:15:10.893000 CVE-2019-20468,0,0,81a3f4066c0e84ff04bb0b3f5d44c494876099fcd7f5f9297dd99b26595d1c66,2024-07-30T01:15:11.007000 -CVE-2019-20469,0,1,160eebd44a475a5cc081570aecbc754ec0d6e7bf868b78e17b433784a87c4a16,2024-11-08T17:35:05.247000 +CVE-2019-20469,0,1,e46a29468bf482b9d4b6947c3c0be8807da9ad2c891db0ab757cd229b7fb7445,2024-11-08T19:01:03.880000 CVE-2019-2047,0,0,39d6e243b2ff476db07be9e4ffba0368a9d218b4b325be13c9a06ebb9014f3f9,2021-07-21T11:39:23.747000 CVE-2019-20470,0,0,2ad6e14fc14d0d07898b470e5757da49945753375935430bd6841ab8e0d5cf44,2024-08-01T13:41:55.777000 CVE-2019-20471,0,0,fde34218ba841754bf23da4de58005edc9af4877a76211d340d30c961207f95e,2024-08-08T18:35:00.500000 -CVE-2019-20472,0,1,466b3f8cff8ac1edcd7751cd5e054ad2bebdff84e7bc43308c8e70e5d087a61d,2024-11-08T17:35:06.070000 +CVE-2019-20472,0,1,41d37be87275df641eac5fc8920d44e6106790c574f257bc5263a25857d6b14c,2024-11-08T19:01:03.880000 CVE-2019-20473,0,0,e481ac0c66e05ab3e1b4fe31fd83e18f1a11bac975a85144bc7bb11874c7bc9c,2024-08-01T13:41:56.617000 CVE-2019-20474,0,0,57e2b48ce5d539e18ac2d72bce93e92561ab9a40d2accc1b68949e376410c01b,2022-01-01T19:54:56.077000 CVE-2019-20477,0,0,980075eba63e1b6dba87305a73c4446e3d265aa1cc0ce387abc09a4c8d026438,2023-11-07T03:09:10.187000 @@ -146861,7 +146861,7 @@ CVE-2020-11855,0,0,e14561753ea7476ef1a46ad2271a2d7705e48957ee839066d428855f0813a CVE-2020-11856,0,0,5abea0f5863e425aba8da9037a573c7a3b4f3f117b19f6f108ddeefc546a6311,2023-11-07T03:15:13.060000 CVE-2020-11857,0,0,cfe4b29cbd7705754d8ff7c436f360e01cc84f49a7da178c74183fbb0fdce6b5,2023-11-07T03:15:13.327000 CVE-2020-11858,0,0,f1a7878dcbe39fb75e66ba015f3e0a8c37bed95690a925f034528dceb4a78f9a,2023-11-07T03:15:13.613000 -CVE-2020-11859,0,0,c131955138a3582e873a3566953f2cade4fb619551817ae25841a82e07360970,2024-11-06T18:17:17.287000 +CVE-2020-11859,0,1,68e63b5e5dacb2c2d60d2d6368c5228866ed3d9ce95f296972b24b63ea7d3c5b,2024-11-08T19:12:22.900000 CVE-2020-1186,0,0,1eefdf7a8e33c4c2cd4bfb01e3572e05bdae937974ad739d1b8791b6b68c2142,2021-07-21T11:39:23.747000 CVE-2020-11860,0,0,5ff0fb781acc00bd8736fa43437c501792b5b28d4b3cd41269e4609dde6edb4d,2023-11-07T03:15:13.847000 CVE-2020-11861,0,0,4131e0ca5ed9aa3ac9d2a10890f2f261f9722b9905d29a15f5ba8b6d4694ee13,2023-11-07T03:15:14.130000 @@ -146920,18 +146920,18 @@ CVE-2020-11912,0,0,001e952128c7bcc5ba8822eabe19435f44973ff2e6be3c376a4d89e35db55 CVE-2020-11913,0,0,73d1dbbcdd4d68945063c1a13a98c4f4419a183d9171be039ef71d68a5285663,2020-07-22T01:15:19.977000 CVE-2020-11914,0,0,933895f61d4cd343cf6df7a50e21b2954b2ca93a6c3c96497c9a184889a05019,2020-07-22T01:15:20.070000 CVE-2020-11915,0,0,7d89f75419f7463d1384054a54ad59fa6d293cc882195a4b2b681bf21b80d80a,2024-08-01T13:42:00.520000 -CVE-2020-11916,0,0,80b804ed53a2201f9a88edfe823d39fd352874c66524addd36d99632c9538e07,2024-11-07T21:35:02.117000 -CVE-2020-11917,0,0,0d750e04d099cde7cf21c0d458771661dbecbf34f0385b93dc371fb08f170128,2024-11-07T21:35:03.053000 -CVE-2020-11918,0,0,2e60c1c5a6c7b6e24bb718a5ac40d3ee1faea800004e461bb5bf46ad816fb995,2024-11-07T21:35:03.867000 -CVE-2020-11919,0,0,15d494ac0d0df8e963c2f3adf661a456c25b3a34f117df06039b5c70e79fd379,2024-11-07T21:35:04.650000 +CVE-2020-11916,0,1,fb5fe7b78a50785c91728fd984332c4a5978df8720f33bb9646c4e5a5990854a,2024-11-08T19:01:03.880000 +CVE-2020-11917,0,1,4b2feb94d39648cd1151784e0d3f661ab2d069003aa62debc50dee36eec0bd29,2024-11-08T19:01:03.880000 +CVE-2020-11918,0,1,03613b3362b5e810aeb0ed7d1f4dbba2d85c9c67228fb6b980b7e4571be520ad,2024-11-08T19:01:03.880000 +CVE-2020-11919,0,1,22359b9ff037a1a350b14f814c9732a4ffaeff51b34d7e863b4477813fcb5594,2024-11-08T19:01:03.880000 CVE-2020-1192,0,0,2da57e2a62a232a210f5ef6c2cdc72a098f145c18d45a7b4e5ff9c45ae3505e5,2021-12-01T14:19:18.020000 CVE-2020-11920,0,0,63941de7aa14c11714aee7d8036115dfa77ff108df5dc59cf94071d6615c5125,2024-07-30T01:15:11.510000 -CVE-2020-11921,0,1,a804e217692a5208afe281bd178075aa301aee8abfa9f104eed4fd444c95c7d9,2024-11-08T17:35:06.297000 +CVE-2020-11921,0,1,099de5539bfd464f6626eb6daeff7086fb595aac81aa4724d15751bedcc91745,2024-11-08T19:01:03.880000 CVE-2020-11922,0,0,374a3245dac4cc2e16375466fda67c18e505c6a102baaec58ee711677b960103,2024-07-30T01:15:11.600000 CVE-2020-11923,0,0,fb3be716d0f908996ee76f0715683ffb65fd813fd0fec133d8eaadb72ba1c5ae,2024-07-30T01:15:11.690000 CVE-2020-11924,0,0,939327d07f44134100d79060d056bb5981da70e775752f8252fc18e6ee82797b,2024-07-30T01:15:11.780000 CVE-2020-11925,0,0,f96a2c1cbb5e00ad3d2d97dfbd0b5b50d52d2501ad45fb0d9de2e2d77ad70e95,2024-08-01T13:42:01.480000 -CVE-2020-11926,0,1,226ace8e6f04e050376a2229ae2d7192f4342f818cf816935c58e83b278ee0a1,2024-11-08T17:35:07.130000 +CVE-2020-11926,0,1,e7aa1a1dd7b727a692e36c5f571aae3418bbb4d938313d4df7fe9cd5e9847e72,2024-11-08T19:01:03.880000 CVE-2020-11928,0,0,90cf3cf1b6e5c940d77ccfaf8a7f457eaa98ed971d149e26bd55d0344c85db00,2023-08-07T18:11:24.533000 CVE-2020-1193,0,0,21c495b68407af19663b0ccb52795639d4811c35526449d985ec528699966a5d,2023-12-31T22:15:59.130000 CVE-2020-11930,0,0,cd761d767cbaaa15ae2c7cec98390a36e7af4474ac6d23c3ad040c28e6c39903,2020-05-19T14:15:10.893000 @@ -162984,7 +162984,7 @@ CVE-2020-8002,0,0,a91f0434cddb4a98fb4b157d93b911300a82950d62d6dfb655c491548ddcaa CVE-2020-8003,0,0,f090a2390163bfb8cbf156c5ba35165f89bd076c852d7ad3c02826a3cf7fb3cc,2023-02-03T18:42:42.553000 CVE-2020-8004,0,0,381e8d4dacedc9224586be39b95f78e79a7c14c58d212bb1706c58ee47dccbad,2021-07-21T11:39:23.747000 CVE-2020-8006,0,0,93c0def1621a4b5b1fae44c6fecfcc5fd39b1256affda504129c371d42f116bb,2024-08-01T13:42:08.263000 -CVE-2020-8007,0,0,6b94f7739d5dd3889b75f285501ebd8f2d614ad86330aa220d82bb0c6575cce3,2024-11-08T16:35:03.883000 +CVE-2020-8007,0,1,7e9b7b97fb7f900acb79384c77caba4ed9534a985de69b1351bf6e7c8eb3b250,2024-11-08T19:01:03.880000 CVE-2020-8009,0,0,d4b2a4dd2aaca1b98a42d3ed7d270681249c680247677ca5f1dcc471e7b7b9f2,2020-02-06T19:37:44.430000 CVE-2020-8010,0,0,8e2d2265f28be0ae5012acc592cba5c99763e73cc7c993d6837c801cbcfa38c2,2022-04-29T15:57:59.317000 CVE-2020-8011,0,0,5ddd34a10fa7e2d1e6960449d7ded481d69a3531e7edb067929d5377473c3936,2021-12-30T21:49:34.493000 @@ -214600,7 +214600,7 @@ CVE-2023-1928,0,0,51cfa462b4f2c48793aafb708874f77f7d5fde6cbbc9dd286f5abbdb1cc600 CVE-2023-1929,0,0,16f50d2954c2c8be6efc893a802f2bd04b7762856d96ad46a068911b46d2bf5f,2023-11-07T04:05:25.410000 CVE-2023-1930,0,0,a0cb727e6ff54c4ecda2426cdb2a2e448c370cf554d052070844d727fc5cc0e5,2023-11-07T04:05:25.657000 CVE-2023-1931,0,0,e04bf1db2fa1ad4848f476090451378ac67fb37a0addb0f6224deab02a891b2b,2023-11-07T04:05:25.880000 -CVE-2023-1932,0,0,3fbb5f901146ddf1d889269c9762ee58c8dfba2010dd3e20f89d6be8bbcfc7ad,2024-11-07T14:35:02.567000 +CVE-2023-1932,0,1,5fbb40648c7e6ac433ed9dbd722c6de18dda0046396e38c3dc80c970b948551c,2024-11-08T19:01:03.880000 CVE-2023-1934,0,0,7dcc520febf235c8f907c8ccb6ea0f00d90c4ba173c2c05e00e40b73d34520cb,2023-05-24T18:15:09.877000 CVE-2023-1935,0,0,debfc6593423dcff6af23abf0efcbf6745547907d861e4f5c49e4962017ccac9,2023-11-07T04:05:26.163000 CVE-2023-1936,0,0,67ecc80a3aa4276b23ecd3b2da31f923c4948e14faaac049731c800b7505ba09,2024-10-03T07:15:06.690000 @@ -214640,7 +214640,7 @@ CVE-2023-1969,0,0,1dd9721a992bad9d1a35e55ef48a6d249dc9ac9694f7bc737a8a3b8429b235 CVE-2023-1970,0,0,5bb07392a5c99edb36574ad31f93de9345e3c202100763ff2b298e4ad7800b39,2024-08-02T06:15:48.610000 CVE-2023-1971,0,0,766d191709806363968777242b8c79b51132a50d5b44e7d1f1d6040157cb0969,2024-08-02T06:15:48.853000 CVE-2023-1972,0,0,15b36b86cb6d9c9508a394de7d2ca1f5ac5efa102b91cb0ea90e79b50ad22287,2023-09-30T10:15:10.417000 -CVE-2023-1973,0,0,f9520c5d5cd486f47769c7bdc30973839500d5df3252eff4509bb67a78937136,2024-11-07T10:15:05.400000 +CVE-2023-1973,0,1,f1927819b41da4b3ca727345c262e804b7c0ab64b3db50730f786187143d5c33,2024-11-08T19:01:03.880000 CVE-2023-1974,0,0,7c9dfbd769fcb9c58b9a3b871d7a9dfc57a1a3878a5f19100642c4c107c70e15,2023-04-18T16:48:12.517000 CVE-2023-1975,0,0,d2f8d5899653461ead10d6f75a71d13df23714caacdd7e6f3d80212d29334b34,2023-04-18T16:23:52.110000 CVE-2023-1976,0,0,083787ef3ce01971148fbdc85ea3bd20f4e761ae1d3050f6d9ace51fbad754b5,2023-04-20T21:09:05.647000 @@ -217431,7 +217431,7 @@ CVE-2023-23331,0,0,84b1e833f2be31d3f8e86dd415524a8ad91942da8bae7007eaa4b47265deb CVE-2023-23333,0,0,942c32ba625080b74216116af0c1468dd17dbef732e038aa3fb34c9b9fd4947b,2023-09-06T21:15:08.640000 CVE-2023-23342,0,0,927371a0ac83bc2cacfbab75d724b33a5fd5994becf43de482d1ba75c5ca0cfb,2023-08-17T14:42:57.963000 CVE-2023-23343,0,0,9d9b82ebb81749090a5e129117525e956301d7d1149368d9db1b96ec1bfba0ef,2023-07-03T19:03:11.543000 -CVE-2023-23344,0,1,2aa95031ae12b65f856aeffc143ad1b7bcfc6afdb4d8e5a59fa24c8207528865,2024-11-08T17:35:08.757000 +CVE-2023-23344,0,0,2aa95031ae12b65f856aeffc143ad1b7bcfc6afdb4d8e5a59fa24c8207528865,2024-11-08T17:35:08.757000 CVE-2023-23346,0,0,15a86cacd15ccb3055a83bd614e86273a4f95d8fa5d2426df76feeb466b61b53,2024-10-29T19:35:05.173000 CVE-2023-23347,0,0,8edf0f7b2abf5ebd50482da480a781ea5e8921007e249a0f6b044e6194c93d33,2024-10-29T20:35:08.403000 CVE-2023-23348,0,0,6573a87baf1824dbeab9525aae2826a614030b6025949d42b20dde47ce72697a,2024-10-29T20:35:09.140000 @@ -220515,7 +220515,7 @@ CVE-2023-2719,0,0,67e1613f47a2a282f5a2d67741c70cf791d2d598aed4bf14b01b62b93eed9d CVE-2023-27191,0,0,f7884a45b029f09b421f66e91ebd2fbb6b99031d942179d34c3869666041f009,2023-04-14T18:23:22.907000 CVE-2023-27192,0,0,0d459a5fef691e015e45edc274232ad818eb1040cb63f30feee457747fdbe12c,2023-04-20T19:46:04.170000 CVE-2023-27193,0,0,db011b9c20b0a7ec3fe7191d94d708aaf84e402b7845de7a6217b63a157f139e,2023-04-22T02:00:45.180000 -CVE-2023-27195,0,0,de4ba9ca382aabd73652308db5e439ebddd9c835d21290b6e57b4835eab64572,2024-11-08T15:35:00.963000 +CVE-2023-27195,0,1,1db344883bab5d24ba38dd104980a3f54b0f34fa4fd99cc74c7709276c32fdf2,2024-11-08T19:01:03.880000 CVE-2023-27197,0,0,e4893c777b607c81209ff71550aea955bb1173b406a50f011540af73d07be5b7,2024-04-23T14:15:08.123000 CVE-2023-27198,0,0,d7c5d99d6e1c2d2350e3e97ed6cdfbc824dd778955fb5505c7385cdd6dd3931d,2024-07-03T01:39:41.580000 CVE-2023-27199,0,0,985816829dca5aafda4ab3255cd7c5230e1b1c3559f7c2d5fcdd1ddc36dda006,2024-04-23T14:15:08.290000 @@ -232722,7 +232722,7 @@ CVE-2023-42948,0,0,e60e6a270a4159f47177637c1f0213b5b06987cbaccbf7c2b067805f6ba00 CVE-2023-42949,0,0,4ba4d25f4f34dd7299f1ae8679a2668afa3ca4ced4c250397b32835ae7ad7953,2024-08-12T15:41:16.120000 CVE-2023-4295,0,0,ec334b74dcc01539baa3eed8300f24e0d43c22b250be6de255e7d71ca4f97cb4,2023-12-28T17:14:36.030000 CVE-2023-42950,0,0,f1d5850b892570a96c5f59ef6bdf8fbbd22dba2618afa507113cc84e9d5cfb6a,2024-08-09T16:35:02.990000 -CVE-2023-42951,0,1,c2b592fed93cc7243fa114a25d8214ba89f9d461bc5878ad805c49747c286a09,2024-11-08T17:35:11.143000 +CVE-2023-42951,0,0,c2b592fed93cc7243fa114a25d8214ba89f9d461bc5878ad805c49747c286a09,2024-11-08T17:35:11.143000 CVE-2023-42952,0,0,ac8164a1e95a71f3635337c8d1e1e316d92bbb5ce2c711d62963ba080fa32811,2024-02-22T19:07:27.197000 CVE-2023-42953,0,0,c3b7092a84e4c9cf27e3a04a908a1a891d4da828332a56e4b0bb35d9d921787e,2024-11-07T16:35:10.020000 CVE-2023-42954,0,0,f45971a666787f6e4609a5b8ff1e50e22211581a6c5afdc32f83d4251ddb5301,2024-08-27T20:35:05.607000 @@ -242392,9 +242392,9 @@ CVE-2024-10000,0,0,2dc410e1583cc50e0eec03ed76e09a77a8842fe67c7d9b7ac5bcf33a5d12b CVE-2024-10002,0,0,b8ac1697c0b5dbe076b29d09227535990b771bd408babdf1ec6b4eb8a74fb84f,2024-10-25T21:20:39.167000 CVE-2024-10003,0,0,ef2c3c73bdb9c4390d998f61684e3cffa9d7cb4391873d2339bfd0892ebc38b9,2024-10-25T21:19:19.743000 CVE-2024-10004,0,0,2b01ad1fe33b0387cc6ecf8ca605118100ba1eac830a494972582a4b13530ed3,2024-10-16T20:35:08.850000 -CVE-2024-10005,0,1,73a00666a55c9c1ddcc37f553711188935242e54372b8a70b2034fd0d0fe39d6,2024-11-08T18:10:09.663000 -CVE-2024-10006,0,1,aa2b015774aeb48455e1fefb8925f1fa569c2641fd612d8b516ac4dfa580e865,2024-11-08T18:10:31.970000 -CVE-2024-10007,0,0,d22e88d231b73507d6c87a58639c4a2037a52798621fb3983347c2ad4c62fee8,2024-11-07T23:15:03.350000 +CVE-2024-10005,0,0,73a00666a55c9c1ddcc37f553711188935242e54372b8a70b2034fd0d0fe39d6,2024-11-08T18:10:09.663000 +CVE-2024-10006,0,0,aa2b015774aeb48455e1fefb8925f1fa569c2641fd612d8b516ac4dfa580e865,2024-11-08T18:10:31.970000 +CVE-2024-10007,0,1,7cb5df60ac40f8c66f2744f5b05d99f456b4251857e903ea22b41edfa55cf6db,2024-11-08T19:01:03.880000 CVE-2024-10008,0,0,93a7056d3eedb0f45bdd1f80f18e9d31f27172cc24baaadb6be41dc083092214,2024-10-29T14:34:04.427000 CVE-2024-1001,0,0,481a263280d7671352a0e81cdb22876e1831937aba78d275dcb085f339a7c9b0,2024-05-17T02:35:08.903000 CVE-2024-10011,0,0,c65457aada34faaf1e6c0516da2186c923ac9223c52e8a5eff532b04914394dd,2024-11-06T16:01:39.573000 @@ -242408,7 +242408,7 @@ CVE-2024-10022,0,0,92e93478773b21ba9b2d43e5c324e5c622d589913a6faa7f64ee1349beb7c CVE-2024-10023,0,0,fb7a2d87c1d01f1c0f753ee2a4448f391382353000e2526f44469dfe5432a49f,2024-10-21T13:14:37.300000 CVE-2024-10024,0,0,341fb3a51358c0d5f83894d8ffa34bc8830630ac4903510ed67f09db34646b2e,2024-10-21T13:15:01.730000 CVE-2024-10025,0,0,19a46c25128674d2a3df76dfa6881dd0177e057f9e034fa6abc2c0a4e8bba033,2024-10-18T12:52:33.507000 -CVE-2024-10027,0,0,139c643fb4aaade3608d78d7da95cd9c22034efc7a5061ec2fb8c3c17749c900,2024-11-07T17:35:09.033000 +CVE-2024-10027,0,1,8327b14bf38407647794795640a7862590bac38b4636dd3ea07f6b3be1ec0c1e,2024-11-08T19:01:03.880000 CVE-2024-10028,0,0,3efb32d0ea3a8f3bb8e9563cfd9c2e219c2c04ec85bc2ed4f5f1bb43fa35dabb,2024-11-06T18:17:17.287000 CVE-2024-1003,0,0,5577a6ad54fba7e1e984add6f75aca7e6ad73817623f9ed150fa33b583cd3fae,2024-05-17T02:35:09.147000 CVE-2024-10033,0,0,e2a4855e02c8a9aa5aec00750ec89db4d8c9b23a9a547fcb7ea42ccd4625cc1e,2024-10-30T18:50:04.137000 @@ -242496,7 +242496,7 @@ CVE-2024-10163,0,0,26289a38ca28d6fbf3697cebc7b8e78d717fbaa250d69c3062759b06a1925 CVE-2024-10165,0,0,5e96b8bac045d76007a8a1ccaf66b23094bbe577806718f5c39b95850bfcb648,2024-10-21T21:35:06.987000 CVE-2024-10166,0,0,d38e0eaedffd343f532bd4c1abf13dec4f7eece79809104c00c35d23c5bd77f6,2024-10-21T21:34:52.430000 CVE-2024-10167,0,0,e7ee4350c0d87b98f4009c350ce488d1222a8473f5eed0163be4fcf02375526f,2024-10-21T21:34:25.810000 -CVE-2024-10168,0,0,339160409cd0f12c7683b36696f4cb443613ec9efc739e3b680bc936314b782a,2024-11-06T18:17:17.287000 +CVE-2024-10168,0,1,9f0a380a1e9da1fe07838af0e7281e7c3f048ae8c3246f2cdeeb1be5445da6d7,2024-11-08T20:27:34.360000 CVE-2024-10169,0,0,1db0b82161d097e04e0d9142501d34c98067446995af0ad4d8dda4cff4f3006d,2024-10-23T15:01:58.987000 CVE-2024-1017,0,0,50b68641acb97d381e6a65107328f0dab0fccf027bea27ef0f379cc058119760,2024-05-17T02:35:10.627000 CVE-2024-10170,0,0,43858dc94e553ea996e2f62171c2a07580bf4384f9d10283ecd355d244289e84,2024-10-21T21:33:49.663000 @@ -242509,8 +242509,8 @@ CVE-2024-10181,0,0,e508d85fb29127dc9615d55a59c4f686aa113b77b39ab8d7dcfaa4fd4cd2c CVE-2024-10183,0,0,120f83031d6b056b9464662cc23a397a8370d5b6b85b4ebf16896e12042e7ae6,2024-10-23T15:12:34.673000 CVE-2024-10184,0,0,82e323cdb696d7fc911e7053501b005fcd00bb282537fcf739cadb894187d0e9,2024-10-29T14:34:04.427000 CVE-2024-10185,0,0,ca6dfd9088b0219f97894c0990b4ec594d404f7f2fe7b73023fa5dc239e3eb40,2024-10-29T14:34:04.427000 -CVE-2024-10186,0,0,4d3fd62519980f28301c21dabc2a1b809b1f9ddb59c1a1919a3b85ca718f63f1,2024-11-06T18:17:17.287000 -CVE-2024-10187,0,0,1e76cfff1df62836911979f4a1d559a9db15c724cbce5cdc3f42083588417e9a,2024-11-08T10:15:03.837000 +CVE-2024-10186,0,1,eb66c81d47cfeeb0c9bfbdcd3d754d6219e4ef5f3acf91c6130964fa9efeb8a6,2024-11-08T19:21:48.357000 +CVE-2024-10187,0,1,fbe3bb9d4317e8eaa9599f98465332ac7227c81384d7b4595db56af25818cd64,2024-11-08T19:01:03.880000 CVE-2024-10189,0,0,44ab01729f421efaf03808ae973a9923c5f8c6b41f07f8511cb89b2ff9a7419b,2024-10-29T15:27:55.550000 CVE-2024-1019,0,0,9d34fb91efb6a448073ac765944da7eab7ec7fd07c6fef378639c859599f6841,2024-02-20T02:15:49.973000 CVE-2024-10191,0,0,4ecd88c27c34e37b94ed56c347924bf6837bbfb39d55fba1c828925d6337ab29,2024-10-22T14:33:12.313000 @@ -242526,7 +242526,7 @@ CVE-2024-1020,0,0,d848db5207b830f092dac5463c394c0f65f6423556f55d15e70d177c797c2d CVE-2024-10200,0,0,79b6885d13f32a07bf1c1b28ed40296846ec3a4a32b1a087d30356c7c44307a2,2024-10-24T13:57:28.357000 CVE-2024-10201,0,0,fc2d027d5ae19fe93b2c62f794fd44c91138a3ac85ba03fab3fa5acc683a119b,2024-10-24T13:56:56.503000 CVE-2024-10202,0,0,bbf4778e12a2d6f664529db53cb3cf049c2b3a3bf45111e5ee15b039098bfbd2,2024-10-24T13:55:46.110000 -CVE-2024-10203,0,0,79eded26d239407071a3ddaffc916851493acd54ac437432f1cb04b3a99b028f,2024-11-07T10:15:05.663000 +CVE-2024-10203,0,1,2281dae8a6da10bb152783d708df85babb66d3a8b4310b54237aa5d49f660e26,2024-11-08T19:01:03.880000 CVE-2024-1021,0,0,89180a6ed9705fc79d8d8a15633a1cfe9e27adac2a4a623501249d49427826d0,2024-05-17T02:35:10.970000 CVE-2024-10214,0,0,f1ffbc47d38f848fe742b18a6312c0e8ed0dcf6ee0fac4acd3827be3368439e7,2024-11-05T17:03:22.953000 CVE-2024-1022,0,0,f42eaa1b302319f7e3148377e0522c31bf6c16d407215c446c1d3f1b55b4debd,2024-05-17T02:35:11.070000 @@ -242547,7 +242547,7 @@ CVE-2024-10250,0,0,8accb693817c35c7e4f9fa710076ead819720d8653e5052fbeeec31b3a5b4 CVE-2024-1026,0,0,e127bb5d00442b36eed0e6ff6513a3a42c45706876a3a5f2167365447fb898e7,2024-05-17T02:35:11.320000 CVE-2024-10263,0,0,d8274159492686a2b3c754959bfc4509f9c9201a502006a3dee5515647626798,2024-11-08T15:59:41.633000 CVE-2024-10266,0,0,c93db2a67de792a64ad3b8f3ae10accf6f21ac600e94cc18aca994ed95268502,2024-10-29T14:34:04.427000 -CVE-2024-10269,0,0,507ccec8b14911a6afde0b9992fa76a443105e18ac44bd122300f08058d75f0d,2024-11-08T07:15:05.487000 +CVE-2024-10269,0,1,52654717b4b93a8e333771abfdcd93e402d393cb11d01db52c12e8f4aa3192bf,2024-11-08T19:01:03.880000 CVE-2024-1027,0,0,7cdd04f65f65ce162dee4b0e860b968e4c1a6b7f21d53e978519c8259363a858,2024-05-17T02:35:11.427000 CVE-2024-10276,0,0,913e45b2b0c4a67a031924d52b79fd99196e0bfd1eaceb610aead0724000ee9a,2024-10-29T18:15:05.140000 