admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-03-18T17:00:20.156090+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-03-18 17:03:48 +00:00
parent 2632ded10d
commit ffe3ab541c
189 changed files with 6794 additions and 676 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2012/CVE-2012-58xx/CVE-2012-5853.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2012-5853", "id": "CVE-2012-5853",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2015-01-08T01:59:00.047", "published": "2015-01-08T01:59:00.047",
"lastModified": "2024-11-21T01:45:22.210", "lastModified": "2025-03-18T15:11:20.680",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -63,9 +63,9 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:ajax_search_project:ajax_search:*:*:*:*:*:wordpress:*:*", "criteria": "cpe:2.3:a:vinojcardoza:ajax_post_search:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2", "versionEndExcluding": "1.3",
"matchCriteriaId": "10D56DC4-CA26-4E5D-AD75-6EBD3957F973" "matchCriteriaId": "EAC3CE54-DBEF-40BE-BEB8-07296266B508"
} }
] ]
} }

39
CVE-2018/CVE-2018-93xx/CVE-2018-9383.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-9383", "id": "CVE-2018-9383",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2025-01-17T23:15:12.020", "published": "2025-01-17T23:15:12.020",
"lastModified": "2025-02-18T21:15:12.823", "lastModified": "2025-03-18T15:15:39.420",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "En asn1_ber_decoder de asn1_decoder.c, existe una posible lectura fuera de los l\u00edmites debido a una neutra. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." "value": "En asn1_ber_decoder de asn1_decoder.c, existe una posible lectura fuera de los l\u00edmites debido a una neutra. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01", "url": "https://source.android.com/security/bulletin/pixel/2018-06-01",

60
CVE-2021/CVE-2021-224xx/CVE-2021-22484.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-22484", "id": "CVE-2021-22484",
"sourceIdentifier": "psirt@huawei.com", "sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-28T07:15:18.723", "published": "2024-12-28T07:15:18.723",
"lastModified": "2024-12-28T17:15:06.360", "lastModified": "2025-03-18T16:09:16.963",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -50,6 +70,16 @@
} }
] ]
}, },
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -61,10 +91,30 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780", "nodes": [
"source": "psirt@huawei.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
}
]
}
]
}
],
"references": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780",
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

14
CVE-2021/CVE-2021-263xx/CVE-2021-26344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-26344", "id": "CVE-2021-26344",
"sourceIdentifier": "psirt@amd.com", "sourceIdentifier": "psirt@amd.com",
"published": "2024-08-13T17:15:17.113", "published": "2024-08-13T17:15:17.113",
"lastModified": "2024-12-12T20:41:30.647", "lastModified": "2025-03-18T16:15:12.347",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -69,6 +69,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

60
CVE-2021/CVE-2021-370xx/CVE-2021-37000.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-37000", "id": "CVE-2021-37000",
"sourceIdentifier": "psirt@huawei.com", "sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-28T07:15:18.887", "published": "2024-12-28T07:15:18.887",
"lastModified": "2024-12-28T17:15:06.793", "lastModified": "2025-03-18T16:30:48.110",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.5, "exploitabilityScore": 2.5,
"impactScore": 5.2 "impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -50,6 +70,16 @@
} }
] ]
}, },
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -61,10 +91,30 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780", "nodes": [
"source": "psirt@huawei.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
}
]
}
]
}
],
"references": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780",
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

32
CVE-2022/CVE-2022-232xx/CVE-2022-23240.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-23240", "id": "CVE-2022-23240",
"sourceIdentifier": "security-alert@netapp.com", "sourceIdentifier": "security-alert@netapp.com",
"published": "2023-02-28T23:15:11.240", "published": "2023-02-28T23:15:11.240",
"lastModified": "2024-11-21T06:48:15.080", "lastModified": "2025-03-18T15:15:40.637",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "NVD-CWE-Other" "value": "NVD-CWE-Other"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
} }
], ],
"configurations": [ "configurations": [

12
CVE-2022/CVE-2022-259xx/CVE-2022-25978.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25978", "id": "CVE-2022-25978",
"sourceIdentifier": "report@snyk.io", "sourceIdentifier": "report@snyk.io",
"published": "2023-02-15T05:15:11.540", "published": "2023-02-15T05:15:11.540",
"lastModified": "2024-11-21T06:53:16.640", "lastModified": "2025-03-18T16:15:12.627",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -79,6 +79,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-329xx/CVE-2022-32933.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-32933", "id": "CVE-2022-32933",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T20:15:12.533", "published": "2024-06-10T20:15:12.533",
"lastModified": "2024-11-21T07:07:15.917", "lastModified": "2025-03-18T16:15:12.880",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-382xx/CVE-2022-38220.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38220", "id": "CVE-2022-38220",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-03-01T00:15:10.823", "published": "2023-03-01T00:15:10.823",
"lastModified": "2024-11-21T07:16:04.727", "lastModified": "2025-03-18T15:15:41.067",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-400xx/CVE-2022-40032.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-40032", "id": "CVE-2022-40032",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T14:15:15.370", "published": "2023-02-17T14:15:15.370",
"lastModified": "2024-11-21T07:20:45.390", "lastModified": "2025-03-18T16:15:13.077",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-403xx/CVE-2022-40347.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-40347", "id": "CVE-2022-40347",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T13:15:10.650", "published": "2023-02-17T13:15:10.650",
"lastModified": "2024-11-21T07:21:19.913", "lastModified": "2025-03-18T16:15:13.300",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-442xx/CVE-2022-44216.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44216", "id": "CVE-2022-44216",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-20T20:15:10.290", "published": "2023-02-20T20:15:10.290",
"lastModified": "2024-11-21T07:27:45.847", "lastModified": "2025-03-18T16:15:13.567",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-306" "value": "CWE-306"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-455xx/CVE-2022-45551.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-45551", "id": "CVE-2022-45551",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-03-03T13:15:10.710", "published": "2023-03-03T13:15:10.710",
"lastModified": "2024-11-21T07:29:26.427", "lastModified": "2025-03-18T16:15:13.773",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-306" "value": "CWE-306"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-457xx/CVE-2022-45701.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-45701", "id": "CVE-2022-45701",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T15:15:12.080", "published": "2023-02-17T15:15:12.080",
"lastModified": "2024-11-21T07:29:36.463", "lastModified": "2025-03-18T16:15:14.017",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2022/CVE-2022-45xx/CVE-2022-4550.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4550", "id": "CVE-2022-4550",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-02-27T16:15:11.117", "published": "2023-02-27T16:15:11.117",
"lastModified": "2024-11-21T07:35:28.293", "lastModified": "2025-03-18T15:15:42.087",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },

22
CVE-2022/CVE-2022-46xx/CVE-2022-4679.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4679", "id": "CVE-2022-4679",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-02-27T16:15:11.193", "published": "2023-02-27T16:15:11.193",
"lastModified": "2024-11-21T07:35:43.277", "lastModified": "2025-03-18T15:15:42.313",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 2.3,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },

22
CVE-2022/CVE-2022-470xx/CVE-2022-47075.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47075", "id": "CVE-2022-47075",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-28T23:15:11.317", "published": "2023-02-28T23:15:11.317",
"lastModified": "2024-11-21T07:31:28.243", "lastModified": "2025-03-18T15:15:41.377",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },

22
CVE-2022/CVE-2022-470xx/CVE-2022-47076.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47076", "id": "CVE-2022-47076",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-28T23:15:11.390", "published": "2023-02-28T23:15:11.390",
"lastModified": "2024-11-21T07:31:28.403", "lastModified": "2025-03-18T15:15:41.650",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },

32
CVE-2022/CVE-2022-481xx/CVE-2022-48115.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48115", "id": "CVE-2022-48115",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T22:15:11.907", "published": "2023-02-17T22:15:11.907",
"lastModified": "2024-11-21T07:32:52.267", "lastModified": "2025-03-18T16:15:14.220",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-483xx/CVE-2022-48329.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48329", "id": "CVE-2022-48329",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-20T04:15:11.227", "published": "2023-02-20T04:15:11.227",
"lastModified": "2024-11-21T07:33:10.770", "lastModified": "2025-03-18T16:15:14.440",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-755" "value": "CWE-755"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-483xx/CVE-2022-48337.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48337", "id": "CVE-2022-48337",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-20T23:15:12.243", "published": "2023-02-20T23:15:12.243",
"lastModified": "2024-11-21T07:33:11.937", "lastModified": "2025-03-18T16:15:14.647",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-78" "value": "CWE-78"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-483xx/CVE-2022-48338.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48338", "id": "CVE-2022-48338",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-20T23:15:12.297", "published": "2023-02-20T23:15:12.297",
"lastModified": "2024-11-21T07:33:12.090", "lastModified": "2025-03-18T16:15:14.863",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.3, "exploitabilityScore": 1.3,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-77" "value": "CWE-77"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-483xx/CVE-2022-48339.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48339", "id": "CVE-2022-48339",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-20T23:15:12.350", "published": "2023-02-20T23:15:12.350",
"lastModified": "2024-11-21T07:33:12.250", "lastModified": "2025-03-18T16:15:15.070",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-116" "value": "CWE-116"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1116"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2023/CVE-2023-01xx/CVE-2023-0168.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0168", "id": "CVE-2023-0168",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-02-27T16:15:11.657", "published": "2023-02-27T16:15:11.657",
"lastModified": "2024-11-21T07:36:40.573", "lastModified": "2025-03-18T15:15:42.527",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 2.3,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
} }
] ]
}, },

22
CVE-2023/CVE-2023-03xx/CVE-2023-0381.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0381", "id": "CVE-2023-0381",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-02-27T16:15:12.123", "published": "2023-02-27T16:15:12.123",
"lastModified": "2024-11-21T07:37:05.027", "lastModified": "2025-03-18T15:15:42.723",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },

38
CVE-2023/CVE-2023-04xx/CVE-2023-0482.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0482", "id": "CVE-2023-0482",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-02-17T22:15:11.957", "published": "2023-02-17T22:15:11.957",
"lastModified": "2025-02-10T13:12:32.147", "lastModified": "2025-03-18T16:15:15.277",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -32,13 +32,33 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
] ]
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "secalert@redhat.com", "source": "secalert@redhat.com",
"type": "Secondary", "type": "Primary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -48,13 +68,23 @@
}, },
{ {
"source": "nvd@nist.gov", "source": "nvd@nist.gov",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
"value": "NVD-CWE-Other" "value": "NVD-CWE-Other"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-378"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2023/CVE-2023-05xx/CVE-2023-0552.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0552", "id": "CVE-2023-0552",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-02-27T16:15:12.610", "published": "2023-02-27T16:15:12.610",
"lastModified": "2024-11-21T07:37:23.420", "lastModified": "2025-03-18T15:15:43.027",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 2.3,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },

22
CVE-2023/CVE-2023-10xx/CVE-2023-1095.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1095", "id": "CVE-2023-1095",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-02-28T23:15:11.460", "published": "2023-02-28T23:15:11.460",
"lastModified": "2024-11-21T07:38:26.880", "lastModified": "2025-03-18T16:15:16.013",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
] ]
}, },

10
CVE-2023/CVE-2023-14xx/CVE-2023-1420.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1420", "id": "CVE-2023-1420",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.487", "published": "2023-04-24T19:15:09.487",
"lastModified": "2025-02-04T19:15:28.020", "lastModified": "2025-03-18T15:21:33.470",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -64,15 +64,15 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:ajax_search_project:ajax_search:*:*:*:*:lite:wordpress:*:*", "criteria": "cpe:2.3:a:wp-dreams:ajax_search:*:*:*:*:lite:wordpress:*:*",
"versionEndExcluding": "4.11.1", "versionEndExcluding": "4.11.1",
"matchCriteriaId": "C1EC9E83-5D02-4720-AD12-AD7BCE6F9F9A" "matchCriteriaId": "29EAA46F-7186-4BE1-8F19-E262D67836FF"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:ajax_search_project:ajax_search:*:*:*:*:pro:wordpress:*:*", "criteria": "cpe:2.3:a:wp-dreams:ajax_search:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "4.26.2", "versionEndExcluding": "4.26.2",
"matchCriteriaId": "87EE2C87-BD59-4699-A6C7-3E0FA82B5B94" "matchCriteriaId": "BE3EA907-24EB-4CAF-9E37-F91810823565"
} }
] ]
} }

6
CVE-2023/CVE-2023-14xx/CVE-2023-1435.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1435", "id": "CVE-2023-1435",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.560", "published": "2023-04-24T19:15:09.560",
"lastModified": "2025-02-04T17:15:10.380", "lastModified": "2025-03-18T15:21:33.470",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -64,9 +64,9 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:ajax_search_project:ajax_search:*:*:*:*:pro:wordpress:*:*", "criteria": "cpe:2.3:a:wp-dreams:ajax_search:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "4.26.2", "versionEndExcluding": "4.26.2",
"matchCriteriaId": "87EE2C87-BD59-4699-A6C7-3E0FA82B5B94" "matchCriteriaId": "BE3EA907-24EB-4CAF-9E37-F91810823565"
} }
] ]
} }

