From 27c9f3c5d88827cea10efa6eddfd00c668ea117f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 6 Dec 2024 10:02:12 +0000 Subject: [PATCH] Auto-Update: 2024-12-06T09:59:00.639117+00:00 --- CVE-2005/CVE-2005-31xx/CVE-2005-3170.json | 35 +- CVE-2017/CVE-2017-133xx/CVE-2017-13308.json | 21 + CVE-2018/CVE-2018-93xx/CVE-2018-9386.json | 21 + CVE-2018/CVE-2018-93xx/CVE-2018-9388.json | 21 + CVE-2018/CVE-2018-93xx/CVE-2018-9390.json | 21 + CVE-2018/CVE-2018-93xx/CVE-2018-9391.json | 21 + CVE-2018/CVE-2018-93xx/CVE-2018-9392.json | 45 +- CVE-2018/CVE-2018-93xx/CVE-2018-9393.json | 45 +- CVE-2018/CVE-2018-93xx/CVE-2018-9394.json | 45 +- CVE-2018/CVE-2018-93xx/CVE-2018-9395.json | 45 +- CVE-2018/CVE-2018-93xx/CVE-2018-9396.json | 45 +- CVE-2018/CVE-2018-93xx/CVE-2018-9397.json | 41 +- CVE-2018/CVE-2018-93xx/CVE-2018-9398.json | 41 +- CVE-2018/CVE-2018-93xx/CVE-2018-9399.json | 41 +- CVE-2018/CVE-2018-94xx/CVE-2018-9400.json | 41 +- CVE-2018/CVE-2018-94xx/CVE-2018-9402.json | 41 +- CVE-2018/CVE-2018-94xx/CVE-2018-9403.json | 45 +- CVE-2018/CVE-2018-94xx/CVE-2018-9404.json | 45 +- CVE-2018/CVE-2018-94xx/CVE-2018-9407.json | 45 +- CVE-2018/CVE-2018-94xx/CVE-2018-9408.json | 45 +- CVE-2018/CVE-2018-94xx/CVE-2018-9412.json | 15 +- CVE-2018/CVE-2018-94xx/CVE-2018-9439.json | 45 +- CVE-2018/CVE-2018-94xx/CVE-2018-9462.json | 45 +- CVE-2018/CVE-2018-94xx/CVE-2018-9463.json | 41 +- CVE-2018/CVE-2018-94xx/CVE-2018-9481.json | 16 +- CVE-2021/CVE-2021-09xx/CVE-2021-0937.json | 16 + CVE-2021/CVE-2021-204xx/CVE-2021-20450.json | 28 +- CVE-2021/CVE-2021-302xx/CVE-2021-30205.json | 28 +- CVE-2021/CVE-2021-316xx/CVE-2021-31635.json | 28 +- CVE-2021/CVE-2021-474xx/CVE-2021-47488.json | 25 +- CVE-2022/CVE-2022-07xx/CVE-2022-0788.json | 7 +- CVE-2022/CVE-2022-411xx/CVE-2022-41137.json | 72 +++ CVE-2022/CVE-2022-428xx/CVE-2022-42860.json | 44 +- CVE-2022/CVE-2022-454xx/CVE-2022-45439.json | 55 +- CVE-2022/CVE-2022-454xx/CVE-2022-45441.json | 55 +- CVE-2022/CVE-2022-467xx/CVE-2022-46718.json | 52 +- CVE-2023/CVE-2023-211xx/CVE-2023-21175.json | 27 +- CVE-2023/CVE-2023-211xx/CVE-2023-21176.json | 27 +- CVE-2023/CVE-2023-211xx/CVE-2023-21187.json | 27 +- CVE-2023/CVE-2023-215xx/CVE-2023-21513.json | 53 +- CVE-2023/CVE-2023-235xx/CVE-2023-23516.json | 42 +- CVE-2023/CVE-2023-281xx/CVE-2023-28191.json | 66 ++- CVE-2023/CVE-2023-282xx/CVE-2023-28202.json | 50 +- CVE-2023/CVE-2023-288xx/CVE-2023-28826.json | 168 +++++- CVE-2023/CVE-2023-309xx/CVE-2023-30902.json | 50 +- CVE-2023/CVE-2023-323xx/CVE-2023-32351.json | 26 +- CVE-2023/CVE-2023-323xx/CVE-2023-32352.json | 62 ++- CVE-2023/CVE-2023-323xx/CVE-2023-32353.json | 26 +- CVE-2023/CVE-2023-323xx/CVE-2023-32355.json | 42 +- CVE-2023/CVE-2023-323xx/CVE-2023-32357.json | 66 ++- CVE-2023/CVE-2023-323xx/CVE-2023-32360.json | 46 +- CVE-2023/CVE-2023-323xx/CVE-2023-32363.json | 26 +- CVE-2023/CVE-2023-323xx/CVE-2023-32369.json | 50 +- CVE-2023/CVE-2023-323xx/CVE-2023-32371.json | 42 +- CVE-2023/CVE-2023-323xx/CVE-2023-32372.json | 68 ++- CVE-2023/CVE-2023-323xx/CVE-2023-32375.json | 52 +- CVE-2023/CVE-2023-323xx/CVE-2023-32385.json | 34 +- CVE-2023/CVE-2023-323xx/CVE-2023-32386.json | 42 +- CVE-2023/CVE-2023-323xx/CVE-2023-32388.json | 46 +- CVE-2023/CVE-2023-323xx/CVE-2023-32389.json | 50 +- CVE-2023/CVE-2023-323xx/CVE-2023-32390.json | 46 +- CVE-2023/CVE-2023-323xx/CVE-2023-32391.json | 54 +- CVE-2023/CVE-2023-323xx/CVE-2023-32395.json | 42 +- CVE-2023/CVE-2023-323xx/CVE-2023-32397.json | 50 +- CVE-2023/CVE-2023-323xx/CVE-2023-32399.json | 50 +- CVE-2023/CVE-2023-324xx/CVE-2023-32400.json | 46 +- CVE-2023/CVE-2023-324xx/CVE-2023-32403.json | 74 ++- CVE-2023/CVE-2023-324xx/CVE-2023-32404.json | 46 +- CVE-2023/CVE-2023-324xx/CVE-2023-32405.json | 42 +- CVE-2023/CVE-2023-324xx/CVE-2023-32407.json | 74 ++- CVE-2023/CVE-2023-324xx/CVE-2023-32414.json | 26 +- CVE-2023/CVE-2023-324xx/CVE-2023-32415.json | 42 +- CVE-2023/CVE-2023-325xx/CVE-2023-32525.json | 36 +- CVE-2023/CVE-2023-346xx/CVE-2023-34672.json | 35 +- CVE-2023/CVE-2023-366xx/CVE-2023-36664.json | 53 +- CVE-2023/CVE-2023-428xx/CVE-2023-42834.json | 151 ++++- CVE-2023/CVE-2023-429xx/CVE-2023-42952.json | 132 ++++- CVE-2023/CVE-2023-429xx/CVE-2023-42953.json | 131 ++++- CVE-2023/CVE-2023-457xx/CVE-2023-45727.json | 6 +- CVE-2023/CVE-2023-480xx/CVE-2023-48010.json | 25 + CVE-2023/CVE-2023-499xx/CVE-2023-49987.json | 47 +- CVE-2023/CVE-2023-509xx/CVE-2023-50913.json | 25 + CVE-2023/CVE-2023-523xx/CVE-2023-52357.json | 49 +- CVE-2023/CVE-2023-61xx/CVE-2023-6110.json | 22 +- CVE-2024/CVE-2024-02xx/CVE-2024-0258.json | 169 +++++- CVE-2024/CVE-2024-100xx/CVE-2024-10056.json | 64 +++ CVE-2024/CVE-2024-101xx/CVE-2024-10178.json | 64 +++ CVE-2024/CVE-2024-102xx/CVE-2024-10247.json | 68 +++ CVE-2024/CVE-2024-103xx/CVE-2024-10320.json | 60 ++ CVE-2024/CVE-2024-104xx/CVE-2024-10480.json | 21 + CVE-2024/CVE-2024-105xx/CVE-2024-10551.json | 21 + CVE-2024/CVE-2024-105xx/CVE-2024-10578.json | 64 +++ CVE-2024/CVE-2024-106xx/CVE-2024-10689.json | 60 ++ CVE-2024/CVE-2024-106xx/CVE-2024-10692.json | 60 ++ CVE-2024/CVE-2024-107xx/CVE-2024-10716.json | 56 ++ CVE-2024/CVE-2024-107xx/CVE-2024-10777.json | 60 ++ CVE-2024/CVE-2024-108xx/CVE-2024-10836.json | 72 +++ CVE-2024/CVE-2024-108xx/CVE-2024-10848.json | 60 ++ CVE-2024/CVE-2024-108xx/CVE-2024-10849.json | 60 ++ CVE-2024/CVE-2024-108xx/CVE-2024-10879.json | 64 +++ CVE-2024/CVE-2024-108xx/CVE-2024-10881.json | 60 ++ CVE-2024/CVE-2024-109xx/CVE-2024-10933.json | 104 ++++ CVE-2024/CVE-2024-109xx/CVE-2024-10937.json | 60 ++ CVE-2024/CVE-2024-109xx/CVE-2024-10961.json | 17 +- CVE-2024/CVE-2024-111xx/CVE-2024-11120.json | 161 +++++- CVE-2024/CVE-2024-111xx/CVE-2024-11148.json | 104 ++++ CVE-2024/CVE-2024-111xx/CVE-2024-11149.json | 88 +++ CVE-2024/CVE-2024-111xx/CVE-2024-11155.json | 78 +++ CVE-2024/CVE-2024-111xx/CVE-2024-11156.json | 78 +++ CVE-2024/CVE-2024-111xx/CVE-2024-11158.json | 78 +++ CVE-2024/CVE-2024-111xx/CVE-2024-11178.json | 64 +++ CVE-2024/CVE-2024-112xx/CVE-2024-11201.json | 68 +++ CVE-2024/CVE-2024-112xx/CVE-2024-11204.json | 64 +++ CVE-2024/CVE-2024-112xx/CVE-2024-11276.json | 60 ++ CVE-2024/CVE-2024-112xx/CVE-2024-11292.json | 60 ++ CVE-2024/CVE-2024-113xx/CVE-2024-11316.json | 100 ++++ CVE-2024/CVE-2024-113xx/CVE-2024-11317.json | 100 ++++ CVE-2024/CVE-2024-113xx/CVE-2024-11323.json | 60 ++ CVE-2024/CVE-2024-113xx/CVE-2024-11324.json | 64 +++ CVE-2024/CVE-2024-113xx/CVE-2024-11336.json | 60 ++ CVE-2024/CVE-2024-113xx/CVE-2024-11339.json | 60 ++ CVE-2024/CVE-2024-113xx/CVE-2024-11341.json | 60 ++ CVE-2024/CVE-2024-113xx/CVE-2024-11352.json | 64 +++ CVE-2024/CVE-2024-113xx/CVE-2024-11368.json | 60 ++ CVE-2024/CVE-2024-113xx/CVE-2024-11379.json | 64 +++ CVE-2024/CVE-2024-114xx/CVE-2024-11420.json | 60 ++ CVE-2024/CVE-2024-114xx/CVE-2024-11429.json | 64 +++ CVE-2024/CVE-2024-114xx/CVE-2024-11444.json | 64 +++ CVE-2024/CVE-2024-114xx/CVE-2024-11450.json | 60 ++ CVE-2024/CVE-2024-115xx/CVE-2024-11585.json | 60 ++ CVE-2024/CVE-2024-116xx/CVE-2024-11667.json | 212 ++++++- CVE-2024/CVE-2024-116xx/CVE-2024-11687.json | 60 ++ CVE-2024/CVE-2024-117xx/CVE-2024-11779.json | 68 +++ CVE-2024/CVE-2024-118xx/CVE-2024-11823.json | 64 +++ CVE-2024/CVE-2024-119xx/CVE-2024-11941.json | 56 ++ CVE-2024/CVE-2024-119xx/CVE-2024-11942.json | 56 ++ CVE-2024/CVE-2024-120xx/CVE-2024-12003.json | 