CVE-2024-10277,0,0,5633b0a41069f99639d6b8d0da0073d4b799e83ff36f803e05de4f861ca0e809,2024-11-04T22:13:13.207000 @@ -242579,10 +242579,10 @@ CVE-2024-1031,0,0,6576162a78ac686f55e5931a6b8f02ff6c7312ac04792581e6d78da8a91700 CVE-2024-10310,0,0,3b0decb54117e1f6369f0c8a49822eb1c6d4be5cb40b8b5a9079fd842cd0c653,2024-11-04T13:06:20.190000 CVE-2024-10312,0,0,d10f0012149342545ee317e492eeaf284c6b634b254526457f270c7ce4937a16,2024-10-29T14:34:04.427000 CVE-2024-10313,0,0,0a692e743da8a6f5929e9a5e61a16c962249b9fbffffedea4a154098bf7390c0,2024-10-25T12:56:07.750000 -CVE-2024-10318,0,0,06619bb56558e0f10864429c945425b877bba746e9eef82aa6f8f84cae37fa22,2024-11-06T18:17:17.287000 +CVE-2024-10318,0,1,c9c0b32165e110789e705dc55263c8f26a928f9dce25281896f08d394c1b97f7,2024-11-08T19:51:49.380000 CVE-2024-10319,0,0,521a2584bb331a8cf29df932b8069e068af4d281b03c20cc06073eb127cb6582,2024-11-08T15:25:16.317000 CVE-2024-1032,0,0,06925fc416f8ceea7fb895efc2e3f765d4f064c5150968a9409448741aa1fb78,2024-05-17T02:35:11.947000 -CVE-2024-10325,0,0,674fd9d55316ef62e94ed4e7ab3076f530997cad7928aec0e8d5608c5283aa43,2024-11-08T12:15:14.380000 +CVE-2024-10325,0,1,c6f88079ac22a9091bf71035663ec83de5617fab99af997896d6ec6bdca8a204,2024-11-08T19:01:03.880000 CVE-2024-10327,0,0,5a1546502e73211d148718e818d15cec9bc5841df26bde254740ef77c9d65b28,2024-10-25T12:56:07.750000 CVE-2024-10329,0,0,aa7a42ea4cf0e5f5abf4a60b69d94b5c2177a6fa12ec61ac3de40c80882e4efd,2024-11-08T15:59:16.407000 CVE-2024-1033,0,0,6041b3ccd70df4052a8c26438331689f702c93b37a47aeb2d707df9d77ed7f49,2024-05-17T02:35:12.047000 @@ -242675,7 +242675,7 @@ CVE-2024-10447,0,0,20a77c16977cd86421b31dc7f8e87f37efdc79e51d4f78a901539c52dec6a CVE-2024-10448,0,0,321c290fa10bd947d8b384a53dafbe5d4ff4b7a0a6522b833253529007c67a27,2024-11-01T18:26:55.980000 CVE-2024-10449,0,0,8607f328e6ad15d8ca267c31a328033a0fcda88d731c3cb315537e91214fb44b,2024-10-31T12:47:08.810000 CVE-2024-10450,0,0,173344ccdd09f6157ee138e9e87d5e1e2468de9e6dcf03f6fb5d2387fc884b09,2024-10-29T14:34:50.257000 -CVE-2024-10452,0,1,ed604eafa80afc4a63191e6b23b310319c51a3ea5f05d4778d6940fe709d8eb6,2024-11-08T17:59:10.977000 +CVE-2024-10452,0,0,ed604eafa80afc4a63191e6b23b310319c51a3ea5f05d4778d6940fe709d8eb6,2024-11-08T17:59:10.977000 CVE-2024-10454,0,0,52aabb7e4033c13d6c0cbb6c18bbcbf12ecd563307e135d1c792e1d8c4be1291,2024-11-01T12:57:03.417000 CVE-2024-10455,0,0,9f18b197c1829a5ecbaa5a69cd0dd4162e3d6f6c6818ccd45083d33b92cd8ac7,2024-10-29T14:34:50.257000 CVE-2024-10456,0,0,4a9ecb31f2661ae18403e7eb3623dabef12268f04b4de73b98309d52aed70779,2024-11-01T12:57:03.417000 @@ -242715,7 +242715,7 @@ CVE-2024-1051,0,0,301df872c002365b13eaea34d02a8084366516306d472e0b862c9b6067f5d3 CVE-2024-1052,0,0,2826dc83bebd9032f48348a63ffd25025c2a6126abd483892ed79004a77aef0f,2024-02-15T18:49:40.180000 CVE-2024-10523,0,0,a761a52195ca091ecc100fefe31fd4eadda4d831fe94860e2a159923b6d0d68d,2024-11-08T15:14:30.070000 CVE-2024-10525,0,0,cfad79154f466fe96736eabfa65cac8f6409e21deb7f07d79c02c68ee3f19eb2,2024-11-01T12:57:03.417000 -CVE-2024-10526,0,0,b6bfc4981836245d05b104fa0f82cda2fe58f248038155d73ac09e81e4f80ad4,2024-11-07T11:15:03.973000 +CVE-2024-10526,0,1,0fa46d8ccf5c219359a0535980da66887fa2b5cd7efbd75d68b15fd2b882e15b,2024-11-08T19:01:03.880000 CVE-2024-1053,0,0,3d9e5b8218feb39348551f4e96f20fbacd04f2b39830165bb00a553a3d3c5ccf,2024-02-22T19:07:27.197000 CVE-2024-10535,0,0,56cdc2e791f3000cab33f46caa279b46ba491ee0301f477bedc871a8b91a9a81,2024-11-06T18:17:17.287000 CVE-2024-1054,0,0,f8e7e53b5707aaecdfe1ea6fba53413ba04bed5cdf673762252b510775f984b1,2024-02-29T13:49:29.390000 @@ -242759,7 +242759,7 @@ CVE-2024-10618,0,0,93149fe02b452b3955b6d6ea5aee1a2a6f14d11cfd7cac8e8631e7490dd20 CVE-2024-10619,0,0,a69d9e7a25ac11fb3b1ab17e7ce2294adef4cd488803cb21c60293a84d322259,2024-11-04T15:11:44.627000 CVE-2024-1062,0,0,96fd163b87faa7f96df00eff21b1688e595dd6d409735135ea0e59da2984f85b,2024-10-10T14:22:28.617000 CVE-2024-10620,0,0,724abc136e85c83fb378f9f08553f42597c7003f31982d5ab3f2f979a65abde0,2024-11-01T12:57:03.417000 -CVE-2024-10621,0,0,8af251acda43300adaede80a6e8589c7ea49fc8c3161c5541d4b6853f26c6d7b,2024-11-08T06:15:13.913000 +CVE-2024-10621,0,1,be1e03a4177ce290a2933b649deef1a5a206c547833b9b659dec2fc68dba2fee,2024-11-08T19:01:03.880000 CVE-2024-1063,0,0,74a897918202555ab7dea6b1737e329d32a036051a3381cf0244644b537611c7,2024-02-05T18:25:57.167000 CVE-2024-1064,0,0,f25346ba7587521e1585b34f9b82a63a0a8099891451ea7215e7704632eec54a,2024-02-12T18:42:14.777000 CVE-2024-10647,0,0,3cd7a9e94ae95564602c2f073c039d80eb92a68ceba4d68a4546e1e4784441ea,2024-11-06T18:17:17.287000 @@ -242777,7 +242777,7 @@ CVE-2024-1066,0,0,7cd919bef6acbf4a1ab59632c47efb8ac6efc2d2c9f422a5fc3bf23611a0e2 CVE-2024-10660,0,0,f525208ea29c8266cde1476239eda59ff1f0ab9a3e7bdbee9dd171ceb2cef109,2024-11-05T17:04:45.093000 CVE-2024-10661,0,0,3a8f12267875f9e533b9d9d2b244a0cfff287128b133c964cf1107af67490bfa,2024-11-05T14:30:37.787000 CVE-2024-10662,0,0,7f193b35faecba25eb69b45c896888a79d54755e1824e8384db4944270b09c04,2024-11-05T14:30:16.847000 -CVE-2024-10668,0,0,d688e67cf3ec67742f7663797e8242d3e69513517b066b4af4b35e3fb51814c9,2024-11-07T16:15:16.923000 +CVE-2024-10668,0,1,ad6a1e988aa7f35451b56c605706e2e8d28df7ceaf4537d00be5d4d05186782b,2024-11-08T19:01:03.880000 CVE-2024-1067,0,0,54f094f38a51fcd0954e79c36caca8c799a450eda4559137980b77dd6d9caf6c,2024-05-03T14:17:53.690000 CVE-2024-1068,0,0,affccf40ed47a318eb2ecd8e307c56fa640a43f94e3b3e8b50a778ab4a9c998f,2024-08-26T19:35:04.287000 CVE-2024-10687,0,0,2d74811f2fc6d3aaef423135ea18016bd4a20ce3a927ba94efb8aa3eac4c5b2f,2024-11-08T15:26:52.523000 @@ -242791,7 +242791,7 @@ CVE-2024-10701,0,0,53baafb789e17d3adca0638e17c429a583b20f9faed929ac230c13977cad3 CVE-2024-10702,0,0,1494650cf24141bf55e997b208eb307166b880baeab6c7ba81f17c35396d74f0,2024-11-05T16:52:11.193000 CVE-2024-1071,0,0,203dd69d50b387b330a57560d4e66e827311506680b4f1e4c4b62b6aa394169c,2024-03-13T18:16:18.563000 CVE-2024-10711,0,0,667b67eedaf55d76b13f0d67159b73016c214e768164f9d0df569a4659871c82,2024-11-07T17:04:37.663000 -CVE-2024-10715,0,0,d2c9653d43a32692b03cb0b8a0db12fe1fd5c8614bad27310f2895b65d6f57f6,2024-11-06T18:17:17.287000 +CVE-2024-10715,0,1,a0586864202123c788b39c9152d7bb58a990061badde7177b34380925db28d59,2024-11-08T20:25:37.380000 CVE-2024-1072,0,0,d1340477909607c729b87fb4231ec3eb5b83c947dd2f9537edfb72049dfc44f6,2024-02-13T19:44:28.620000 CVE-2024-1073,0,0,39b7dc528198b2afbafa91161478b052efb2c858a3c417cf6368bfe809460c5d,2024-02-07T20:56:30.313000 CVE-2024-10730,0,0,8808b0788cc1226811ed98f049f4208abdd990eebdc310df0fd93dc6dcaba5d0,2024-11-04T16:42:33.607000 @@ -242846,11 +242846,11 @@ CVE-2024-10809,0,0,ea652f7f5676144619aa1801e4ca90f6a805fad57a8917b37e98b94898936 CVE-2024-1081,0,0,b9ecb327bf229081db54279065262fbdf204fadb84142fe6a647ad5480db67c8,2024-02-22T19:07:27.197000 CVE-2024-10810,0,0,24dc4cb4af16bbf52a3428afcf948782067630e0ddcd0604e4c08419e6e83436,2024-11-06T15:16:12.497000 CVE-2024-1082,0,0,1a3a3ef85a9a06621291f657b27812f6a6be683bc843b0137ba9e53485eee330,2024-10-17T15:46:44.327000 -CVE-2024-10824,0,0,605ee868a4c0f04823900a4f09a5550fc501d7f0d1c69cdf3dcd711296570fab,2024-11-07T22:15:20.450000 +CVE-2024-10824,0,1,6eb650dcc5948040831c411456d27fae52cd783d32ad30faaf04938565b810b8,2024-11-08T19:01:03.880000 CVE-2024-10826,0,0,e7caea17df9e50303e84eb12f606f4531bb8bb9449a87b4576ba355c7a719f34,2024-11-06T18:17:17.287000 CVE-2024-10827,0,0,c533f4c70607df301dc68c381588fa8b3325a3d893bbcbb9a6092f250e2c41fa,2024-11-06T18:17:17.287000 CVE-2024-1083,0,0,f65354685ac9d5e6ec0c7d89ef33fa98a96cad0e23da0316206039cbd9c94fda,2024-03-13T18:16:18.563000 -CVE-2024-10839,0,0,d58d351a4cf7acfd26613fd4672880ba813cd768006929de610286df50151c73,2024-11-08T11:15:03.603000 +CVE-2024-10839,0,1,959999d7d9e7ad6c83b2a659b5f94ea06306dfe2c58a8ebc0b6485e885f4cafa,2024-11-08T19:01:03.880000 CVE-2024-1084,0,0,b38be98d35d4290a3ce2408da5081c91dd802a2448815858b2cd8d2247674e10,2024-10-17T15:46:42.330000 CVE-2024-10840,0,0,3088ecb88b6f610106137e52cd92a9df0637e9f9f20cd58417274c10e35a041a,2024-11-06T22:49:12.173000 CVE-2024-10841,0,0,1914449d57ff1a3babaaf40b7a33b002037c2a6558bba70a8f37b24e8f3218c2,2024-11-06T22:50:24.277000 @@ -242864,47 +242864,47 @@ CVE-2024-1088,0,0,7487e11aa2518f6cc93d89dd95a39f5c8d6e4a1b2567cf073eed09f7df7825 CVE-2024-1089,0,0,9442709e929187c1b992d082c3eaeec9226480f80fc28198e3a73f4a684640d5,2024-02-29T13:49:29.390000 CVE-2024-1090,0,0,2d0b80c82d6d153c4e0b5412c3fcf892da86ac73a72da4cbf84bfbb064bdcb0c,2024-02-29T13:49:29.390000 CVE-2024-1091,0,0,54ee7e9ca708166212a73aaa10e4715176fe17b55fbce1ee0ea8f95d289d46a5,2024-02-29T13:49:29.390000 -CVE-2024-10914,0,0,09de4b68fa46b7ed0e9bf2c7174fd9e62be01c86f8d95e52add07fd9e2090ba7,2024-11-06T18:17:17.287000 -CVE-2024-10915,0,0,1a895bcc292043e4cf2ec99aead7474b7cdda35c5f81f92e20395d0deafb695c,2024-11-06T18:17:17.287000 -CVE-2024-10916,0,0,53443e54e55c3a54111ef55bbe8925e1700f77a586713f1c8fd853e1c516cf30,2024-11-06T18:17:17.287000 +CVE-2024-10914,0,1,a19349a4797c04ddb77f70975a0145b559e2c17ff8d6db53557df6669e0449a1,2024-11-08T19:53:04.793000 +CVE-2024-10915,0,1,b06bfc4427bf3f30a98b7ce390941759d780f67755e284354baa2af5087ffe27,2024-11-08T20:11:10.973000 +CVE-2024-10916,0,1,bc544f9bd284df1d2cb2c93c5b72a85d457acf8720f73da6b50b8a164264f036,2024-11-08T20:11:37.567000 CVE-2024-10919,0,0,a9eb02ffc877d3649d3e97e181e7b5d396e5513925c1dfbc9593594bbb4efcef,2024-11-06T18:17:17.287000 CVE-2024-1092,0,0,4e514cbeb8cbdb0016fe4cb374f3dffe448e95b35a82b13ed7cb7be1b7fe61c2,2024-02-13T19:43:06.247000 CVE-2024-10920,0,0,2a084f5df50e8d62344f7fb5574910af35d9b3838be955d3bbcc07e777ed2e3c,2024-11-06T18:17:17.287000 -CVE-2024-10922,0,0,dcdc6c77dc4fac532ce2c20d205d01003ca9693c1f9be4b369703502e6df3b9c,2024-11-07T02:15:02.847000 -CVE-2024-10926,0,0,836b6dad2f467cae785f28103c4c848e59141b80159f4c1ffe543f045d6be6ff,2024-11-06T21:15:04.927000 -CVE-2024-10927,0,0,226ffab385a850b4c5b8dd25f7ce6a6c6abd2a61610fc08c79aeb35330d016e7,2024-11-06T23:15:03.623000 -CVE-2024-10928,0,0,d4c3692efb61e8b6c0a11b6bb9a3f389dce48d6443ee9da2622e0e46fd15a8e5,2024-11-06T23:15:04.007000 +CVE-2024-10922,0,1,2e8ad1bbe2c22b2f860e82caba9eca723e865a4e9bffae87682e3cfa53e59e0d,2024-11-08T19:01:25.633000 +CVE-2024-10926,0,1,d4b8448490b176d20ac7d5dd5d9abfb0445d0f8f33211ac22e460a561e976123,2024-11-08T19:01:25.633000 +CVE-2024-10927,0,1,89d2896b297590d0b070dc2d6fc3af12d21eeade74b7d5af5a8c30243a174669,2024-11-08T19:01:25.633000 +CVE-2024-10928,0,1,d7b9ae13d8f86fa638d0e1d42acef5c90ca0f7e31aac0a4c1ed2473457ce5298,2024-11-08T19:01:25.633000 CVE-2024-1093,0,0,de7ad9b72d87a55cf339c2dc774b7bea1d33bb68e3b932a439fb6fd6a0ef5b53,2024-03-05T13:41:01.900000 CVE-2024-1094,0,0,e9e492360318e20689e515fe6138ed3b8630e834f4abf2efeafd987f7e7b2dc6,2024-06-17T12:42:04.623000 -CVE-2024-10941,0,0,675a2a19161edc958e8a197cc6dc80c9908daf66aaab2775f6145c4f21c47875,2024-11-06T21:15:05.213000 -CVE-2024-10946,0,0,a6ad417888c4cb9e2fc5eec40f645ca204711d0d64a5691bc9c50b51dd63b0ce,2024-11-07T04:15:03.277000 -CVE-2024-10947,0,0,9adb5268473ea3fea228f3f531eb38bf7afe18f43d752d8c6e606d0c94e4e695,2024-11-07T04:15:03.590000 +CVE-2024-10941,0,1,13c9aa5648736117eddcc05b7c7bbd41bd256da81c39332a1bd9e9e846bf4626,2024-11-08T19:01:25.633000 +CVE-2024-10946,0,1,53c127b5d01f3eb86df399cdeeb942bf199714aabfb134ba6a8dac66d645a2f4,2024-11-08T19:01:25.633000 +CVE-2024-10947,0,1,0411e4a4d7c1a87e65d7d83c82156a4ec968e1f848bfec751aba34746b5cca7a,2024-11-08T19:01:03.880000 CVE-2024-1095,0,0,e70da3b629cae08421ac3ff6db71fb525bf872b735f906aa9168a1a3feae7dcb,2024-03-05T13:41:01.900000 CVE-2024-1096,0,0,9e6ec92aa91c226f1dce82b660bd82ecda12366a7db0465d5ab79a9947cb0a51,2024-03-21T02:51:34.720000 -CVE-2024-10963,0,0,2e43d64721ae498d9c0979a7fde3cc7da9fffb45e856008a15122bac3c1734b2,2024-11-08T07:15:06.500000 -CVE-2024-10964,0,0,932022df45454192c27b27214f9ebfd2fc448c4c668edc98e31aee9ac4b57de8,2024-11-07T17:15:06.500000 -CVE-2024-10965,0,0,3da145d300696d81efea92b8ad0251b15a208fff15d9136fbab253d97c46ef92,2024-11-07T17:15:06.890000 -CVE-2024-10966,0,0,18b31358ef50050611f146262296d675ab5d947a27e7cb13657e86f0a1fce494,2024-11-07T18:15:16.033000 -CVE-2024-10967,0,0,a21f192cff1f36d5650d6e547699388efb7cc3b31d31bd2d7ba30b250786caa9,2024-11-07T18:15:16.393000 -CVE-2024-10968,0,0,4db13284bb2668db27212f9b23fd23c8786091fe6a0c1d8a9d9c495d0c5875c5,2024-11-07T20:15:15.633000 -CVE-2024-10969,0,0,f64a194bedc79492a1cc5931029c0d0397f9a3186d57d95808f266442abe04ea,2024-11-07T20:15:15.930000 -CVE-2024-10975,0,0,34f1935a80bbd4cf8feb21b0a117889731e6fe93e5792e35ba6a53068ba38fbd,2024-11-07T21:15:06.383000 +CVE-2024-10963,0,1,8af3c09cd468169fcfd76c999c7da3beb49618f550ea24366748836250fa35e0,2024-11-08T19:01:03.880000 +CVE-2024-10964,0,1,59c42738567fc9804ec2d61407344d8d58a5472c34e273ef586a2c76a2aefe85,2024-11-08T19:01:03.880000 +CVE-2024-10965,0,1,c66f8f41a86b61772baa3fe053f73c721fa7e86ea505631bf695cb762fd01af0,2024-11-08T19:01:03.880000 +CVE-2024-10966,0,1,3df47cfeba07424dbca1650d45cf844f6cc1bcda5f1462544d39e404a912cdab,2024-11-08T19:01:03.880000 +CVE-2024-10967,0,1,045953be48e7bafc650cdaba1889b3cce653fc03383c0343e3292851109279a3,2024-11-08T19:01:03.880000 +CVE-2024-10968,0,1,f600c79ff6183eb1b51f4003b01ba4a417fb853b88c9cd1f3e9f06879ffd32fe,2024-11-08T19:01:03.880000 +CVE-2024-10969,0,1,34fb384baf8f9b6070297fa30997eac3a4fc91278070bd97f872695ea721a856,2024-11-08T19:01:03.880000 +CVE-2024-10975,0,1,f38693c9a402e208f0de21f91edcefa5c1f789073d3e380787ea5dd138f197fa,2024-11-08T19:01:03.880000 CVE-2024-1098,0,0,7637c79f93f6fef4c2ad0472be16e5b2b85cffeb9436b7defda280fbd3390871,2024-05-17T02:35:14.017000 -CVE-2024-10987,0,0,b94b145339f83067d3aeaffe7ea2338ebcd1c20a11e5364a5367b00125f19377,2024-11-08T04:15:15.190000 -CVE-2024-10988,0,0,8663ebc57f42ab108136835e3f7e50756f7c511afa43d70c3bca30fdee0e9cb3,2024-11-08T04:15:15.503000 -CVE-2024-10989,0,0,c376ff6d0db20a8b01bcf485b8340a3cc10cc5b20414d0f26e44988d14165cb6,2024-11-08T04:15:15.783000 +CVE-2024-10987,0,1,0f5f40b95778e745d3c36eceef208d20fa1e84c6479725fa9e8e4c2b6e2464d8,2024-11-08T19:01:03.880000 +CVE-2024-10988,0,1,3a234a6f908f2b80348115ecc296ef4a2c50016a4f73e041e438dbf1e02c442c,2024-11-08T19:01:03.880000 +CVE-2024-10989,0,1,3eb2450af56824ab8eca73c10780497e88a548dbad319af6e7776520545a1e07,2024-11-08T19:01:03.880000 CVE-2024-1099,0,0,60fc16226818d332b7b359f2f2234cb026357af6ad05031d156ab3f490bb4021,2024-05-17T02:35:14.133000 -CVE-2024-10990,0,0,eb0e427acef6d87bc71c655a0a22fbd0f0d90f42c062d238620705b03a48c720,2024-11-08T05:15:05.690000 -CVE-2024-10991,0,0,7c9728dcec35e27c18789117f7f0fa676d71e1a2ab9fb15f837465ca72bea50d,2024-11-08T05:15:06.127000 -CVE-2024-10993,0,0,26ced40445eca8c4524b4be3b98e6cb625ce907af80b8ae3d88cab44f403e9b1,2024-11-08T06:15:14.243000 -CVE-2024-10994,0,0,d4dfc32ccd0209e80919e9462d52d11d1f76e6fed0d05e0af951f076d9cba1d6,2024-11-08T06:15:14.540000 -CVE-2024-10995,0,0,ad8bac1ca7c73819289d8647b4433eea624c97b1bb923f299b2139519409fabe,2024-11-08T07:15:07.263000 -CVE-2024-10996,0,0,444633ee15e68733a44b9b90b70c5073debbbc9a166b8bcb2791ee087afc0504,2024-11-08T07:15:08.117000 -CVE-2024-10997,0,0,e8f485a2692740bf10b06e1ba7e80ff97372969ab862b6d902ad33c790cc9f48,2024-11-08T07:15:08.647000 -CVE-2024-10998,0,0,c6ee37d0ee7ab86f35d700481f5e93443fe6c43dfd674deee9a89f888c7870ba,2024-11-08T08:15:12.913000 -CVE-2024-10999,0,0,092b3796db402395467bd266000eea5b7062174201361977d35684458fe9d386,2024-11-08T08:15:14.597000 +CVE-2024-10990,0,1,6a10ddd21afec926ace36545d1c9e984738b6ea30e52d2522fac31da403a3b05,2024-11-08T19:01:03.880000 +CVE-2024-10991,0,1,e57295838ecd1670d4fe14d7945fe7c3da732066791e84b5b7389c6a195881d7,2024-11-08T19:01:03.880000 +CVE-2024-10993,0,1,7206cf6142982e85355f271e8aa716072abf4161e0799aa2f6e97fb5c15d5fbc,2024-11-08T19:01:03.880000 +CVE-2024-10994,0,1,bb671e509513a2c6397bcf7eedd3395cb15ec032b2149050a0421bf7ae205cbb,2024-11-08T19:01:03.880000 +CVE-2024-10995,0,1,6099177388216d3cb554dde6556c294f5a226daf575964867b89e30b0f99d5a7,2024-11-08T19:01:03.880000 +CVE-2024-10996,0,1,f3e857f9324b8dec3e00121203b4217408254c951466f8d91067aaaf5f6af006,2024-11-08T19:01:03.880000 +CVE-2024-10997,0,1,8b49c5af9a43c1f07cb1b0089287e079b8ad3f35df2308f2963e5d92e38209fe,2024-11-08T19:01:03.880000 +CVE-2024-10998,0,1,41f387fbf1645aa90b35c52ac0db0cc1b6181351deba62e7b43db2377129b1aa,2024-11-08T19:01:03.880000 +CVE-2024-10999,0,1,25c169fccdcc9e88a3876005f32d4643213fc0492b1ed51816b7a93f6109fc6e,2024-11-08T19:01:03.880000 CVE-2024-1100,0,0,f004473b9cf0d9d95a81c6b2db685e986de4389d0d38ab5c3537c8bbd36c025b,2024-07-03T01:44:59.517000 -CVE-2024-11000,0,0,80236f0f839666682aabed240a780bbcb1919f54b251f8268a3389f55610630b,2024-11-08T08:15:15.283000 +CVE-2024-11000,0,1,4fb6c84b88e18aeb98d1b738e518210fb6a3e1010153945ab3cfa9fceb300001,2024-11-08T19:01:03.880000 CVE-2024-1102,0,0,0928bf44049eedf97e0b54e5fbfa6f0206fb5c0a5ae4e275eff0db0e3aa685dd,2024-10-16T15:15:15.150000 CVE-2024-1103,0,0,7224a9abc8ad2624b19754063e5e3f1dd278d487bc1541d6b3a3ae6b5907a9fc,2024-05-17T02:35:14.273000 CVE-2024-1104,0,0,9ee10688672006d34031cfe725e4adf4d669e817d06739b003e5be9062883e98,2024-02-22T19:07:27.197000 @@ -245109,7 +245109,7 @@ CVE-2024-21534,0,0,3641068338a125cfc76dca395aebd37e2004a05bbcc966c1678ccbc5dcd0b CVE-2024-21535,0,0,2e7744380a1db7060122e5ae23002590579ae07efcc1f1beb06e6a3a8350e174,2024-10-17T20:36:29.213000 CVE-2024-21536,0,0,4f914cfe6666bcd465a58ac4926a267d85d3e48bad9af0623e3ff24aeb06f5b5,2024-11-01T18:03:15.897000 CVE-2024-21537,0,0,b5c780dab93a9075b9d24d6af4e9f73fa194b201a9c6953f660e67892e16f17b,2024-11-01T12:57:03.417000 -CVE-2024-21538,0,0,83adafbb6ffdda5c3920c5e1ced22a1c8901f432d587d51c7309a0b0808dccb5,2024-11-08T05:15:06.453000 +CVE-2024-21538,0,1,e8cdab9c6756d7f91f4358b51c5fdc4acd8293095dfa14f99a5a2ff2dfe3d783,2024-11-08T19:01:03.880000 