32
CVE-2023/CVE-2023-209xx/CVE-2023-20948.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20948", "id": "CVE-2023-20948",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2023-02-28T17:15:11.147", "published": "2023-02-28T17:15:11.147",
"lastModified": "2024-11-21T07:41:52.527", "lastModified": "2025-03-18T16:15:16.227",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-125" "value": "CWE-125"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-230xx/CVE-2023-23007.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23007", "id": "CVE-2023-23007",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T16:15:10.997", "published": "2023-02-17T16:15:10.997",
"lastModified": "2024-11-21T07:45:47.323", "lastModified": "2025-03-18T16:15:16.440",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-234xx/CVE-2023-23452.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23452", "id": "CVE-2023-23452",
"sourceIdentifier": "psirt@sick.de", "sourceIdentifier": "psirt@sick.de",
"published": "2023-02-20T23:15:12.447", "published": "2023-02-20T23:15:12.447",
"lastModified": "2024-11-21T07:46:13.673", "lastModified": "2025-03-18T15:15:44.050",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -55,6 +75,16 @@
"value": "CWE-306" "value": "CWE-306"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-234xx/CVE-2023-23453.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23453", "id": "CVE-2023-23453",
"sourceIdentifier": "psirt@sick.de", "sourceIdentifier": "psirt@sick.de",
"published": "2023-02-20T23:15:12.517", "published": "2023-02-20T23:15:12.517",
"lastModified": "2024-11-21T07:46:13.790", "lastModified": "2025-03-18T15:15:44.323",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -55,6 +75,16 @@
"value": "CWE-306" "value": "CWE-306"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-235xx/CVE-2023-23524.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23524", "id": "CVE-2023-23524",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2023-02-27T20:15:14.640", "published": "2023-02-27T20:15:14.640",
"lastModified": "2024-11-21T07:46:21.153", "lastModified": "2025-03-18T15:15:44.563",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-400" "value": "CWE-400"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2023/CVE-2023-235xx/CVE-2023-23530.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23530", "id": "CVE-2023-23530",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2023-02-27T20:15:14.773", "published": "2023-02-27T20:15:14.773",
"lastModified": "2024-11-21T07:46:21.827", "lastModified": "2025-03-18T15:15:44.803",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
} }
] ]
}, },

22
CVE-2023/CVE-2023-241xx/CVE-2023-24104.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24104", "id": "CVE-2023-24104",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-23T16:15:11.630", "published": "2023-02-23T16:15:11.630",
"lastModified": "2024-11-21T07:47:24.257", "lastModified": "2025-03-18T15:15:45.040",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },

32
CVE-2023/CVE-2023-241xx/CVE-2023-24114.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24114", "id": "CVE-2023-24114",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-22T21:15:11.503", "published": "2023-02-22T21:15:11.503",
"lastModified": "2024-11-21T07:47:24.707", "lastModified": "2025-03-18T15:15:45.287",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-241xx/CVE-2023-24122.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24122", "id": "CVE-2023-24122",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-03-01T21:15:11.057", "published": "2023-03-01T21:15:11.057",
"lastModified": "2024-11-21T07:47:25.567", "lastModified": "2025-03-18T16:15:16.760",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-241xx/CVE-2023-24123.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24123", "id": "CVE-2023-24123",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-03-01T21:15:11.117", "published": "2023-03-01T21:15:11.117",
"lastModified": "2024-11-21T07:47:25.717", "lastModified": "2025-03-18T16:15:16.987",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-241xx/CVE-2023-24124.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24124", "id": "CVE-2023-24124",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-03-01T21:15:11.177", "published": "2023-03-01T21:15:11.177",
"lastModified": "2024-11-21T07:47:25.863", "lastModified": "2025-03-18T16:15:17.197",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

36
CVE-2023/CVE-2023-243xx/CVE-2023-24320.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24320", "id": "CVE-2023-24320",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-21T22:15:10.557", "published": "2023-02-21T22:15:10.557",
"lastModified": "2024-11-21T07:47:40.207", "lastModified": "2025-03-18T15:15:45.527",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "NVD-CWE-Other" "value": "NVD-CWE-Other"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
} }
], ],
"configurations": [ "configurations": [
@ -90,6 +120,10 @@
{ {
"url": "https://yuyudhn.github.io/CVE-2023-24320/", "url": "https://yuyudhn.github.io/CVE-2023-24320/",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://yuyudhn.github.io/CVE-2023-24320/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

32
CVE-2023/CVE-2023-243xx/CVE-2023-24369.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24369", "id": "CVE-2023-24369",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T17:15:11.857", "published": "2023-02-17T17:15:11.857",
"lastModified": "2024-11-21T07:47:43.847", "lastModified": "2025-03-18T16:15:17.417",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-247xx/CVE-2023-24769.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24769", "id": "CVE-2023-24769",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T22:15:14.407", "published": "2023-02-17T22:15:14.407",
"lastModified": "2024-11-21T07:48:23.303", "lastModified": "2025-03-18T16:15:17.883",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 2.3,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-247xx/CVE-2023-24785.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24785", "id": "CVE-2023-24785",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T18:15:12.127", "published": "2023-02-17T18:15:12.127",
"lastModified": "2024-11-21T07:48:24.490", "lastModified": "2025-03-18T16:15:18.153",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-770" "value": "CWE-770"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-252xx/CVE-2023-25264.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25264", "id": "CVE-2023-25264",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-28T16:15:09.157", "published": "2023-02-28T16:15:09.157",
"lastModified": "2024-11-21T07:49:22.163", "lastModified": "2025-03-18T16:15:18.437",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-287" "value": "CWE-287"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-252xx/CVE-2023-25265.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25265", "id": "CVE-2023-25265",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-28T16:15:09.237", "published": "2023-02-28T16:15:09.237",
"lastModified": "2024-11-21T07:49:22.303", "lastModified": "2025-03-18T16:15:18.710",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-22" "value": "CWE-22"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2023/CVE-2023-252xx/CVE-2023-25266.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25266", "id": "CVE-2023-25266",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-28T16:15:09.297", "published": "2023-02-28T16:15:09.297",
"lastModified": "2024-11-21T07:49:22.433", "lastModified": "2025-03-18T16:15:19.013",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },

32
CVE-2023/CVE-2023-254xx/CVE-2023-25431.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25431", "id": "CVE-2023-25431",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-28T18:15:10.393", "published": "2023-02-28T18:15:10.393",
"lastModified": "2024-11-21T07:49:30.000", "lastModified": "2025-03-18T16:15:19.330",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.7, "exploitabilityScore": 1.7,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2023/CVE-2023-256xx/CVE-2023-25621.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25621", "id": "CVE-2023-25621",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-02-23T09:15:10.023", "published": "2023-02-23T09:15:10.023",
"lastModified": "2024-11-21T07:49:50.890", "lastModified": "2025-03-18T15:15:45.757",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },

32
CVE-2023/CVE-2023-260xx/CVE-2023-26081.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26081", "id": "CVE-2023-26081",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-20T03:15:10.313", "published": "2023-02-20T03:15:10.313",
"lastModified": "2024-11-21T07:50:44.520", "lastModified": "2025-03-18T15:15:45.960",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-668" "value": "CWE-668"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-262xx/CVE-2023-26255.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26255", "id": "CVE-2023-26255",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-02-28T16:15:09.447", "published": "2023-02-28T16:15:09.447",
"lastModified": "2024-11-21T07:50:59.180", "lastModified": "2025-03-18T16:15:19.610",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-22" "value": "CWE-22"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
} }
], ],
"configurations": [ "configurations": [

39
CVE-2023/CVE-2023-344xx/CVE-2023-34401.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34401", "id": "CVE-2023-34401",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-02-13T23:15:08.867", "published": "2025-02-13T23:15:08.867",
"lastModified": "2025-02-13T23:15:08.867", "lastModified": "2025-03-18T16:15:19.893",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "La unidad principal NTG6 de Mercedes-Benz contiene funciones para importar o exportar configuraciones de perfil a trav\u00e9s de USB. Dentro de la carpeta de perfil hay un archivo codificado con el c\u00f3dec propietario UD2. Debido a que no se realizan comprobaciones de tama\u00f1o en el archivo encapsulado, el atacante puede lograr una lectura fuera de los l\u00edmites en la memoria del mont\u00f3n." "value": "La unidad principal NTG6 de Mercedes-Benz contiene funciones para importar o exportar configuraciones de perfil a trav\u00e9s de USB. Dentro de la carpeta de perfil hay un archivo codificado con el c\u00f3dec propietario UD2. Debido a que no se realizan comprobaciones de tama\u00f1o en el archivo encapsulado, el atacante puede lograr una lectura fuera de los l\u00edmites en la memoria del mont\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 3.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/",

51
CVE-2023/CVE-2023-366xx/CVE-2023-36681.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36681", "id": "CVE-2023-36681",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-13T15:15:17.880", "published": "2024-12-13T15:15:17.880",
"lastModified": "2024-12-13T15:15:17.880", "lastModified": "2025-03-18T15:29:53.393",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -51,10 +71,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://patchstack.com/database/wordpress/plugin/cryptocurrency-price-ticker-widget/vulnerability/wordpress-cryptocurrency-widgets-price-ticker-coins-list-plugin-2-6-2-broken-access-control-vulnerability?_s_id=cve", "nodes": [
"source": "audit@patchstack.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.6.3",
"matchCriteriaId": "EA692232-0CA4-4283-8710-51CD66C46770"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/cryptocurrency-price-ticker-widget/vulnerability/wordpress-cryptocurrency-widgets-price-ticker-coins-list-plugin-2-6-2-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

39
CVE-2023/CVE-2023-401xx/CVE-2023-40108.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40108", "id": "CVE-2023-40108",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2025-01-21T23:15:11.320", "published": "2025-01-21T23:15:11.320",
"lastModified": "2025-02-18T21:15:19.560", "lastModified": "2025-03-18T15:15:46.217",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "En varias ubicaciones, existe una forma posible de acceder al contenido multimedia que pertenece a otro usuario debido a la falta de verificaci\u00f3n de permisos. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." "value": "En varias ubicaciones, existe una forma posible de acceder al contenido multimedia que pertenece a otro usuario debido a la falta de verificaci\u00f3n de permisos. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://source.android.com/security/bulletin/2025-01-01", "url": "https://source.android.com/security/bulletin/2025-01-01",

14
CVE-2023/CVE-2023-517xx/CVE-2023-51787.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-51787", "id": "CVE-2023-51787",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-15T06:15:46.067", "published": "2024-02-15T06:15:46.067",
"lastModified": "2024-11-21T08:38:48.577", "lastModified": "2025-03-18T15:15:46.463",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -39,6 +39,18 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-51787", "url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-51787",

14
CVE-2023/CVE-2023-61xx/CVE-2023-6123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6123", "id": "CVE-2023-6123",
"sourceIdentifier": "security@opentext.com", "sourceIdentifier": "security@opentext.com",
"published": "2024-02-15T21:15:08.500", "published": "2024-02-15T21:15:08.500",
"lastModified": "2024-12-18T17:32:47.300", "lastModified": "2025-03-18T15:15:46.680",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -69,6 +69,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-707"
}
]
} }
], ],
"configurations": [ "configurations": [

8
CVE-2024/CVE-2024-07xx/CVE-2024-0709.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0709", "id": "CVE-2024-0709",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:16:04.553", "published": "2024-02-05T22:16:04.553",
"lastModified": "2024-11-21T08:47:11.277", "lastModified": "2025-03-18T15:33:26.187",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -80,10 +80,10 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:*:wordpress:*:*", "criteria": "cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:free:wordpress:*:*",
"versionStartIncluding": "2.0", "versionStartIncluding": "2.0",
"versionEndIncluding": "2.6.5", "versionEndIncluding": "2.6.5",
"matchCriteriaId": "B5C1CD91-B13B-4EBA-8287-D2F287E51F3B" "matchCriteriaId": "454760FF-E8EF-42DD-A2F8-D817CB39F2C3"
} }
] ]
} }

6
CVE-2024/CVE-2024-114xx/CVE-2024-11482.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-11482", "id": "CVE-2024-11482",
"sourceIdentifier": "trellixpsirt@trellix.com", "sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2024-11-29T08:15:04.437", "published": "2024-11-29T08:15:04.437",
"lastModified": "2024-11-29T08:15:04.437", "lastModified": "2025-03-18T15:15:46.897",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -55,6 +55,10 @@
{ {
"url": "https://thrive.trellix.com/s/article/000014058#h2_0", "url": "https://thrive.trellix.com/s/article/000014058#h2_0",
"source": "trellixpsirt@trellix.com" "source": "trellixpsirt@trellix.com"
},
{
"url": "https://hackerone.com/reports/2817658",
"source": "af854a3a-2127-422b-91ae-364da2661108"
} }
] ]
} }

16
CVE-2024/CVE-2024-209xx/CVE-2024-20927.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20927", "id": "CVE-2024-20927",
"sourceIdentifier": "secalert_us@oracle.com", "sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-02-17T02:15:47.420", "published": "2024-02-17T02:15:47.420",
"lastModified": "2024-11-29T14:08:26.950", "lastModified": "2025-03-18T16:15:20.147",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -19,7 +19,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "secalert_us@oracle.com", "source": "secalert_us@oracle.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
} }
], ],
"configurations": [ "configurations": [

16
CVE-2024/CVE-2024-210xx/CVE-2024-21006.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21006", "id": "CVE-2024-21006",
"sourceIdentifier": "secalert_us@oracle.com", "sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:14.580", "published": "2024-04-16T22:15:14.580",
"lastModified": "2024-11-27T16:36:05.623", "lastModified": "2025-03-18T15:15:47.150",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -19,7 +19,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "secalert_us@oracle.com", "source": "secalert_us@oracle.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
} }
], ],
"configurations": [ "configurations": [

16
CVE-2024/CVE-2024-210xx/CVE-2024-21055.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21055", "id": "CVE-2024-21055",
"sourceIdentifier": "secalert_us@oracle.com", "sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:23.010", "published": "2024-04-16T22:15:23.010",
"lastModified": "2024-12-06T16:46:49.543", "lastModified": "2025-03-18T16:15:20.353",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -19,7 +19,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "secalert_us@oracle.com", "source": "secalert_us@oracle.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
} }
], ],
"configurations": [ "configurations": [

14
CVE-2024/CVE-2024-211xx/CVE-2024-21142.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21142", "id": "CVE-2024-21142",
"sourceIdentifier": "secalert_us@oracle.com", "sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:15.407", "published": "2024-07-16T23:15:15.407",
"lastModified": "2024-11-21T08:53:51.993", "lastModified": "2025-03-18T15:15:47.363",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -19,7 +19,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "secalert_us@oracle.com", "source": "secalert_us@oracle.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
} }
], ],
"configurations": [ "configurations": [

14
CVE-2024/CVE-2024-211xx/CVE-2024-21185.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21185", "id": "CVE-2024-21185",
"sourceIdentifier": "secalert_us@oracle.com", "sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:23.260", "published": "2024-07-16T23:15:23.260",
"lastModified": "2024-11-21T08:53:57.030", "lastModified": "2025-03-18T16:15:20.577",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -19,7 +19,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "secalert_us@oracle.com", "source": "secalert_us@oracle.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2024/CVE-2024-225xx/CVE-2024-22525.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22525", "id": "CVE-2024-22525",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.127", "published": "2024-06-06T22:15:10.127",
"lastModified": "2024-11-21T08:56:24.373", "lastModified": "2025-03-18T16:15:20.850",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-476" "value": "CWE-476"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2024/CVE-2024-237xx/CVE-2024-23737.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23737", "id": "CVE-2024-23737",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T22:15:02.857", "published": "2024-07-01T22:15:02.857",
"lastModified": "2024-11-21T08:58:16.923", "lastModified": "2025-03-18T15:15:47.677",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.5 "impactScore": 2.5
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-352" "value": "CWE-352"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
} }
], ],
"configurations": [ "configurations": [

39
CVE-2024/CVE-2024-257xx/CVE-2024-25734.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25734", "id": "CVE-2024-25734",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T03:15:12.077", "published": "2024-03-27T03:15:12.077",
"lastModified": "2024-11-21T09:01:17.837", "lastModified": "2025-03-18T15:15:47.980",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en dispositivos WyreStorm Apollo VX20 anteriores a la versi\u00f3n 1.3.58. El servicio TELNET solicita una contrase\u00f1a s\u00f3lo despu\u00e9s de introducir un nombre de usuario v\u00e1lido, lo que podr\u00eda facilitar a atacantes remotos la enumeraci\u00f3n de cuentas de usuario." "value": "Se descubri\u00f3 un problema en dispositivos WyreStorm Apollo VX20 anteriores a la versi\u00f3n 1.3.58. El servicio TELNET solicita una contrase\u00f1a s\u00f3lo despu\u00e9s de introducir un nombre de usuario v\u00e1lido, lo que podr\u00eda facilitar a atacantes remotos la enumeraci\u00f3n de cuentas de usuario."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [ "references": [
{ {
"url": "http://packetstormsecurity.com/files/177081", "url": "http://packetstormsecurity.com/files/177081",

153
CVE-2024/CVE-2024-267xx/CVE-2024-26746.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26746", "id": "CVE-2024-26746",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-04T09:15:07.783", "published": "2024-04-04T09:15:07.783",
"lastModified": "2024-11-21T09:02:58.613", "lastModified": "2025-03-18T16:45:08.557",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,140 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: idxd: garantiza una copia segura del registro de finalizaci\u00f3n para el usuario. Si CONFIG_HARDENED_USERCOPY est\u00e1 habilitado, copiar el registro de finalizaci\u00f3n desde la cach\u00e9 del registro de eventos al usuario desencadena un error en el kernel. [ 1987.159822] usercopy: Kernel memory exposure attempt detected from SLUB object 'dsa0' (offset 74, size 31)! [ 1987.170845] ------------[ cut here ]------------ [ 1987.176086] kernel BUG at mm/usercopy.c:102! [ 1987.180946] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 1987.186866] CPU: 17 PID: 528 Comm: kworker/17:1 Not tainted 6.8.0-rc2+ #5 [ 1987.194537] Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 07/18/2023 [ 1987.206405] Workqueue: wq0.0 idxd_evl_fault_work [idxd] [ 1987.212338] RIP: 0010:usercopy_abort+0x72/0x90 [ 1987.217381] Code: 58 65 9c 50 48 c7 c2 17 85 61 9c 57 48 c7 c7 98 fd 6b 9c 48 0f 44 d6 48 c7 c6 b3 08 62 9c 4c 89 d1 49 0f 44 f3 e8 1e 2e d5 ff <0f> 0b 49 c7 c1 9e 42 61 9c 4c 89 cf 4d 89 c8 eb a9 66 66 2e 0f 1f [ 1987.238505] RSP: 0018:ff62f5cf20607d60 EFLAGS: 00010246 [ 1987.244423] RAX: 000000000000005f RBX: 000000000000001f RCX: 0000000000000000 [ 1987.252480] RDX: 0000000000000000 RSI: ffffffff9c61429e RDI: 00000000ffffffff [ 1987.260538] RBP: ff62f5cf20607d78 R08: ff2a6a89ef3fffe8 R09: 00000000fffeffff [ 1987.268595] R10: ff2a6a89eed00000 R11: 0000000000000003 R12: ff2a66934849c89a [ 1987.276652] R13: 0000000000000001 R14: ff2a66934849c8b9 R15: ff2a66934849c899 [ 1987.284710] FS: 0000000000000000(0000) GS:ff2a66b22fe40000(0000) knlGS:0000000000000000 [ 1987.293850] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1987.300355] CR2: 00007fe291a37000 CR3: 000000010fbd4005 CR4: 0000000000f71ef0 [ 1987.308413] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1987.316470] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 1987.324527] PKRU: 55555554 [ 1987.327622] Call Trace: [ 1987.330424] [ 1987.332826] ? show_regs+0x6e/0x80 [ 1987.336703] ? die+0x3c/0xa0 [ 1987.339988] ? do_trap+0xd4/0xf0 [ 1987.343662] ? do_error_trap+0x75/0xa0 [ 1987.347922] ? usercopy_abort+0x72/0x90 [ 1987.352277] ? exc_invalid_op+0x57/0x80 [ 1987.356634] ? usercopy_abort+0x72/0x90 [ 1987.360988] ? asm_exc_invalid_op+0x1f/0x30 [ 1987.365734] ? usercopy_abort+0x72/0x90 [ 1987.370088] __check_heap_object+0xb7/0xd0 [ 1987.374739] __check_object_size+0x175/0x2d0 [ 1987.379588] idxd_copy_cr+0xa9/0x130 [idxd] [ 1987.384341] idxd_evl_fault_work+0x127/0x390 [idxd] [ 1987.389878] process_one_work+0x13e/0x300 [ 1987.394435] ? __pfx_worker_thread+0x10/0x10 [ 1987.399284] worker_thread+0x2f7/0x420 [ 1987.403544] ? _raw_spin_unlock_irqrestore+0x2b/0x50 [ 1987.409171] ? __pfx_worker_thread+0x10/0x10 [ 1987.414019] kthread+0x107/0x140 [ 1987.417693] ? __pfx_kthread+0x10/0x10 [ 1987.421954] ret_from_fork+0x3d/0x60 [ 1987.426019] ? __pfx_kthread+0x10/0x10 [ 1987.430281] ret_from_fork_asm+0x1b/0x30 [ 1987.434744] . El problema surge porque la cach\u00e9 del registro de eventos se crea usando kmem_cache_create(), que no es adecuado para la copia del usuario. Solucione el problema creando un cach\u00e9 de registro de eventos con kmem_cache_create_usercopy(), lo que garantiza una copia segura para el usuario." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: idxd: garantiza una copia segura del registro de finalizaci\u00f3n para el usuario. Si CONFIG_HARDENED_USERCOPY est\u00e1 habilitado, copiar el registro de finalizaci\u00f3n desde la cach\u00e9 del registro de eventos al usuario desencadena un error en el kernel. [ 1987.159822] usercopy: Kernel memory exposure attempt detected from SLUB object 'dsa0' (offset 74, size 31)! [ 1987.170845] ------------[ cut here ]------------ [ 1987.176086] kernel BUG at mm/usercopy.c:102! [ 1987.180946] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 1987.186866] CPU: 17 PID: 528 Comm: kworker/17:1 Not tainted 6.8.0-rc2+ #5 [ 1987.194537] Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 07/18/2023 [ 1987.206405] Workqueue: wq0.0 idxd_evl_fault_work [idxd] [ 1987.212338] RIP: 0010:usercopy_abort+0x72/0x90 [ 1987.217381] Code: 58 65 9c 50 48 c7 c2 17 85 61 9c 57 48 c7 c7 98 fd 6b 9c 48 0f 44 d6 48 c7 c6 b3 08 62 9c 4c 89 d1 49 0f 44 f3 e8 1e 2e d5 ff <0f> 0b 49 c7 c1 9e 42 61 9c 4c 89 cf 4d 89 c8 eb a9 66 66 2e 0f 1f [ 1987.238505] RSP: 0018:ff62f5cf20607d60 EFLAGS: 00010246 [ 1987.244423] RAX: 000000000000005f RBX: 000000000000001f RCX: 0000000000000000 [ 1987.252480] RDX: 0000000000000000 RSI: ffffffff9c61429e RDI: 00000000ffffffff [ 1987.260538] RBP: ff62f5cf20607d78 R08: ff2a6a89ef3fffe8 R09: 00000000fffeffff [ 1987.268595] R10: ff2a6a89eed00000 R11: 0000000000000003 R12: ff2a66934849c89a [ 1987.276652] R13: 0000000000000001 R14: ff2a66934849c8b9 R15: ff2a66934849c899 [ 1987.284710] FS: 0000000000000000(0000) GS:ff2a66b22fe40000(0000) knlGS:0000000000000000 [ 1987.293850] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1987.300355] CR2: 00007fe291a37000 CR3: 000000010fbd4005 CR4: 0000000000f71ef0 [ 1987.308413] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1987.316470] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 1987.324527] PKRU: 55555554 [ 1987.327622] Call Trace: [ 1987.330424] [ 1987.332826] ? show_regs+0x6e/0x80 [ 1987.336703] ? die+0x3c/0xa0 [ 1987.339988] ? do_trap+0xd4/0xf0 [ 1987.343662] ? do_error_trap+0x75/0xa0 [ 1987.347922] ? usercopy_abort+0x72/0x90 [ 1987.352277] ? exc_invalid_op+0x57/0x80 [ 1987.356634] ? usercopy_abort+0x72/0x90 [ 1987.360988] ? asm_exc_invalid_op+0x1f/0x30 [ 1987.365734] ? usercopy_abort+0x72/0x90 [ 1987.370088] __check_heap_object+0xb7/0xd0 [ 1987.374739] __check_object_size+0x175/0x2d0 [ 1987.379588] idxd_copy_cr+0xa9/0x130 [idxd] [ 1987.384341] idxd_evl_fault_work+0x127/0x390 [idxd] [ 1987.389878] process_one_work+0x13e/0x300 [ 1987.394435] ? __pfx_worker_thread+0x10/0x10 [ 1987.399284] worker_thread+0x2f7/0x420 [ 1987.403544] ? _raw_spin_unlock_irqrestore+0x2b/0x50 [ 1987.409171] ? __pfx_worker_thread+0x10/0x10 [ 1987.414019] kthread+0x107/0x140 [ 1987.417693] ? __pfx_kthread+0x10/0x10 [ 1987.421954] ret_from_fork+0x3d/0x60 [ 1987.426019] ? __pfx_kthread+0x10/0x10 [ 1987.430281] ret_from_fork_asm+0x1b/0x30 [ 1987.434744] . El problema surge porque la cach\u00e9 del registro de eventos se crea usando kmem_cache_create(), que no es adecuado para la copia del usuario. Solucione el problema creando un cach\u00e9 de registro de eventos con kmem_cache_create_usercopy(), lo que garantiza una copia segura para el usuario."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/5e3022ea42e490a36ec6f2cfa6fc603deb0bace4", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/bb71e040323175e18c233a9afef32ba14fa64eb7", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/d3ea125df37dc37972d581b74a5d3785c3f283ab", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/5e3022ea42e490a36ec6f2cfa6fc603deb0bace4", "lang": "en",
"source": "af854a3a-2127-422b-91ae-364da2661108" "value": "NVD-CWE-noinfo"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/bb71e040323175e18c233a9afef32ba14fa64eb7", }
"source": "af854a3a-2127-422b-91ae-364da2661108" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/d3ea125df37dc37972d581b74a5d3785c3f283ab", "nodes": [
"source": "af854a3a-2127-422b-91ae-364da2661108" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4",
"versionEndExcluding": "6.6.21",
"matchCriteriaId": "584D76D2-1164-4D5F-A720-182A249B363A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.9",
"matchCriteriaId": "1C538467-EDA0-4A9A-82EB-2925DE9FF827"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AEB9199B-AB8F-4877-8964-E2BA95B5F15C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/5e3022ea42e490a36ec6f2cfa6fc603deb0bace4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bb71e040323175e18c233a9afef32ba14fa64eb7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d3ea125df37dc37972d581b74a5d3785c3f283ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5e3022ea42e490a36ec6f2cfa6fc603deb0bace4",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bb71e040323175e18c233a9afef32ba14fa64eb7",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d3ea125df37dc37972d581b74a5d3785c3f283ab",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