CVE-2024-2154,0,0,ab5f0b39bb38e5c25606bad964d563e0edda059ff34db22b99ca2b3670b021ff,2024-05-17T02:38:04.970000 CVE-2024-21545,0,0,614ed901d7a98204a096c9331020afa9e58729de6a0c722ccca7898674ea9a4d,2024-09-26T13:32:02.803000 CVE-2024-2155,0,0,499612150b3a1be829ef430bb3388eb54a55d7bb52271f37f2a76ceb8af6c56f,2024-05-17T02:38:05.063000 @@ -246301,7 +246301,7 @@ CVE-2024-23305,0,0,1bec79bc4020f6ec3f876f6219b03c33047027e58293560df4d9a57dbab1f CVE-2024-23306,0,0,91f46f52d9e5de00866e9203178e37e34a29f802d826e4f6441f99c1a5c6820c,2024-02-14T18:04:45.380000 CVE-2024-23307,0,0,ce3f1c4d4ee00439ab4eb84e7304958dea526a72b7cb431c57d45239ed513046,2024-01-31T20:38:12.743000 CVE-2024-23308,0,0,ab780e3d459f30026b937323fd197ac1b2578a1b6664154111931dd5ecc07d0f,2024-02-14T18:04:45.380000 -CVE-2024-23309,0,1,72e0380a6f27818b0b36a759ba1b1c9597b21f436a8e41a403b9b735fe7f79d2,2024-11-08T18:27:00.643000 +CVE-2024-23309,0,0,72e0380a6f27818b0b36a759ba1b1c9597b21f436a8e41a403b9b735fe7f79d2,2024-11-08T18:27:00.643000 CVE-2024-2331,0,0,4ae45893d8915acf1a1828719d664bd22bca980785ca070e6d05565096dfa696,2024-05-17T02:38:10.643000 CVE-2024-23310,0,0,4179f0bf8f658e9935c63c9c35f42aea4d1771a834836f01ffe3c75ee4f84241,2024-04-02T15:15:52.963000 CVE-2024-23313,0,0,423eb5c8ce01f4dbd3ff16b47be219cc8721b4595695d3e2421bc510a6ef2931,2024-04-02T15:15:53.050000 @@ -247055,7 +247055,7 @@ CVE-2024-24401,0,0,4da45a43b8f4acdf56d81b368a5b8646db19f793f400a226a8b7c058fe90e CVE-2024-24402,0,0,0ebb6e6e30483f179160c13ba64f62c3f75b2bf61976eb089a6d82e44b8a61fc,2024-02-26T22:10:40.463000 CVE-2024-24403,0,0,9dfd8d2383a51e07b61f370007222fc6207ac481d048277e8f500a7d8b0ad907,2024-05-01T20:15:12.510000 CVE-2024-24407,0,0,544874ccd7bf190605b1eed09e8dcc374c7eae5526ea68f4038bca85f79c4f1d,2024-08-01T15:35:06.210000 -CVE-2024-24409,0,0,61988da292757b66b8fc5b6cab11e40917c68e0788616ca47abafafa6a122fc4,2024-11-08T08:15:15.917000 +CVE-2024-24409,0,1,c4ffca2b8364f86b774981d68ef351cb674e9aea19a98ddfd1a19bdfae0b006c,2024-11-08T19:01:03.880000 CVE-2024-2441,0,0,748a7ac4d6ed599dc743b338d434f4fac66b4e81d9dc4afe98a976de37bf668f,2024-05-14T16:13:02.773000 CVE-2024-2442,0,0,da6587851d777a7caecc3fd36ba9b67242261a5b34dedee058c0f959b1280fc4,2024-03-20T13:00:16.367000 CVE-2024-2443,0,0,a8bbe87eac8a41399b1d0d3a72e714355872c34062df72f2bddd7214646f509e,2024-03-21T12:58:51.093000 @@ -247243,7 +247243,7 @@ CVE-2024-24773,0,0,da8b682b31febd3e2de454f238cf130a08fb6ef29c1a8b2a9f8fa2fbf84b5 CVE-2024-24774,0,0,f13aeb5a8a14a2b28434301d459936e56cbcb6271359f1132daa975be1a4e4a7,2024-02-15T18:43:22.673000 CVE-2024-24775,0,0,e8a1117081dcecbda71bf879ea5f4cf7e64e228ee31031e5b59390d8bbf84feb,2024-02-14T18:04:45.380000 CVE-2024-24776,0,0,6c7703c27939b228b8c6f0a7ac349acff88924b8a443af347b795b4df5ebf2ac,2024-02-15T18:42:25.383000 -CVE-2024-24777,0,0,3faa57f32ca7fd7d9709582f6b4ca29ecb1cdae731b69f82d81f9de50fd6a93f,2024-11-01T12:57:03.417000 +CVE-2024-24777,0,1,3b3adddace5d615a2a1fba411d16afb1007f9713cfd4b9e8e6e9a8d3e4652aa3,2024-11-08T19:00:37.240000 CVE-2024-24779,0,0,0775cb0ef2c25af6aeb51ccc0386a7ab6a666e4b0e03b7de868da93b3496f60c,2024-02-28T15:15:09.250000 CVE-2024-2478,0,0,d4988a5fe437e33a0f9a93c3fcdccaa9b2b8ddd55cfc6854092fb1866b11274a,2024-05-17T02:38:14.540000 CVE-2024-24781,0,0,27ebde0e33bd322521afeffa18295af93e85735697632ec97f1132c9ea5137ef,2024-10-18T19:00:53.347000 @@ -247381,7 +247381,7 @@ CVE-2024-24908,0,0,5b6459a6d3b25d3a6e18a46178e2c19b8c023f1c9eb6637cd354809eebe84 CVE-2024-2491,0,0,34df2866b188a5f2bd5c96103e6f5baa1d2243906a6941988c94b002f28fa254,2024-04-01T01:12:59.077000 CVE-2024-24910,0,0,5fd61dd70d8ecfaf176a8f6d8c2c30bd5b15998ebd0d63a548282cf932846ba7,2024-07-03T01:48:29.673000 CVE-2024-24912,0,0,062a374f9b828270aaaca83725cc485b3e4124c6c8401ce960438704f1123123,2024-07-03T01:48:29.930000 -CVE-2024-24914,0,0,ac874ead94e15eaedab975442c466b623ccdf9abd22897f7dd81e577b02cef58,2024-11-07T12:15:24.327000 +CVE-2024-24914,0,1,bb7fb1ea29af0552e90f1defbff859379e6edb0446501563882fc87227f55b86,2024-11-08T19:01:03.880000 CVE-2024-24919,0,0,e9af0b95e3b1d4d24a8b2b9c296ac1d0ca96bce9509d65a1fc81442a75e97d97,2024-05-31T16:04:09.703000 CVE-2024-2492,0,0,2a7e9d0078f8f6d5c7b41a8cd7a38292965c10ef2c1b0101ecaacc57a358172c,2024-04-10T13:23:38.787000 CVE-2024-24920,0,0,61abb1c907d053d7f028d3f747f0092a3b739771fb6fcc1ff65eeec7b87e4a0e,2024-10-03T17:20:18.263000 @@ -247725,7 +247725,7 @@ CVE-2024-25422,0,0,183c4ec0faabad98f4264a6cd25b9f8acfe9ee005e0931f44bde0815e323c CVE-2024-25423,0,0,9c38591521533b12d0d8640f97867e59ae0ba009f0e2d3612c6f7b4eda265498,2024-07-03T01:48:50.347000 CVE-2024-25428,0,0,a1baa90ebade4117b4da7a9052f9f7b7385230216b8f9a62456cca560644c28a,2024-08-01T13:47:44.563000 CVE-2024-2543,0,0,90e05f36a3d2dfc0c0cb0570a48a9a80b8042b66097a9bbd3537fdf34c177bc6,2024-04-10T13:23:38.787000 -CVE-2024-25431,1,1,0b5c76f980848564499c7519a92c54f0992684fb7b10dd88d5f6971d3fcbfa00,2024-11-08T17:15:06.023000 +CVE-2024-25431,0,1,804021cea2f63b10c8f600172f26f14cf90cf4e264f0fa67d975448227ff0c7a,2024-11-08T19:01:03.880000 CVE-2024-25434,0,0,26bac245bd5b6380c1089f8063086eb0c8545596793c0265b0d4261729bfcdb4,2024-03-04T13:58:23.447000 CVE-2024-25435,0,0,b518f964ef14d92ab1a5ca1db15bba6ee80949a3cea6fd366efd019d37dc656f,2024-02-29T13:49:47.277000 CVE-2024-25436,0,0,16fb2e1f886d8db1c20751b88d1af87dc346511e3a7b7468111bb026aa3d1366,2024-03-04T13:58:23.447000 @@ -249019,7 +249019,7 @@ CVE-2024-27024,0,0,1dabadf5f035f9c8af9339403feb07019c159754d4fd53c6c5eb0a6a3b703 CVE-2024-27025,0,0,f951e86fa3308c077b4eec9c7df91b3c2bbafb2404d9aad5ef9c3ab1c6d5ecf1,2024-11-05T10:16:20.073000 CVE-2024-27026,0,0,5bffa0cf1335d4669eafb6cd7750e9ffa29b2d0132ce87c6874d26f3fbeb4d1c,2024-05-01T19:50:25.633000 CVE-2024-27027,0,0,1c62cd43c72babb29ebe7269cea5e90507ce99b6b0d04ee5a768c2ddbbff5c01,2024-05-01T19:50:25.633000 -CVE-2024-27028,0,0,89c19eeb7cdb93e31987036cd8a98246932b8ee6e018d86bcd8eea998eadc64c,2024-11-05T10:16:20.500000 +CVE-2024-27028,0,1,db34cea4ab09669e0df89eeb41df802c1dcfaaa349a2edd262354130575eaab4,2024-11-08T19:35:02.793000 CVE-2024-27029,0,0,6c081ff738eb90dc7d9bc74913c1f6e1efe7fc554037e9bb9b8506cffba2afd5,2024-05-01T19:50:25.633000 CVE-2024-2703,0,0,fb7268c6624632e5fa0c645fe7971240898e11ffe4f2cbdecab29aea976f669a,2024-05-17T02:38:25.893000 CVE-2024-27030,0,0,6cf033352f8b449cd788a898986efe2b6d73f55358a4b240c970dde448599393,2024-11-05T10:16:20.800000 @@ -249506,7 +249506,7 @@ CVE-2024-2760,0,0,85c06c3412f2f06c20f37186e39e8f13a8e65a1960bf456bbd20de54d50a89 CVE-2024-27602,0,0,ff68a7dfbe76578be745d2be853eb13367fbf75dc768ea067191484500d8515d,2024-07-11T15:05:30.183000 CVE-2024-27604,0,0,67cc43dc579712600f9a4a343d101d1553cbc2954683747965ba1af9979c0fec,2024-04-03T12:38:04.840000 CVE-2024-27605,0,0,2aaf22b813763d691b4423ff125c76f66c9a1df66c5a817774138b14b148c2d1,2024-04-03T12:38:04.840000 -CVE-2024-27609,0,0,16a556f098c50cb0fbe2d1d71093ce16ff0181bb978769837559bae2338d263c,2024-04-01T01:12:59.077000 +CVE-2024-27609,0,1,be690720f1eb054293cec2d11429547c5a6de4a39f8c4afd916df653d4cb6399,2024-11-08T19:35:15.910000 CVE-2024-2761,0,0,5795ed83fa99c1921b7aae8b1ff040c74f4ad844a04231fed91291049f2adb58,2024-07-03T01:53:33.097000 CVE-2024-27612,0,0,49097b8786421277faa3f9595409406cb34c7fd0f767e2a41a279184256e9866,2024-11-01T20:35:08.853000 CVE-2024-27613,0,0,e8ddbf6e46995016b86fec11e3a571d06151af83dbfa811d22e9f83bc983a650,2024-03-08T14:02:57.420000 @@ -249993,7 +249993,7 @@ CVE-2024-2821,0,0,9c0a2080d39205346106f0d0db46c6c5a65a4a414502ea7a03307d98d919bc CVE-2024-28211,0,0,430c54d116686ae784e7eaccdb0936e227c2ec2e15c8ea6c22903f691dfd9650,2024-08-05T20:35:06.830000 CVE-2024-28212,0,0,3b3d6720fb2aa8dafb59498c8538517295e37550c07951206db2faaac9a82c47,2024-08-12T20:35:02.707000 CVE-2024-28213,0,0,bfeb5a9850403273fba4fe10f3167a73d5223f6f7fda26be2c4ac6dd12d8be00,2024-08-22T20:35:07.957000 -CVE-2024-28214,0,1,7a0a35e4822216873d1d4687231094bf36ee8792dd3a24154be9bde8a8aa93ae,2024-11-08T17:35:11.637000 +CVE-2024-28214,0,0,7a0a35e4822216873d1d4687231094bf36ee8792dd3a24154be9bde8a8aa93ae,2024-11-08T17:35:11.637000 CVE-2024-28215,0,0,1e6d084b55f41a63c3c5d091a2ed4fca6632bdaff0efc1e4a07987dfbab4033f,2024-09-06T05:15:13.207000 CVE-2024-28216,0,0,2639eeeae2d1c84306c344ef08dd597628608e0b3d7b570a368ca0189717cab3,2024-09-06T05:15:13.293000 CVE-2024-28219,0,0,565e95e78290480ce059c2c945e1cbfe2222bb0e5f4c019f24f3af4bf523bbf1,2024-08-20T20:35:22.290000 @@ -251245,9 +251245,9 @@ CVE-2024-30132,0,0,2755ce31fca62f5cb6c9467e2e9dd0f46b1eb8e96cf72e2eba3ab725581a0 CVE-2024-30134,0,0,b5401f953dda8a57b606a9ace80dca0a0a00325ba4573c5e6f1c325a9f248829,2024-09-30T12:46:20.237000 CVE-2024-30135,0,0,434c5499719264a4e2ad07af1f36d8ed1af6151b19467e0009865806919aee63,2024-06-28T10:27:00.920000 CVE-2024-3014,0,0,c46983235075ad6c61a858c21d5be28ec226124df8363686d4a4d1cade05d3fc,2024-05-17T02:39:40.800000 -CVE-2024-30140,0,0,3fc7f5d958f925adaa411e71a495b7a3ccde367dde67b6820db29acbeb392a47,2024-11-07T09:15:03.480000 -CVE-2024-30141,0,0,731f9b090f4ec621a77b6dbdc834d081b2d0853646dec3588478baad75ec2e53,2024-11-07T09:15:03.707000 -CVE-2024-30142,0,0,575cb06250ed295d1ecca24ace5637249aba639688f24d669502ae37a2d96a12,2024-11-07T09:15:03.907000 +CVE-2024-30140,0,1,b3c4fb8c1d29ea34afb0e390d01039ba8eaac2e7ea5dacc80cc363ebbeaac67d,2024-11-08T19:01:03.880000 +CVE-2024-30141,0,1,7677b4b819f540e508dc538e83037a46a64b1797a2f49d99f9df83f8d58e7bda,2024-11-08T19:01:03.880000 +CVE-2024-30142,0,1,d7c5a99f96a99459cc95ea19245c72a72fc1658d5ebaf7ed7579722d3c57dc4c,2024-11-08T19:01:03.880000 CVE-2024-30149,0,0,02591a0af3e62f9a1c0c9302daaa416a46c0618b44514409e84876f271a3c3d5,2024-11-01T12:57:03.417000 CVE-2024-3015,0,0,cf3ef36018f814f81d7c4b278b721ac941c52c0f1c0bedc65491406707b51ee6,2024-05-17T02:39:40.887000 CVE-2024-30156,0,0,3d53855c757ad6b4fdec1c866bc6a474f7a081008c29fdfc2556616a5702f89d,2024-03-25T01:51:01.223000 @@ -253879,8 +253879,8 @@ CVE-2024-33695,0,0,496bc8a3b6cc06e0f2cb2ff5ef3180780eefdd07d63e68d063cf97ba79dd8 CVE-2024-33696,0,0,8adc0db7b8cce33b994e835fa3f282e25f1f4ef5644a2aed7cd50d800fe731e7,2024-04-26T15:32:22.523000 CVE-2024-33697,0,0,4a571113caa6ccf495d29be30608c42f9dddf9084d1562bed260e698c04aae88,2024-04-26T15:32:22.523000 CVE-2024-33698,0,0,757107609bb2e6f896c0b7f0b6fa39b8f34d961ef227f03387260ef6a53fe2d1,2024-10-08T09:15:10.463000 -CVE-2024-33699,0,1,81b1f37e6f990294e3d0e58469f3ce075096d2792432fa2b41bba58241b973e9,2024-11-08T17:09:29.790000 -CVE-2024-33700,0,1,800096d409fd3a2a3a42bcca491373284624d5b7e93ac5ccde5cb0263c58657d,2024-11-08T17:06:16.147000 +CVE-2024-33699,0,0,81b1f37e6f990294e3d0e58469f3ce075096d2792432fa2b41bba58241b973e9,2024-11-08T17:09:29.790000 +CVE-2024-33700,0,0,800096d409fd3a2a3a42bcca491373284624d5b7e93ac5ccde5cb0263c58657d,2024-11-08T17:06:16.147000 CVE-2024-3371,0,0,d2e6ea20ce5eb692a4e48c27aedae40a56c8f7db204eed4d633cbd78a04f68c4,2024-04-26T15:15:49.357000 CVE-2024-3372,0,0,a196d1e45ccce196e4deb1ea2387c2fe4f6bf89b27a8a7cd4be5ebcd31c9a0db,2024-05-14T19:17:55.627000 CVE-2024-3373,0,0,02bb0a6a8cf1c8cb960f2645d7165e4c706cc177e4cf5e50be0530bbf35b3163,2024-09-30T12:45:57.823000 @@ -255015,7 +255015,7 @@ CVE-2024-35292,0,0,e3b3d736ef0c9425797f6a5a9790b2cb56e0a53578005725786d8a247ceee CVE-2024-35293,0,0,a024a8cb7462e50d1803dc725da2f5f9552916c788264d2d54797b6f401fb3ac,2024-10-04T13:50:43.727000 CVE-2024-35294,0,0,3f8358287ada7fd559cb815db60338426a64c989bdb4f60965ffc7de0da1d4f2,2024-10-04T13:50:43.727000 CVE-2024-35296,0,0,82c7767da6fa670c8aa66295178569bca6e87e99e7267708f981755194c6c0f5,2024-08-12T13:55:37.307000 -CVE-2024-35297,0,1,300141be8a7477dd9b3cb1a3a0c5028073c996e33a3d895605e584cb56d8897e,2024-11-08T17:35:11.890000 +CVE-2024-35297,0,0,300141be8a7477dd9b3cb1a3a0c5028073c996e33a3d895605e584cb56d8897e,2024-11-08T17:35:11.890000 CVE-2024-35298,0,0,767802677800ceed2390ec4b021eb4a1bb445bf1aba3154a6ba4d4e3eb13ec79,2024-07-03T02:01:32.613000 CVE-2024-35299,0,0,048bb9c6545183eae6d895d08a3690cd4698ded8d19befda0179e06469b214cb,2024-05-16T13:03:05.353000 CVE-2024-3530,0,0,70d172744f3b40a2967c3d7796e48304fb83190da72184f5f53456f7aa95636b,2024-05-17T02:39:59.340000 @@ -255032,7 +255032,7 @@ CVE-2024-3531,0,0,a342a9958ba8d00c279b1676525284c1cab302a477225f05f9d97b5deb0711 CVE-2024-35311,0,0,94751a7e140c2a3ff83ee374530e5919b0823edf97b2e344646a9709229c503b,2024-05-29T19:50:25.303000 CVE-2024-35312,0,0,5c0137295efd7b46d9385f932a15699e773a9b408740a19574eb9907d25745fe,2024-11-04T15:35:31.940000 CVE-2024-35313,0,0,1eb4867830818e97987762ca58d043d2f7f53fc926bce8bfb2e66b630c99ca4a,2024-05-20T13:00:34.807000 -CVE-2024-35314,0,1,71862f92bbc15c90a9665a76fe4919cd8134665966ac5463ee26a4806054392f,2024-11-08T18:15:16.867000 +CVE-2024-35314,0,0,71862f92bbc15c90a9665a76fe4919cd8134665966ac5463ee26a4806054392f,2024-11-08T18:15:16.867000 CVE-2024-35315,0,0,31fa8a7e665c8db5f766edb029a5be575d5f1bd96401af0ef626172849a06796,2024-10-23T21:35:04.820000 CVE-2024-3532,0,0,861b69b5ea2c2097afdbe40dd2c40123c9da7c07e730e8c939be6340175b992f,2024-05-17T02:39:59.520000 CVE-2024-35324,0,0,97e62876b974bdb37d65a00c14d6ae80121537e286249b5814c033b73ffdbb1b,2024-08-20T16:35:11.473000 @@ -255633,9 +255633,9 @@ CVE-2024-36056,0,0,1ad654e1db1ea66b26b566d0bde36516eb16d5510c8338c17ed9148cd915f CVE-2024-36059,0,0,1bfcf57b05ec1b5718039a8c5e3ecbe365e021b33c057bee57a114304a3b8db6,2024-07-09T16:22:38.580000 CVE-2024-3606,0,0,d0a3a8d7c3b8995b719f693dd3907a6cc0220e7bd0b5d59f68093556b8c3a6af,2024-05-02T18:00:37.360000 CVE-2024-36060,0,0,0aa7d62145c5618b7f76bb2535f9fc77a196990e59fda038d7a6d0a4665703fe,2024-11-01T12:57:03.417000 -CVE-2024-36062,0,0,b94d29610b9d6ebf0f7925adda49b6ef99883b5163d956d15fadb634f0290d38,2024-11-07T22:15:20.680000 -CVE-2024-36063,0,1,5686da81e0e7fff7dc22ac457466e34d1258741be09b44914e035f129a093ab1,2024-11-08T17:35:12.793000 -CVE-2024-36064,0,1,45daf0a3582fcda663837a8ba07a5b5024d8aa048275ce57f31374ce3ee99514,2024-11-08T17:35:13.630000 +CVE-2024-36062,0,1,b3531d0a2dc0e87d59ab63f084c9edf17440e45c41fc2b9fc6cd7ee0d3d225ea,2024-11-08T19:01:03.880000 +CVE-2024-36063,0,1,137e9651a11a86729a19db077a10e17c476e8bdc06700335b2e00d6c3dad3c82,2024-11-08T19:01:03.880000 +CVE-2024-36064,0,1,783529a7ed67c566f9b5978c94a6c15f086f6661d090c8cd3e70b94f4926834f,2024-11-08T19:01:03.880000 CVE-2024-36066,0,0,e5935714f53a973b510722d45f5d3bf2cba784516885d84bf43ae18c5d973e73,2024-09-18T20:28:50.313000 CVE-2024-36068,0,0,67b8dd20c17029d0df65b62ef592fd27b14aad04438209518cbf5b8f0453cf62,2024-09-05T20:27:19.640000 CVE-2024-3607,0,0,bb41f416bf193e789c6c3a3e947ee7231c896c3b9ba6bc5f3e43284359c7ea80,2024-05-02T18:00:37.360000 @@ -256705,7 +256705,7 @@ CVE-2024-37536,0,0,195e5e44f085284e46a0abfb4a43141ba690e4bb70fa2e823028c4e9bfbf4 CVE-2024-37537,0,0,b4ce6fe0880001166fce40df54becea01a571a6ed2c234e78a95332e05a4f107,2024-08-30T20:35:49.987000 CVE-2024-37538,0,0,99cc4ef9444db131b0c232cfd2fd41f98c7459eb15325d4a131021c09717838e,2024-08-30T20:42:27.430000 CVE-2024-37539,0,0,c1651edacf32c123789feecb68380de8605a889305b418dd39079ef654272593,2024-07-11T13:10:43.937000 -CVE-2024-3754,0,1,23310fa4c353816204ef8454aaf3512f0a1284c733cc71805a8461aaf7dbda34,2024-11-08T17:35:14.477000 +CVE-2024-3754,0,0,23310fa4c353816204ef8454aaf3512f0a1284c733cc71805a8461aaf7dbda34,2024-11-08T17:35:14.477000 CVE-2024-37541,0,0,1f46bbe98bcc26e8385382a14ef7dedf6c0e9f6a09394a6b26798763f5000b58,2024-07-11T13:13:15.977000 CVE-2024-37542,0,0,bba26476cf475fe85806aff54309233cf183f92b40d46295afa67c6a19bdd48a,2024-08-20T17:36:05.303000 CVE-2024-37544,0,0,c719c1c3af32b89eea39aded8ae7c7dc53fe14beb2f1cdb62f4b853ccc4081c3,2024-07-12T16:34:58.687000 @@ -257263,7 +257263,7 @@ CVE-2024-38282,0,0,0b84325e8423ee1d927b510486c46be47f1c2c84d1f4cca17c487d6f5ea39 CVE-2024-38283,0,0,797ece42e985c33b58c5d43ea734dda88927de464a1a03ca93cecae13e751b09,2024-06-13T18:35:19.777000 CVE-2024-38284,0,0,165d8c293dff7206e2957622c811a8e8219577c81f47e9f75916b28f253c3103,2024-06-13T18:35:19.777000 CVE-2024-38285,0,0,7e28442ebee8b34d71e5708e3d778f155bb5ea07375678fa14265f29cc1dda8d,2024-06-13T18:35:19.777000 -CVE-2024-38286,0,0,ebbdf40cfa1688171b1c6fa9d7ab9a9f570e8893a931c047182d1382c373022b,2024-11-07T08:15:13.007000 +CVE-2024-38286,0,1,a9665c2c928855575d912248ea70185c65175d958d90e22222baa91a5a90f088,2024-11-08T19:01:03.880000 CVE-2024-38287,0,0,f05b7fe0906459cf21ff7b461dcdceaa70975d18e173be2ad9f797e07b4a35d2,2024-08-13T13:34:22.057000 CVE-2024-38288,0,0,9625e03ff55ef3f55d7b160d3881cd5b2a0d9065388436159679245b127f8026,2024-08-13T13:25:45.940000 CVE-2024-38289,0,0,24caec27f3fd287d9f45fa18aa752285e93a683884225a0a5dc7e5d105a0d1b5,2024-09-09T13:53:35.767000 @@ -257507,7 +257507,7 @@ CVE-2024-38579,0,0,b473c1338d077f4b1eb5b907c1fe49edff8282b40b79f122f252878eded18 CVE-2024-3858,0,0,dd053838f3e277a81d969816e65a4f781c68054bd6d54d527d61add36147e05e,2024-08-22T15:35:08.807000 CVE-2024-38580,0,0,f767d8c72e121e64fa886da74166c0eb1f56d7af5ff19f167059ca44868c4cb6,2024-06-20T12:44:01.637000 CVE-2024-38581,0,0,163d2599f0d04bac3fcda8729bc91618b1a33a7c58994982f4ff41f06afb0603,2024-08-01T20:12:00.623000 -CVE-2024-38582,0,0,5bf2ab3765292126c7b2b3caf98adbacc937c1d69982e23478c39937ea0c9383,2024-07-15T07:15:10.780000 +CVE-2024-38582,0,1,349315b2bd420229f777094de607e74be5da964d47f4f1f2a24d5a5ca12ea2b1,2024-11-08T19:35:16.800000 CVE-2024-38583,0,0,3586ecafa0d1ca6e8a926d43c12025b855a9c710e7b8311423d413eb7650177a,2024-08-01T19:51:12.837000 CVE-2024-38584,0,0,866c0fab6737d5c632d2fe0d0fa84370c558b19a956e53ddad3dc439393e5215,2024-09-19T13:19:59.523000 CVE-2024-38585,0,0,ac7ad3971d199dfa0ef80e1eb68414477e8c3ff2ccc08162bcbd892283ba3515,2024-06-20T12:44:01.637000 @@ -258535,9 +258535,9 @@ CVE-2024-4019,0,0,efc7a89c1009d77468f30cac2ce48d611400f7133149734795d6662fb155ff CVE-2024-4020,0,0,1c22b5364a88b16b0848cc41c393cb34e5c8f89e406919847d3bb3cd08a0034f,2024-06-04T19:20:28.390000 CVE-2024-4021,0,0,dd2bc601eca69892097c83b39a1492ca9523a7d157d2f946a0dd030b7888e07a,2024-05-17T02:40:13.133000 CVE-2024-4022,0,0,9e369b5b5ea8df7d6bd27a7262a9ade1fde2246b7a1d942564d51d8d0f92edd2,2024-05-17T02:40:13.413000 -CVE-2024-40239,1,1,b4504d51334f9172b7b9e0f02984858e1eb39ad03d5e06fefea6cdb3b03673e0,2024-11-08T18:15:17 +CVE-2024-40239,0,1,38786c18b5e804369c055fcc0897e46206f076813766bb34f8ce5b4cf6c1c1eb,2024-11-08T19:01:03.880000 CVE-2024-4024,0,0,cc98f9c4ade6346ddf60b956b23ffc3086de856365a82e459e99fddb48dab750,2024-10-03T07:15:31.163000 -CVE-2024-40240,1,1,7bb53aa83ede840bb38f9c664373b809cc23631d85f83d507861832025086f0c,2024-11-08T18:15:17.130000 +CVE-2024-40240,0,1,18d191112d1c716b1b655c84ea099217bd71a74a56085f236e229d3b2fae9132,2024-11-08T19:01:03.880000 CVE-2024-4026,0,0,52171498c993bd60e060ecb310b6ba3adb61d51839677cb6159cb2398bf728c1,2024-04-22T13:28:34.007000 CVE-2024-4029,0,0,4a6d404ba9d5db268d8a80067fe7c2db8343609b35b13d0f9ab4a2dc351034d5,2024-11-05T02:15:04.543000 CVE-2024-4030,0,0,19f825236112c2d38d9364772b7c94395cd52376c790d25417954ee2205eccd6,2024-09-07T03:15:09.917000 @@ -258738,7 +258738,7 @@ CVE-2024-40711,0,0,22f2a0ec5d60d30d489a1cbde640082edf370b191c841709c2ac9ec5e8cd3 CVE-2024-40712,0,0,13e543cc686398f3c8419eccd56010fa5d852cb01dea206b96fd66d93750de64,2024-09-09T16:35:06.673000 CVE-2024-40713,0,0,b0004a2bd5f30f1a9576b70810c52f5ea89a7a061fd80c3935d835b3783f9659,2024-09-09T15:35:08.970000 CVE-2024-40714,0,0,f897329e6d3274f2479b6f6e44dee56074d5f4a018723070ced09d6042c2b392,2024-09-09T14:35:02.980000 -CVE-2024-40715,0,0,2f0ddf0df7df423cec2e162fcaf01d5d262b6a94dd3990c1ab3599fd5eba08f9,2024-11-07T17:15:08.083000 +CVE-2024-40715,0,1,df61c6529849625d1f3a053a6cfc3e786903ff3512f65a3e3f287e8eb153e954,2024-11-08T19:01:03.880000 CVE-2024-40718,0,0,3ffebe0c7f372ce68857560a263d6a8e02c6da5dc3c7a565c55f85e729c7a3f1,2024-09-09T14:35:03.723000 CVE-2024-40719,0,0,b6da62d4912c9bd07427fa16443cd7668b6b1bac31228d96cfe2dfe539bd5688,2024-08-09T14:36:32.300000 CVE-2024-4072,0,0,5325ee2ea26a58f6ec285799bb6ee6c62eeadace5f641482183f3a76d39bf009,2024-05-17T02:40:14.847000 @@ -260643,15 +260643,15 @@ CVE-2024-43414,0,0,41d126c00be1a75ca1d7b9b05a3a92eaf49a5d7831c24ad21608856181f8c CVE-2024-4342,0,0,2403af0b003f5953a3d2a1b74bf46d64f4a354bc628b01d2ea5f60de4a4002c6,2024-06-03T14:46:24.250000 CVE-2024-43423,0,0,8fb21f51e563dd938c763581007e890cf5873a7efc6a39a36e929ea32ce34c0c,2024-10-01T15:41:32.537000 CVE-2024-43424,0,0,6d9ffac7d6eb9e50db381baa418d84f2f5d9932ec78b86526bf799eb43b3b4f3,2024-11-05T19:39:33.873000 -CVE-2024-43425,0,0,f8566522ae999d84e4981aafeeeb0c9e5853d860b1b395e640e67036460430fe,2024-11-07T15:35:11.837000 -CVE-2024-43426,0,0,3e68d1058a473778b35599e6723e1099de91f0cf6d4ac528e5fef9958e65c7a3,2024-11-07T14:15:15.510000 -CVE-2024-43428,0,0,a483e489d4ac4af14144f4326e22f286c1ec6d428ef5b9c8e36e63f2986dd9f8,2024-11-07T14:15:15.703000 -CVE-2024-43431,0,0,0902d7b350b61639924f4c68fe86c20c3f8705618a8d31aef0002ff70e3f99fe,2024-11-07T16:35:19.497000 -CVE-2024-43434,0,0,0de9fbff6ec47f339081c0859193ec7a340ffb35a0bb04571c99441c8b11a2e7,2024-11-07T16:35:20.220000 -CVE-2024-43436,0,0,27835f6934093c7263d11d49fae9d36c80f3ec6ab8693a7d5e7456e924ade38a,2024-11-07T16:35:20.957000 -CVE-2024-43438,0,0,d6cdeff050d2d1ca36643d06cfef06638f7c7d0a39f11f8ca9f88b3cabe569a6,2024-11-07T17:35:22.537000 +CVE-2024-43425,0,1,938233c36f296352d9985e1fd2ce4b16f2764e2564dfb74da585a571295076c0,2024-11-08T19:01:03.880000 +CVE-2024-43426,0,1,2e98ed8cd0fe3bbd03bc31edcafe875e17ec3c3fbf69dc03657573f422300921,2024-11-08T19:01:03.880000 +CVE-2024-43428,0,1,b5ed04eb9991b8a533d52401aafbeac39cc5aa45a83db20224d68df7b23b336a,2024-11-08T19:01:03.880000 +CVE-2024-43431,0,1,b9005a05e5507a46df12a8ffbb839f8f4313b143d14ebe18ef1c5cef640c905e,2024-11-08T19:01:03.880000 +CVE-2024-43434,0,1,8ffb2c6afb4ed4c9c792f8915838fc9f8b7d930620a4823c5b60db456a6beae1,2024-11-08T19:01:03.880000 +CVE-2024-43436,0,1,d5a3a1ab85fb023046251b174592264fb917cdc48f222f2755feafd455c0e61d,2024-11-08T19:01:03.880000 +CVE-2024-43438,0,1,875baee488d8f8241783e175bd68620af647e40659767e34acd9ef245d347a44,2024-11-08T19:01:03.880000 CVE-2024-4344,0,0,0e21345ffbddb43f0000901c1c1f7a4c33b525c68a381cd32a35ab8e755aa5fd,2024-06-03T14:46:24.250000 -CVE-2024-43440,0,0,b5ccac223783b864085deddbcca2f8c0e78903a03e3eed69be59e89d34041813,2024-11-07T15:35:12.597000 +CVE-2024-43440,0,1,3deee55ee11303962828a1a1b49c99d7d9284f6df5f48904a5eb9b6fe3a55147,2024-11-08T19:01:03.880000 CVE-2024-43442,0,0,5431c5e587ae45a37d19d37e97d6aeb67638f78f0db0677df8b847e3725ec6a3,2024-08-26T16:35:12.860000 CVE-2024-43443,0,0,41bfb91b7f7c9bee48be0f5c8ffcdaa9039df695b92734c0f1b611ea064f9e04,2024-08-26T12:47:20.187000 CVE-2024-43444,0,0,869e12b3e86ded10c38d8795cc34fa22bd804c0b1d5e73f28a97d45f8e95ed59,2024-08-26T12:47:20.187000 @@ -261039,33 +261039,33 @@ CVE-2024-43952,0,0,2e8649a5292a35453d82489b6a0bd45c22add9f038806d90bd84b3869928b CVE-2024-43953,0,0,56af89b2bc051a2a3fa3c2433004559f7117fb9158a81b84197c9f70495951ba,2024-08-30T16:16:01.360000 CVE-2024-43954,0,0,76c216e4287ea3e21df8a5c42687b7643218c83658145d7a54c571f2f9829fc0,2024-08-30T16:24:37.460000 CVE-2024-43955,0,0,4ede473467403747b1a04930906c4ff684161a593463954ac3ec5bae261e5e01,2024-08-30T16:23:35.187000 -CVE-2024-43956,0,0,70406f29a4315b5573912203ed9c7354fb16fd64d10fe17a123ed9eeff27bd80,2024-11-01T20:24:53.730000 +CVE-2024-43956,0,1,39ced92810876e900243318d79b2fa9dc1528f4c55a2779b3c8df4d139c1779d,2024-11-08T20:41:30.417000 CVE-2024-43957,0,0,e37eee71e6d3d39b6eee1646ea93bd080fe2f853ce321f65d1106d4fc89b111e,2024-09-05T14:49:17.983000 CVE-2024-43958,0,0,3f3bf4212bc2e74c074c138fa03eac2a971b658d4caf8d2e0f7172d721ab1b4b,2024-08-30T16:15:19.047000 CVE-2024-43959,0,0,c8c8ee307639c5e94a9d240b6f8974419895ff5ff0072e2579fa6d2c3cd1e57c,2024-09-26T13:32:02.803000 CVE-2024-43960,0,0,980e57c6c61444ba89ee403d9dc5147321c211af37703070f5947ad7256ca9de,2024-08-30T16:12:24.113000 CVE-2024-43961,0,0,c6e06e0e8287f3f53bd61136fa1d8e035e3cae74e7a2040db5ee6246ae551f29,2024-09-05T14:39:38.957000 -CVE-2024-43962,0,0,150b4242cc39ae6841ef69eb3128ee99b2996b0a35b9d392c9256c8d611ee88a,2024-11-01T20:24:53.730000 +CVE-2024-43962,0,1,295e68ac056c52bdb89ed7f13844b353bc4c2e1985b22929bb06cca6d3b4b4a5,2024-11-08T20:42:40.120000 CVE-2024-43963,0,0,8cafba6a4e67df3e09626ea7dfefbf7e4a0c7f737e6ec03304fa7b4223f26fb3,2024-08-30T16:10:16.647000 CVE-2024-43964,0,0,a296e79bf666a02822318fa0afa97e1b25cabc20d3cd08936c2b6152e8d8f9a3,2024-09-03T18:30:23.437000 CVE-2024-43965,0,0,878d660798d5f5ce29d081268f89e41be6b018fcbed5e4625677b64fd6bbb9af,2024-09-04T16:02:57.427000 CVE-2024-43966,0,0,2901acb1eb63b7a55cb46d133ca8742f966f34bb1db4feb1259a3cd63030f204,2024-09-13T16:01:42.997000 CVE-2024-43967,0,0,efb5ab215f4087a53f8dcd252d52ef141005b5764a5e2b6c3ee9faa1675f0e1c,2024-09-18T17:00:57.497000 -CVE-2024-43968,0,0,aeb6863efa34d4b131d314612ffad2dda34ff759957a8824f8c282f82b5eb26c,2024-11-01T20:24:53.730000 +CVE-2024-43968,0,1,993e9b0ae87f991633c9665f7451483905a7313fd2877f061532c835bc228e14,2024-11-08T20:43:04.257000 CVE-2024-43969,0,0,1a95b579d41eb8faee65f3858dc0c26a2595ef0cb4c3d2f4551a96318123fd7f,2024-09-20T12:30:51.220000 CVE-2024-4397,0,0,e58140e99ddfaf8bde684cb5f7b842244f11804dcdfb8070d80437acbcb292f3,2024-05-14T16:11:39.510000 CVE-2024-43970,0,0,77a129e80056cfc70e3460dbd898d58f094794bf07956a918ea43df613f14f34,2024-09-25T14:18:53.297000 CVE-2024-43971,0,0,15271454200ca48e9894c5709f39b2a82fcb070edabcc7bed44b538ba98121f8,2024-09-25T14:18:13.137000 CVE-2024-43972,0,0,45d166e4dbb457cad4f9e6ecf80d8044e3ef67293a1719d9634316ae0fc28afb,2024-09-25T14:16:18.150000 -CVE-2024-43973,0,0,b7b8c5a0beff13a2bd734cb2294064a8d27f184f39a4127d14b6c162042fd67b,2024-11-01T20:24:53.730000 -CVE-2024-43974,0,0,b247192c0e6a21a20d7dde4fa1be7b41ea4577a9d9c418d35fe69c171af7d489,2024-11-01T20:24:53.730000 +CVE-2024-43973,0,1,0c9ceea8da3ab36af12cabe08c18bb343644a4904fa55b88ea77a3df05ce19b6,2024-11-08T20:43:24.907000 +CVE-2024-43974,0,1,67ce3267cb30ff41f21721e7697bbfb2263abe8f543c45b01bcfb44dea03eea7,2024-11-08T20:43:53.387000 CVE-2024-43975,0,0,277d0207a09080b919f3f219105b7c4323354cd0721ba6e67221ba9226888308,2024-09-25T14:13:32.910000 CVE-2024-43976,0,0,b5b36a728accce9a5c243e352c901188e8a688872f36e1c893cd85efac637a21,2024-09-24T16:32:37.747000 CVE-2024-43977,0,0,8548dd346f70e10bd02563139f9662536c4c908bc4be8bbe5ccbe1834db20d5d,2024-09-24T19:17:15.327000 CVE-2024-43978,0,0,b84c789c57b2300e5e696cc4e44909900a0446291c850df47c011342afd925c3,2024-09-24T16:44:01.557000 -CVE-2024-43979,0,0,6337dd8d24a4754c55a8628661b960b340247d6e0e98f1646fc1781fbdb469fc,2024-11-01T20:24:53.730000 +CVE-2024-43979,0,1,5797435a362195d952bfc50648bf7a872b78f7bf554d9eb3dfe5f36fce2e570c,2024-11-08T20:44:42.717000 CVE-2024-4398,0,0,fee297010492d7a9d0bd198f00369fbc7ee85eff508879444e062d535e0abd54,2024-05-14T16:11:39.510000 -CVE-2024-43980,0,0,f2acf6e5e98db28fd4e56a8fba3cc66d9d7ef0362ea8738af31f385824af0111,2024-11-01T20:24:53.730000 +CVE-2024-43980,0,1,22cda8749b625b8ea71e2a354c1b75a165c8f5e69a4274355c271d14c702291f,2024-11-08T20:45:07.137000 CVE-2024-43981,0,0,2b74de4507d798db0ca535ed5c8e46f1517f3772f9cadf0e30e9a5496032ea87,2024-11-01T20:24:53.730000 CVE-2024-43982,0,0,fcc7e9558b91178fbefefd26ad3ea30f57c5bb0a04d9c97a7d54c7724d23ceaa,2024-11-01T20:24:53.730000 CVE-2024-43983,0,0,8ea56144e7b46aa8d46319391d511f11093468f3fcd70ebf4dabea21dfbfa0ca,2024-09-25T14:11:22.450000 @@ -261463,6 +261463,7 @@ CVE-2024-4475,0,0,b199ea7732b827fa53d53ebb43badb03a8dff248a786cc8d7d2459800e62c0 CVE-2024-44760,0,0,0d252ff08482783aaee88c027910c09101e7f32f15f52b69e5e2b4482012606e,2024-08-30T15:55:41.137000 CVE-2024-44761,0,0,2cb43df04a70791b0f0fb8982142da3403b663e9582e8c16ce12d7edd85714da,2024-08-30T16:00:30.557000 CVE-2024-44762,0,0,a4d9c40079155e25bc23610bf9eb4b9c915e9b457539684228b809ce3110b930,2024-10-18T12:53:04.627000 +CVE-2024-44765,1,1,69ac2995f100d6b9946c4a74871be69484fc4ac8166ac0a0c28b31f7475bd18a,2024-11-08T19:15:05.590000 CVE-2024-4477,0,0,b275cf91a81ef0e33ced77c1c5ba5e17245e6b33fc991fd87901e463b723d83e,2024-07-12T16:12:03.717000 CVE-2024-44775,0,0,205ee8ae27d9197291c9317d68e5db327a872699c5adb78e1d5b21baab0f0fd4,2024-10-16T19:35:10.167000 CVE-2024-44776,0,0,553f0ea6859d4ff6b6f354ecc1fde63fb20d3cedbc33d036b9304dfd1b315c86,2024-09-03T18:33:26.287000 @@ -262089,11 +262090,11 @@ CVE-2024-45751,0,0,cc5d68fd09f5f304456a6be90ad821b34bc4a7f1a983b99ed7260cdb2141f CVE-2024-45752,0,0,c56d2e99daff13fa264a8e02ee453ba88231a536487b9dd847b13fefb0df4a91,2024-09-25T16:54:27.520000 CVE-2024-45754,0,0,27881b9f8c3e60f9d5e35efd217ea03a3a53beb79b5679c0a5048b58d7f60f46,2024-10-15T16:35:07.827000 CVE-2024-45758,0,0,e058696ef4ee1e11dde5d7f4a1626a6964f9190aeabab6642796a352a4a3c2cd,2024-09-06T18:35:13.043000 -CVE-2024-45759,0,0,500ecb99ca8a3207677fdcec0ade8911c3c57908478314a720778f2701615564,2024-11-08T03:15:03.647000 +CVE-2024-45759,0,1,f59b470dfad0907ca734d4ff5b2320a0c753f38413ab3a3988ccb60d03e5f11c,2024-11-08T19:01:03.880000 CVE-2024-4576,0,0,d47b5037987d3332638a14c0dba5a2bae073fe818289e35d14fa9c3b2b647939,2024-10-27T22:35:08.450000 -CVE-2024-45763,1,1,ec755f5cd0a7aa59e9cb9812514a51eec75a03df52e6b13127e8485ce05af4c0,2024-11-08T17:15:06.243000 -CVE-2024-45764,0,0,34bbf3d69fd9ee74d055735d571999036267329b7401a2bccb53264d3e34a000,2024-11-08T16:15:23.070000 -CVE-2024-45765,0,0,d3f1b4e6ab7079aa7ab4404ab5bffc4fbe71a4d5651f941e522d43b65a0a2cdb,2024-11-08T16:15:23.350000 +CVE-2024-45763,0,1,2268d41d5a2730dbc0d8eaf16bd14b16e86c2f2325af5003677da07a0e94d938,2024-11-08T19:01:03.880000 +CVE-2024-45764,0,1,e55812b3262ad9c7b90a9a57055a85b654c45e8378b7440ff062b836e6265998,2024-11-08T19:01:03.880000 +CVE-2024-45765,0,1,324589effb5b27643e9f79a9ce88d0d046eea5e6cb4756946ff245c0d7153827,2024-11-08T19:01:03.880000 CVE-2024-45766,0,0,1ac6d864cfa84a9455e326aaa02a3b21331a9d91fce801a33cf0dbf2664ff28d,2024-10-18T12:53:04.627000 CVE-2024-45767,0,0,eb5f868ea4691213c1364b02500bffd0f089d1b21eaacec7a6a56a798a8a0e81,2024-10-18T12:53:04.627000 CVE-2024-45769,0,0,8008e87928d7d924cb6edc7a002ab7d174233b35bc221ee2578339101437b36f,2024-09-20T12:30:17.483000 @@ -262112,7 +262113,7 @@ CVE-2024-4579,0,0,b44e5adee861e75c9f2de9111724b513cf79b7a7dcd7134192d107fac17822 CVE-2024-45790,0,0,339d5c59c4b08184225ef02e77057a5607db1e407fbacc8325ce6de4811d4a59,2024-09-18T18:38:04.393000 CVE-2024-45792,0,0,5abb7de999f910eaa61796ecbea33f574a65653e2aa062ee4c5c2e229e356bd5,2024-10-04T13:51:25.567000 CVE-2024-45793,0,0,9df195d476b9f18fe89dd15d9de75cbf87671a956c83113b39ce1c0cbc87094f,2024-09-26T13:32:55.343000 -CVE-2024-45794,0,0,ff55b1422b2d966adaf82d3a0c3ac295a3d99ee9c5de845f619f184e7cb79af5,2024-11-07T18:15:17.150000 +CVE-2024-45794,0,1,19fba7f9f80e8b5484ce94a7454fbad3ec8a7fa0a22390c43e093d2565218be6,2024-11-08T19:01:03.880000 CVE-2024-45795,0,0,26c97941bb301ee7ea5809137e4aecc858408d3ad95a6809e3378636ffafc462,2024-10-22T13:35:50.963000 CVE-2024-45796,0,0,dd2a7d5e6960dfe9d3ad6d62409661ffa12b088f6140bacc226f9bb18438c496,2024-10-22T13:37:57.930000 CVE-2024-45797,0,0,049f9559c334598f19954ea514f0547d1d0f8c6b3863a15a6b9d40d7227d9224,2024-10-18T12:53:04.627000 @@ -262690,15 +262691,15 @@ CVE-2024-46938,0,0,da0d3931773ce4c6b71560f14f7dad72bb0956018258aa969e0c816d6e411 CVE-2024-46942,0,0,42b8c1905f4548ed93111e0e3968d1a6b8f40826bb27ddf0610e8ae6ccaee352,2024-09-25T18:08:58.483000 CVE-2024-46943,0,0,4e628ffdd0e99d1c8a029e386c0cf0435a2a0c962595b05e9b929698e4501314,2024-10-24T17:35:10.093000 CVE-2024-46946,0,0,5adf6fed09d7522a85c453ac4c470cad5917d88736dbb3b605636f5befca45fa,2024-09-20T12:30:17.483000 -CVE-2024-46947,0,0,94f2c3a8805f4c676e1588282c34d606fe677fda2cf623f29785c7c220bc5f78,2024-11-08T16:15:23.957000 -CVE-2024-46948,0,0,aa632ecef89e5fab9baf6958669de8f9bec98a082034b3616a7d44d3705e1940,2024-11-08T16:15:24.050000 +CVE-2024-46947,0,1,b59f7f41af30aded4ad65024485f8c1125aef585b68596d5293e6a508028cc3d,2024-11-08T19:35:17.037000 +CVE-2024-46948,0,1,5eb36279b3db7d39a170e75a824e340b32845061d149091503a0443c63f28aee,2024-11-08T19:01:03.880000 CVE-2024-4695,0,0,aa253f1bdce79ef626aa7622c4e367006f6b60359a6a2b0af989b23a6e81f980,2024-05-21T12:37:59.687000 CVE-2024-46957,0,0,1a1f161c8d8bab3db62f1fa9272e11eb4217a378f1fb9334b95d7f852bd44900,2024-09-26T16:15:08.883000 CVE-2024-46958,0,0,a066074c8ea90ca6497e29c818dbf400ff90cc8827530871d9d45fb4a3abe93e,2024-09-20T22:41:38.223000 CVE-2024-46959,0,0,49609311db8eb2484a5bda279fc39cc9dccd98f1d151343e94689d8818c061d9,2024-09-20T14:35:13.063000 CVE-2024-4696,0,0,b8ce6d89da084f88972905e9878372f109e48889eae7d9f95b30ecbbc63816ed,2024-06-17T12:43:31.090000 -CVE-2024-46960,0,1,668680caf078592b372985f6a7bd344eeb8d05b1d95e82dc0785dff54f9425c2,2024-11-08T17:35:15.030000 -CVE-2024-46961,0,1,86fe79d09f676d13282fb98e2c0ebde33edc68548d48ca46c671ebf29394498a,2024-11-08T17:35:15.877000 +CVE-2024-46960,0,1,34c9db930ef4e9e6f8b9462edd0bebd8143074b581b4cd4eaf2ae451689fb83c,2024-11-08T19:01:03.880000 +CVE-2024-46961,0,1,6281dfd23f05aedb5a57016518bf840f9c3236bd7244aca077f0eeaa5baad6cb,2024-11-08T19:01:03.880000 CVE-2024-4697,0,0,3bc62a9bb9952d026af8ecd13a98f81fa60290945109a2f6023ef384956822fe,2024-06-04T16:57:41.053000 CVE-2024-46970,0,0,6ef16041ee18068670ae3579af5d9c59d6c6488d479945d9220353b5e1ab4205,2024-09-20T13:23:29.700000 CVE-2024-46976,0,0,02f78d527d01c9aa774dc796f1ceed3fea7faea62af60e78d26c9cc8325cba03,2024-09-23T18:27:05.920000 @@ -262784,8 +262785,8 @@ CVE-2024-47069,0,0,255d89cbb652b594a7eefdca5524a576b519375e297f09c89870c40566f1b CVE-2024-4707,0,0,8435cc27f87132831b9d3f5ec9dd9fe3cf2e85b8b55db14f2e03c7e1023e49fc,2024-07-24T17:59:29.230000 CVE-2024-47070,0,0,eb4e046cb0db7f50fe7115a81e47e9b3e2a8d6720f2cc6fa65783765e5390106,2024-09-30T12:45:57.823000 CVE-2024-47071,0,0,2a2727cf2aa9f31ddc31166413e132f87e7e569f257fdb08eb6f77a7cd1bf2ac,2024-10-04T13:51:25.567000 -CVE-2024-47072,0,0,188a6edad5c56fba594e5efa16a914dd380f409ba4dd90d5efd1c28b7ee3b2f7,2024-11-08T00:15:14.937000 -CVE-2024-47073,0,1,1b43db514a97c7ccd9d36dbb36c7e6e381e415896e21e1c6ec303f5d2934dda2,2024-11-08T17:35:16.707000 +CVE-2024-47072,0,1,0e35b2a8d8fc5d55d46fabe70f892995ce54782bcdf9f6055325a82c63d5f14b,2024-11-08T19:01:03.880000 +CVE-2024-47073,0,1,5e9a39ce407ce0e80790a37166780ab582a628936b21fe14c192cef183ac3468,2024-11-08T19:01:03.880000 CVE-2024-47074,0,0,c235393b42c4b6df5eccda6c9c87286d920054a08fd0159e7304cbc69442da06,2024-10-15T12:58:51.050000 CVE-2024-47075,0,0,fc6fb563183ec73ff3cc748ab21f019299b633a8e98bafeae8d21bcd8012663d,2024-09-30T12:46:20.237000 CVE-2024-47076,0,0,82c29f0b96fa3aec0681c5bff18d4d64d621f66fcd11bafc7be54b1c376fa105,2024-09-30T12:46:20.237000 @@ -262859,7 +262860,7 @@ CVE-2024-47187,0,0,817b13d1e8de6a39f3ef47c843dc5a93e7afef448e0409c2b2ed1c1bad0aa CVE-2024-47188,0,0,121b1d8543a839662e5f78a404dc83b47db88a564ef1132d3f948fc248118eb7,2024-10-22T13:50:17.493000 CVE-2024-47189,0,0,7d3af50eb7bb8d000bc263107eea64000b2f13c8fe93501539ce47dbaede0a87,2024-11-04T22:35:09.220000 CVE-2024-4719,0,0,5f15010ce3da97593d62bd8e5cbd7e4df0db8fec077945fcbb72e898184ff8a0,2024-06-20T20:15:19.763000 -CVE-2024-47190,0,0,d33cb0f49abf4b622cb145e93e62b943643faf4e40f758c6bcf8860f4cc75534,2024-11-08T16:15:24.163000 +CVE-2024-47190,0,1,04b29b2e4bc63718deee2bfc94cfae7ef946415992307ba116745cac82fde254,2024-11-08T19:35:17.860000 CVE-2024-47191,0,0,2d0ea97c75991dd32a2813bf0ef51251f3610baaa622ce7906ea2e3545fc5ab0,2024-10-10T12:51:56.987000 CVE-2024-47194,0,0,0afa0b09ca6b7bbd6bd860b01b5c9153eec47be962883f1807d6c455d470088c,2024-10-16T18:15:04.043000 CVE-2024-47195,0,0,13778db546c78cfe27d2d127a511510e1d599b625eb31f21fc4e65992e2127a0,2024-10-16T18:11:29.990000 @@ -263050,7 +263051,7 @@ CVE-2024-47489,0,0,b60e5447ef49080d8bcb541a004c5061338369ecebcb53ef8b0c02387b615 