160
CVE-2024/CVE-2024-267xx/CVE-2024-26750.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26750", "id": "CVE-2024-26750",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-04T09:15:07.850", "published": "2024-04-04T09:15:07.850",
"lastModified": "2024-11-21T09:02:59.203", "lastModified": "2025-03-18T16:49:59.607",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,47 +15,131 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: af_unix: elimine la referencia oob_skb antes de purgar la cola en GC. syzbot inform\u00f3 que otra tarea se colg\u00f3 en __unix_gc(). [0] El bucle while actual supone que todos los candidatos restantes tienen oob_skb y llamar a kfree_skb(oob_skb) libera los candidatos restantes. Sin embargo, me perd\u00ed un caso en el que oob_skb tiene fd autorreferenciado y otro fd y el \u00faltimo sk se coloca antes que el primero en la lista de candidatos. Luego, el ciclo while nunca contin\u00faa, lo que provoca que la tarea se bloquee. __unix_gc() tiene el mismo bucle justo antes de purgar el skb recopilado, por lo que podemos llamar a kfree_skb(oob_skb) all\u00ed y dejar que __skb_queue_purge() libere todos los sockets en vuelo. [0]: Env\u00edo de NMI desde la CPU 0 a las CPU 1: seguimiento de NMI para la CPU 1 CPU: 1 PID: 2784 Comm: kworker/u4:8 Not tainted 6.8.0-rc4-syzkaller-01028-g71b605d32017 #0 Nombre de hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 25/01/2024 Cola de trabajo: events_unbound __unix_gc RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:200 C\u00f3digo: 89 fb e8 23 00 00 00 48 8b 3d 84 f5 1a 0c 48 89 de 5b e9 43 26 57 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 0d 90 5 2 70 7e 65 8b 15 91 52 70 RSP: 0018:ffffc9000a17fa78 EFLAGS: 00000287 RAX: ffffffff8a0a6108 RBX: ffff88802b6c2640 RCX: ffff88802c0b3b80 RDX: 0000000000000000 RSI: 0 000000000000002 RDI: 0000000000000000 RBP: ffffc9000a17fbf0 R08: ffffffff89383f1d R09: 1ffff1100ee5ff84 R10: dffffc0000000000 R11: ffffed100ee5ff85 R12: 1ffff110056d84ee R13: ffffc9000a17fae0 R14: 0000000000000000 R15: ffffffff8f47b840 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffef5687ff8 CR3: 0000000029b34000 CR4: 00000000003506f0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: __unix_gc+0xe69/0xf40 net/unix/garbage.c:343 proceso _one_work kernel/workqueue.c:2633 [en l\u00ednea] proceso_scheduled_works+ 0x913/0x1420 kernel/workqueue.c:2706 trabajador_thread+0xa5f/0x1000 kernel/workqueue.c:2787 kthread+0x2ef/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242 " "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: af_unix: elimine la referencia oob_skb antes de purgar la cola en GC. syzbot inform\u00f3 que otra tarea se colg\u00f3 en __unix_gc(). [0] El bucle while actual supone que todos los candidatos restantes tienen oob_skb y llamar a kfree_skb(oob_skb) libera los candidatos restantes. Sin embargo, me perd\u00ed un caso en el que oob_skb tiene fd autorreferenciado y otro fd y el \u00faltimo sk se coloca antes que el primero en la lista de candidatos. Luego, el ciclo while nunca contin\u00faa, lo que provoca que la tarea se bloquee. __unix_gc() tiene el mismo bucle justo antes de purgar el skb recopilado, por lo que podemos llamar a kfree_skb(oob_skb) all\u00ed y dejar que __skb_queue_purge() libere todos los sockets en vuelo. [0]: Env\u00edo de NMI desde la CPU 0 a las CPU 1: seguimiento de NMI para la CPU 1 CPU: 1 PID: 2784 Comm: kworker/u4:8 Not tainted 6.8.0-rc4-syzkaller-01028-g71b605d32017 #0 Nombre de hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 25/01/2024 Cola de trabajo: events_unbound __unix_gc RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:200 C\u00f3digo: 89 fb e8 23 00 00 00 48 8b 3d 84 f5 1a 0c 48 89 de 5b e9 43 26 57 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 0d 90 5 2 70 7e 65 8b 15 91 52 70 RSP: 0018:ffffc9000a17fa78 EFLAGS: 00000287 RAX: ffffffff8a0a6108 RBX: ffff88802b6c2640 RCX: ffff88802c0b3b80 RDX: 0000000000000000 RSI: 0 000000000000002 RDI: 0000000000000000 RBP: ffffc9000a17fbf0 R08: ffffffff89383f1d R09: 1ffff1100ee5ff84 R10: dffffc0000000000 R11: ffffed100ee5ff85 R12: 1ffff110056d84ee R13: ffffc9000a17fae0 R14: 0000000000000000 R15: ffffffff8f47b840 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffef5687ff8 CR3: 0000000029b34000 CR4: 00000000003506f0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: __unix_gc+0xe69/0xf40 net/unix/garbage.c:343 proceso _one_work kernel/workqueue.c:2633 [en l\u00ednea] proceso_scheduled_works+ 0x913/0x1420 kernel/workqueue.c:2706 trabajador_thread+0xa5f/0x1000 kernel/workqueue.c:2787 kthread+0x2ef/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242 "
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/43ba9e331559a30000c862eea313248707afa787", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/6c480d0f131862645d172ca9e25dc152b1a5c3a6", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/aa82ac51d63328714645c827775d64dbfd9941f3", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/c4c795b21dd23d9514ae1c6646c3fb2c78b5be60", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "NVD-CWE-noinfo"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/e9eac260369d0cf57ea53df95427125725507a0d", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/43ba9e331559a30000c862eea313248707afa787", "nodes": [
"source": "af854a3a-2127-422b-91ae-364da2661108" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/6c480d0f131862645d172ca9e25dc152b1a5c3a6", "cpeMatch": [
"source": "af854a3a-2127-422b-91ae-364da2661108" {
}, "vulnerable": true,
{ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"url": "https://git.kernel.org/stable/c/aa82ac51d63328714645c827775d64dbfd9941f3", "versionStartIncluding": "5.15.149",
"source": "af854a3a-2127-422b-91ae-364da2661108" "versionEndExcluding": "5.15.151",
}, "matchCriteriaId": "6F3A43DC-978D-470A-88C3-9EF55D158C7B"
{ }
"url": "https://git.kernel.org/stable/c/c4c795b21dd23d9514ae1c6646c3fb2c78b5be60", ]
"source": "af854a3a-2127-422b-91ae-364da2661108" }
}, ]
{ }
"url": "https://git.kernel.org/stable/c/e9eac260369d0cf57ea53df95427125725507a0d", ],
"source": "af854a3a-2127-422b-91ae-364da2661108" "references": [
{
"url": "https://git.kernel.org/stable/c/43ba9e331559a30000c862eea313248707afa787",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6c480d0f131862645d172ca9e25dc152b1a5c3a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aa82ac51d63328714645c827775d64dbfd9941f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c4c795b21dd23d9514ae1c6646c3fb2c78b5be60",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e9eac260369d0cf57ea53df95427125725507a0d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/43ba9e331559a30000c862eea313248707afa787",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6c480d0f131862645d172ca9e25dc152b1a5c3a6",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aa82ac51d63328714645c827775d64dbfd9941f3",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c4c795b21dd23d9514ae1c6646c3fb2c78b5be60",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e9eac260369d0cf57ea53df95427125725507a0d",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

119
CVE-2024/CVE-2024-267xx/CVE-2024-26762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26762", "id": "CVE-2024-26762",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:52.470", "published": "2024-04-03T17:15:52.470",
"lastModified": "2024-11-21T09:03:00.880", "lastModified": "2025-03-18T16:13:33.843",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,114 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: cxl/pci: omita para manejar errores RAS si el dispositivo CXL.mem est\u00e1 desconectado. El modelo PCI AER no es adecuado para el manejo de errores CXL. Si bien la expectativa es que un dispositivo PCI pueda escalar hasta restablecer el enlace para recuperarse de un evento AER, el mismo restablecimiento en CXL equivale a una conexi\u00f3n en caliente sorpresa de cantidades masivas de memoria. Actualmente, el controlador de errores CXL intenta un manejo optimista de errores para desvincular el dispositivo del controlador cxl_mem despu\u00e9s de obtener algunos valores de registro RAS. Esto da como resultado un intento \"esperanzador\" de desconectar la memoria, pero no hay garant\u00eda de que tenga \u00e9xito. Una notificaci\u00f3n AER posterior despu\u00e9s del evento de desvinculaci\u00f3n de memdev ya no puede asumir que los registros est\u00e1n asignados. Verifique el enlace de memdev antes de obtener los valores del registro de estado para evitar fallas del tipo: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffa00000195e9100 #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - p\u00e1gina no presente [. ..] RIP: 0010:__cxl_handle_ras+0x30/0x110 [cxl_core] [...] Seguimiento de llamadas: ? __morir+0x24/0x70 ? page_fault_oops+0x82/0x160? kernelmode_fixup_or_oops+0x84/0x110? exc_page_fault+0x113/0x170? asm_exc_page_fault+0x26/0x30? __pfx_dpc_reset_link+0x10/0x10 ? __cxl_handle_ras+0x30/0x110 [cxl_core] ? find_cxl_port+0x59/0x80 [cxl_core] cxl_handle_rp_ras+0xbc/0xd0 [cxl_core] cxl_error_detected+0x6c/0xf0 [cxl_core] report_error_detected+0xc7/0x1c0 pci_walk_bus+0x73/0x90 pcie_do_recovery+0x23f/0x330 A m\u00e1s largo plazo, es posible que sea necesario corregir el comportamiento de desvinculaci\u00f3n y PCI_ERS_RESULT_DISCONNECT. ser reemplazado por un nuevo PCI_ERS_RESULT_PANIC." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: cxl/pci: omita para manejar errores RAS si el dispositivo CXL.mem est\u00e1 desconectado. El modelo PCI AER no es adecuado para el manejo de errores CXL. Si bien la expectativa es que un dispositivo PCI pueda escalar hasta restablecer el enlace para recuperarse de un evento AER, el mismo restablecimiento en CXL equivale a una conexi\u00f3n en caliente sorpresa de cantidades masivas de memoria. Actualmente, el controlador de errores CXL intenta un manejo optimista de errores para desvincular el dispositivo del controlador cxl_mem despu\u00e9s de obtener algunos valores de registro RAS. Esto da como resultado un intento \"esperanzador\" de desconectar la memoria, pero no hay garant\u00eda de que tenga \u00e9xito. Una notificaci\u00f3n AER posterior despu\u00e9s del evento de desvinculaci\u00f3n de memdev ya no puede asumir que los registros est\u00e1n asignados. Verifique el enlace de memdev antes de obtener los valores del registro de estado para evitar fallas del tipo: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffa00000195e9100 #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - p\u00e1gina no presente [. ..] RIP: 0010:__cxl_handle_ras+0x30/0x110 [cxl_core] [...] Seguimiento de llamadas: ? __morir+0x24/0x70 ? page_fault_oops+0x82/0x160? kernelmode_fixup_or_oops+0x84/0x110? exc_page_fault+0x113/0x170? asm_exc_page_fault+0x26/0x30? __pfx_dpc_reset_link+0x10/0x10 ? __cxl_handle_ras+0x30/0x110 [cxl_core] ? find_cxl_port+0x59/0x80 [cxl_core] cxl_handle_rp_ras+0xbc/0xd0 [cxl_core] cxl_error_detected+0x6c/0xf0 [cxl_core] report_error_detected+0xc7/0x1c0 pci_walk_bus+0x73/0x90 pcie_do_recovery+0x23f/0x330 A m\u00e1s largo plazo, es posible que sea necesario corregir el comportamiento de desvinculaci\u00f3n y PCI_ERS_RESULT_DISCONNECT. ser reemplazado por un nuevo PCI_ERS_RESULT_PANIC."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/21e5e84f3f63fdf44e49642a6e45cd895e921a84", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/eef5c7b28dbecd6b141987a96db6c54e49828102", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/21e5e84f3f63fdf44e49642a6e45cd895e921a84", "source": "nvd@nist.gov",
"source": "af854a3a-2127-422b-91ae-364da2661108" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/eef5c7b28dbecd6b141987a96db6c54e49828102", "lang": "en",
"source": "af854a3a-2127-422b-91ae-364da2661108" "value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.7",
"matchCriteriaId": "575EE16B-67F2-4B5B-B5F8-1877715C898B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/21e5e84f3f63fdf44e49642a6e45cd895e921a84",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eef5c7b28dbecd6b141987a96db6c54e49828102",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/21e5e84f3f63fdf44e49642a6e45cd895e921a84",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eef5c7b28dbecd6b141987a96db6c54e49828102",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