CVE-2024-4749,0,0,21df5bc0093c94425462a6e59e75544f486b5326a781fcb494e0f25aa2f7ef93,2024-08-01T13:59:33.520000 CVE-2024-47490,0,0,e3601f25126ea5528355c875251d16d0b06252aacf2c95cdc691bd121e53f290,2024-10-15T12:58:51.050000 CVE-2024-47491,0,0,1c7183e9e3993e3ed1463627637f011863c8594161b879da861988688494ef2b,2024-10-17T18:15:07.923000 -CVE-2024-47493,0,1,04a18ee4d0da415d49aac61a576495599aa89aa96f75799aa37b4313069134c7,2024-11-08T18:15:17.240000 +CVE-2024-47493,0,0,04a18ee4d0da415d49aac61a576495599aa89aa96f75799aa37b4313069134c7,2024-11-08T18:15:17.240000 CVE-2024-47494,0,0,6c1e51ae430441f137484fa6d1c393b939839687e6f7362eb07f2dabc39d9f4b,2024-10-15T12:58:51.050000 CVE-2024-47495,0,0,8400ccc05e720ac6238e1947d4541f548ec20019312994ed40be8d16020de4cd,2024-10-15T12:58:51.050000 CVE-2024-47496,0,0,8318ebc03487e106db1d9a1cf656b2d590141f326264aa8e735642b41da38572,2024-10-15T12:58:51.050000 @@ -263399,8 +263400,8 @@ CVE-2024-4798,0,0,a3036cf57ec44ed92aa705d72184468d7b712fcb492c4ff2950b8be117e010 CVE-2024-4799,0,0,bef187df7ab031f873bee32f009cee90466081192edf9662131655f9488e20b3,2024-06-04T19:20:49.917000 CVE-2024-4800,0,0,46f73cb5132c32f542b67f61b6f2138522f24eb42a7d5cb9e69a7f683ef97724,2024-06-04T19:20:50.013000 CVE-2024-4801,0,0,2bcdaba0a3afa2888c47ef732ae4862e81c0c79cd78d2076198cb242d0df3f0e,2024-06-04T19:20:50.120000 -CVE-2024-48010,0,0,70c27e1e460582c4a479b346931cdb75c41073aeb667c3733482ee321f20260f,2024-11-08T03:15:03.933000 -CVE-2024-48011,0,0,ea766f598ef98b69fd0349ef124666546ac27d88f79865168c748208da0e6c96,2024-11-08T03:15:04.160000 +CVE-2024-48010,0,1,a49338f56e8782b36c0274df85762739d78b33b4bc558cf4c85f494e17a854dd,2024-11-08T19:01:03.880000 +CVE-2024-48011,0,1,cc982cb5a36882c1080a70569c80034bb451758afef9d477e437e2eec3125180,2024-11-08T19:01:03.880000 CVE-2024-48016,0,0,79b8427a21b025c2b604d3c3d72e2379266e5f76164b198ef3ca33d423daa7ad,2024-10-21T17:10:22.857000 CVE-2024-4802,0,0,9f23c738b4e7167dada064b214f9ad2d560e5cec48c7eaa4346088c33abc9143,2024-06-04T19:20:50.247000 CVE-2024-48020,0,0,dcbd5af80fa4e0ff77a2481b211c24b4aca48d4b01a6d0de815360ac1c5ff406,2024-10-15T12:57:46.880000 @@ -263532,12 +263533,12 @@ CVE-2024-48280,0,0,3fccbb43adc0eac89fff4a77fa6463e9ab8591cb5e7aecf8a80efbe6484b9 CVE-2024-48282,0,0,053fa49ae9967fbc35cea64fb50742395541b443f63ba6361e4836107ed1b694,2024-10-16T16:38:43.170000 CVE-2024-48283,0,0,c5c95d36f4cc9b3b4716d94f26715484ab471510ba26541a1f3c47bce371907e,2024-10-16T16:38:43.170000 CVE-2024-48289,0,0,3c17d5bd38424fa0af920fbe41958bfb5ff6ab46e45b8d73a90e0bb1a9946e7a,2024-11-04T20:35:09.307000 -CVE-2024-48290,0,0,b8c26963ebde36baee9f207701e9f512091e258efb3616bf7dfb48ccea452895,2024-11-07T21:35:10.377000 +CVE-2024-48290,0,1,470dc7a365392aceea819604e300f16b964336068e4f6e607d709f5104e50d51,2024-11-08T19:01:03.880000 CVE-2024-48291,0,0,3c4533b920a9f2edb3f01b1757898b30516db1528ffb114ee1df5dcc338084ea,2024-10-29T14:34:50.257000 CVE-2024-48307,0,0,935ee3e0328307bbb03111416c4595c4eff3ac408a08578a24f622dddb9d0c64,2024-11-01T12:57:03.417000 CVE-2024-48311,0,0,354d288e073d9064d21602cf2204c79fdbedf6cf54999e8a50b7d788e057c63f,2024-11-01T12:57:03.417000 CVE-2024-48312,0,0,ed565171c6e4291e871155bd5278a308c07670573cfb5e604423e67b93f19726,2024-11-06T18:17:17.287000 -CVE-2024-48325,0,0,2733e9b191e36099a474c76aa897a792562ba78c5807c539c4cd73564e9291c8,2024-11-07T15:35:13.317000 +CVE-2024-48325,0,1,e332aafd0b1c5c187131f74a886273143993554010ab80fd42869ff8b361baa6,2024-11-08T19:01:25.633000 CVE-2024-48336,0,0,ceb20642f87b45ae345232a2a331752a7382b0137ef1494f458e4bcdd5d57c2f,2024-11-04T20:35:10.193000 CVE-2024-48342,0,0,cab27a7526b8debabab042631051135b3c12f9f8dc84e657f2f251a3750f9436,2024-11-04T07:15:11.437000 CVE-2024-48343,0,0,6b50c2f4f6b1096ee0c17db257557835a9194bfca6ac184c217bfb38c59667b0,2024-10-29T19:35:23.657000 @@ -263753,11 +263754,11 @@ CVE-2024-48942,0,0,8e0a2bf9dd24a5a385f196f7b0656ab299e53cb741eb92aa617f57ef48ee5 CVE-2024-48948,0,0,e258a1f975e8d413717e5a74939518d1de0dc99614e31cd1ac6a1814dc44422f,2024-11-05T19:36:14.127000 CVE-2024-48949,0,0,a2a3af77c2ec8dfe23cb3bfb50401d91f40f6be7761d017f52ac86b99455f8e7,2024-10-15T14:07:04.057000 CVE-2024-4895,0,0,f6b1e62d3b5bd64aea52e6768b6c469e049c941759a77bf99aa3b85ad7e20caa,2024-05-24T01:15:30.977000 -CVE-2024-48950,0,0,30c48acb483e2f4f16c0b38adb455099e742e4191e5d551a647266bca824b741,2024-11-07T20:35:12.187000 -CVE-2024-48951,0,0,bb3a629223b91890b09e74d7f4add0d9f2e43ad01b8ed2ebf2bc3ccd95205c1a,2024-11-07T20:35:13.070000 -CVE-2024-48952,0,0,058bf59448a7361301ca4c2401dc532ddd24e7bdaedbcb0e8e3cf6bcc7063240,2024-11-07T20:35:13.947000 -CVE-2024-48953,0,0,e7e5d8d26ab2e767664de96eca4eaabb0199ad6e6af58565e35134b84aa7745d,2024-11-07T21:35:11.563000 -CVE-2024-48954,0,0,409f935b798b5ed5b4b60bd4180264c8ebea69b11ccf3d87520ae31da20e2496,2024-11-07T21:35:12.417000 +CVE-2024-48950,0,1,c2e3f62d16acb6195c6a2780c609319ca921c0c507a1df4acbf121bdccaaf9bf,2024-11-08T19:01:03.880000 +CVE-2024-48951,0,1,3d9e33a51bafa98c61d3398754ef30d2fa472beb3c81875bc1a06c51e834ccfd,2024-11-08T19:01:03.880000 +CVE-2024-48952,0,1,7de8f0ffdb763541ab8ce6157f5917743308ff40ebc9162f0a4d60fe92d344e8,2024-11-08T19:01:03.880000 +CVE-2024-48953,0,1,79c92dfcc1eac07994739d9fdc765ebb791baa2ff43aa6b181a30c7df184694e,2024-11-08T19:01:03.880000 +CVE-2024-48954,0,1,63b3f4d2836dcc48091174845b5c1b8643f6a2efd9748a0593b560920e78e084,2024-11-08T19:01:03.880000 CVE-2024-48955,0,0,84de7be29efb285e46fc24626f552063b1e23de7f9dbbe9943b534f430e239e9,2024-11-01T12:57:35.843000 CVE-2024-48957,0,0,73c8e1634cf56d3192b3375f11aa72eac69f0bcf8a4cb1f3b137dcc189616d8f,2024-10-11T21:36:47.930000 CVE-2024-48958,0,0,92a426e369946b14ff79b98b6fb42dd0c692d3b7d45d68198a4072bdaadf4922,2024-10-11T21:36:48.687000 @@ -263978,9 +263979,9 @@ CVE-2024-4948,0,0,b89edbe3d3547ee2159af9ec22fd67b98f6c6885f88dc0c929a5ea68a98b8f CVE-2024-4949,0,0,5c7ef1902f4beea866d1c7d9373440674707dc0a06c9e278c0f4652ccc170adc,2024-07-03T02:08:21.370000 CVE-2024-4950,0,0,e5fcb740f07c681c8eb3b4901aae32c365007c0ebdd7c7b0ee473dbffae68af1,2024-07-03T02:08:22.150000 CVE-2024-49501,0,0,34e661795ed7c329d9becb8743e23a77cfe5f584b40ddeff12deceac0863410a,2024-11-01T12:57:03.417000 -CVE-2024-49522,0,1,b49aefd5a73ccd26563c8b91d3f2d98c089948509c56be654cf3171337fc2496,2024-11-08T18:06:01.930000 -CVE-2024-49523,0,0,e3f4e2456199503a24ecc69a5e5e386c4e09f9ab49d74a7a0c5cf1fc4aece73c,2024-11-07T22:15:20.977000 -CVE-2024-49524,0,0,71706b5a78811f7c7eb8269ead51ccd62447cbee4d69591eba40adb539fe82d8,2024-11-07T22:15:21.200000 +CVE-2024-49522,0,0,b49aefd5a73ccd26563c8b91d3f2d98c089948509c56be654cf3171337fc2496,2024-11-08T18:06:01.930000 +CVE-2024-49523,0,1,f80724f56253226f78ea56271ee80d62b3ba148e1878999be1900b25d2719668,2024-11-08T19:01:03.880000 +CVE-2024-49524,0,1,e7793eab2fff9b59c976da4b69592a395e034319e6c39d07f8b75673444fce47,2024-11-08T19:01:03.880000 CVE-2024-4956,0,0,319b39cd7f80ef1a8cfcc633b91e7d5f141facd950994947b42a7565c106a7a4,2024-05-17T18:36:31.297000 CVE-2024-4957,0,0,e3bb8e47c8dfba146bed7647eff25fc6cc8427bb0bd54429262b4324d627abed,2024-07-03T02:08:22.473000 CVE-2024-49579,0,0,85b8fb1168559e66181366d5ecd0a3cbf5d9385b3a23eb2296d97e9422fe6782,2024-10-18T12:52:33.507000 @@ -264389,25 +264390,25 @@ CVE-2024-50108,0,0,9b25c0597cd700705d45770a0bfdd24acd11ca78362272482ce4aa71a6fe4 CVE-2024-50109,0,0,df2b9a1ec1063086c960ea9343e24a17d134d4cb9a79d773e5518122bed5380e,2024-11-06T18:17:17.287000 CVE-2024-5011,0,0,4026c0ac2cac7aea5c94096b029296404a58ceafdfae2ce6d40eb650db37ee86,2024-09-06T22:41:46.253000 CVE-2024-50110,0,0,cbe7f4e3c6b7528b14d48dfe1a33fd10f9ff826f19bf117ea7fb34e0cb39be28,2024-11-06T18:17:17.287000 -CVE-2024-50111,0,0,a9d75a6635130270df679ebde5cf075269db2da0265027785a678ad2c262d847,2024-11-06T18:17:17.287000 -CVE-2024-50112,0,0,c2e351089afa06f8acf23d0863b94e10b1e0ac1643be17fe93f443c74c091043,2024-11-06T18:17:17.287000 -CVE-2024-50113,0,0,6eb35a553b2b6aeedf3cb28837b9742ceab2d86bc13c8b7dbe9f97578986499e,2024-11-06T18:17:17.287000 -CVE-2024-50114,0,0,07fa8b8fa2c8988fe81cf7ba3ceb40700a5705006e738222483f058f866cde18,2024-11-06T18:17:17.287000 -CVE-2024-50115,0,0,d71debbac440037f9655cbfcee9653b56670b454d9c3e8e5fbdcfb151daf34b0,2024-11-08T16:15:46.980000 -CVE-2024-50116,0,0,937470b9a32823a59b0e3cd1359adf22bda7b4386b8a91d511e9f2e0d6b66c2d,2024-11-08T16:15:47.147000 -CVE-2024-50117,0,1,5a9f51842f9d6b84cbe998b9cd9dfc18131fffdc55fc6242b55732ee69940df3,2024-11-08T17:53:01.860000 -CVE-2024-50118,0,1,dc73fe614db921d34921d54141da2d14830eefaa183913b356e2b1049b41ba10,2024-11-08T18:02:21.617000 -CVE-2024-50119,0,1,3992f94156457909776d9f78b1e74d5acc4ac20116cfe1d9f562db596b4ecafb,2024-11-08T18:03:02.373000 +CVE-2024-50111,0,1,eb8d443730d2800f1ad94438d8a88636c62442c6f056de58ab728082dac79307,2024-11-08T20:32:08.217000 +CVE-2024-50112,0,1,3d981d1d5323a8152bf9598af0027e133db6f34caae33a696aa2c2652448f941,2024-11-08T20:36:03.797000 +CVE-2024-50113,0,1,35324016ef8ed8409c5bca758093efae49bc00011e0c20c5d5748b7c2420c0d2,2024-11-08T20:37:04.953000 +CVE-2024-50114,0,1,97b34857472bef00846d75f0ffa7a208dc0d8d56d816e0fa7d4f08b8e1b921a7,2024-11-08T19:11:43.650000 +CVE-2024-50115,0,1,02ca04021d2cc7dc96f00252b3af014f10e0587db81044ca7599b5a7e200281a,2024-11-08T19:14:49.233000 +CVE-2024-50116,0,1,5c06d55d0ff23af81866faeea8fac2cabf3df0b335aa09ae1c5ea0a40bf43840,2024-11-08T19:17:01.350000 +CVE-2024-50117,0,0,5a9f51842f9d6b84cbe998b9cd9dfc18131fffdc55fc6242b55732ee69940df3,2024-11-08T17:53:01.860000 +CVE-2024-50118,0,0,dc73fe614db921d34921d54141da2d14830eefaa183913b356e2b1049b41ba10,2024-11-08T18:02:21.617000 +CVE-2024-50119,0,0,3992f94156457909776d9f78b1e74d5acc4ac20116cfe1d9f562db596b4ecafb,2024-11-08T18:03:02.373000 CVE-2024-5012,0,0,5697b5fa6ba20e1501d7704fc1f19cf57893d5f71753b80662113f567a057a81,2024-08-21T13:34:41.107000 -CVE-2024-50120,0,1,a7535e2e4a67c5d1ea4cc0faacc9771d148428f249d6d1871dd7774a53ec7613,2024-11-08T18:04:08.080000 -CVE-2024-50121,0,1,f5d79ce4a5c66ed82e292027b7f627836da6acad873692ee370a889fbd82446a,2024-11-08T18:05:13.947000 +CVE-2024-50120,0,0,a7535e2e4a67c5d1ea4cc0faacc9771d148428f249d6d1871dd7774a53ec7613,2024-11-08T18:04:08.080000 +CVE-2024-50121,0,0,f5d79ce4a5c66ed82e292027b7f627836da6acad873692ee370a889fbd82446a,2024-11-08T18:05:13.947000 CVE-2024-50122,0,0,ebd98f84f7130eac7bd8c59889d8d2e18bd993f9e28f00cb4c13176d017714bb,2024-11-06T18:17:17.287000 -CVE-2024-50123,0,0,e2cde16061cde027bc4844bed960fb732534205c1c83bc416fa4fed983240834,2024-11-06T18:17:17.287000 -CVE-2024-50124,0,0,506f432eaa878feb4eb3ecd9d2bac1f26c93260123325b9ad5ff0725a208e2e1,2024-11-06T18:17:17.287000 -CVE-2024-50125,0,0,5f0be9486f40c35967c2ee6455a6d4fe0ac35ffbf8ff0b0d320dabcd0e3ca09e,2024-11-06T18:17:17.287000 -CVE-2024-50126,0,0,6ac779325acaaf56a179818c17a4be5cb1a19d43f533f5b99e809cea4dddba97,2024-11-06T18:17:17.287000 -CVE-2024-50127,0,0,49cfbac569ec516e99ea5846f2c6f5ec0be93e3db88fbd20c5ee4ebcad61126c,2024-11-08T16:15:47.393000 -CVE-2024-50128,0,0,2f1950a4507da9eb1f8208b4a471eecc23eb9071ab38f9dd3a38a4a6ca79fa9a,2024-11-06T18:17:17.287000 +CVE-2024-50123,0,1,47c50f926b815dddbd61627f3fd9f8fef8c8286dd5ab3c1e24f64c53dbadadc8,2024-11-08T20:03:49.163000 +CVE-2024-50124,0,1,e0909d43069998015b15f2c2be1ecc325d5e7a282d97ea9e2301837a24362cf7,2024-11-08T20:04:05.847000 +CVE-2024-50125,0,1,bc2ac1b7c523093f36f85867236818ba62e375028e47aa90f5c1f2b06727a050,2024-11-08T20:04:33.913000 +CVE-2024-50126,0,1,dbfa47698305a8999c2e2944df4ad8ac6f14000e7d729b9441150329d31a0e31,2024-11-08T20:03:02.093000 +CVE-2024-50127,0,1,64da90787d2f46c1ab1a4928d01423a4b336781c327e5a269481015e6f90ad2c,2024-11-08T19:42:39.257000 +CVE-2024-50128,0,1,b7dbb6a9a49d8e9414d7a901da420e1fe03b94f9cd0e0e6e7de0a18e1a53832f,2024-11-08T19:39:38.027000 CVE-2024-50129,0,0,d3ce45a272bbec319b8b74e0a3827589b78def498ef425d8fffb168db51be376,2024-11-07T21:49:14.723000 CVE-2024-5013,0,0,2b6e46c5c558997322ab16e56ac5bd13f8f3890cf64227402cfe38f28e8502bf,2024-08-21T13:35:28.750000 CVE-2024-50130,0,0,0ead6e427e0e58d80c032291bdca0080cdf7ee7e6cf1a574a04abadee1bd85ef,2024-11-07T21:49:00.380000 @@ -264419,86 +264420,86 @@ CVE-2024-50135,0,0,e6fecd3c7f049f32536d0ad928f99cedc92443c0039ddb6c780a46487bfc0 CVE-2024-50136,0,0,05913bd8b2c3b3b39ee90228bed519c620b7a81fde02c60d7aa313907aafce6e,2024-11-08T14:31:09.813000 CVE-2024-50137,0,0,2a40c0a9c616f6acebb06464348415e96fbcf3371d410e3d89bcd297cd84becb,2024-11-08T14:29:05.563000 CVE-2024-50138,0,0,a14a4458ec79b7cf0d45aaa0131ecbe8600603e5473b2dc06e87e21816521a9e,2024-11-08T14:27:41.160000 -CVE-2024-50139,0,0,684bcc2915aac29172b43ed3014cc6f20812dd8bdc3afd7f4ebf566394f0029d,2024-11-07T10:15:05.903000 +CVE-2024-50139,0,1,7db943d53544864acddeeeba92e14dc2d08fb2083c9e6b7b1b11cbb6532bcdb8,2024-11-08T19:01:03.880000 CVE-2024-5014,0,0,a159cfb950f4667dfac650da1dbd95c7b0726154dc655b46619c19dd5e035fa0,2024-08-21T13:36:06.417000 -CVE-2024-50140,0,0,17cbb8a66cc2de5937838617fdbc3bf9ec32c6845be977882faf62df3c7d06a9,2024-11-07T10:15:05.980000 -CVE-2024-50141,0,0,c02d53029999aaedc3637c12633bf8e81de18ba7db4f001a2f7644a53f05f361,2024-11-08T16:15:47.743000 -CVE-2024-50142,0,0,d743a51ae6f890af6c341561a1203914428034d09f8fe3bd7de2abcaa47a1a7e,2024-11-08T16:15:47.830000 -CVE-2024-50143,0,0,f3fa38d508dca64f05458197f22df88ada4e228da6d0965f4870b402f78c572f,2024-11-08T16:15:47.907000 -CVE-2024-50144,0,0,14c8395dc8c40b1295a06cdfa2dd7ab00f2a22faaf44d3ce5e16fae2e349f163,2024-11-07T10:15:06.310000 -CVE-2024-50145,0,0,7d883a5cc9cdbb5e3458dfda9164d29bbf258a33fc2152b74eff436e7658f82f,2024-11-07T10:15:06.373000 -CVE-2024-50146,0,0,1956650259fab348e9d067ceae3785b14686007189c2f7643e3c582b0d37d6db,2024-11-07T10:15:06.443000 -CVE-2024-50147,0,0,630904220c34107beb7de82b8c14753330e5feeb424ea50f7c1a1de2b9f84324,2024-11-07T10:15:06.507000 -CVE-2024-50148,0,0,bda48bd5b094cf7933567ecdd997e375b6af8be3bfd7dc38ed0f0887b81247ae,2024-11-08T16:15:47.973000 -CVE-2024-50149,0,0,726c1d21f7a53f469498fbf01d5cbf61c0f41241e6d15724f1e4a28dcffb8aef,2024-11-07T10:15:06.640000 +CVE-2024-50140,0,1,eb0746926c420cc8d2090f5fca10ae981e81997ac8c1fdaad448b32c59f370bd,2024-11-08T19:01:03.880000 +CVE-2024-50141,0,1,bae62305714eb5ec8c5bfe94e53b566f82f69bfdc7c3c2d2860ceb7d14e4fe27,2024-11-08T19:01:03.880000 +CVE-2024-50142,0,1,081683ea498aec7e08e36c9792d1a986b4879eebc92b8bac2d87cfe2d81863a5,2024-11-08T19:01:03.880000 +CVE-2024-50143,0,1,225aa5dbc7963c527a87a475fd315c4d6cf88e38af436bff7f3a96ea656c9f8e,2024-11-08T19:01:03.880000 +CVE-2024-50144,0,1,c55b4e7f7af67f90eda178a9ba2fa4c47d80901810b77811a8c947ce6e8532ea,2024-11-08T19:01:03.880000 +CVE-2024-50145,0,1,a50d4ef735fe685b815fd9884e6522e7918e585ca42fc315c03b8c0f2ccd0a47,2024-11-08T19:01:03.880000 +CVE-2024-50146,0,1,021f17a71355e9c7da1a3fa872cce66adf431c69a2c8d8e36098a29d09e838bb,2024-11-08T19:01:03.880000 +CVE-2024-50147,0,1,43ce628689773c231ddef91126d37c67bb5709ecfbe9aae9414366a036ef0103,2024-11-08T19:01:03.880000 +CVE-2024-50148,0,1,7f0c6446839199adc93c3b0f21555587f022bb17548db4f7897fc0fadf3c850a,2024-11-08T19:01:03.880000 +CVE-2024-50149,0,1,d7c6740c56276f915bd62b11e0e57a6dcbeeb44de647591594fe9c7c101a281f,2024-11-08T19:01:03.880000 CVE-2024-5015,0,0,57e7561ea7b4a22dc47e95fb948c2e633eea845a4a10c36b8de173108bb8285f,2024-08-21T13:37:02.370000 -CVE-2024-50150,0,0,54bda9c32a22c670a0e982ccbb68e6d2b9c9ef694f3234757191bdec8f91f908,2024-11-08T16:15:48.077000 -CVE-2024-50151,0,0,675db9f5af0c9c596374983c7187668f474c8621be8536e8ea726810a7501d3a,2024-11-08T16:15:48.230000 -CVE-2024-50152,0,0,b83f6123dd3a3d349e85b7e65cf74380c0cb4bc5284abd5ecbaf4f126e4973c3,2024-11-07T10:15:06.850000 -CVE-2024-50153,0,0,df42de68635cd236ffae2f9982a46404b637b3e21effde1c9e38a02c3053a652,2024-11-08T16:15:48.317000 -CVE-2024-50154,0,0,09322ebac31b3ebb69edaeac52c08a9efa85e31e0ae30845b21b05ee09657422,2024-11-07T10:15:06.987000 -CVE-2024-50155,0,0,eacf67adbb9e9f054086e56793e395a04a3b98046037ddfc02d3eeae513ed9ff,2024-11-07T10:15:07.060000 -CVE-2024-50156,0,0,8a827f52df1b4554e27c7f251dca0bdd22e79ce54105df95b5cb8a64bdc3d5d1,2024-11-07T10:15:07.127000 -CVE-2024-50157,0,0,d32466560cfcc868a9c1134d654c7146917f38f85aba548860ff09d3504e02fa,2024-11-07T10:15:07.193000 -CVE-2024-50158,0,0,484ac061114af2ec47ded53f4dd8c923a6ccacf90d078d455538996080039933,2024-11-07T10:15:07.260000 -CVE-2024-50159,0,0,5425e8d76fe15f05807ac6fcae46119b687b29f6290aab435b884d2f77b15f4d,2024-11-07T10:15:07.333000 +CVE-2024-50150,0,1,4196baec43f7736780778c168a778671c8558d06a0e2cf6ab733073a0abb416a,2024-11-08T19:01:03.880000 +CVE-2024-50151,0,1,d9ce0dc9cc067e6fa22cf39a277f3e88a2611e6930bd9b5641d4f23f2714aae3,2024-11-08T19:01:03.880000 +CVE-2024-50152,0,1,5da7dbab5ae471c886bf7f5055d852dbc93df394968cae213d2e5970a5267d79,2024-11-08T19:01:03.880000 +CVE-2024-50153,0,1,b0c2677ebc8c95663d6869ad15f2b6912e0be0c8b45a4232f60edadf4926cb96,2024-11-08T19:01:03.880000 +CVE-2024-50154,0,1,fa87e33bac3a0c9928c6068d3502ee1d12c76d8e0af4c64979f0b99c13d931b8,2024-11-08T19:01:03.880000 +CVE-2024-50155,0,1,5747f9cf1aa53c1e6a78fde055a5d938a23ef7a9d8e0d83af3e149b9b3f45e42,2024-11-08T19:01:03.880000 +CVE-2024-50156,0,1,ed997ebe9a2b402a27fae0483970aab9a25073ff36ff717ae62fdc40d861b7ba,2024-11-08T19:01:03.880000 +CVE-2024-50157,0,1,831c798ea992786f323335d193dc3ef349a34b53fcca1479c8f7474757c08c4f,2024-11-08T19:01:03.880000 +CVE-2024-50158,0,1,9a6dda59860d55e42f9cf894dffd100a5d82221731fe812097f3aaee313e0486,2024-11-08T19:01:03.880000 +CVE-2024-50159,0,1,27640372bc8482ccfeb9381ad2cf427f2839cc26e1aed3ef753a274a1ad414f0,2024-11-08T19:01:03.880000 CVE-2024-5016,0,0,99504ccb587052e75d99d9fcbf07f0a52b025e8122dba2c854727d3b50b1c62e,2024-08-21T13:38:32.480000 -CVE-2024-50160,0,0,25ac2894af6f33d276d7b9fbdfbce7187f7b0935c83ad791378e947ce8a39ceb,2024-11-07T10:15:07.403000 -CVE-2024-50161,0,0,f159e13457e91b378777da8dcbcea670c71345856ba9d8c6e79ef7440ca3a7e1,2024-11-07T10:15:07.480000 -CVE-2024-50162,0,0,ef7ecfcc073eabfe684ded3bb3c7044857b15e5e2ab7e849583b456455fc509a,2024-11-07T10:15:07.553000 -CVE-2024-50163,0,0,dec3ecb199cf126db7ee45067358f486a621340017104427057d12188fc08975,2024-11-07T10:15:07.627000 -CVE-2024-50164,0,0,59f758d73b049dd6c90bf51bcfb9d731215e619bf74f7eef635d6807541c5957,2024-11-07T10:15:07.697000 -CVE-2024-50165,0,0,db769e7edde8a85c6acb9c8caa85e7a2f4cb3d0a5b4aefb42d86e3ca86f2ff1f,2024-11-07T10:15:07.770000 -CVE-2024-50166,0,0,5395adb274832b626fdd987b074666617a5b8144d639c3e7c192ffc0765bc5f6,2024-11-07T10:15:07.830000 -CVE-2024-50167,0,0,af0c5f88429ef8a3e7a901b498e153011cf628034fac5b9b43e59c38dfbe57a7,2024-11-08T16:15:48.403000 -CVE-2024-50168,0,0,a94c86a01ff72084f0b5a7eeac18eca94d8db5c3209d7c6f00382332e4e9d6f9,2024-11-08T16:15:48.493000 -CVE-2024-50169,0,0,835d6f68e8ff2966df3dab0228cf7b9cccc1fab67e5809e150851dc0c381176d,2024-11-07T10:15:08.033000 +CVE-2024-50160,0,1,fb7cee56d461f12f3b9db44a684021f9a46d5e1f010283855c1c98f2de52f063,2024-11-08T19:01:03.880000 +CVE-2024-50161,0,1,1e3abc1ee107275fee1577742dfc96a77f0ebede08c55d745c2758735a0921b7,2024-11-08T19:01:03.880000 +CVE-2024-50162,0,1,4d9dd15197774f489e9675bd267efb5b7e91f0415fd39f1a663770cf6f148fd2,2024-11-08T19:01:03.880000 +CVE-2024-50163,0,1,562c5969b9730284f8bc6b2e5c8a8ed9f48638aa96e75e1456e73ba5df058365,2024-11-08T19:01:03.880000 +CVE-2024-50164,0,1,98153fff4a296b20fa93165bce652e5fa8bd7d0919d058627d479c9b9aa62b93,2024-11-08T19:01:03.880000 +CVE-2024-50165,0,1,d66f1a8a78fd7bee0c737f5810df1bd636f57bae2483e39bcbb9543128d709fe,2024-11-08T19:01:03.880000 +CVE-2024-50166,0,1,5d415e5148ceb4bd02933fda8bd3542d6ef94233d11b7d0407e223e89b4a218c,2024-11-08T19:01:03.880000 +CVE-2024-50167,0,1,0fb917bd90a1c864bc4615776382aff90011ad9719de323fc37c1381a5012e46,2024-11-08T19:01:03.880000 +CVE-2024-50168,0,1,f6eeb96bba0908e9aa4ab0659b8d8724b9362b13d83a3bc7ff3aa435590473b1,2024-11-08T19:01:03.880000 +CVE-2024-50169,0,1,71ebc371e37f5115cefa0d50394251542c39c050ba2e08435dde4a10f5e5462b,2024-11-08T19:01:03.880000 CVE-2024-5017,0,0,4bf66f9149c1825eb6053785aae4f79372d6014d70aef068fefc59f9d5142f99,2024-08-21T13:40:49.903000 -CVE-2024-50170,0,0,3697d761ffb3961921027548d40b4d4b2e6a94089a0366f071a6f83bcd274337,2024-11-07T10:15:08.093000 -CVE-2024-50171,0,0,3001b71baec8ccb3fd1fc40ac11888f316cdb91727b4165d44080e84c93a6530,2024-11-08T16:15:48.577000 -CVE-2024-50172,0,0,13dc8a20279d2b8f1920721ae5792d5fd56ec46e21e2872b69823f81f4359043,2024-11-07T10:15:08.227000 -CVE-2024-50173,0,0,0c614b599b1ac4c4377c1e97e1549ec10361640b9eb280bdef6db8215f9eae2f,2024-11-08T06:15:14.840000 -CVE-2024-50174,0,0,c0a04751d2986c23cdc3cabe761738d239dff0d409f5993d7b5be53c3cae081c,2024-11-08T06:15:14.923000 -CVE-2024-50175,0,0,6a5b4e521588366edf3ea2fb90fb1e560e84f05a58597a762867f203c5930432,2024-11-08T06:15:14.987000 -CVE-2024-50176,0,0,ae17b421bdb68e8d199092b11bd167da522d85510184a0d1cfdecf87e2c0edab,2024-11-08T06:15:15.050000 -CVE-2024-50177,0,0,2baec44252ac7d0749f411b371bca3c0f6d37b97655189601b88e2555ae66b8f,2024-11-08T06:15:15.117000 -CVE-2024-50178,0,0,80c11291dc8109662070ae3a0b254faf4783de7cdfe0f6d77aab67205eeffbaf,2024-11-08T06:15:15.180000 -CVE-2024-50179,0,0,a4b497d942ba9ff4609b022934b97be45df338308e9843626fd61267c9bc6eea,2024-11-08T16:15:48.650000 +CVE-2024-50170,0,1,6a2d3089a1a1d8ded28500127b007dc5f5a55b4a3fc31f05b25097f9e2a82dd9,2024-11-08T19:01:03.880000 +CVE-2024-50171,0,1,e3a02851fa0a350372170c2d1b672a853453a68f63562c2a73f2e9b790c06dc1,2024-11-08T19:01:03.880000 +CVE-2024-50172,0,1,dccaa2ee40757919e0ad5cf492956a878e6623c1a283d1f313819b3135789b58,2024-11-08T19:01:03.880000 +CVE-2024-50173,0,1,4c970d12dd754ccb8104b90e1d492ededf628513a4a2ae610793a1225bf473a7,2024-11-08T19:01:03.880000 +CVE-2024-50174,0,1,2c26938b83def25026558593a8de95056553d3b183731913b33322f9bdb4a9f2,2024-11-08T19:01:03.880000 +CVE-2024-50175,0,1,c267b836a166805894a4c37ebf72dd55d9843a0ad632ba7edf4fdc2d3e0169a2,2024-11-08T19:01:03.880000 +CVE-2024-50176,0,1,1d75493e4bf299598a633f77ae3f925b2cb1c57b9d064b82e19782b464b1ae83,2024-11-08T19:01:03.880000 +CVE-2024-50177,0,1,4fb8b3ddb9af9f8a097a514d03b2080fd60587a0766bf44f8281e4c2a563510e,2024-11-08T19:01:03.880000 +CVE-2024-50178,0,1,484165efad9131b3703debe8505c35aa85a563a2949f00bd23cf99f9d6b98b31,2024-11-08T19:01:03.880000 +CVE-2024-50179,0,1,c4648a1cb0e6158035aacfb89d04c61220618558c59d96ca6f1b6a6c714359cc,2024-11-08T19:01:03.880000 CVE-2024-5018,0,0,ae4fae87d25d0ffdabf3f24c5b2aeefbd28a66a0c556c5b46ab6064495fdefe3,2024-08-21T16:00:23.410000 -CVE-2024-50180,0,0,75e57bceece8af715d9ad078a32fac6f8cebb92ff0b5b6815f52ecde60d750ce,2024-11-08T16:15:48.727000 -CVE-2024-50181,0,0,ae0ee55fc7e41d3dacbb13bd9f6d12d3319935f458692570f6120a0d0187375c,2024-11-08T06:15:15.390000 -CVE-2024-50182,0,0,be2f632fba1c07ef88a108235ea7ca45ace40509940d78bbf8a3fbcf82355f89,2024-11-08T06:15:15.450000 -CVE-2024-50183,0,0,12bda283c9e3fe84b446f3b8f599fd2ac40bc6aea141fbf277a9a6b2cd051685,2024-11-08T06:15:15.520000 -CVE-2024-50184,0,0,b8aa20ee1425e197e15ceb695f207407a4bf4436591af8a27852515104cc4f0d,2024-11-08T16:15:48.820000 -CVE-2024-50185,0,0,aa9d82c9079cf9d78ecf3ae8797d6782c00c5760e355595220552c4c40c3997a,2024-11-08T06:15:15.640000 -CVE-2024-50186,0,0,7267c3805d6107ca57e1168ba0ca44bdb15d83625f8518d295068626770976e5,2024-11-08T06:15:15.700000 -CVE-2024-50187,0,0,db4bd36bab84fe3550acc6fc86e40421b6c1af75fa6b2a9cd687e8f349b433b5,2024-11-08T06:15:15.770000 -CVE-2024-50188,0,0,0dc3b7ad12401863665e9bfa3daeaf17fef0e8b621613ba666a69b68a7ea16b6,2024-11-08T06:15:15.830000 -CVE-2024-50189,0,0,225c11f7279da2137f8a7e2da46715fc9c7f16c738c2df2cc59297ac3e4e50c4,2024-11-08T06:15:15.900000 +CVE-2024-50180,0,1,f4c303721e730f9a393f439aaca4004ec106f60afc624c423e36e265c2d3fdc1,2024-11-08T19:01:03.880000 +CVE-2024-50181,0,1,bb4c6997ad59bbb97410a6f650ed4dec30e3dc1c6d446601908c086d1d208f2a,2024-11-08T19:01:03.880000 +CVE-2024-50182,0,1,16bf6296184bc3002b7393b9684655e4277d04239189c6f359e716998ded10b4,2024-11-08T19:01:03.880000 +CVE-2024-50183,0,1,1a5c85761b67f4951d4aead272e8cbaeeb6fb4ad164fc8c52190afa66b3996f3,2024-11-08T19:01:03.880000 +CVE-2024-50184,0,1,cb05ed3cbf4320d0b6539ece765682947c4e4dd01f32eb669ed72a68abce565e,2024-11-08T19:01:03.880000 +CVE-2024-50185,0,1,595738e2988b3e2c25066779b5891f8412116ebeed8b468125ac9343052411c0,2024-11-08T19:01:03.880000 +CVE-2024-50186,0,1,dc12eba11107a35c5b7f7b4fe757f427daaaa77d7848dff65a7950111c79ee69,2024-11-08T19:01:03.880000 +CVE-2024-50187,0,1,9e77a6b02e0f58e2042e30bc8e5136053f0f67b10b4b28bd21fa9c5ec3735ee6,2024-11-08T19:01:03.880000 +CVE-2024-50188,0,1,3388358042ebe9dd2624a93864ae281cc3a499ecbacb389a51b98b88352a1d60,2024-11-08T19:01:03.880000 +CVE-2024-50189,0,1,932cbf4f2746c832c987e18de4e991cd233ba7f3af0f207926cc426f4709c40b,2024-11-08T19:01:03.880000 CVE-2024-5019,0,0,208ddc99e1f67b7d6822e7ee095131f1b9c059678d4d2eeb2b2f9eae704845da,2024-08-21T13:43:03.670000 -CVE-2024-50190,0,0,78772769e00e33c12dff5af87507b0a34cd4fef65a07f9a32b9e5fe58e81f335,2024-11-08T06:15:15.957000 -CVE-2024-50191,0,0,1d87a30e609b20f413f9def67a548b079a81425d74a5fdabbda9126de86fafe3,2024-11-08T06:15:16.027000 -CVE-2024-50192,0,0,eb9c86c30996c3a023a5b9e5e5d748b466c60cb561081c208c8afcc47a8649d7,2024-11-08T06:15:16.100000 -CVE-2024-50193,0,0,8bdf218f6abcf25efa638ccf726e8641528efa8dca5f0abead1de04d7fbb0b82,2024-11-08T06:15:16.153000 -CVE-2024-50194,0,0,9f7f50590c4c3de71f0f0e0fb301d01d1f13f2c7daebcaf971ee3c23c3d7bca3,2024-11-08T16:15:48.940000 -CVE-2024-50195,0,0,ea44acdf31e667ef9128af711c92e2728e7563886ae388144476fd915e4e2952,2024-11-08T16:15:49.030000 -CVE-2024-50196,0,0,e0b53fbd8ecf354e5444560d720cd7b72ef1ad2e10e7095db3a34b7c6d5293ad,2024-11-08T06:15:16.347000 -CVE-2024-50197,0,0,a7a0b2fa98d99e621ec5549afc3f873747f94600a8ef9e6205d3a50d079184ea,2024-11-08T06:15:16.407000 -CVE-2024-50198,0,0,3801273ae36df5ff0da3417166f39e8d34cd7d650501503c6a27cc23d871280e,2024-11-08T06:15:16.467000 -CVE-2024-50199,0,0,a2b31a2122760c5188e8683897fcd5c200998bdf72ba3c984d127bb6f24cc16e,2024-11-08T16:15:49.507000 -CVE-2024-50200,0,0,86abd0f23b603ba12bc5900429bb4e583797fd7d81fd3807674902190b0520a9,2024-11-08T06:15:16.593000 -CVE-2024-50201,0,0,285bdea5ed809568c22f717e0ebbe1ce546fec1d65e3edb9a5d6014bd97f2288,2024-11-08T06:15:16.663000 -CVE-2024-50202,0,0,3826d429bf016c5b1994999bbb37a4b24d2f0ddd99d3c2110362271920189db0,2024-11-08T16:15:49.583000 -CVE-2024-50203,0,0,4456a805caca06fbeadf36949f3d4525e7992d16d232634bb12f6a795c58f3cc,2024-11-08T06:15:16.787000 -CVE-2024-50204,0,0,e8f5421454173c5225d8eea2afa3f3268eae81eb33405bbc538a8bb16dfb5036,2024-11-08T06:15:16.853000 -CVE-2024-50205,0,0,c4ee9fc80ad32dc1fba61b276568b377222074078ef78c671addb5cad8e43c19,2024-11-08T16:15:49.670000 -CVE-2024-50206,0,0,7a39b72761aa1d9faae7023aa522a5ec5ad7af82c7161562f68fa9700fc2dac6,2024-11-08T06:15:16.963000 -CVE-2024-50207,0,0,993f37b8dadb00a55ab651ab8bb4fac47f9d441d56b39416e28f98d989d687a3,2024-11-08T06:15:17.053000 -CVE-2024-50208,0,0,ed7c28df337b2529eabcf497159494aa7646f2a1a9baefc9733d7e887631cccc,2024-11-08T16:15:49.743000 -CVE-2024-50209,0,0,3fad56b2299102752440e82883c9e6f574e58528567c0bc2140544be4a35bddf,2024-11-08T16:15:49.810000 +CVE-2024-50190,0,1,2962a78db58b5eff7333f4f943b026fd8630dab04243ae02339e9f901787f7d2,2024-11-08T19:01:03.880000 +CVE-2024-50191,0,1,a6db09c765b7d3d35c26042d26dc5603def4093fc6f320ce46df0d5416572571,2024-11-08T19:01:03.880000 +CVE-2024-50192,0,1,162ba18ce574f29376d6f26f3b49b4264953a117aa0941c6e3db338e6a8a4421,2024-11-08T19:01:03.880000 +CVE-2024-50193,0,1,7e30bdb4b5e8a6ab46e3d67e3836b47343967cdf31e49c073432575b6d71d248,2024-11-08T19:01:03.880000 +CVE-2024-50194,0,1,bdfb4b308a455cc030bbf3ee4b9be5fe7cf8e57f7886e2e1d694dbb575d10c75,2024-11-08T19:01:03.880000 +CVE-2024-50195,0,1,2056dd80d8837a4cfabaa34bdad611beddf2951a57de6229e270704d270c7257,2024-11-08T19:01:03.880000 +CVE-2024-50196,0,1,67ab1410a7afba9db474517265806d8706340c03ebd3751e7f391518351e27cd,2024-11-08T19:01:03.880000 +CVE-2024-50197,0,1,3f8ecc72817dc423a9041b703d9e63402f591ee61b49b70ed92a6634102bb6e4,2024-11-08T19:01:03.880000 +CVE-2024-50198,0,1,9ef85f520a110137e13b34f9e0bfee256be72e05b5313bfd069b68e3cf6b2d36,2024-11-08T19:01:03.880000 +CVE-2024-50199,0,1,b8f78e420d99c3be93152e77925d5aa37a57c9178b411f7f9810142c7268bea6,2024-11-08T19:01:03.880000 +CVE-2024-50200,0,1,82efcbf0dd69c9979ff3b26a3089c3a3d5d0e59374420ada668f73a7a34ba711,2024-11-08T19:01:03.880000 +CVE-2024-50201,0,1,eb93b5e3ebd1b086e40a44548e621bca13626a826287ada5f6f17185ed22e7b6,2024-11-08T19:01:03.880000 +CVE-2024-50202,0,1,9863501b8e60c89f9e518dfb37b2552d9f633d49e18370e84bed41b8fa592e3f,2024-11-08T19:01:03.880000 +CVE-2024-50203,0,1,52211f6071bc7ee288aab747a5bcaa2f527ab614a7fb3f0fe187df05a3dd2b50,2024-11-08T19:01:03.880000 +CVE-2024-50204,0,1,c529ce789a0771f96591e0ea930cf6052e71344c09f039ebcb1211b2c5f378bf,2024-11-08T19:01:03.880000 +CVE-2024-50205,0,1,7ba13135156d7e20b690d426de3fc1cbafb30d7e3437aa970422228bbef885a3,2024-11-08T19:01:03.880000 +CVE-2024-50206,0,1,efdeaaa79f1fb8ebb4bdf08abddd81dc63f4568149d4e8a117965e92f12613ef,2024-11-08T19:01:03.880000 +CVE-2024-50207,0,1,3c3e6ca8261c6eb83cd0d29d9779bc64f3b6ae421320bc0cfc99e465cee05407,2024-11-08T19:01:03.880000 +CVE-2024-50208,0,1,612fd195452dc05bcf220d3cc702a866814c53df6bbbfb573a7f40b3965646c1,2024-11-08T19:01:03.880000 +CVE-2024-50209,0,1,8a8805a93a7ad4720dce18e0fc6a19c9829749a589bcab3a3e272b745ce158cb,2024-11-08T19:01:03.880000 CVE-2024-5021,0,0,38505cbaa011793e28d7950a2ea2daf96aac6ed3db846bcaf517334c4dc7fa50,2024-06-20T12:44:01.637000 -CVE-2024-50210,0,0,0842dcbca770bd39cee408aea3222425b47a3f63662b6b33a902253fff8af2f1,2024-11-08T16:15:49.890000 -CVE-2024-50211,0,0,5b5cd5361c1bbde002a6c481954d9f1d0c86c7f5e25392dd8b7358ebc9f716f2,2024-11-08T06:15:17.410000 +CVE-2024-50210,0,1,39887cb7f7dc73362120106f57cbc0747a59b3d51e3a41b9091d50f5c44af891,2024-11-08T19:01:03.880000 +CVE-2024-50211,0,1,789a6df7d2c02bd672dc452fcbc42c98aa068123f2fd8cc57a38a73d58fa13ac,2024-11-08T19:01:03.880000 CVE-2024-5022,0,0,b83f09821687b900e7e3c962c3fdf76320d3bf46277a4004f5c59e7ba07e152d,2024-10-28T21:35:22.210000 CVE-2024-5023,0,0,63ebd4218020d01998ceddb622d35154b9496df68f9db12eb6b4711fe09e7d24,2024-05-17T18:36:31.297000 CVE-2024-5024,0,0,9dd3417f324a3df55f488e05c68d1854a15dd73bd49fdda06475c54e037a76e5,2024-09-04T14:33:57.200000 @@ -264513,15 +264514,15 @@ CVE-2024-5032,0,0,e2dd01f18d9397a3c892e6f9436384b2c9baea7d6f6081290ca836f05f0fc5 CVE-2024-5033,0,0,34cd1f889798bbfeb338d8d711a920994993596df17d9daf9b428477bffed7c1,2024-08-01T13:59:38.730000 CVE-2024-50332,0,0,1a42ed8004554770ddf6287db232f683a70aa788adf4f5377695a69da9577e8f,2024-11-06T18:17:17.287000 CVE-2024-50333,0,0,dec570600936fbd1d13d82c721e514d60fa6e5733b1c9746045163c28aeb4e6b,2024-11-06T18:17:17.287000 -CVE-2024-50334,0,0,15b97ca0de89b7422ca1338a576d4ef71067410db416afc03dccd883f0aa73cd,2024-11-01T12:57:35.843000 +CVE-2024-50334,0,1,f1904bf4f599c0615877538d390ce8a4f2f074393bfa4b43c380ab7ec9b0624c,2024-11-08T19:51:58.433000 CVE-2024-50335,0,0,30b0738ceedc1a1fb3bb1288fecf67aef4015dca447e6a6bbd65ec5d7cafcbc2,2024-11-08T15:09:07.440000 CVE-2024-5034,0,0,ecc1ebd0e8a7a2aea01c9ce5ac07669525947175e7e55790f4a8e8a0b317bae8,2024-08-01T13:59:38.920000 -CVE-2024-50340,0,0,0d8006f3dd7bf6960a884ab327616feab504d4fb3d7bece8ca7ec146ee406621,2024-11-06T21:15:05.527000 -CVE-2024-50341,0,0,56f80142c8430d4c9e687f36f4de41fdceb7e6a5fedaed2403afd3e967693c45,2024-11-06T21:15:05.747000 -CVE-2024-50342,0,0,ad2d68e63f0a467fed99a59db8fd904072ce7170031980e68557c0e58aa6b3be,2024-11-06T21:15:05.963000 -CVE-2024-50343,0,0,13d5f6bf56d0ed34f1292154c100bba90a98e43cd4d2ee727daa489f454989ed,2024-11-06T21:15:06.180000 +CVE-2024-50340,0,1,7fe99995b303f24a1e9f1f89a7fb3e3a3b6b19d546946b79fcfc20de0db067df,2024-11-08T19:01:25.633000 +CVE-2024-50341,0,1,2e9917337f37c3b47e4050a6c46cfbe9a68961d285ca45432129645fe2fcaf2f,2024-11-08T19:01:25.633000 +CVE-2024-50342,0,1,36f1d617f4d9f6d5ee0691957ddb564d04e594e5003ecdb61bb72c098935c3a0,2024-11-08T19:01:25.633000 +CVE-2024-50343,0,1,9aee7878545f6eae1646b297d9ae34768aeb5669a62a009ff413ffe48453310a,2024-11-08T19:01:25.633000 CVE-2024-50344,0,0,01bf6c563fd2a47d8f1655926ebf620cef86a1d975ff50e33bcc2ca54db6ff27,2024-11-01T12:57:03.417000 -CVE-2024-50345,0,0,a906319e9df14e184a1c49f6767e11bdb542ba55960f07fbf1c2e373b98a833e,2024-11-06T21:15:06.383000 +CVE-2024-50345,0,1,120f42c313995ee571dc5826f119cf5f875da86aa283b5167f30198f30ea112c,2024-11-08T19:01:25.633000 CVE-2024-50346,0,0,fb25cbb7b8a23f8bc4a8f048afe511d7d942fe5a9bb027a602dbfa956ec82a3d,2024-11-05T16:04:26.053000 CVE-2024-50347,0,0,09b35c9108a453337442f172c0c30bea977424cb455f7f1c26e8c5268b8f2c51,2024-11-01T12:57:03.417000 CVE-2024-50348,0,0,fa8a8e9e48d227df1afdc378e4ee00ffda2dd051bb15c8b477e290549096cb45,2024-11-06T14:49:46.073000 @@ -264531,7 +264532,7 @@ CVE-2024-50354,0,0,71c165210065e28f3056b772ab098428406844612dc3279d15bcac1af858f CVE-2024-50356,0,0,64f0da8e0b7e6e4d5658fd7d480220251668db371d4ec71f8643d1fa5f1ef922,2024-11-01T14:35:08.330000 CVE-2024-5036,0,0,e97b40bd40cf208c311323e6564cb1ded96d8cc433059436a8705289f1e02a66,2024-06-20T12:43:25.663000 CVE-2024-5037,0,0,46d4a5c4b83922b1ee19bcb8bbc97a0a290a2086fb5a073395bdb9a5e03441e0,2024-08-19T17:15:09.807000 -CVE-2024-50378,0,1,7f5799ddc3a599adfc9920049eef18d5ee21af67db3e21929016413d895e084c,2024-11-08T18:35:04.843000 +CVE-2024-50378,0,1,363ccac602ebd2db0e355ee3adb0fa1db2db17fafd04c23325c4255122e790c6,2024-11-08T19:01:03.880000 CVE-2024-5038,0,0,99b942f340bd77179350025250d1eccbd97ee2b6f6339af49bfd1a72be63cbf5,2024-06-11T17:41:37.883000 CVE-2024-50382,0,0,f0709ea17e5f95032091a174ec66193a9596281fe9af192634610c6cbe74c173,2024-10-25T12:56:36.827000 CVE-2024-50383,0,0,e2190fcc52d7d22ac332b0c05a25a337fdc4e67265af4d4eac38727251637b62,2024-10-25T12:56:36.827000 @@ -264572,15 +264573,15 @@ CVE-2024-50437,0,0,40b87a35f71e1bff2e4bd49aee1e264d6fcf504625bcd539243812317d4ea CVE-2024-50438,0,0,475eb2b682fba57560dbef3db9c1aa89b03ed5debfe194b4768b17f58a56cf4e,2024-11-08T14:52:53.633000 CVE-2024-50439,0,0,7f4e2b65c097d3537031fc570d68cecb1e82e275ec25e6e59088840f6219fc0b,2024-11-08T14:53:36.900000 CVE-2024-5044,0,0,a4e177741479e530ad4105167bd81efc2f0690ac50664dc5a5f1c197ba9e227b,2024-06-04T19:20:57.117000 -CVE-2024-50440,0,0,d16b0a66995b7152dbf6636c54994a2845eea5e628000309614e635be4aaed58,2024-10-29T14:34:50.257000 -CVE-2024-50441,0,0,fa3535407c4df4f136174ab7a3bfffe4262ed285d5efdc948f074837395d4dbe,2024-10-29T14:34:50.257000 +CVE-2024-50440,0,1,737061e34010f121f45c37a5cefb9c2fafa343e6e0e4a3ca254e42e567a2c6ce,2024-11-08T20:33:29.843000 +CVE-2024-50441,0,1,c007731a69adcf6d1c2a6a59464b307cc255288a460de19cc2f2e0aa5a42ecc9,2024-11-08T20:33:47.027000 CVE-2024-50442,0,0,666bbf20a669cebf02b3631074982e930833bf3617b341b3c93380d86c5ba3a2,2024-10-29T16:04:29.950000 CVE-2024-50443,0,0,180e825e47af6aa7fd93ef1820ce36fbe1349a43a10b0578a9c8d2057b8d6ac7,2024-10-29T14:34:50.257000 -CVE-2024-50445,0,0,93d89254abe8d40bb096b13dda2339158b8c0b9fc53ca7e36a35764b3a308f3e,2024-10-29T14:34:50.257000 -CVE-2024-50446,0,0,93fc12db73b1a11c3d258d0474f684d854db3cd3ac5ae3a6af4f2ed00f2ab977,2024-10-29T14:34:50.257000 -CVE-2024-50447,0,0,fe40e9143b13f8e1f69a66378622848e38fb6faae543e2bbf63f254032c9548a,2024-10-29T14:34:50.257000 -CVE-2024-50448,0,0,cc688c2531021780281369f6ec6cb194413205dbce8f2efb8d8db3f406e21f55,2024-10-29T14:34:50.257000 -CVE-2024-50449,0,0,3429d02802ce52441f57341c160ef52c98eb06b4e6bb46b5301d5d27cda8788f,2024-10-29T14:34:50.257000 +CVE-2024-50445,0,1,e97c7bb3b1bf0b69bce59ae4ea6f985a2b50fc9437eebb8e8bb228c776923bc1,2024-11-08T20:35:35.287000 +CVE-2024-50446,0,1,b591b630e23879ae4dd92d05b1ef002bf3e7d3fc9226d4a7cf5afa5be460479b,2024-11-08T20:35:58.357000 +CVE-2024-50447,0,1,9849d704349b67452e91f2be8c8a34b233a41c87e9db8ce226ec3e45243340f9,2024-11-08T20:07:10.317000 +CVE-2024-50448,0,1,a4aae285def62dfc159373743f4d99acc40877008825e97cbd7f370ea4bc8e7d,2024-11-08T20:32:15.587000 +CVE-2024-50449,0,1,26fffa3096de1c72fa85583c6f33c30c5d75f53bfa92f375276b4f61f8be205f,2024-11-08T20:32:59.137000 CVE-2024-5045,0,0,2cc3bc060710a5f4f076b17bfc4c763ffc9b4201a30a5ba725a69c9c0d38befe,2024-06-20T20:15:20.153000 CVE-2024-50450,0,0,7fc26bfa183b8562e84f6ef3fdd2ced88c72fd71cbb7684963fe6a0f34f112bc,2024-10-29T16:05:40.250000 CVE-2024-50451,0,0,9e10a2730d4d224fc008f74af7e4e87adb7173c98f4e87f05a6cb935f28f1c9e,2024-10-29T14:34:50.257000 @@ -264672,14 +264673,14 @@ CVE-2024-50580,0,0,5b968edfe9310465a4a61d2a3470b2d0d4ec8adbdbfce2d72a22506917527 CVE-2024-50581,0,0,e5fb4cee2b881a0a54f5919c2bacd493c5e5939555d4d28ee9d7fe9ce108f7ac,2024-10-29T17:17:20.747000 CVE-2024-50582,0,0,8ee09c1822530ab12253edb2ea8a5293a80f3664e0faaa7e73f6ab343465ff36,2024-10-29T17:16:46.007000 CVE-2024-50583,0,0,db2a2ad9d7e60027a7a0abb846b837f27b8194afb56c33e89ab55cbf708c9a52,2024-10-25T21:35:08.253000 -CVE-2024-50588,0,0,44d7bd9160a1df633fa026c9b86dcaa292eff0430385babde0812061582a8b19,2024-11-08T16:35:17.883000 -CVE-2024-50589,0,0,789ccbb1df36179d1d82ceab94731e7db30d2d77d9f01b5b84b701ed7b74a669,2024-11-08T16:35:18.097000 +CVE-2024-50588,0,1,811a461c2d7f3bea307cf8ffdeb8fcbd1392026cc50525751c559ef74593bd97,2024-11-08T19:01:03.880000 +CVE-2024-50589,0,1,d69fb493f8b851f30b6c205f4f44db9e32a4c12050b30231593d3ee52d69dded,2024-11-08T19:01:03.880000 CVE-2024-5059,0,0,b0901ef33b8b4d50fbd07542bb49b954ef3e45e5d8bea77c76cb9c3c21bd9422,2024-06-24T18:49:29.467000 -CVE-2024-50590,0,0,254865466ceb6b33a58dda0a97954fe20ffbd023de06439d97b7eb9113cea26e,2024-11-08T16:35:18.987000 -CVE-2024-50591,0,0,587734b782eee0e4a7f9771236f557164bb018ae6300714b8d30b9080c2b7876,2024-11-08T16:35:19.220000 -CVE-2024-50592,0,0,ddff8c73f84c71b623b9ecb77f50a52d33083c5b19231cba48b3438648679416,2024-11-08T16:35:19.463000 -CVE-2024-50593,0,0,06b5aa29cbd8fa5b1ce050cdfd40c2b25691232ff8232b9c4fc0e12a4734c234,2024-11-08T16:35:19.707000 -CVE-2024-50599,0,0,e1857bb672b72986e6bfec4c885691e1c8b17535cb41a4846ed91dbca67a3a57,2024-11-08T16:35:19.980000 +CVE-2024-50590,0,1,81e3478eefc1f9d856ae7be2805ff66d44b57d41354234b83a916a25ad2a6ab1,2024-11-08T19:01:03.880000 +CVE-2024-50591,0,1,d10f526013e08ae084cff4c86732214ab049cf77eaaefa14ce3e7711b4e735bb,2024-11-08T19:01:03.880000 +CVE-2024-50592,0,1,1ea6423960cc50e93195b2cf1d9f7905b125a77bfd5004aeb42759deb6410f57,2024-11-08T19:01:03.880000 +CVE-2024-50593,0,1,2990c55af886ff8c2c12dbcca8abdce067826f7d03b201038626b94cf51f8774,2024-11-08T19:01:03.880000 +CVE-2024-50599,0,1,3c6f0c29bfc51c064c63c37a765c151941367295dbdeff70ad17448c4c631795,2024-11-08T19:01:03.880000 CVE-2024-5060,0,0,70a4b23a22f78db2884c1ce0fa906b767ee25d155e7de23427bff751940319e4,2024-05-24T13:03:05.093000 CVE-2024-50602,0,0,45e9269102f2b541d78d641e3b6d4f0d7b12a8e026b5814df3e38d2c0c706172,2024-10-30T18:35:16.237000 CVE-2024-5061,0,0,acb15fde0f7701ee7d55862ecbc276a299a2eba41aa60a0bce397763155cd902,2024-09-03T15:11:56.787000 @@ -264694,7 +264695,7 @@ CVE-2024-5062,0,0,1dce1f93ce1b9242e76ae9cf090eb76ee6afadb656622c6eb5a578a5eb7601 CVE-2024-50623,0,0,71c6fad96d3194eba7d5d7edd081f9ad30cc6decd08744ac71e97f086f12f546,2024-10-30T21:35:11.373000 CVE-2024-50624,0,0,2f6d7cbc06ddd09de063e5bd0feef072f438fbd478c20a099bcf6256ed039f90,2024-10-30T21:35:12.223000 CVE-2024-5063,0,0,3ea00cb3f53084b2393e5a818811e5957f116b348338ce87a59f64292b187a9f,2024-06-04T19:20:57.760000 -CVE-2024-50634,1,1,b84836e89dcdb139a4d9962f38b7c4259dab1ad4c8e3f8763dbfa73151b42062,2024-11-08T17:15:06.570000 +CVE-2024-50634,0,1,1259534018b84fc966c6bbf71883176c6258839dafca0d12474268de67eb80a9,2024-11-08T19:01:03.880000 CVE-2024-50637,0,0,7cb3fd4c2566fc1d1593156e77d24b90af6dfd042618185e839399543b673bed,2024-11-07T14:15:16.780000 CVE-2024-5064,0,0,d857d2e0ee5316e135c4045ce3a7ab1579933a9b029d66480995681ffcc21c71,2024-06-04T19:20:57.870000 CVE-2024-5065,0,0,0430cc7c42876b1507fe619bbbc6ece1ba2c878f57a5564022a1efa295cd852d,2024-06-04T19:20:57.977000 @@ -264707,13 +264708,15 @@ CVE-2024-5073,0,0,84e84c9e85d38ba2ba8fcac94cd632adf73ebd62caf103a5afc104149a6ce6 CVE-2024-5074,0,0,323ff3e4be9a1a01795a645c087210e0124e3c1100808fef1bff4cc986dff48b,2024-08-01T13:59:39.780000 CVE-2024-5075,0,0,3a68f5400be3fd65933ca2b54d2fe1b2cd42ebfc5586417b08ab71b3ebef46c2,2024-08-01T13:59:39.960000 CVE-2024-5076,0,0,de640e02cf3b45a3c273aa587ea62260b6bf3eea8d977ac9f3e7280d3f5d4b40,2024-08-01T13:59:40.143000 -CVE-2024-50766,0,1,fbd49371f043225e68f55c1ee1c9a78c339fceeecd3c1c7a0285267e561c617a,2024-11-08T17:35:18.630000 +CVE-2024-50766,0,1,af3ada3641e5f900c68c3d98d58b715ce7a7d6da5b4d545f2ac59e163c2e3f26,2024-11-08T19:01:03.880000 CVE-2024-5077,0,0,58d61679dec16d0807ee3c6d8f70abda23dd3b8ef542c3a47286601f3d544039,2024-08-01T13:59:40.333000 CVE-2024-5079,0,0,03cab751fae6538cdd3ee0f9a467090b1b9dca8ded972c9a24812d90a2b62ab7,2024-08-01T13:59:40.517000 CVE-2024-5080,0,0,88ae00b43e12b64ab9ecc2d4c4ea1fe4d89b86d4c131aa05e4a989c5a4e3b207,2024-08-01T13:59:40.707000 CVE-2024-50801,0,0,b02fd2a4d914f47ebf18861bef14a429b26208dd8058232ee786f89bcea879c0,2024-11-04T19:35:13.810000 CVE-2024-50802,0,0,8492f5be24f5ad2918f47970062e4bc2c1c3f432ad972af1d330cb18adac5b2e,2024-11-04T19:35:14.907000 CVE-2024-5081,0,0,0bebffdc717b25462ccb5a198cb29076c0fa0475011c795b0df7ab25d1acf197,2024-08-05T15:35:16.180000 +CVE-2024-50810,1,1,4097d54fcd17dd77650989ee96adbbeec9177f32fb93f3c8eb7e4af625d8db30,2024-11-08T19:15:05.877000 +CVE-2024-50811,1,1,f3dd553fef10c2fdbb4ff1230411b63978ded35f0f4c01d4113ea057fc05f4c6,2024-11-08T19:15:06.020000 CVE-2024-5084,0,0,79705ce3d53f6e7c72da00fccc935c6da44be9bf4354c31cd8528afb5e0a643e,2024-05-24T01:15:30.977000 CVE-2024-5085,0,0,6942e3068671e85a9578eddbb7240c8706dd53cd6ec5670c5d4ddd91c950a30a,2024-05-24T01:15:30.977000 CVE-2024-5086,0,0,cace1182cf9be3136b0c613ecdabc086a9a0b40661f04ebd6e230acc3565cbb0,2024-05-29T13:02:09.280000 @@ -264727,7 +264730,7 @@ CVE-2024-5093,0,0,13d2e709dd3e7be8048d02a6012bbed004823bd119b45510128e77bb922bb1 CVE-2024-5094,0,0,a6da916325cb7c5c0cbf108ef5f048d7004d52e417cf8850e363484a9b36d59d,2024-06-04T19:20:58.470000 CVE-2024-5095,0,0,1588c0abfc34bbd50f97e7721e8e7ba42bb279c7cb42725ee04b715e36b1b7b7,2024-06-04T19:20:58.577000 CVE-2024-5096,0,0,5ed717834c38883681c6d180e391a0fccee5714f6ff3215bd896b6366e61be87,2024-06-04T19:20:58.687000 -CVE-2024-50966,0,1,13a8f1304bd8fb5c743d48fd255e6a11d93337eeddb178819ce777703d2af795,2024-11-08T18:35:05.110000 +CVE-2024-50966,0,1,17999db3c119b65097d64bae028974d0e6d4cf5d6910c7a7a211536c5ff5b48a,2024-11-08T19:01:03.880000 CVE-2024-5097,0,0,f8c17c92eeab06c631c7e3bccbcd56a5be798bb0ae3554a5ecf4b2a49f948336,2024-06-04T19:20:58.787000 CVE-2024-5098,0,0,51bb68a404444dbad57c4444d3880f6dd34c8b10fc09ab7783a9da02fb8f5608,2024-06-04T19:20:58.887000 CVE-2024-5099,0,0,c449033239abbf7fd2bba4f64694ff77374623f364f0fa141d0a92a151a3ab2c,2024-06-04T19:20:58.993000 @@ -264767,11 +264770,12 @@ CVE-2024-51022,0,0,0ece03150b358676db07247d8d7b2f159d764688f80f628fe39259199c6ee CVE-2024-51023,0,0,ebaa10a6cf97ea0a8d3a78af01fa457d59d2482b7e77a284c65cb29a479cdc11,2024-11-05T21:35:11.923000 CVE-2024-51024,0,0,6f5395792b8172ecfa32aa76f0d11406773a932eea25e8edfc3d7b1b44837d82,2024-11-05T20:35:25.253000 CVE-2024-5103,0,0,aef0baf1fd7c527670ecf099c59b541b0a60e91a3e6b8de1c582546f74d7df46,2024-06-04T19:20:59.297000 -CVE-2024-51030,1,1,1690ce79000b71b9fb3f03a542fc22af5e9996914683c2da8c07311788859d59,2024-11-08T18:15:17.463000 -CVE-2024-51031,1,1,08f7aca28c8881751245cb891da384a19f7cf9178c217e00f0b34ccba4a73424,2024-11-08T18:15:17.553000 -CVE-2024-51032,1,1,47f0f62248244a70680a8b824623b669f4493c7477bcb8f14873253aa19ed35f,2024-11-08T18:15:17.650000 +CVE-2024-51030,0,1,8864f5f848b4bd116cf6c117fc9413494345870c652480a21b492e7685b9b04b,2024-11-08T19:01:03.880000 +CVE-2024-51031,0,1,1e5ab5cf9c7a25d9afff4cfa33f3918bc3dcf7d5460284d217623f0076ca881a,2024-11-08T19:01:03.880000 +CVE-2024-51032,0,1,ec7a3f58b1b13bff81847fdcad7b6dc259b873fcbfe047be514b3d445ebe4aca,2024-11-08T19:01:03.880000 CVE-2024-5104,0,0,8d4ff1d965ca43b16b77c8055dc82631e6e8123b480d913038100bbc16c5fc14,2024-06-04T19:20:59.397000 CVE-2024-5105,0,0,c1afcbdfab9cbf8b7401c36e665ea5449fdb0423f5baf719d1747abc02484d12,2024-06-04T19:20:59.500000 +CVE-2024-51055,1,1,053fa0edaa4b935312f10d8abb53700d4933be42c7e135561c5e89740c1394ed,2024-11-08T19:15:06.190000 CVE-2024-5106,0,0,0c609f41f655027086ae34a799c5dba7518161802bc29d490607b24bb6cca58b,2024-05-20T13:00:04.957000 CVE-2024-51060,0,0,ddd21612647112f5890d80f7e9a66af0aa0242bb00299a6e578d6a3caed1ae4f,2024-11-01T17:35:08.443000 CVE-2024-51063,0,0,04525a4216d664978c53553ccbf14c3bb10809c1c7ef530045d2d00523e40e57,2024-11-01T17:35:09.657000 @@ -264794,7 +264798,7 @@ CVE-2024-51132,0,0,741849111477a3dea70a3f4f159f318bcb11e986e2637afecf8a608cf70fd CVE-2024-51136,0,0,b7028b746c76b0b8db7064a5c94d8b9b8b4865b267652b712081099f88f87998,2024-11-06T19:31:15.230000 CVE-2024-5114,0,0,51655375bf74d88d0b44bf3106775b49d83b04b179d3446b4a92ffe727b17b66,2024-06-04T19:21:00.217000 CVE-2024-5115,0,0,566281473e2daa2487dd251e202869dc3059aeec07f7c63daa38b65c3bae3de7,2024-06-04T19:21:00.323000 -CVE-2024-51152,1,1,d3114cfc8ca6fe440a77971fb175cdb1f0985f77f9566c23c51be88883783706,2024-11-08T18:15:17.753000 +CVE-2024-51152,0,1,61a76bcbf6bd75d4afc028e09aa200a0b1945b75db18b8f83b3142e2484dc5e3,2024-11-08T19:01:03.880000 CVE-2024-5116,0,0,8edab88198021b2d3b9901d621d1dabac4b2933945eb225d0257a88c98ac3f15,2024-06-04T19:21:00.430000 CVE-2024-5117,0,0,8f71e5dda3348556d6b06143dcd47b79229dad0468d30aa7c38f8c5c1ecb8524,2024-06-04T19:21:00.547000 CVE-2024-5118,0,0,ede24973ef1505b96fcd3c614d177bf90baaafde820cda4461fa6280b3c2b455,2024-05-20T13:00:04.957000 @@ -264803,6 +264807,7 @@ CVE-2024-51181,0,0,113da0b9d3296c95d5bef97b0c59442bc79ba9bb3dbb2c1b2baabdd141b84 CVE-2024-5119,0,0,6bb53ca9f8946448e1a7958af9df5b73fe1f36069f7b2aedbfc033eb827d83be,2024-06-04T19:21:00.657000 CVE-2024-5120,0,0,512e5b032e12a79292f06756f99bf223a47a4b934de5206e20b5529b01ef61b6,2024-06-04T19:21:00.760000 CVE-2024-5121,0,0,98477bc3a7c67683bd43da705ad15db6f590ce85a12aaf89110d94461e6c3bdb,2024-06-04T19:21:00.860000 +CVE-2024-51211,1,1,9f7216f2f8d2a000da238cb20861cfda4ea040b75cc4ecdd6f811f2bee27be17,2024-11-08T19:15:06.347000 CVE-2024-5122,0,0,b102c5894de9c993bdf361c85aa63dd17cb454ea5ed33d3ad3120a6c50356b5e,2024-06-04T19:21:00.963000 CVE-2024-5123,0,0,c6ee92320f25e8ca50da0e044240269e2ddcb04724d5d630d165dc261fdc83ba,2024-06-04T19:21:01.063000 CVE-2024-5124,0,0,ddf4d98394e08878019bd952c44f2cfd27f047274d82fb0e14f997780f16638c,2024-11-04T11:15:06.937000 @@ -264860,7 +264865,7 @@ CVE-2024-51399,0,0,fc9a4f7feccdf87ac1072a742df0a1dc4f133fcfd9c1bf1ed214d196e18ab CVE-2024-51406,0,0,219f1a907dc34e3139e40d74617f86db24d4b43908c87f25fb1a00f5ef8165d9,2024-11-04T19:35:17.410000 CVE-2024-51407,0,0,fda917e854eca07dcff49df0339535f103ba20de93b59699ac770c63d8521d21,2024-11-04T20:35:11.350000 CVE-2024-51408,0,0,768985f0479d1b629ffaa63d05723a6cce6c2d94e338531281645d00b127aacd,2024-11-06T22:06:43.100000 -CVE-2024-51409,0,0,7fed54b0f09da8d669475ad14a332a163a734fe312058e478570b603a7649f79,2024-11-07T16:35:22.453000 +CVE-2024-51409,0,1,987516d9f6dd4817786baf6bdea9642548536febbf97524ae38e5c89d3104940,2024-11-08T19:01:25.633000 CVE-2024-5141,0,0,5b006751fd2d8ca9e95fc8cef49a641b35089e8e5594eecd996fab7cf0d4e5e8,2024-07-24T17:58:54.867000 CVE-2024-51419,0,0,e145fdc3d6134b228049cf2c0ec561624aa79dc4de0c1da7a3c5f83de9d39a5f,2024-11-01T12:57:03.417000 CVE-2024-5142,0,0,8102929b9600e5392a308a1b7cfd863bc4b2848bde33508d601b388a9c02231d,2024-08-27T11:15:04.540000 @@ -264868,12 +264873,12 @@ CVE-2024-51424,0,0,8074d3681dc009f545c0b5b1ed4c51a9f136d3c18afaa9c4384405256aed3 CVE-2024-51425,0,0,53ab0aa708c9b43a2cf1a93dce648aa1bc3d18e6a93bde5d39ed5fb860afb7f0,2024-11-04T06:15:04.053000 CVE-2024-51426,0,0,5d33521d8b96e38633b5f868464693826d0cf60bba0992fdeeaa0d9e10eb58ac,2024-11-04T06:15:04.200000 CVE-2024-51427,0,0,8620fe2fe9783598011162ebda7f5b78a4941fc646ad43a32bd7b2f439c18153,2024-11-04T06:15:04.340000 -CVE-2024-51428,0,1,e2a07be29fa7621fb6d06e7586a18bb65f86cc6ac12ef543cc85fd304ae42c6b,2024-11-08T17:35:19.500000 +CVE-2024-51428,0,1,fb1653bd6cd8ce3434ea4834244ca24b448fe538e8f0e6838c3f9a7c85caa59b,2024-11-08T19:01:03.880000 CVE-2024-5143,0,0,5ac39d02075c8e32566e12e6b75645e72f6b53d1cd5d8a84d8661f31cb199459,2024-10-31T15:35:44.950000 CVE-2024-51430,0,0,ff23326a74158832e3c36a3da3cf40ac4ba003ba8db91bd39e91a6a5bd9de288,2024-11-01T12:57:03.417000 CVE-2024-51431,0,0,8caf7bc329d5a006462692c4b8ce6c1d5bb12741ba8426c8ae4bc6b34727dbe3,2024-11-05T21:37:16.943000 CVE-2024-51432,0,0,06d0d3316848cec870b03db5c1c503efe28d2aee8f81e4282d342a754853942f,2024-11-04T22:35:10.037000 -CVE-2024-51434,0,1,2094b5672353bdfd0f081a6c99031d58d2393a76372938d1e02ba5392b3f6faa,2024-11-08T17:35:20.360000 +CVE-2024-51434,0,1,8c68c9ee35eceb55bbf1a98e98603282050fe997d32967086380b48530b1bb99,2024-11-08T19:01:03.880000 CVE-2024-5144,0,0,6bbfaf13c1764c4fefc00893d80de8b864d8af9b05653210d129c904ab48e8ed,2024-05-31T18:15:13.217000 CVE-2024-5145,0,0,e9d5b011678068f9e46540aba9b4c166c9546581cf81cda6f6984ec899d8b7b6,2024-06-04T19:21:01.520000 CVE-2024-5147,0,0,67fd758fa3d69d8e32fe541a58ba746107ffb7370fa9ddd99ec9988f56fe738f,2024-05-22T12:46:53.887000 @@ -264890,7 +264895,7 @@ CVE-2024-5150,0,0,af277f2642e60b6f0769d64573990279b6b64286b8d76d1359b09a52e22364 CVE-2024-51500,0,0,42c2a285903076a2664ebb01d93e2fe7be0196e6180cfa0174e85e23f0ae008b,2024-11-05T16:04:26.053000 CVE-2024-51501,0,0,d24970b338baa1f2285c0a01486547b91f46a7521653d62136a4384a8a5c43ff,2024-11-08T16:15:50.200000 CVE-2024-51502,0,0,ddca894e59a4fa6615b655d6e175550efe4eae6f2d9578fd4366f3b25c69f9f6,2024-11-05T17:35:27.493000 -CVE-2024-51504,0,0,4bafdcd55b47a566ef5680713f0c0a1b985598b2f05cd4b1371a5d9aa49b9aa1,2024-11-07T17:35:23.373000 +CVE-2024-51504,0,1,ec89a25ba653b3299eb7647a2ef87498701ad3b0408d9a8dc5775699afcab9bb,2024-11-08T19:01:03.880000 CVE-2024-51506,0,0,aeb585d1723ff2c89aafbc7f5be7b06442a99eb384784bc9840750395f547af1,2024-10-29T19:35:28.723000 CVE-2024-51507,0,0,4365a7f2aa23ce999509e0b8da9d3ae401991203445005454373679a589ef433,2024-10-29T19:35:29.513000 CVE-2024-51508,0,0,84627a5fdd5d7fda34b7d1542f218a3bd3a3d801d78362e1d620b375cd43b4c5,2024-10-29T19:35:30.513000 @@ -264960,20 +264965,20 @@ CVE-2024-5172,0,0,b469524ff2309ced9aec08b056578c23e8b8b5248adb8fcea2b38cb214c812 CVE-2024-5173,0,0,e808cbd0ff507575dfa32503bcc3a2123c9461298f1a4a4ef8cd294367da6464,2024-06-26T12:44:29.693000 CVE-2024-51734,0,0,1cd13d8635d39c437cbb33b350735ec8f4fced2309825670ef2275f584df030b,2024-11-05T20:35:26.167000 CVE-2024-51735,0,0,4d68a755141918a79130284871e942292c9f37924aba0b94103b08a16b1df114,2024-11-06T18:17:17.287000 -CVE-2024-51736,0,0,379ee3f6d2d9accb42efa81e333f4e655bf347820c945b9b76849f1517ca172f,2024-11-06T21:15:06.600000 +CVE-2024-51736,0,1,51a90df0a63a59dfcfd7064d61bc8f9e655fb6163871684916ac6a876bcb19b0,2024-11-08T19:01:25.633000 CVE-2024-51739,0,0,4d0d8cd202212f5e2caa967ce03eee4a69352aa3ef71ff626fc2224d73faea32,2024-11-08T15:56:18.753000 CVE-2024-51740,0,0,8049b8be1065b4b8406a50a1cfde4cf3f6d43a64ebf12ea9e23c06d353369d55,2024-11-06T18:17:17.287000 CVE-2024-51744,0,0,df641a1b86566e97bb7074f2d337c50f51346569211bd554409b057e4c4da639,2024-11-05T16:04:26.053000 CVE-2024-51745,0,0,37db28606ad10f651e6f62f94e51def5fb50b1cfae8314bc96328b8b65ad324b,2024-11-06T18:17:17.287000 CVE-2024-51746,0,0,3cd98a267aedbbeeb4ad193a68e5bacd0a1a46a62f6ccca5880e9520a47fbe14,2024-11-06T18:17:17.287000 -CVE-2024-51751,0,0,5be875fb03dd84c20f8d271d29f5d3af24259f1c25883a44af5c941f68ac278f,2024-11-06T20:15:05.557000 +CVE-2024-51751,0,1,5e82f37cf3dfc23b4c489447a3752cbf986237e64e94f63b0a07a70b000b7b12,2024-11-08T19:01:25.633000 CVE-2024-51752,0,0,e4bd7dfff09e294fe713d9b76aba7fd50689256bee0d75d076093e0fe4805888,2024-11-06T18:17:17.287000 CVE-2024-51753,0,0,bf33e866ff4adcdc8169c4272817d8f4f57258218421ea7cafddbf38a1c6e30a,2024-11-06T18:17:17.287000 -CVE-2024-51754,0,0,ab8a7bcd0aef3f8778ab7f9b5f45ed9ae1110b90fa03bf7f3d612cb847bb1caa,2024-11-06T20:15:05.817000 -CVE-2024-51755,0,0,f94462a7b407e6db555bfabd54fbdf4488acc0d3a99f16a2114b58a579ba2cfe,2024-11-07T16:15:17.740000 +CVE-2024-51754,0,1,7bb02b0dadfa6351503359aa64d9360522f7dd1d2e17f399adc659a202b695ba,2024-11-08T19:01:25.633000 +CVE-2024-51755,0,1,8da46be2050120e871a46966a709a4a6c341c8b76decbe7d2852b8155e882a03,2024-11-08T19:01:25.633000 CVE-2024-51756,0,0,7e7db3439c4e45c36bf53dc70dbe779b982ce3f3056b8757e470dab737dd37ba,2024-11-06T18:17:17.287000 -CVE-2024-51757,0,0,94efafdd8ea10b2a0656841928d239afab2750ddf6f06a644397622ff5d6eb53,2024-11-06T21:15:06.807000 -CVE-2024-51758,0,0,7c2dd1e416c68cdc9ff1c06122616cf2852d6cce64012ef616547b4ca60feaef,2024-11-07T20:35:16.200000 +CVE-2024-51757,0,1,4a6a6f5d284f7e398e40f49b0f871e08dca74b70a20c565e444a807f2ff3adcf,2024-11-08T19:01:25.633000 +CVE-2024-51758,0,1,f380eb8d34567367d647061664429271d9307b0015af8f1ccfbeb527fa9b8011,2024-11-08T19:01:03.880000 CVE-2024-5176,0,0,095b03ddd1cdcd739bbe8693b41d7d6e416f60f9815e0be55e0b3850508434d9,2024-06-05T15:15:12.620000 CVE-2024-5177,0,0,4596ccdb96b84f0f6003dc91187b58acc558e0743564be9aa6ad28db4e46749c,2024-05-24T01:15:30.977000 CVE-2024-51774,0,0,669a599ada079f107ff827e67143f083d374e9861d23daa36ef167763e62d529,2024-11-06T17:35:41.767000 @@ -264995,15 +265000,16 @@ CVE-2024-5194,0,0,8b46532d156b8b3c9309e51d70c9e0d478e4dda8959433d551fb9bae0e23a4 CVE-2024-5195,0,0,a944b3bf4d682f545e6cb40d57a8d207d6c568eeb84f910c894251f96395025e,2024-06-04T19:21:02.077000 