329
CVE-2024/CVE-2024-267xx/CVE-2024-26763.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26763", "id": "CVE-2024-26763",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:52.520", "published": "2024-04-03T17:15:52.520",
"lastModified": "2024-11-21T09:03:00.980", "lastModified": "2025-03-18T16:40:18.300",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,79 +15,268 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: dm-crypt: no modifica los datos cuando se utiliza cifrado autenticado Se dijo que el cifrado autenticado podr\u00eda producir etiquetas no v\u00e1lidas cuando se modifican los datos que se est\u00e1n cifrando [1]. Entonces, solucione este problema copiando primero los datos en la biograf\u00eda del clon y luego cifr\u00e1ndolos dentro de la biograf\u00eda del clon. Esto puede reducir el rendimiento, pero es necesario para evitar que el usuario da\u00f1e el dispositivo escribiendo datos con O_DIRECT y modific\u00e1ndolos al mismo tiempo. [1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/" "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: dm-crypt: no modifica los datos cuando se utiliza cifrado autenticado Se dijo que el cifrado autenticado podr\u00eda producir etiquetas no v\u00e1lidas cuando se modifican los datos que se est\u00e1n cifrando [1]. Entonces, solucione este problema copiando primero los datos en la biograf\u00eda del clon y luego cifr\u00e1ndolos dentro de la biograf\u00eda del clon. Esto puede reducir el rendimiento, pero es necesario para evitar que el usuario da\u00f1e el dispositivo escribiendo datos con O_DIRECT y modific\u00e1ndolos al mismo tiempo. [1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529", "impactScore": 5.2
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-787"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857", "cpeMatch": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "vulnerable": true,
{ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6", "versionEndExcluding": "4.19.308",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "matchCriteriaId": "B6FB6042-3E0F-4A36-8DED-B3C350612BDC"
}, },
{ {
"url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa", "vulnerable": true,
"source": "af854a3a-2127-422b-91ae-364da2661108" "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
}, "versionStartIncluding": "4.20",
{ "versionEndExcluding": "5.4.270",
"url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529", "matchCriteriaId": "5D8044B1-C7E8-44A4-9F03-A4D7BCDB1721"
"source": "af854a3a-2127-422b-91ae-364da2661108" },
}, {
{ "vulnerable": true,
"url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90", "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"source": "af854a3a-2127-422b-91ae-364da2661108" "versionStartIncluding": "5.5",
}, "versionEndExcluding": "5.10.211",
{ "matchCriteriaId": "7DDA4DCF-671D-415D-94DF-6E3C77DF0704"
"url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e", },
"source": "af854a3a-2127-422b-91ae-364da2661108" {
}, "vulnerable": true,
{ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7", "versionStartIncluding": "5.11",
"source": "af854a3a-2127-422b-91ae-364da2661108" "versionEndExcluding": "5.15.150",
}, "matchCriteriaId": "CB6C60DE-9E0C-46C5-904D-D4F4031F8E95"
{ },
"url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75", {
"source": "af854a3a-2127-422b-91ae-364da2661108" "vulnerable": true,
}, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
{ "versionStartIncluding": "5.16",
"url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857", "versionEndExcluding": "6.1.80",
"source": "af854a3a-2127-422b-91ae-364da2661108" "matchCriteriaId": "BA7850CE-97C9-4408-A348-6173296BCA2B"
}, },
{ {
"url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6", "vulnerable": true,
"source": "af854a3a-2127-422b-91ae-364da2661108" "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
}, "versionStartIncluding": "6.2",
{ "versionEndExcluding": "6.6.19",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "matchCriteriaId": "8D82004C-B2AE-4048-9344-32EFF65953B0"
"source": "af854a3a-2127-422b-91ae-364da2661108" },
}, {
{ "vulnerable": true,
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"source": "af854a3a-2127-422b-91ae-364da2661108" "versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.7",
"matchCriteriaId": "575EE16B-67F2-4B5B-B5F8-1877715C898B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
} }
] ]
} }

329
CVE-2024/CVE-2024-267xx/CVE-2024-26764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26764", "id": "CVE-2024-26764",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:52.580", "published": "2024-04-03T17:15:52.580",
"lastModified": "2024-11-21T09:03:01.100", "lastModified": "2025-03-18T16:36:22.457",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,79 +15,268 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/aio: restringe kiocb_set_cancel_fn() a E/S enviadas a trav\u00e9s de libaio. Si se llama a kiocb_set_cancel_fn() para E/S enviadas a trav\u00e9s de io_uring, aparece la siguiente advertencia del kernel: ADVERTENCIA: CPU : 3 PID: 368 en fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8 Rastreo de llamadas: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498 io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/ 0xab0 invoke_syscall+0x58/0x11c el0_svc_common+0xb4/0xf4 do_el0_svc+0x2c/0xb0 el0_svc+0x2c/0xa4 el0t_64_sync_handler+0x68/0xb4 el0t_64_sync+0x1a4/0x1a8 Solucionar esto configurando el IOC Bandera B_AIO_RW para E/S de lectura y escritura enviada por libaio ." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/aio: restringe kiocb_set_cancel_fn() a E/S enviadas a trav\u00e9s de libaio. Si se llama a kiocb_set_cancel_fn() para E/S enviadas a trav\u00e9s de io_uring, aparece la siguiente advertencia del kernel: ADVERTENCIA: CPU : 3 PID: 368 en fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8 Rastreo de llamadas: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498 io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/ 0xab0 invoke_syscall+0x58/0x11c el0_svc_common+0xb4/0xf4 do_el0_svc+0x2c/0xb0 el0_svc+0x2c/0xa4 el0t_64_sync_handler+0x68/0xb4 el0t_64_sync+0x1a4/0x1a8 Solucionar esto configurando el IOC Bandera B_AIO_RW para E/S de lectura y escritura enviada por libaio ."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6", "impactScore": 1.4
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "NVD-CWE-noinfo"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7", "cpeMatch": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "vulnerable": true,
{ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"url": "https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f", "versionEndExcluding": "4.19.308",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "matchCriteriaId": "B6FB6042-3E0F-4A36-8DED-B3C350612BDC"
}, },
{ {
"url": "https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487", "vulnerable": true,
"source": "af854a3a-2127-422b-91ae-364da2661108" "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
}, "versionStartIncluding": "4.20",
{ "versionEndExcluding": "5.4.270",
"url": "https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6", "matchCriteriaId": "5D8044B1-C7E8-44A4-9F03-A4D7BCDB1721"
"source": "af854a3a-2127-422b-91ae-364da2661108" },
}, {
{ "vulnerable": true,
"url": "https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f", "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"source": "af854a3a-2127-422b-91ae-364da2661108" "versionStartIncluding": "5.5",
}, "versionEndExcluding": "5.10.211",
{ "matchCriteriaId": "7DDA4DCF-671D-415D-94DF-6E3C77DF0704"
"url": "https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942", },
"source": "af854a3a-2127-422b-91ae-364da2661108" {
}, "vulnerable": true,
{ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"url": "https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760", "versionStartIncluding": "5.11",
"source": "af854a3a-2127-422b-91ae-364da2661108" "versionEndExcluding": "5.15.150",
}, "matchCriteriaId": "CB6C60DE-9E0C-46C5-904D-D4F4031F8E95"
{ },
"url": "https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353", {
"source": "af854a3a-2127-422b-91ae-364da2661108" "vulnerable": true,
}, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
{ "versionStartIncluding": "5.16",
"url": "https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7", "versionEndExcluding": "6.1.80",
"source": "af854a3a-2127-422b-91ae-364da2661108" "matchCriteriaId": "BA7850CE-97C9-4408-A348-6173296BCA2B"
}, },
{ {
"url": "https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f", "vulnerable": true,
"source": "af854a3a-2127-422b-91ae-364da2661108" "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
}, "versionStartIncluding": "6.2",
{ "versionEndExcluding": "6.6.19",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "matchCriteriaId": "8D82004C-B2AE-4048-9344-32EFF65953B0"
"source": "af854a3a-2127-422b-91ae-364da2661108" },
}, {
{ "vulnerable": true,
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"source": "af854a3a-2127-422b-91ae-364da2661108" "versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.7",
"matchCriteriaId": "575EE16B-67F2-4B5B-B5F8-1877715C898B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
} }
] ]
} }

176
CVE-2024/CVE-2024-267xx/CVE-2024-26765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26765", "id": "CVE-2024-26765",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:52.633", "published": "2024-04-03T17:15:52.633",
"lastModified": "2024-11-21T09:03:01.213", "lastModified": "2025-03-18T16:43:01.350",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,155 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LoongArch: deshabilite IRQ antes de init_fn() para CPU que no son de arranque. Deshabilite IRQ antes de init_fn() para CPU que no sean de arranque cuando se conectan en caliente, para silenciar dichas advertencias (y tambi\u00e9n evitar errores potenciales debido a problemas inesperados). interrupciones): ADVERTENCIA: CPU: 1 PID: 0 en kernel/rcu/tree.c:4503 rcu_cpu_starting+0x214/0x280 CPU: 1 PID: 0 Comm: swapper/1 No contaminado 6.6.17+ #1198 pc 90000000048e3334 ra 90000000047bd56c tp 900000010039c000 sp 900000010039fdd0 a0 0000000000000001 a1 0000000000000006 a2 900000000802c040 a3 0000000000000000 a4 00000000000 00001 a5 0000000000000004 a6 00000000000000000 a7 90000000048e3f4c t0 0000000000000001 t1 9000000005c70968 t2 0000000004000000 t3 000 000000005e56e t4 00000000000002e4 t5 0000000000001000 t6 ffffffff80000000 t7 000000000004000040000 t8 9000000007931638 u0 00000000000000006 s 9 0000000000000004 s0 0000000000000001 s1 9000000006356ac0 s2 9000000007244000 s3 0000000000000001 s4 0000000000000001 s5 900000000636f000 s6 7ffffffffffffffff s7 9000000002123940 s8 9000000001ca55f8 ra: 90000000047bd56c tlb_init+0x24c/0x52 8 ERA: 90000000048e3334 rcu_cpu_starting+0x214/0x280 CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) PRMD: 00000000 (PPLV0 -PIE -PWE) EUEN: 00000000 (-FPE -SXE -ASXE -BTE) ECFG: 00071000 (LIE=12 VS=7) ESTAT: 000c0000 [BRK] (IS= ECode=12 EssubCode=0) PRID: 0014c010 (Loongson -64 bits, Loongson-3A5000) CPU: 1 PID: 0 Comunicaciones: intercambiador/1 No contaminado 6.6.17+ #1198 Pila: 0000000000000000 9000000006375000 9000000005b61878 900000010039c000 9000 00010039fa30 0000000000000000 900000010039fa38 900000000619a140 9000000006456888 9000000006456880 900000010039f950 0000000000000 0001 0000000000000001 cb0cb028ec7e52e1 0000000002b90000 9000000100348700 00000000000000000 000000000000000001 ffffffff916d12f1 00000000 00000003 0000000000040000 9000000007930370 0000000002b90000 0000000000000004 9000000006366000 900000000619a140 0000000000000000 00000000000000004 0000000000000000 0000 000000000009 ffffffffffc681f2 9000000002123940 9000000001ca55f8 9000000006366000 90000000047a4828 00007ffff057ded8 00000000000000b0 000 0000000000000 0000000000000000 0000000000071000 ... Seguimiento de llamadas: [<90000000047a4828>] show_stack+0x48/0x1a0 [<9000000005b61874>] dump_stack_lvl+0x84/0xcc [< 90000000047f60ac>] __advertir +0x8c/0x1e0 [<9000000005b0ab34>] report_bug+0x1b4/0x280 [<9000000005b63110>] do_bp+0x2d0/0x480 [<90000000047a2e20>] handle_bp+0x120/0x1c0 [<90000 000048e3334>] rcu_cpu_starting+0x214/0x280 [<90000000047bd568>] tlb_init +0x248/0x528 [<90000000047a4c44>] per_cpu_trap_init+0x124/0x160 [<90000000047a19f4>] cpu_probe+0x494/0xa00 [<90000000047b551c>] start_secondary+0x3c/0xc0 [ <9000000005b66134>] smpboot_entry+0x50/0x58" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LoongArch: deshabilite IRQ antes de init_fn() para CPU que no son de arranque. Deshabilite IRQ antes de init_fn() para CPU que no sean de arranque cuando se conectan en caliente, para silenciar dichas advertencias (y tambi\u00e9n evitar errores potenciales debido a problemas inesperados). interrupciones): ADVERTENCIA: CPU: 1 PID: 0 en kernel/rcu/tree.c:4503 rcu_cpu_starting+0x214/0x280 CPU: 1 PID: 0 Comm: swapper/1 No contaminado 6.6.17+ #1198 pc 90000000048e3334 ra 90000000047bd56c tp 900000010039c000 sp 900000010039fdd0 a0 0000000000000001 a1 0000000000000006 a2 900000000802c040 a3 0000000000000000 a4 00000000000 00001 a5 0000000000000004 a6 00000000000000000 a7 90000000048e3f4c t0 0000000000000001 t1 9000000005c70968 t2 0000000004000000 t3 000 000000005e56e t4 00000000000002e4 t5 0000000000001000 t6 ffffffff80000000 t7 000000000004000040000 t8 9000000007931638 u0 00000000000000006 s 9 0000000000000004 s0 0000000000000001 s1 9000000006356ac0 s2 9000000007244000 s3 0000000000000001 s4 0000000000000001 s5 900000000636f000 s6 7ffffffffffffffff s7 9000000002123940 s8 9000000001ca55f8 ra: 90000000047bd56c tlb_init+0x24c/0x52 8 ERA: 90000000048e3334 rcu_cpu_starting+0x214/0x280 CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) PRMD: 00000000 (PPLV0 -PIE -PWE) EUEN: 00000000 (-FPE -SXE -ASXE -BTE) ECFG: 00071000 (LIE=12 VS=7) ESTAT: 000c0000 [BRK] (IS= ECode=12 EssubCode=0) PRID: 0014c010 (Loongson -64 bits, Loongson-3A5000) CPU: 1 PID: 0 Comunicaciones: intercambiador/1 No contaminado 6.6.17+ #1198 Pila: 0000000000000000 9000000006375000 9000000005b61878 900000010039c000 9000 00010039fa30 0000000000000000 900000010039fa38 900000000619a140 9000000006456888 9000000006456880 900000010039f950 0000000000000 0001 0000000000000001 cb0cb028ec7e52e1 0000000002b90000 9000000100348700 00000000000000000 000000000000000001 ffffffff916d12f1 00000000 00000003 0000000000040000 9000000007930370 0000000002b90000 0000000000000004 9000000006366000 900000000619a140 0000000000000000 00000000000000004 0000000000000000 0000 000000000009 ffffffffffc681f2 9000000002123940 9000000001ca55f8 9000000006366000 90000000047a4828 00007ffff057ded8 00000000000000b0 000 0000000000000 0000000000000000 0000000000071000 ... Seguimiento de llamadas: [<90000000047a4828>] show_stack+0x48/0x1a0 [<9000000005b61874>] dump_stack_lvl+0x84/0xcc [< 90000000047f60ac>] __advertir +0x8c/0x1e0 [<9000000005b0ab34>] report_bug+0x1b4/0x280 [<9000000005b63110>] do_bp+0x2d0/0x480 [<90000000047a2e20>] handle_bp+0x120/0x1c0 [<90000 000048e3334>] rcu_cpu_starting+0x214/0x280 [<90000000047bd568>] tlb_init +0x248/0x528 [<90000000047a4c44>] per_cpu_trap_init+0x124/0x160 [<90000000047a19f4>] cpu_probe+0x494/0xa00 [<90000000047b551c>] start_secondary+0x3c/0xc0 [ <9000000005b66134>] smpboot_entry+0x50/0x58"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/1001db6c42e4012b55e5ee19405490f23e033b5a", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/8bf2ca8c60712af288b88ba80f8e4df4573d923f", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/a262b78dd085dbe9b3c75dc1d9c4cd102b110b53", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/dffdf7c783ef291eef38a5a0037584fd1a7fa464", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "NVD-CWE-noinfo"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/1001db6c42e4012b55e5ee19405490f23e033b5a", }
"source": "af854a3a-2127-422b-91ae-364da2661108" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/8bf2ca8c60712af288b88ba80f8e4df4573d923f", "nodes": [
"source": "af854a3a-2127-422b-91ae-364da2661108" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/a262b78dd085dbe9b3c75dc1d9c4cd102b110b53", "cpeMatch": [
"source": "af854a3a-2127-422b-91ae-364da2661108" {
}, "vulnerable": true,
{ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"url": "https://git.kernel.org/stable/c/dffdf7c783ef291eef38a5a0037584fd1a7fa464", "versionEndExcluding": "6.1.80",
"source": "af854a3a-2127-422b-91ae-364da2661108" "matchCriteriaId": "68B819D6-60AD-446F-A1CF-814A2ADCB42C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.19",
"matchCriteriaId": "8D82004C-B2AE-4048-9344-32EFF65953B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.7",
"matchCriteriaId": "575EE16B-67F2-4B5B-B5F8-1877715C898B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1001db6c42e4012b55e5ee19405490f23e033b5a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8bf2ca8c60712af288b88ba80f8e4df4573d923f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a262b78dd085dbe9b3c75dc1d9c4cd102b110b53",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dffdf7c783ef291eef38a5a0037584fd1a7fa464",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1001db6c42e4012b55e5ee19405490f23e033b5a",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8bf2ca8c60712af288b88ba80f8e4df4573d923f",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a262b78dd085dbe9b3c75dc1d9c4cd102b110b53",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dffdf7c783ef291eef38a5a0037584fd1a7fa464",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

314
CVE-2024/CVE-2024-267xx/CVE-2024-26773.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26773", "id": "CVE-2024-26773",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:53.080", "published": "2024-04-03T17:15:53.080",
"lastModified": "2024-11-21T09:03:02.380", "lastModified": "2025-03-18T16:47:14.460",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,79 +15,253 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ext4: evite asignar bloques de un grupo da\u00f1ado en ext4_mb_try_best_found() Determine si el mapa de bits del bloque del grupo est\u00e1 da\u00f1ado antes de usar ac_b_ex en ext4_mb_try_best_found() para evitar asignar bloques de un grupo con un bloque da\u00f1ado mapa de bits en la siguiente concurrencia y empeorando la situaci\u00f3n. ext4_mb_regular_allocator ext4_lock_group(sb, group) ext4_mb_good_group // verifica si el bbitmap del grupo est\u00e1 da\u00f1ado ext4_mb_complex_scan_group // El grupo de escaneo obtiene ac_b_ex pero no lo usa ext4_unlock_group(sb, group) ext4_mark_group_bitmap_corrupted(group) // El mapa de bits del bloque se corrompi\u00f3 durante // el grupo desbloquea la brecha. ext4_mb_try_best_found ext4_lock_group(ac->ac_sb, group) ext4_mb_use_best_found mb_mark_used // Asignaci\u00f3n de bloques en un grupo da\u00f1ado de mapa de bits de bloques" "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ext4: evite asignar bloques de un grupo da\u00f1ado en ext4_mb_try_best_found() Determine si el mapa de bits del bloque del grupo est\u00e1 da\u00f1ado antes de usar ac_b_ex en ext4_mb_try_best_found() para evitar asignar bloques de un grupo con un bloque da\u00f1ado mapa de bits en la siguiente concurrencia y empeorando la situaci\u00f3n. ext4_mb_regular_allocator ext4_lock_group(sb, group) ext4_mb_good_group // verifica si el bbitmap del grupo est\u00e1 da\u00f1ado ext4_mb_complex_scan_group // El grupo de escaneo obtiene ac_b_ex pero no lo usa ext4_unlock_group(sb, group) ext4_mark_group_bitmap_corrupted(group) // El mapa de bits del bloque se corrompi\u00f3 durante // el grupo desbloquea la brecha. ext4_mb_try_best_found ext4_lock_group(ac->ac_sb, group) ext4_mb_use_best_found mb_mark_used // Asignaci\u00f3n de bloques en un grupo da\u00f1ado de mapa de bits de bloques"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "NVD-CWE-noinfo"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe", "cpeMatch": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "vulnerable": true,
{ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36", "versionEndExcluding": "4.19.308",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "matchCriteriaId": "B6FB6042-3E0F-4A36-8DED-B3C350612BDC"
}, },
{ {
"url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1", "vulnerable": true,
"source": "af854a3a-2127-422b-91ae-364da2661108" "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
}, "versionStartIncluding": "4.20",
{ "versionEndExcluding": "5.4.270",
"url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea", "matchCriteriaId": "5D8044B1-C7E8-44A4-9F03-A4D7BCDB1721"
"source": "af854a3a-2127-422b-91ae-364da2661108" },
}, {
{ "vulnerable": true,
"url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d", "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"source": "af854a3a-2127-422b-91ae-364da2661108" "versionStartIncluding": "5.5",
}, "versionEndExcluding": "5.10.211",
{ "matchCriteriaId": "7DDA4DCF-671D-415D-94DF-6E3C77DF0704"
"url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53", },
"source": "af854a3a-2127-422b-91ae-364da2661108" {
}, "vulnerable": true,
{ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5", "versionStartIncluding": "5.11",
"source": "af854a3a-2127-422b-91ae-364da2661108" "versionEndExcluding": "5.15.150",
}, "matchCriteriaId": "CB6C60DE-9E0C-46C5-904D-D4F4031F8E95"
{ },
"url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03", {
"source": "af854a3a-2127-422b-91ae-364da2661108" "vulnerable": true,
}, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
{ "versionStartIncluding": "5.16",
"url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe", "versionEndExcluding": "6.1.80",
"source": "af854a3a-2127-422b-91ae-364da2661108" "matchCriteriaId": "BA7850CE-97C9-4408-A348-6173296BCA2B"
}, },
{ {
"url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36", "vulnerable": true,
"source": "af854a3a-2127-422b-91ae-364da2661108" "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
}, "versionStartIncluding": "6.2",
{ "versionEndExcluding": "6.6.19",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "matchCriteriaId": "8D82004C-B2AE-4048-9344-32EFF65953B0"
"source": "af854a3a-2127-422b-91ae-364da2661108" },
}, {
{ "vulnerable": true,
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"source": "af854a3a-2127-422b-91ae-364da2661108" "versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.7",
"matchCriteriaId": "575EE16B-67F2-4B5B-B5F8-1877715C898B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
} }
] ]
} }

174
CVE-2024/CVE-2024-267xx/CVE-2024-26780.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26780", "id": "CVE-2024-26780",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-04T09:15:07.903", "published": "2024-04-04T09:15:07.903",
"lastModified": "2024-11-21T09:03:03.370", "lastModified": "2025-03-18T16:52:16.970",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,47 +15,145 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: af_unix: se corrigi\u00f3 la tarea bloqueada al purgar oob_skb en GC. syzbot inform\u00f3 que se hab\u00eda colgado una tarea; al mismo tiempo, GC hac\u00eda un bucle infinito en list_for_each_entry_safe() para OOB skb. [0] syzbot demostr\u00f3 que list_for_each_entry_safe() en realidad no era seguro en este caso. Un solo skb podr\u00eda tener referencias para m\u00faltiples sockets. Si liberamos dicho skb en list_for_each_entry_safe(), los sockets actual y siguiente podr\u00edan desvincularse en una sola iteraci\u00f3n. unix_notinflight() usa list_del_init() para desvincular el socket, por lo que el siguiente socket precargado forma un bucle y list_for_each_entry_safe() nunca se detiene. Aqu\u00ed, debemos usar while() y asegurarnos de buscar siempre el primer socket. [0]: Env\u00edo de NMI desde la CPU 0 a las CPU 1: seguimiento de NMI para la CPU 1 CPU: 1 PID: 5065 Comm: syz-executor236 Not tainted 6.8.0-rc3-syzkaller-00136-g1f719a2f3fa6 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 25/01/2024 RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [en l\u00ednea] RIP: 0010:check_kcov_mode kernel/kcov.c:173 [en l\u00ednea] RIP : 0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:207 C\u00f3digo: cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 14 25 40 c2 03 00 <65> 8b 05 b4 7c 78 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74 RSP: 0018:ffffc900033efa58 EFLAGS: 00000283 RAX: ffff88807b077800 RBX: ffff88807b077800 RCX: 1ffffffff27b1189 RDX: ffff88802a5a3b80 RSI: ffffffff8968488d RDI: ffff88807b077f70 RBP: ffffc900033efbb0 R08: 00000000000000001 R09: ffffbfff27a900c R10: ffffffff93d48067 R11: ffffffff8ae000eb R12: ffff88807b077800 R13: dffffc0000000000 R14: ffff88807b077e40 R15: 00000000000000001 FS: 0000000000000000(0000) GS:ffff888 0b9500000(0000) knlGS: 0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000564f4fc1e3a8 CR3: 000000000d57a000 CR4: 00000000003506f0 DR0: 00 00000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: unix_gc+0x563/0x13b0 net/unix/garbage.c:319 unix_release_sock+0xa93/0xf80 net/unix/af_unix.c:683 unix_release+0x91/0xf0 net/unix/af_unix.c:1064 __sock_release+0xb0/0x270 net/socket.c:659 sock_close+0x1c/0x30 net/socket.c:1421 __fput+0x270/0xb80 fs/file_table.c:376 task_work_run+0x14f/0x250 kernel/task_work.c:180 exit_task_work include/linux/task_work. h:38 [en l\u00ednea] do_exit+0xa8a/0x2ad0 kernel/exit.c:871 do_group_exit+0xd4/0x2a0 kernel/exit.c:1020 __do_sys_exit_group kernel/exit.c:1031 [en l\u00ednea] __se_sys_exit_group kernel/exit.c:1029 [ en l\u00ednea] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1029 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x6f/ 0x77 RIP: 0033:0x7f9d6cbdac09 C\u00f3digo: No se puede acceder a los bytes del c\u00f3digo de operaci\u00f3n en 0x7f9d6cbdabdf. RSP: 002b:00007fff5952feb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00000000000000000 RCX: 00007f9d6cbdac09 RDX: 00000000 0000003c RSI: 00000000000000e7 RDI: 00000000000000000 RBP: 00007f9d6cc552b0 R08: ffffffffffffffffb8 R09: 0000000000000006 R10: 00000000000000006 R1 1: 0000000000000246 R12: 00007f9d6cc552b0 R13: 0000000000000000 R14: 00007f9d6cc55d00 R15: 00007f9d6cbabe70 " "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: af_unix: se corrigi\u00f3 la tarea bloqueada al purgar oob_skb en GC. syzbot inform\u00f3 que se hab\u00eda colgado una tarea; al mismo tiempo, GC hac\u00eda un bucle infinito en list_for_each_entry_safe() para OOB skb. [0] syzbot demostr\u00f3 que list_for_each_entry_safe() en realidad no era seguro en este caso. Un solo skb podr\u00eda tener referencias para m\u00faltiples sockets. Si liberamos dicho skb en list_for_each_entry_safe(), los sockets actual y siguiente podr\u00edan desvincularse en una sola iteraci\u00f3n. unix_notinflight() usa list_del_init() para desvincular el socket, por lo que el siguiente socket precargado forma un bucle y list_for_each_entry_safe() nunca se detiene. Aqu\u00ed, debemos usar while() y asegurarnos de buscar siempre el primer socket. [0]: Env\u00edo de NMI desde la CPU 0 a las CPU 1: seguimiento de NMI para la CPU 1 CPU: 1 PID: 5065 Comm: syz-executor236 Not tainted 6.8.0-rc3-syzkaller-00136-g1f719a2f3fa6 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 25/01/2024 RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [en l\u00ednea] RIP: 0010:check_kcov_mode kernel/kcov.c:173 [en l\u00ednea] RIP : 0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:207 C\u00f3digo: cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 14 25 40 c2 03 00 <65> 8b 05 b4 7c 78 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74 RSP: 0018:ffffc900033efa58 EFLAGS: 00000283 RAX: ffff88807b077800 RBX: ffff88807b077800 RCX: 1ffffffff27b1189 RDX: ffff88802a5a3b80 RSI: ffffffff8968488d RDI: ffff88807b077f70 RBP: ffffc900033efbb0 R08: 00000000000000001 R09: ffffbfff27a900c R10: ffffffff93d48067 R11: ffffffff8ae000eb R12: ffff88807b077800 R13: dffffc0000000000 R14: ffff88807b077e40 R15: 00000000000000001 FS: 0000000000000000(0000) GS:ffff888 0b9500000(0000) knlGS: 0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000564f4fc1e3a8 CR3: 000000000d57a000 CR4: 00000000003506f0 DR0: 00 00000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: unix_gc+0x563/0x13b0 net/unix/garbage.c:319 unix_release_sock+0xa93/0xf80 net/unix/af_unix.c:683 unix_release+0x91/0xf0 net/unix/af_unix.c:1064 __sock_release+0xb0/0x270 net/socket.c:659 sock_close+0x1c/0x30 net/socket.c:1421 __fput+0x270/0xb80 fs/file_table.c:376 task_work_run+0x14f/0x250 kernel/task_work.c:180 exit_task_work include/linux/task_work. h:38 [en l\u00ednea] do_exit+0xa8a/0x2ad0 kernel/exit.c:871 do_group_exit+0xd4/0x2a0 kernel/exit.c:1020 __do_sys_exit_group kernel/exit.c:1031 [en l\u00ednea] __se_sys_exit_group kernel/exit.c:1029 [ en l\u00ednea] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1029 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x6f/ 0x77 RIP: 0033:0x7f9d6cbdac09 C\u00f3digo: No se puede acceder a los bytes del c\u00f3digo de operaci\u00f3n en 0x7f9d6cbdabdf. RSP: 002b:00007fff5952feb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00000000000000000 RCX: 00007f9d6cbdac09 RDX: 00000000 0000003c RSI: 00000000000000e7 RDI: 00000000000000000 RBP: 00007f9d6cc552b0 R08: ffffffffffffffffb8 R09: 0000000000000006 R10: 00000000000000006 R1 1: 0000000000000246 R12: 00007f9d6cc552b0 R13: 0000000000000000 R14: 00007f9d6cc55d00 R15: 00007f9d6cbabe70 "
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/25236c91b5ab4a26a56ba2e79b8060cf4e047839", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/2a3d40b4025fcfe51b04924979f1653993b17669", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/36f7371de977f805750748e80279be7e370df85c", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/69e0f04460f4037e01e29f0d9675544f62aafca3", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-835"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/cb8890318dde26fc89c6ea67d6e9070ab50b6e91", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/25236c91b5ab4a26a56ba2e79b8060cf4e047839", "nodes": [
"source": "af854a3a-2127-422b-91ae-364da2661108" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/2a3d40b4025fcfe51b04924979f1653993b17669", "cpeMatch": [
"source": "af854a3a-2127-422b-91ae-364da2661108" {
}, "vulnerable": true,
{ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"url": "https://git.kernel.org/stable/c/36f7371de977f805750748e80279be7e370df85c", "versionStartIncluding": "6.1.78",
"source": "af854a3a-2127-422b-91ae-364da2661108" "versionEndExcluding": "6.1.81",
}, "matchCriteriaId": "85752186-97BF-451B-A0A1-B9181CD9F5D5"
{ },
"url": "https://git.kernel.org/stable/c/69e0f04460f4037e01e29f0d9675544f62aafca3", {
"source": "af854a3a-2127-422b-91ae-364da2661108" "vulnerable": true,
}, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
{ "versionStartIncluding": "6.6.17",
"url": "https://git.kernel.org/stable/c/cb8890318dde26fc89c6ea67d6e9070ab50b6e91", "versionEndExcluding": "6.6.21",
"source": "af854a3a-2127-422b-91ae-364da2661108" "matchCriteriaId": "4E553753-6598-4B25-B84D-3DB82F691AFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.5",
"versionEndExcluding": "6.7.9",
"matchCriteriaId": "EF2110E3-BADE-4676-95D2-56D0C24589C1"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/25236c91b5ab4a26a56ba2e79b8060cf4e047839",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2a3d40b4025fcfe51b04924979f1653993b17669",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/36f7371de977f805750748e80279be7e370df85c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/69e0f04460f4037e01e29f0d9675544f62aafca3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cb8890318dde26fc89c6ea67d6e9070ab50b6e91",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/25236c91b5ab4a26a56ba2e79b8060cf4e047839",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2a3d40b4025fcfe51b04924979f1653993b17669",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/36f7371de977f805750748e80279be7e370df85c",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/69e0f04460f4037e01e29f0d9675544f62aafca3",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cb8890318dde26fc89c6ea67d6e9070ab50b6e91",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