CVE-2024-5196,0,0,fe96c1eeb1213602679ab014fd535da1193da9cfe24103856ca34e734451708d,2024-06-04T19:21:02.183000 CVE-2024-5197,0,0,01172b8d20369801e638a1092c2896c82735a2e04e92ac5031b21558c286d96f,2024-06-16T21:15:50.820000 -CVE-2024-51987,0,0,2b7cdc789c4ea7929c8a0982517b56cac2e64baf159c17369c347c3b7ce00279,2024-11-08T00:15:15.233000 -CVE-2024-51988,0,0,2d17fe71a727874da6f8f6c999ae55f95138104406d5cbbc92ea592560164e88,2024-11-06T20:15:06.513000 -CVE-2024-51989,0,0,779423f2efb5d2ca5c38d59609b97dbafea289ed16b7d25f6595cd5e79c70a20,2024-11-07T18:15:17.953000 +CVE-2024-51987,0,1,38d00738181c940618bd1ac4501e8df25aa2c9d16acac0cdab1c089a65149f45,2024-11-08T19:01:03.880000 +CVE-2024-51988,0,1,9398d8a80c5a41180002e2b13788d4e0785beca5d303a4ad1646b56530ae4a33,2024-11-08T19:01:25.633000 +CVE-2024-51989,0,1,a66d3df688b16ca6972a5503652a5945de21b13a7ef47f9e2408cd742c91aa40,2024-11-08T19:01:03.880000 CVE-2024-5199,0,0,8fdec235790e80ab25bf344b6e4e20c94c0a12c0bede9440d8c94965619f66eb,2024-10-28T21:35:23.237000 -CVE-2024-51990,0,0,cff622c09caf6d70cb834efe8a697aa5f08e9f9fb04bfaf25b8c6f7fe35bd855,2024-11-07T01:15:03.497000 -CVE-2024-51993,0,0,558e2dbbd7884ebf950b0ed5c581198c2a7129c998df762665cd2d4ed3d6ee38,2024-11-07T19:35:10.383000 -CVE-2024-51994,0,0,c33fb20483d531a039679ca7e749d7aa2791758712758bb00e7e04c1f8688112,2024-11-07T19:35:10.640000 -CVE-2024-51995,0,0,bb691f9502a8c4e121a85eb6369fbfc2651e3287a2c40ae080b02e3e722043ab,2024-11-07T19:35:10.887000 -CVE-2024-51998,0,0,b13d5039130af317e9658b3474811f8eaabcff3e7eee9cd74b5f1a524b1ced85,2024-11-08T00:15:15.490000 +CVE-2024-51990,0,1,5a0b7a0ddc0e56bea6e775544df250647bd9e6d489e037eeef6da34742509908,2024-11-08T19:01:25.633000 +CVE-2024-51993,0,1,0b180a03099571fff8a13158fe72d7871f053352d43d872590f8f53c841ecca8,2024-11-08T19:01:03.880000 +CVE-2024-51994,0,1,9ecdd0862ec4cb4e8cbc599710fe336df5bb3c681162050e709512d4ec211c97,2024-11-08T19:01:03.880000 +CVE-2024-51995,0,1,7484e6b15af945f697a88a8c3b9d2c315fe6e0004cde6e533470a014d3f9ae3d,2024-11-08T19:01:03.880000 +CVE-2024-51997,1,1,7cf5368bfec022cce74ef881b4e0c95e2999a47e878015cc19dd558066ff14a1,2024-11-08T19:15:06.487000 +CVE-2024-51998,0,1,19a2e1052c10533bdc1ed034b91b5ec816f585536da2e947441dab97cd0af7ac,2024-11-08T19:01:03.880000 CVE-2024-5201,0,0,64f0da97aed099b7390504c61b2a584cf361827a66e92ad103d8b3995d82fd05,2024-05-24T01:15:30.977000 CVE-2024-52013,0,0,d9e82ae91803da33afed578345dc1a358b894658d92808fa986ec4533aa8b6bc,2024-11-05T16:35:36.337000 CVE-2024-52014,0,0,bf660c78013825ab133590fbd2d4d926551058021d148525516ea24d33d017c6,2024-11-05T16:35:37.113000 @@ -265025,7 +265031,7 @@ CVE-2024-52029,0,0,6604d73dfa925d8021d81d835bc825971fe44d6336112cf5acceb9e667d92 CVE-2024-5203,0,0,e867d44b31fa735ecaef1844aba382841138e742c9b7e957e6089969316cab00,2024-09-13T11:15:10.197000 CVE-2024-52030,0,0,f299083111a88bfbb33be7c61ad60009afd7ae12eaace08cfe4a696ed0f18397,2024-11-05T16:35:58.320000 CVE-2024-5204,0,0,87eb5b753d379a1bd1ef79b260f2b73c84b7ff9a4b79082cf351323e04c98a6d,2024-05-29T13:02:09.280000 -CVE-2024-52043,0,0,6b6b2ad5477820bd40293c1accbc34d447ceee1ad5e162fa1db3e9ff6960d998,2024-11-06T18:17:17.287000 +CVE-2024-52043,0,1,f628a95ee6f27b518880b39a2d7b1dea019d91185e307729da648217b18fdef9,2024-11-08T20:39:36.233000 CVE-2024-5205,0,0,4921ed356d4f56252ffbf3c608cb3301846a77ee8cc9c08ec7f0a543467e385d,2024-05-24T13:03:11.993000 CVE-2024-5206,0,0,b3f524211e1d68f8da056248f629dbe7f435bd9f6a2b4ba4133bd7fb2ec50998,2024-10-24T19:48:31.637000 CVE-2024-5207,0,0,181dd5a561a1ca6cee33a4a5369908472f122edb94b0d0fa7d6cd5b5e2958e5a,2024-05-30T13:15:41.297000 @@ -267393,7 +267399,7 @@ CVE-2024-7978,0,0,32f4e05559c2808de89ac0caea53fb83c96439d90c95d7208a9711199924c2 CVE-2024-7979,0,0,7197dd548ee44d45e84f2f2c61d6a52a80bd0fd2ed16f305497f42e667362bae,2024-08-26T15:13:19.383000 CVE-2024-7980,0,0,cda5d0604d61479305f3aa6d24c7a46f2d1d2a7e936538d9b59a5f61a8d4d4b3,2024-08-26T15:14:10.730000 CVE-2024-7981,0,0,558a7e30af48c73a27172093229eee673e34b504c9731b910b5af4369614c86c,2024-08-22T17:36:24.803000 -CVE-2024-7982,0,0,566803b1890b701d4540823c03bcb228d1b6c5425c443a208648d453ba12ae0e,2024-11-08T15:35:11.250000 +CVE-2024-7982,0,1,b5e03ec84abd8c813e48bd2fc654cee13e49610a0e3b91961d210ba683dd870b,2024-11-08T19:01:03.880000 CVE-2024-7985,0,0,4271e9d122036facd79897a367fdca94616cf73bfda86f814ddb02083013bc53,2024-11-08T15:22:33.123000 CVE-2024-7986,0,0,a43751c0931e4929788be7df13e0b692f335646e8ba6bbd66f7625d734a5daf5,2024-08-23T16:18:28.547000 CVE-2024-7987,0,0,76927c94eae9954117a932c513da8aebd30f47001e85e588d746e509b6294d24,2024-08-26T18:35:13.553000 @@ -267629,7 +267635,7 @@ CVE-2024-8319,0,0,19bee7e43deb1719502aef7eb4c05b0fb28cffea0ae04999821f01ddbcc0e2 CVE-2024-8320,0,0,67cff6908a40f6de0a5d55f45cee63784fe7b54f56159b5877dcd792142b0c2f,2024-09-12T21:51:58.960000 CVE-2024-8321,0,0,595129502821252825346a9a34e636ff1fd5806e1274bb50a0e529e9f41ab2d6,2024-09-12T21:53:22.677000 CVE-2024-8322,0,0,b55b95a67ef7974aa4139f663f04b216243350777f41a8ecf84d71c9fac2a097,2024-09-12T21:56:43.673000 -CVE-2024-8323,0,0,0104f3d1edc4ac897f940afdb48ef970b121b41a7e158df9deac5484ae1c0f03,2024-11-06T18:17:17.287000 +CVE-2024-8323,0,1,1c0f8c72c8263b0ac356180db305096268361e55c37e46b6acfc2ece03e8bc01,2024-11-08T20:30:11.340000 CVE-2024-8324,0,0,6518d473c1aa4b475f6dfda0657752435a4222117c73b6cdc744a1f3e192bfb0,2024-10-04T13:51:25.567000 CVE-2024-8325,0,0,7621afb4d5f72b3f894f792bb62b31b3ae60fff1ef7fb199ef11a396c0bd3fb4,2024-10-07T12:37:58.740000 CVE-2024-8327,0,0,6596679653e59e232d9a636653bb7ef76ebcd0b7674f3704360634000a96dff3,2024-09-04T17:11:23.533000 @@ -267674,7 +267680,7 @@ CVE-2024-8373,0,0,d1a5cc99924a2151520a8ea490fb3d660801248a7f2168e9fe7f0fc9057db8 CVE-2024-8374,0,0,d48dc520ae709311b13e321521d105dda894c6710801eb063d42db744b0094d0,2024-09-16T16:44:42.403000 CVE-2024-8375,0,0,58cea17ca7f7a98f8126bafea3caa90f64ce326ce0b828e067a1c86c7d982ac6,2024-09-20T12:30:17.483000 CVE-2024-8376,0,0,8755f13d2baf2ea4c1f32851a9e5c748f58fd57e01338c5081bda3b629604419,2024-10-31T10:15:05.930000 -CVE-2024-8378,0,0,34f148e00b1a2acc25765076e3b28753775610b8fbd4cd75a4fc2affc244df30,2024-11-07T20:35:16.537000 +CVE-2024-8378,0,1,3434914a3a4696d8c6e4be732060229a1888e16a9bb4c1b6ee051204dce8e665,2024-11-08T19:01:03.880000 CVE-2024-8379,0,0,085298af9559a314a9f72b50c0919e14d810bca9e3bf6d4dab66f461020341e6,2024-10-07T15:49:54.653000 CVE-2024-8380,0,0,036c8c11a05ec98776794766e58c3583b3eabb4c67c37c1216e0519e7baf5609,2024-09-04T14:58:49.450000 CVE-2024-8381,0,0,71cd6342a2b6c00c154431956e1e93b11926fd4f87284990ba91ff899e315a4c,2024-09-06T17:15:17.573000 @@ -267707,7 +267713,7 @@ CVE-2024-8417,0,0,8580cbd844a53cf335c90d7b0b427ee4c081c6060c525d72a654406a58e7a0 CVE-2024-8418,0,0,45db7c5e32209561e336e52f972f2bde6e59f6364560666284054dcf874b8fe1,2024-09-17T20:15:06.710000 CVE-2024-8421,0,0,6800675b8d580f62fefe249f14070dd1be7b0d76f26f1a650e36706f5d41a8e4,2024-10-30T22:15:03.503000 CVE-2024-8422,0,0,719afb1520795869e1cc4a3e221732b33ebfb108c1947a89f9c81c8469a6d752,2024-10-16T18:00:10.507000 -CVE-2024-8424,0,0,ecf54bd29ed5737bde94952602f9656de847558d40cfe8244a6d9356108af440,2024-11-08T00:15:15.807000 +CVE-2024-8424,0,1,385e00e733845d5c388422aedafda5f442f15811db8f1316d7a1920e6798a874,2024-11-08T19:01:03.880000 CVE-2024-8427,0,0,57dcbf97b68dfdac544ef9faf52bed3587edeaacde16f067da96879677802837,2024-09-11T17:41:18.733000 CVE-2024-8428,0,0,224fe311bf12d06d4c690b8d9ea3bc4f42261bcb370dc3457883b86fb932f74d,2024-09-26T21:58:45.393000 CVE-2024-8430,0,0,55a9f0c318551ddd036fdf97a76cda9a73c7561d06c4df941f7c206a6547670b,2024-10-04T13:51:25.567000 @@ -267720,7 +267726,7 @@ CVE-2024-8437,0,0,4b506df7175b44ffa93e3ef9b1fdedd8455751a5d7f25e7c7b69c7cd1dfd76 CVE-2024-8439,0,0,b4eacb6a11dc14d7212cfdbe9629a765b4f24ad00bc9c4fc2289184c4fdae508,2024-09-06T22:15:02.320000 CVE-2024-8440,0,0,8dcfa58740a8b45172e18897b2d796d55a68f35b9034374864c3da0c6b77c079,2024-09-25T19:34:19.683000 CVE-2024-8441,0,0,0efac0f95475c5b753f85a6e07784bad0c26116c06bdd47c81e7d9e5f2143687,2024-09-12T21:53:43.387000 -CVE-2024-8442,0,0,36d850e4397690e6dfc57236ea650c8f2957308a71e7e37f45cef5496f6c43a9,2024-11-07T13:15:03.310000 +CVE-2024-8442,0,1,72dddc62ef96252a59ba669d203f6b9672a38d4bd48fd6c8e65db11f3e2623e0,2024-11-08T19:01:03.880000 CVE-2024-8443,0,0,17e8697863032f9317d28c5eea98e22f13f55f27fe238e6efc059b214854b50f,2024-10-01T13:15:03.110000 CVE-2024-8444,0,0,647e6594397afdd524827ac7952e2d7dabc6d6be364beb8813944df5943d7ed7,2024-11-01T12:57:03.417000 CVE-2024-8445,0,0,a7f7ba812fc058686a7ce9617c544a5ef0aa1db28a47ee616a0e4041709a6c78,2024-10-01T06:15:02.650000 @@ -267855,8 +267861,8 @@ CVE-2024-8609,0,0,abc618d0d5885aaa0308adb05d31ead671e5c2779c8ca59665e4b82717c05b CVE-2024-8610,0,0,9284b474db1beea95bd52a2a34ba37d6ccf26129d36f3b91404a653005c49f87,2024-09-17T18:48:12.130000 CVE-2024-8611,0,0,3d63bb09edc11ef6327fe857dfe381551fd3ed233dd119eaa741dce3b9b25e8e,2024-09-18T17:24:34.163000 CVE-2024-8612,0,0,7904070a64ce6b0c617a391de31eeccb03d9f0e9421f89781a9fa23b513c6a78,2024-09-26T13:32:55.343000 -CVE-2024-8614,0,0,1db7c9c6f644970c171909265e74667256ec6266a325319004a6d93b18f39a41,2024-11-06T18:17:17.287000 -CVE-2024-8615,0,0,3e079ada3f124a51ec5993ffaac8f9058f1853696b23eb3c968658b7bddb7a37,2024-11-06T18:17:17.287000 +CVE-2024-8614,0,1,b6e7ae44802c3485e262c5ae33026ab24b51338ee339d8b88cde1c76e0666ba5,2024-11-08T20:23:41.563000 +CVE-2024-8615,0,1,6a706598ded0735f5a081bedf2535bbc7d85733d4e81b92b7a6260e6b2e2ad37,2024-11-08T20:24:28.737000 CVE-2024-8621,0,0,da11617ee187bea39361c3e736358efdd8e000970ca04e836eaac8c5eeb75dea,2024-10-02T16:10:27.313000 CVE-2024-8622,0,0,3dd68829fc11e22f0c21c42ebfb82eece7f179bcaa47d99ccdf324ecdb81f1e2,2024-09-26T14:59:27.770000 CVE-2024-8623,0,0,b38d11e5ea040f7d1c1df76eb8b329847342918d3746a88d315f2eac79041136,2024-09-26T16:46:28.590000 @@ -267996,7 +268002,7 @@ CVE-2024-8801,0,0,b5bc4f982a594acb6aaf56b2e8a82653b32de0b2ae7bfdf440e37c28bdd34d CVE-2024-8802,0,0,8bf5ff4db31e0529cbd08652ac36154d0a1e65a032bdeeb095aa4e8638ac0548,2024-10-08T21:49:10.173000 CVE-2024-8803,0,0,1e0c20c4da3042f287bedde6aa980588230b643699023347d741bb81db132ef8,2024-10-02T17:15:12.677000 CVE-2024-8804,0,0,08d968e195b0f36220a0a723a12b9b939996510ce1ddcb52b8152a63b9728d80,2024-10-10T20:56:49.403000 -CVE-2024-8810,0,0,84564f5019d3d9f475f97115dc955913baf7134cfe71ec4eb58efb4591f95a7f,2024-11-07T22:15:21.520000 +CVE-2024-8810,0,1,28ccf959675d77b7e3dcf659d948720de4b02c335959c6c7364babe715cf7b78,2024-11-08T19:01:03.880000 CVE-2024-8850,0,0,60f99c260767f82bf00cc7954ec3e058985003b965020b8d3dac7a45b3ea5f64,2024-09-25T18:49:53.397000 CVE-2024-8852,0,0,4c29aa9b59fffc51165fcfe6324e59328792cc2858478a0eeda39ebd10055ec2,2024-10-25T21:20:11.410000 CVE-2024-8853,0,0,b5a3b0675f8f2657c7381537f08c47ae3a3694c18acf1b18976370e35c278f0e,2024-09-25T17:49:25.653000 @@ -268401,11 +268407,11 @@ CVE-2024-9470,0,0,6d7d145d5ed6ae4ef4f33928573352f54839c5b9641b899af46f8b3aa4ed69 CVE-2024-9471,0,0,2517c360d1e41d9c7ea79e15df7f34465e8f98b985f9011876ffa34a1656df21,2024-10-15T16:55:45.090000 CVE-2024-9473,0,0,2610a860a1ec132e11b499793a273ee08374ba46887944874ff47b7b5fdd4588,2024-10-17T06:15:04.983000 CVE-2024-9475,0,0,273622ecfea8dd0cb8d3a034084a5946e50b2bee83443e844bae24857067e968,2024-10-28T13:58:09.230000 -CVE-2024-9481,0,0,dce581617d5cf6edbc62a2fe02f71507870c412f67698e0495feb9e6b8ee0972,2024-10-04T13:50:43.727000 -CVE-2024-9482,0,0,10c3c4a119489ce5d129acd1f72184e55e1f72d2675c976690dcbbc5d407b533,2024-10-04T13:50:43.727000 -CVE-2024-9483,0,0,6a9a1cfe421d679c621a2969a64278be9b39bdca7774e9b4a3235c5640b6357b,2024-10-04T13:50:43.727000 -CVE-2024-9484,0,0,3f1e4bdc376cc95b97b5c0150a8d7b1a17051d92adc32b058eb06edb62f443eb,2024-10-04T13:50:43.727000 -CVE-2024-9486,0,0,1369350ab2629110ffa188dbd15b41ead2245f88a49115aa36147be3bd87c74e,2024-10-16T16:38:14.557000 +CVE-2024-9481,0,1,00fc2967ba19d907f5a39395cc30079db3ef641b613179e4b9951bd38c8d6817,2024-11-08T20:49:03.597000 +CVE-2024-9482,0,1,761865a3338cb95ad6952db46fced2e0b200e6722c7208c63ea4447e2930458e,2024-11-08T20:49:58.077000 +CVE-2024-9483,0,1,ad5fedd0cd72fbc18365b7b114267513d576cf1b98379267d7018d384a26ba96,2024-11-08T20:54:30.980000 +CVE-2024-9484,0,1,86ad5ee84c3c6fb7cf3b149fe0f453f5a54885e17fbe04bacb6644367538b071,2024-11-08T20:55:14.283000 +CVE-2024-9486,0,1,69b6721a825ab2624e7f19326bb9e1625f15ea4093ed6bc68f868f6a5c393d51,2024-11-08T20:56:54.807000 CVE-2024-9487,0,0,e3a385658c66fc500363f16f3c27f6fce25e7b265fffe42414ebb85b7cd7e9a7,2024-10-15T12:58:51.050000 CVE-2024-9488,0,0,7160e6226507ff679fbcba733953e2a0c67fe3c2a8e1dee05991bd941a40e8b2,2024-11-06T14:57:04.457000 CVE-2024-9489,0,0,da9917eda81b5ad40f78c98d3cdcfaa2ce360118ba030bb2ddb2e149e55b8a8e,2024-11-01T16:27:25.937000 @@ -268465,7 +268471,7 @@ CVE-2024-9573,0,0,58c75dd5695e86f3dd5971604e3d0b5f4fa9518dd900d56e54c2dcc37c5c33 CVE-2024-9574,0,0,a60670a65a4470a80e62c618e77fec3e5e5071e32e3c874874eb23f89671df72,2024-10-08T18:45:13.147000 CVE-2024-9575,0,0,902a179ba291c73f1ff19f974c0569ed05c8dbb3d8914c4f7409455feb2bd5d7,2024-10-14T08:15:02.970000 CVE-2024-9576,0,0,7a96a155cd09492144b259aa00c523497a7aeb66fdb84ed492d68f7654aa3880,2024-10-07T17:47:48.410000 -CVE-2024-9579,0,1,e2993f144efd5aa9c48a1ec5bcd5f3b9005733d0240c41dfc1522a865c26a6aa,2024-11-08T18:08:02.683000 +CVE-2024-9579,0,0,e2993f144efd5aa9c48a1ec5bcd5f3b9005733d0240c41dfc1522a865c26a6aa,2024-11-08T18:08:02.683000 CVE-2024-9581,0,0,fb1d34fab9f94525003a0f26c830b830dcb7b4bdc92dd8a95590c26db891e7c3,2024-10-15T14:28:35.283000 CVE-2024-9582,0,0,6ec198135418f168eaebdeafd2e2fe73c3f44201fb3d949937a7b4e70c974bf6,2024-10-16T16:38:14.557000 CVE-2024-9583,0,0,04369671dcdc0ba41b402439013a80918f2a6c5ddfb5fc47088dd1f892929f97,2024-10-25T16:28:17.497000 @@ -268479,7 +268485,7 @@ CVE-2024-9590,0,0,3ea221ce5737c7461b642f4b40c8f88f2882c3fc1e287dc4995c8dfdd067fb CVE-2024-9591,0,0,52d0197d17e908729023f30744d453ad1a46477297400d8fb8b5026f822177e2,2024-10-29T16:04:23.463000 CVE-2024-9592,0,0,6f7f83fab1eebba9a1f954ec84a1bbaa3c51a5f9b9c0e4a02c7010d63a53fba8,2024-10-15T12:57:46.880000 CVE-2024-9593,0,0,02cbbab3c962db41b4f7d8f2fd2455e47a515515a926a898431a74600b7b719f,2024-10-29T13:40:23.983000 -CVE-2024-9594,0,0,76152af657dea527c4e562a1c5799c4834f4bf18cf4ca885159373bfd78ad4ca,2024-10-16T16:38:14.557000 +CVE-2024-9594,0,1,92a9c8b7f2b738acc7cf5e32a4f4f886e72b92a55f7ee8d8766797a1f699d432,2024-11-08T20:50:48.720000 CVE-2024-9595,0,0,6e91591cc8fc6f8664de9cf116e0c3ff35185abd26eee85b7100e07838bd2f63,2024-10-15T12:57:46.880000 CVE-2024-9596,0,0,b127f83f2b318ff048db80701b5c7105ea78e0681a89ee2fdf37846a5fa10d86,2024-10-16T17:00:19.787000 CVE-2024-9598,0,0,dd6abd1d8094ef836910b53aefec035745da73e794770d7e620055613b33359f,2024-10-25T12:56:07.750000 @@ -268580,7 +268586,7 @@ CVE-2024-9826,0,0,c03e2e0710a5712915ae2341fa5030e5bd74d5917743f7fdf85c043b115b92 CVE-2024-9827,0,0,c5e7676b9d011eef0934f8d1e51cd92697f77495088547784042162cb4944824,2024-11-01T16:17:07.187000 CVE-2024-9829,0,0,ea980a1e481fc86407edeb6f0040d6f4a6ff2d17edcbe8d18dd95381292ad49b,2024-10-25T16:30:44.520000 CVE-2024-9837,0,0,bb6af129df538114e71c369a037f26903d10504dcd81ada4fc7f4b05786c12dd,2024-10-15T12:57:46.880000 -CVE-2024-9841,1,1,419c5d6aac29a5d6b79db704dd563f94cb82d544acea48d07720a3fa21e2fcce,2024-11-08T18:15:17.853000 +CVE-2024-9841,0,1,ebdd51eec8479d80c9266cdceb915506aec1278560e194f65ea2f5d20595b81b,2024-11-08T19:01:03.880000 CVE-2024-9846,0,0,173656afdffd3fc8df737b5cdb277d7e27d47fc010c3df17216e30b52661a1bb,2024-11-06T14:58:04.160000 CVE-2024-9848,0,0,b402d34d635014e43cf3d9b875728458bb9e45308a715285ac01e2036b42d252,2024-10-22T16:42:25.867000 CVE-2024-9853,0,0,b003ea260222d309866f9bc6bcac4c0549c1930cf36d8d49eac92c8d99d9053c,2024-10-28T13:58:09.230000 @@ -268637,7 +268643,7 @@ CVE-2024-9922,0,0,5b3f4f94b058e10394fda050af76e1c62dd106f0eebadd14ac4c752deaa614 CVE-2024-9923,0,0,e0957ae0002d68f1b955241f204c0150727bb34721e8b9ed064776340efa0183,2024-10-24T13:24:23.430000 CVE-2024-9924,0,0,4d0aa49bc1047e2e0a23ab80e176dbdf70a0af5e82bea53f63a116cd5905286e,2024-10-15T12:57:46.880000 CVE-2024-9925,0,0,d9114846b6ab22497d9820c775f40ff778b3a4311afada5c7a947fe6aafbbadc,2024-10-17T18:09:40.537000 -CVE-2024-9926,0,0,b97027b2d01f92b150b3a0c3126d1a9225c0551084b31e89d062f3cf8ece4e71,2024-11-07T20:35:17.120000 +CVE-2024-9926,0,1,eb8b84e69e1a6fd8b36727d97f2365e173de81846e61516b72bd6afc09cbffc1,2024-11-08T19:01:03.880000 CVE-2024-9927,0,0,247470617823bbc670f145b2243babfdfbfd8541e02092a27795136533b63780,2024-10-25T16:29:27.300000 CVE-2024-9930,0,0,2e94c1b1c2d8f47dab5a0085f731b617edc3eb172311f1bc2011ba2b1f6ff871,2024-10-28T13:58:09.230000 CVE-2024-9931,0,0,4f99602a22e228cc69b801ddff8bd876efec1042ee86fb7a5c3c9f1dd271a722,2024-10-28T13:58:09.230000 @@ -268649,7 +268655,7 @@ CVE-2024-9937,0,0,4e7ae54d6a9c5099857ac0a66ba44c96220fc2ab3e1844c918c371d4dbb6d3 CVE-2024-9940,0,0,0591f213f2bec6924fef18017d23419024c9c5bdc4c598c1e0fd80a492ebb13b,2024-10-18T12:53:04.627000 CVE-2024-9943,0,0,2b1bd0bf17ad8265b1c648445115c5e7c1a49eb398158e5a8ef4b45ea9c6d38b,2024-10-25T12:56:07.750000 CVE-2024-9944,0,0,0b8e9f26d6b78f71e8a64eb7650f72f57e1c6a31a17ce0fafe5b6b8377b71371,2024-10-17T20:47:35.817000 -CVE-2024-9946,0,0,d86f0be3f61dab42af6da9b822bf5e8fe192af05377135caf2f4b99a63447764,2024-11-06T18:17:17.287000 +CVE-2024-9946,0,1,65ddbb5091a555b3d45b6435f0c0f970788d2fb0577e4d2af4202005a3cb21de,2024-11-08T20:38:07.557000 CVE-2024-9947,0,0,88ec45aa6bd99a52db1c3f2ce1757c1650b55146fad6304733cc20a8df4a46b2,2024-10-25T16:53:12.867000 CVE-2024-9949,0,0,7baff7b9a9118e82abe3afe4a5ae476b8e56ff4f2cbd456d4ba563053750f9b6,2024-10-25T12:56:07.750000 CVE-2024-9951,0,0,5d941c75af8c4072e469beaa1d6ae2855b0ca23ecdce87314ecd326f6a54014a,2024-10-18T12:52:33.507000