153
CVE-2024/CVE-2024-267xx/CVE-2024-26783.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26783", "id": "CVE-2024-26783",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-04T09:15:08.077", "published": "2024-04-04T09:15:08.077",
"lastModified": "2024-11-21T09:03:03.733", "lastModified": "2025-03-18T16:53:41.060",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,140 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm/vmscan: corrige un error al llamar a wakeup_kswapd() con un \u00edndice de zona incorrecto Con el equilibrio numa activado, cuando se ejecuta un SYSTEM numa donde un nodo numa no tiene su memoria local por lo que no tiene zonas administradas, se ha observado lo siguiente. Es porque se llama a wakeup_kswapd() con un \u00edndice de zona incorrecto, -1. Se solucion\u00f3 verificando el \u00edndice antes de llamar a wakeup_kswapd(). > ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 00000000000033f3 > #PF: acceso de lectura del supervisor en modo kernel > #PF: error_code(0x0000) - p\u00e1gina no presente > PGD 0 P4D 0 > Ups: 0000 [#1] SMP PREEMPT NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu .org 01/04/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > C\u00f3digo: (omitido) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883f ff0480RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ff ff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 00000000000000000 R15: ffff88883fff0940 > FS: 0000 7fc4b8124740(0000) GS: ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 00000000000000000 DR6: 00000000ffe0ff0 DR7: 000 0000000000400 > PKRU: 55555554 > Rastreo de llamadas: > > ? __morir > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrar_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > C\u00f3digo: (omitido) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00 010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 00000000000000075 > R10: 0000000000000000 R11: 0 000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > " "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm/vmscan: corrige un error al llamar a wakeup_kswapd() con un \u00edndice de zona incorrecto Con el equilibrio numa activado, cuando se ejecuta un SYSTEM numa donde un nodo numa no tiene su memoria local por lo que no tiene zonas administradas, se ha observado lo siguiente. Es porque se llama a wakeup_kswapd() con un \u00edndice de zona incorrecto, -1. Se solucion\u00f3 verificando el \u00edndice antes de llamar a wakeup_kswapd(). > ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 00000000000033f3 > #PF: acceso de lectura del supervisor en modo kernel > #PF: error_code(0x0000) - p\u00e1gina no presente > PGD 0 P4D 0 > Ups: 0000 [#1] SMP PREEMPT NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu .org 01/04/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > C\u00f3digo: (omitido) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883f ff0480RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ff ff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 00000000000000000 R15: ffff88883fff0940 > FS: 0000 7fc4b8124740(0000) GS: ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 00000000000000000 DR6: 00000000ffe0ff0 DR7: 000 0000000000400 > PKRU: 55555554 > Rastreo de llamadas: > > ? __morir > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrar_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > C\u00f3digo: (omitido) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00 010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 00000000000000075 > R10: 0000000000000000 R11: 0 000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > "
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/2774f256e7c0219e2b0a0894af1c76bdabc4f974", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/bdd21eed8b72f9e28d6c279f6db258e090c79080", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/d6159bd4c00594249e305bfe02304c67c506264e", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/2774f256e7c0219e2b0a0894af1c76bdabc4f974", "lang": "en",
"source": "af854a3a-2127-422b-91ae-364da2661108" "value": "NVD-CWE-noinfo"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/bdd21eed8b72f9e28d6c279f6db258e090c79080", }
"source": "af854a3a-2127-422b-91ae-364da2661108" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/d6159bd4c00594249e305bfe02304c67c506264e", "nodes": [
"source": "af854a3a-2127-422b-91ae-364da2661108" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18",
"versionEndExcluding": "6.6.22",
"matchCriteriaId": "A6D9B00F-1C32-42E5-A982-2FB0E9273753"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.9",
"matchCriteriaId": "1C538467-EDA0-4A9A-82EB-2925DE9FF827"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AEB9199B-AB8F-4877-8964-E2BA95B5F15C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2774f256e7c0219e2b0a0894af1c76bdabc4f974",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bdd21eed8b72f9e28d6c279f6db258e090c79080",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d6159bd4c00594249e305bfe02304c67c506264e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2774f256e7c0219e2b0a0894af1c76bdabc4f974",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bdd21eed8b72f9e28d6c279f6db258e090c79080",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d6159bd4c00594249e305bfe02304c67c506264e",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

12
CVE-2024/CVE-2024-273xx/CVE-2024-27382.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27382", "id": "CVE-2024-27382",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-05T19:15:14.957", "published": "2024-06-05T19:15:14.957",
"lastModified": "2024-11-21T09:04:29.837", "lastModified": "2025-03-18T16:15:21.107",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-125" "value": "CWE-125"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
} }
], ],
"configurations": [ "configurations": [

60
CVE-2024/CVE-2024-279xx/CVE-2024-27953.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27953", "id": "CVE-2024-27953",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-13T17:15:48.993", "published": "2024-03-13T17:15:48.993",
"lastModified": "2024-11-21T09:05:29.663", "lastModified": "2025-03-18T15:20:11.773",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 3.4 "impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
} }
] ]
}, },
@ -51,14 +71,38 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://patchstack.com/database/vulnerability/cryptocurrency-price-ticker-widget/wordpress-cryptocurrency-widgets-plugin-2-6-8-broken-access-control-vulnerability?_s_id=cve", "nodes": [
"source": "audit@patchstack.com"
},
{ {
"url": "https://patchstack.com/database/vulnerability/cryptocurrency-price-ticker-widget/wordpress-cryptocurrency-widgets-plugin-2-6-8-broken-access-control-vulnerability?_s_id=cve", "operator": "OR",
"source": "af854a3a-2127-422b-91ae-364da2661108" "negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.6.9",
"matchCriteriaId": "6F78E719-F36B-4379-B92E-5FDD05ADB1E4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cryptocurrency-price-ticker-widget/wordpress-cryptocurrency-widgets-plugin-2-6-8-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/cryptocurrency-price-ticker-widget/wordpress-cryptocurrency-widgets-plugin-2-6-8-broken-access-control-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

22
CVE-2024/CVE-2024-28xx/CVE-2024-2885.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2885", "id": "CVE-2024-2885",
"sourceIdentifier": "chrome-cve-admin@google.com", "sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-03-26T21:15:53.220", "published": "2024-03-26T21:15:53.220",
"lastModified": "2024-12-19T16:04:04.557", "lastModified": "2025-03-18T16:15:21.350",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -42,11 +42,11 @@
"type": "Secondary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.5, "baseScore": 8.8,
"baseSeverity": "HIGH", "baseSeverity": "HIGH",
"attackVector": "NETWORK", "attackVector": "NETWORK",
"attackComplexity": "HIGH", "attackComplexity": "LOW",
"privilegesRequired": "NONE", "privilegesRequired": "NONE",
"userInteraction": "REQUIRED", "userInteraction": "REQUIRED",
"scope": "UNCHANGED", "scope": "UNCHANGED",
@ -54,7 +54,7 @@
"integrityImpact": "HIGH", "integrityImpact": "HIGH",
"availabilityImpact": "HIGH" "availabilityImpact": "HIGH"
}, },
"exploitabilityScore": 1.6, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
} }
] ]
@ -69,6 +69,16 @@
"value": "CWE-416" "value": "CWE-416"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2024/CVE-2024-297xx/CVE-2024-29785.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29785", "id": "CVE-2024-29785",
"sourceIdentifier": "dsap-vuln-management@google.com", "sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:52.180", "published": "2024-06-13T21:15:52.180",
"lastModified": "2024-11-21T09:08:19.567", "lastModified": "2025-03-18T15:15:48.267",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-908" "value": "CWE-908"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
} }
], ],
"configurations": [ "configurations": [

63
CVE-2024/CVE-2024-298xx/CVE-2024-29831.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29831", "id": "CVE-2024-29831",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2024-08-12T13:38:18.560", "published": "2024-08-12T13:38:18.560",
"lastModified": "2024-11-21T09:08:25.767", "lastModified": "2025-03-18T15:56:38.357",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -49,16 +69,51 @@
"value": "CWE-20" "value": "CWE-20"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.2",
"matchCriteriaId": "CA3F4CF0-C52D-4EC7-AEA3-4B49F30F0B9C"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0", "url": "https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "http://www.openwall.com/lists/oss-security/2024/08/09/6", "url": "http://www.openwall.com/lists/oss-security/2024/08/09/6",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-318xx/CVE-2024-31805.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31805", "id": "CVE-2024-31805",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T13:15:08.500", "published": "2024-04-08T13:15:08.500",
"lastModified": "2024-11-21T09:13:54.427", "lastModified": "2025-03-18T16:04:21.413",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,51 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_5_setTelnetCfg/CI.md", "operator": "AND",
"source": "cve@mitre.org" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA2333-6AF0-4F2C-8695-0DE2024C634E"
}
]
}, },
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_5_setTelnetCfg/CI.md", "operator": "OR",
"source": "af854a3a-2127-422b-91ae-364da2661108" "negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDF09E-D255-4F5B-A099-71EE37A56492"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_5_setTelnetCfg/CI.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_5_setTelnetCfg/CI.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

49
CVE-2024/CVE-2024-318xx/CVE-2024-31806.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31806", "id": "CVE-2024-31806",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T13:15:08.550", "published": "2024-04-08T13:15:08.550",
"lastModified": "2025-03-13T14:15:25.800", "lastModified": "2025-03-18T16:04:16.430",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,49 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/DoS_RebootSystem/DoS.md", "operator": "AND",
"source": "cve@mitre.org" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA2333-6AF0-4F2C-8695-0DE2024C634E"
}
]
}, },
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/DoS_RebootSystem/DoS.md", "operator": "OR",
"source": "af854a3a-2127-422b-91ae-364da2661108" "negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDF09E-D255-4F5B-A099-71EE37A56492"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/DoS_RebootSystem/DoS.md",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/DoS_RebootSystem/DoS.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-318xx/CVE-2024-31807.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31807", "id": "CVE-2024-31807",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T13:15:08.603", "published": "2024-04-08T13:15:08.603",
"lastModified": "2024-11-21T09:13:54.877", "lastModified": "2025-03-18T16:04:11.190",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,51 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_2_NTPSyncWithHost/CI.md", "operator": "AND",
"source": "cve@mitre.org" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA2333-6AF0-4F2C-8695-0DE2024C634E"
}
]
}, },
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_2_NTPSyncWithHost/CI.md", "operator": "OR",
"source": "af854a3a-2127-422b-91ae-364da2661108" "negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDF09E-D255-4F5B-A099-71EE37A56492"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_2_NTPSyncWithHost/CI.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_2_NTPSyncWithHost/CI.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-318xx/CVE-2024-31808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31808", "id": "CVE-2024-31808",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T13:15:08.650", "published": "2024-04-08T13:15:08.650",
"lastModified": "2024-11-21T09:13:55.113", "lastModified": "2025-03-18T16:04:05.817",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,51 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_3_setWebWlanIdx/CI.md", "operator": "AND",
"source": "cve@mitre.org" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA2333-6AF0-4F2C-8695-0DE2024C634E"
}
]
}, },
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_3_setWebWlanIdx/CI.md", "operator": "OR",
"source": "af854a3a-2127-422b-91ae-364da2661108" "negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDF09E-D255-4F5B-A099-71EE37A56492"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_3_setWebWlanIdx/CI.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_3_setWebWlanIdx/CI.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-318xx/CVE-2024-31809.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31809", "id": "CVE-2024-31809",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T13:15:08.700", "published": "2024-04-08T13:15:08.700",
"lastModified": "2024-11-21T09:13:55.333", "lastModified": "2025-03-18T16:03:53.180",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,51 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_4_setUpgradeFW/CI.md", "operator": "AND",
"source": "cve@mitre.org" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA2333-6AF0-4F2C-8695-0DE2024C634E"
}
]
}, },
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_4_setUpgradeFW/CI.md", "operator": "OR",
"source": "af854a3a-2127-422b-91ae-364da2661108" "negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDF09E-D255-4F5B-A099-71EE37A56492"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_4_setUpgradeFW/CI.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_4_setUpgradeFW/CI.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-318xx/CVE-2024-31811.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31811", "id": "CVE-2024-31811",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T13:15:08.750", "published": "2024-04-08T13:15:08.750",
"lastModified": "2024-11-21T09:13:55.707", "lastModified": "2025-03-18T16:03:42.680",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,51 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_1_setLanguageCfg/CI.md", "operator": "AND",
"source": "cve@mitre.org" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA2333-6AF0-4F2C-8695-0DE2024C634E"
}
]
}, },
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_1_setLanguageCfg/CI.md", "operator": "OR",
"source": "af854a3a-2127-422b-91ae-364da2661108" "negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDF09E-D255-4F5B-A099-71EE37A56492"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_1_setLanguageCfg/CI.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_1_setLanguageCfg/CI.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

49
CVE-2024/CVE-2024-318xx/CVE-2024-31812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31812", "id": "CVE-2024-31812",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T13:15:08.800", "published": "2024-04-08T13:15:08.800",
"lastModified": "2024-11-21T09:13:55.930", "lastModified": "2025-03-18T16:03:37.920",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,49 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Leak_getWiFiExtenderConfig/Leak.md", "operator": "AND",
"source": "cve@mitre.org" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA2333-6AF0-4F2C-8695-0DE2024C634E"
}
]
}, },
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Leak_getWiFiExtenderConfig/Leak.md", "operator": "OR",
"source": "af854a3a-2127-422b-91ae-364da2661108" "negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDF09E-D255-4F5B-A099-71EE37A56492"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Leak_getWiFiExtenderConfig/Leak.md",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Leak_getWiFiExtenderConfig/Leak.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

49
CVE-2024/CVE-2024-318xx/CVE-2024-31813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31813", "id": "CVE-2024-31813",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T13:15:08.840", "published": "2024-04-08T13:15:08.840",
"lastModified": "2024-11-21T09:13:56.147", "lastModified": "2025-03-18T16:03:30.870",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,49 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Missing_Authentication/missauth.md", "operator": "AND",
"source": "cve@mitre.org" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA2333-6AF0-4F2C-8695-0DE2024C634E"
}
]
}, },
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Missing_Authentication/missauth.md", "operator": "OR",
"source": "af854a3a-2127-422b-91ae-364da2661108" "negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDF09E-D255-4F5B-A099-71EE37A56492"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Missing_Authentication/missauth.md",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Missing_Authentication/missauth.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-318xx/CVE-2024-31814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31814", "id": "CVE-2024-31814",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T13:15:08.887", "published": "2024-04-08T13:15:08.887",
"lastModified": "2024-11-21T09:13:56.373", "lastModified": "2025-03-18T16:03:02.557",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,51 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Login_Bypass/bypass.md", "operator": "AND",
"source": "cve@mitre.org" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA2333-6AF0-4F2C-8695-0DE2024C634E"
}
]
}, },
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Login_Bypass/bypass.md", "operator": "OR",
"source": "af854a3a-2127-422b-91ae-364da2661108" "negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDF09E-D255-4F5B-A099-71EE37A56492"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Login_Bypass/bypass.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Login_Bypass/bypass.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

49
CVE-2024/CVE-2024-318xx/CVE-2024-31816.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31816", "id": "CVE-2024-31816",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T13:15:08.987", "published": "2024-04-08T13:15:08.987",
"lastModified": "2024-11-21T09:13:56.820", "lastModified": "2025-03-18T16:02:17.737",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,49 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Leak_getEasyWizardCfg/Leak.md", "operator": "AND",
"source": "cve@mitre.org" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA2333-6AF0-4F2C-8695-0DE2024C634E"
}
]
}, },
{ {
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Leak_getEasyWizardCfg/Leak.md", "operator": "OR",
"source": "af854a3a-2127-422b-91ae-364da2661108" "negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDF09E-D255-4F5B-A099-71EE37A56492"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Leak_getEasyWizardCfg/Leak.md",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/Leak_getEasyWizardCfg/Leak.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

98
CVE-2024/CVE-2024-340xx/CVE-2024-34092.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34092", "id": "CVE-2024-34092",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-06T16:15:13.770", "published": "2024-05-06T16:15:13.770",
"lastModified": "2024-11-21T09:18:04.823", "lastModified": "2025-03-18T15:22:43.557",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,93 @@
"value": "Se descubri\u00f3 un problema en Archer Platform 6 antes del 2024.04. La autenticaci\u00f3n se manej\u00f3 mal porque el bloqueo no finaliz\u00f3 una sesi\u00f3n existente. 6.14 P3 (6.14.0.3) tambi\u00e9n es una versi\u00f3n corregida." "value": "Se descubri\u00f3 un problema en Archer Platform 6 antes del 2024.04. La autenticaci\u00f3n se manej\u00f3 mal porque el bloqueo no finaliz\u00f3 una sesi\u00f3n existente. 6.14 P3 (6.14.0.3) tambi\u00e9n es una versi\u00f3n corregida."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://archerirm.com", "source": "nvd@nist.gov",
"source": "cve@mitre.org" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 2.8,
"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963", "impactScore": 5.9
"source": "cve@mitre.org" }
]
}, },
"weaknesses": [
{ {
"url": "https://archerirm.com", "source": "nvd@nist.gov",
"source": "af854a3a-2127-422b-91ae-364da2661108" "type": "Primary",
}, "description": [
{ {
"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963", "lang": "en",
"source": "af854a3a-2127-422b-91ae-364da2661108" "value": "CWE-613"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.0.3",
"matchCriteriaId": "E4643898-6CFC-4F96-8564-BE6A46E7B75F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:archerirm:archer:2024.03:*:*:*:*:*:*:*",
"matchCriteriaId": "14B1EA5F-1E5D-4A30-88E5-4460188A7D19"
}
]
}
]
}
],
"references": [
{
"url": "https://archerirm.com",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://archerirm.com",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

80
CVE-2024/CVE-2024-340xx/CVE-2024-34093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34093", "id": "CVE-2024-34093",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-06T16:15:13.817", "published": "2024-05-06T16:15:13.817",
"lastModified": "2024-11-21T09:18:04.953", "lastModified": "2025-03-18T15:26:21.247",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
} }
] ]
}, },
@ -51,22 +71,52 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://archerirm.com", "nodes": [
"source": "cve@mitre.org"
},
{ {
"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963", "operator": "OR",
"source": "cve@mitre.org" "negate": false,
}, "cpeMatch": [
{ {
"url": "https://archerirm.com", "vulnerable": true,
"source": "af854a3a-2127-422b-91ae-364da2661108" "criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*",
}, "versionEndExcluding": "2024.03",
{ "matchCriteriaId": "FB9541F4-9921-4907-ABCF-EFB8B0674BCF"
"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963", }
"source": "af854a3a-2127-422b-91ae-364da2661108" ]
}
]
}
],
"references": [
{
"url": "https://archerirm.com",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://archerirm.com",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

14
CVE-2024/CVE-2024-354xx/CVE-2024-35426.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35426", "id": "CVE-2024-35426",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T23:15:03.580", "published": "2024-11-08T23:15:03.580",
"lastModified": "2024-11-12T15:35:05.420", "lastModified": "2025-03-18T15:15:50.280",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -39,6 +39,18 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/haruki3hhh/9d2a5a139a8b72517009953d0ba7338c", "url": "https://gist.github.com/haruki3hhh/9d2a5a139a8b72517009953d0ba7338c",

46
CVE-2024/CVE-2024-35xx/CVE-2024-3596.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3596", "id": "CVE-2024-3596",
"sourceIdentifier": "cret@cert.org", "sourceIdentifier": "cret@cert.org",
"published": "2024-07-09T12:15:20.700", "published": "2024-07-09T12:15:20.700",
"lastModified": "2024-12-30T19:23:20.437", "lastModified": "2025-03-18T16:15:22.140",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.2, "exploitabilityScore": 2.2,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
} }
] ]
}, },
@ -53,6 +73,28 @@
"value": "CWE-924" "value": "CWE-924"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-328"
},
{
"lang": "en",
"value": "CWE-354"
},
{
"lang": "en",
"value": "CWE-924"
}
]
} }
], ],
"configurations": [ "configurations": [

12
CVE-2024/CVE-2024-363xx/CVE-2024-36359.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36359", "id": "CVE-2024-36359",
"sourceIdentifier": "security@trendmicro.com", "sourceIdentifier": "security@trendmicro.com",
"published": "2024-06-10T22:15:11.413", "published": "2024-06-10T22:15:11.413",
"lastModified": "2024-11-21T09:22:01.040", "lastModified": "2025-03-18T16:15:21.627",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

14
CVE-2024/CVE-2024-374xx/CVE-2024-37479.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37479", "id": "CVE-2024-37479",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-02T08:15:06.190", "published": "2024-07-02T08:15:06.190",
"lastModified": "2024-11-21T09:23:54.570", "lastModified": "2025-03-18T15:15:50.993",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -39,6 +39,18 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/lastudio-element-kit/wordpress-la-studio-element-kit-for-elementor-plugin-1-3-8-1-local-file-inclusion-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/lastudio-element-kit/wordpress-la-studio-element-kit-for-elementor-plugin-1-3-8-1-local-file-inclusion-vulnerability?_s_id=cve",

32
CVE-2024/CVE-2024-376xx/CVE-2024-37675.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37675", "id": "CVE-2024-37675",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-21T17:15:11.143", "published": "2024-06-21T17:15:11.143",
"lastModified": "2024-11-21T09:24:13.560", "lastModified": "2025-03-18T15:15:51.737",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 2.3,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

14
CVE-2024/CVE-2024-388xx/CVE-2024-38816.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38816", "id": "CVE-2024-38816",
"sourceIdentifier": "security@vmware.com", "sourceIdentifier": "security@vmware.com",
"published": "2024-09-13T06:15:11.190", "published": "2024-09-13T06:15:11.190",
"lastModified": "2024-12-27T16:15:24.313", "lastModified": "2025-03-18T15:15:52.397",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -39,6 +39,18 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://spring.io/security/cve-2024-38816", "url": "https://spring.io/security/cve-2024-38816",

32
CVE-2024/CVE-2024-392xx/CVE-2024-39248.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39248", "id": "CVE-2024-39248",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T17:15:04.303", "published": "2024-07-03T17:15:04.303",
"lastModified": "2024-11-21T09:27:21.960", "lastModified": "2025-03-18T15:15:52.563",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 2.3,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

Some files were not shown because too many files have changed in this diff Show More