60 ++ CVE-2024/CVE-2024-120xx/CVE-2024-12027.json | 60 ++ CVE-2024/CVE-2024-120xx/CVE-2024-12028.json | 60 ++ CVE-2024/CVE-2024-120xx/CVE-2024-12060.json | 64 +++ CVE-2024/CVE-2024-120xx/CVE-2024-12064.json | 16 + CVE-2024/CVE-2024-120xx/CVE-2024-12094.json | 78 +++ CVE-2024/CVE-2024-121xx/CVE-2024-12110.json | 60 ++ CVE-2024/CVE-2024-121xx/CVE-2024-12130.json | 78 +++ CVE-2024/CVE-2024-121xx/CVE-2024-12148.json | 33 +- CVE-2024/CVE-2024-121xx/CVE-2024-12149.json | 33 +- CVE-2024/CVE-2024-121xx/CVE-2024-12151.json | 33 +- CVE-2024/CVE-2024-121xx/CVE-2024-12155.json | 60 ++ CVE-2024/CVE-2024-121xx/CVE-2024-12187.json | 145 +++++ CVE-2024/CVE-2024-121xx/CVE-2024-12188.json | 145 +++++ CVE-2024/CVE-2024-122xx/CVE-2024-12227.json | 145 +++++ CVE-2024/CVE-2024-122xx/CVE-2024-12228.json | 145 +++++ CVE-2024/CVE-2024-122xx/CVE-2024-12229.json | 145 +++++ CVE-2024/CVE-2024-122xx/CVE-2024-12230.json | 145 +++++ CVE-2024/CVE-2024-122xx/CVE-2024-12231.json | 141 +++++ CVE-2024/CVE-2024-122xx/CVE-2024-12232.json | 145 +++++ CVE-2024/CVE-2024-122xx/CVE-2024-12233.json | 145 +++++ CVE-2024/CVE-2024-122xx/CVE-2024-12234.json | 145 +++++ CVE-2024/CVE-2024-122xx/CVE-2024-12235.json | 141 +++++ CVE-2024/CVE-2024-122xx/CVE-2024-12247.json | 56 ++ CVE-2024/CVE-2024-19xx/CVE-2024-1938.json | 59 +- CVE-2024/CVE-2024-207xx/CVE-2024-20737.json | 68 ++- CVE-2024/CVE-2024-207xx/CVE-2024-20766.json | 66 ++- CVE-2024/CVE-2024-207xx/CVE-2024-20770.json | 68 ++- CVE-2024/CVE-2024-207xx/CVE-2024-20771.json | 68 ++- CVE-2024/CVE-2024-207xx/CVE-2024-20772.json | 78 ++- CVE-2024/CVE-2024-207xx/CVE-2024-20792.json | 68 ++- CVE-2024/CVE-2024-207xx/CVE-2024-20793.json | 68 ++- CVE-2024/CVE-2024-207xx/CVE-2024-20794.json | 68 ++- CVE-2024/CVE-2024-207xx/CVE-2024-20798.json | 68 ++- CVE-2024/CVE-2024-210xx/CVE-2024-21005.json | 120 +++- CVE-2024/CVE-2024-210xx/CVE-2024-21078.json | 55 +- CVE-2024/CVE-2024-210xx/CVE-2024-21079.json | 55 +- CVE-2024/CVE-2024-210xx/CVE-2024-21082.json | 58 +- CVE-2024/CVE-2024-210xx/CVE-2024-21083.json | 58 +- CVE-2024/CVE-2024-211xx/CVE-2024-21106.json | 52 +- CVE-2024/CVE-2024-211xx/CVE-2024-21108.json | 54 +- CVE-2024/CVE-2024-211xx/CVE-2024-21109.json | 54 +- CVE-2024/CVE-2024-211xx/CVE-2024-21111.json | 66 ++- CVE-2024/CVE-2024-211xx/CVE-2024-21112.json | 52 +- CVE-2024/CVE-2024-211xx/CVE-2024-21113.json | 54 +- CVE-2024/CVE-2024-211xx/CVE-2024-21115.json | 54 +- CVE-2024/CVE-2024-211xx/CVE-2024-21116.json | 66 ++- CVE-2024/CVE-2024-211xx/CVE-2024-21121.json | 52 +- CVE-2024/CVE-2024-211xx/CVE-2024-21131.json | 180 +++++- CVE-2024/CVE-2024-211xx/CVE-2024-21138.json | 180 +++++- CVE-2024/CVE-2024-211xx/CVE-2024-21139.json | 63 ++- CVE-2024/CVE-2024-211xx/CVE-2024-21143.json | 55 +- CVE-2024/CVE-2024-211xx/CVE-2024-21149.json | 55 +- CVE-2024/CVE-2024-211xx/CVE-2024-21150.json | 54 +- CVE-2024/CVE-2024-211xx/CVE-2024-21151.json | 53 +- CVE-2024/CVE-2024-211xx/CVE-2024-21155.json | 53 +- CVE-2024/CVE-2024-211xx/CVE-2024-21158.json | 79 ++- CVE-2024/CVE-2024-211xx/CVE-2024-21167.json | 55 +- CVE-2024/CVE-2024-211xx/CVE-2024-21168.json | 54 +- CVE-2024/CVE-2024-213xx/CVE-2024-21322.json | 52 +- CVE-2024/CVE-2024-213xx/CVE-2024-21323.json | 52 +- CVE-2024/CVE-2024-213xx/CVE-2024-21324.json | 52 +- CVE-2024/CVE-2024-214xx/CVE-2024-21434.json | 118 +++- CVE-2024/CVE-2024-214xx/CVE-2024-21438.json | 138 ++++- CVE-2024/CVE-2024-214xx/CVE-2024-21440.json | 136 ++++- CVE-2024/CVE-2024-214xx/CVE-2024-21441.json | 138 ++++- CVE-2024/CVE-2024-214xx/CVE-2024-21444.json | 138 ++++- CVE-2024/CVE-2024-214xx/CVE-2024-21448.json | 52 +- CVE-2024/CVE-2024-214xx/CVE-2024-21450.json | 136 ++++- CVE-2024/CVE-2024-214xx/CVE-2024-21451.json | 138 ++++- CVE-2024/CVE-2024-215xx/CVE-2024-21500.json | 30 +- CVE-2024/CVE-2024-220xx/CVE-2024-22085.json | 31 +- CVE-2024/CVE-2024-222xx/CVE-2024-22258.json | 24 +- CVE-2024/CVE-2024-223xx/CVE-2024-22395.json | 194 ++++++- CVE-2024/CVE-2024-227xx/CVE-2024-22717.json | 43 +- CVE-2024/CVE-2024-232xx/CVE-2024-23201.json | 241 +++++++- CVE-2024/CVE-2024-232xx/CVE-2024-23205.json | 107 +++- CVE-2024/CVE-2024-232xx/CVE-2024-23216.json | 145 ++++- CVE-2024/CVE-2024-232xx/CVE-2024-23220.json | 108 +++- CVE-2024/CVE-2024-232xx/CVE-2024-23226.json | 199 ++++++- CVE-2024/CVE-2024-232xx/CVE-2024-23227.json | 147 ++++- CVE-2024/CVE-2024-232xx/CVE-2024-23230.json | 145 ++++- CVE-2024/CVE-2024-232xx/CVE-2024-23231.json | 208 ++++++- CVE-2024/CVE-2024-232xx/CVE-2024-23232.json | 84 ++- CVE-2024/CVE-2024-232xx/CVE-2024-23233.json | 84 ++- CVE-2024/CVE-2024-232xx/CVE-2024-23234.json | 145 ++++- CVE-2024/CVE-2024-232xx/CVE-2024-23235.json | 223 +++++++- CVE-2024/CVE-2024-232xx/CVE-2024-23238.json | 83 ++- CVE-2024/CVE-2024-232xx/CVE-2024-23240.json | 71 ++- CVE-2024/CVE-2024-232xx/CVE-2024-23241.json | 137 ++++- CVE-2024/CVE-2024-232xx/CVE-2024-23242.json | 107 +++- CVE-2024/CVE-2024-232xx/CVE-2024-23243.json | 90 ++- CVE-2024/CVE-2024-232xx/CVE-2024-23244.json | 116 +++- CVE-2024/CVE-2024-232xx/CVE-2024-23245.json | 147 ++++- CVE-2024/CVE-2024-232xx/CVE-2024-23246.json | 223 +++++++- CVE-2024/CVE-2024-232xx/CVE-2024-23247.json | 147 ++++- CVE-2024/CVE-2024-232xx/CVE-2024-23248.json | 83 ++- CVE-2024/CVE-2024-232xx/CVE-2024-23249.json | 73 ++- CVE-2024/CVE-2024-232xx/CVE-2024-23250.json | 168 +++++- CVE-2024/CVE-2024-232xx/CVE-2024-23253.json | 83 ++- CVE-2024/CVE-2024-232xx/CVE-2024-23254.json | 257 ++++++++- CVE-2024/CVE-2024-232xx/CVE-2024-23255.json | 107 +++- CVE-2024/CVE-2024-232xx/CVE-2024-23256.json | 90 ++- CVE-2024/CVE-2024-249xx/CVE-2024-24903.json | 61 +- CVE-2024/CVE-2024-249xx/CVE-2024-24904.json | 62 ++- CVE-2024/CVE-2024-249xx/CVE-2024-24905.json | 62 ++- CVE-2024/CVE-2024-249xx/CVE-2024-24907.json | 62 ++- CVE-2024/CVE-2024-261xx/CVE-2024-26159.json | 138 ++++- CVE-2024/CVE-2024-261xx/CVE-2024-26161.json | 138 ++++- CVE-2024/CVE-2024-261xx/CVE-2024-26162.json | 150 ++++- CVE-2024/CVE-2024-262xx/CVE-2024-26251.json | 82 ++- CVE-2024/CVE-2024-262xx/CVE-2024-26254.json | 100 +++- CVE-2024/CVE-2024-262xx/CVE-2024-26257.json | 56 +- CVE-2024/CVE-2024-289xx/CVE-2024-28904.json | 52 +- CVE-2024/CVE-2024-289xx/CVE-2024-28905.json | 50 +- CVE-2024/CVE-2024-289xx/CVE-2024-28907.json | 52 +- CVE-2024/CVE-2024-309xx/CVE-2024-30961.json | 29 + CVE-2024/CVE-2024-309xx/CVE-2024-30962.json | 29 + CVE-2024/CVE-2024-309xx/CVE-2024-30963.json | 25 + CVE-2024/CVE-2024-309xx/CVE-2024-30964.json | 29 + CVE-2024/CVE-2024-33xx/CVE-2024-3367.json | 270 ++++++++- CVE-2024/CVE-2024-353xx/CVE-2024-35342.json | 43 +- CVE-2024/CVE-2024-378xx/CVE-2024-37860.json | 33 ++ CVE-2024/CVE-2024-378xx/CVE-2024-37861.json | 33 ++ CVE-2024/CVE-2024-378xx/CVE-2024-37862.json | 29 + CVE-2024/CVE-2024-378xx/CVE-2024-37863.json | 29 + CVE-2024/CVE-2024-389xx/CVE-2024-38910.json | 29 + CVE-2024/CVE-2024-389xx/CVE-2024-38920.json | 29 + CVE-2024/CVE-2024-407xx/CVE-2024-40744.json | 33 +- CVE-2024/CVE-2024-407xx/CVE-2024-40763.json | 56 ++ CVE-2024/CVE-2024-411xx/CVE-2024-41156.json | 14 +- CVE-2024/CVE-2024-415xx/CVE-2024-41579.json | 25 + CVE-2024/CVE-2024-416xx/CVE-2024-41624.json | 47 +- CVE-2024/CVE-2024-421xx/CVE-2024-42195.json | 56 ++ CVE-2024/CVE-2024-424xx/CVE-2024-42455.json | 18 +- CVE-2024/CVE-2024-453xx/CVE-2024-45318.json | 56 ++ CVE-2024/CVE-2024-453xx/CVE-2024-45319.json | 56 ++ CVE-2024/CVE-2024-453xx/CVE-2024-45321.json | 20 +- CVE-2024/CVE-2024-458xx/CVE-2024-45841.json | 60 ++ CVE-2024/CVE-2024-471xx/CVE-2024-47133.json | 60 ++ CVE-2024/CVE-2024-488xx/CVE-2024-48839.json | 100 ++++ CVE-2024/CVE-2024-488xx/CVE-2024-48840.json | 100 ++++ CVE-2024/CVE-2024-488xx/CVE-2024-48843.json | 100 ++++ CVE-2024/CVE-2024-488xx/CVE-2024-48844.json | 100 ++++ CVE-2024/CVE-2024-488xx/CVE-2024-48845.json | 100 ++++ CVE-2024/CVE-2024-488xx/CVE-2024-48846.json | 100 ++++ CVE-2024/CVE-2024-488xx/CVE-2024-48847.json | 100 ++++ CVE-2024/CVE-2024-490xx/CVE-2024-49041.json | 56 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50010.json | 12 +- CVE-2024/CVE-2024-509xx/CVE-2024-50947.json | 33 +- CVE-2024/CVE-2024-511xx/CVE-2024-51114.json | 45 +- CVE-2024/CVE-2024-512xx/CVE-2024-51210.json | 45 +- CVE-2024/CVE-2024-513xx/CVE-2024-51378.json | 8 +- CVE-2024/CVE-2024-515xx/CVE-2024-51541.json | 100 ++++ CVE-2024/CVE-2024-515xx/CVE-2024-51542.json | 100 ++++ CVE-2024/CVE-2024-515xx/CVE-2024-51543.json | 100 ++++ CVE-2024/CVE-2024-515xx/CVE-2024-51544.json | 100 ++++ CVE-2024/CVE-2024-515xx/CVE-2024-51545.json | 100 ++++ CVE-2024/CVE-2024-515xx/CVE-2024-51546.json | 100 ++++ CVE-2024/CVE-2024-515xx/CVE-2024-51548.json | 100 ++++ CVE-2024/CVE-2024-515xx/CVE-2024-51549.json | 100 ++++ CVE-2024/CVE-2024-515xx/CVE-2024-51550.json | 100 ++++ CVE-2024/CVE-2024-515xx/CVE-2024-51551.json | 100 ++++ CVE-2024/CVE-2024-515xx/CVE-2024-51554.json | 100 ++++ CVE-2024/CVE-2024-515xx/CVE-2024-51555.json | 130 +++++ CVE-2024/CVE-2024-522xx/CVE-2024-52269.json | 12 +- CVE-2024/CVE-2024-522xx/CVE-2024-52270.json | 105 ++++ CVE-2024/CVE-2024-522xx/CVE-2024-52271.json | 90 +++ CVE-2024/CVE-2024-522xx/CVE-2024-52276.json | 20 +- CVE-2024/CVE-2024-522xx/CVE-2024-52277.json | 4 +- CVE-2024/CVE-2024-523xx/CVE-2024-52336.json | 14 +- CVE-2024/CVE-2024-525xx/CVE-2024-52564.json | 60 ++ CVE-2024/CVE-2024-526xx/CVE-2024-52676.json | 45 +- CVE-2024/CVE-2024-527xx/CVE-2024-52798.json | 82 +++ CVE-2024/CVE-2024-529xx/CVE-2024-52943.json | 26 +- CVE-2024/CVE-2024-531xx/CVE-2024-53112.json | 12 +- CVE-2024/CVE-2024-531xx/CVE-2024-53127.json | 10 +- CVE-2024/CVE-2024-531xx/CVE-2024-53130.json | 10 +- CVE-2024/CVE-2024-531xx/CVE-2024-53131.json | 10 +- CVE-2024/CVE-2024-531xx/CVE-2024-53136.json | 10 +- CVE-2024/CVE-2024-531xx/CVE-2024-53140.json | 10 +- CVE-2024/CVE-2024-534xx/CVE-2024-53442.json | 25 + CVE-2024/CVE-2024-534xx/CVE-2024-53457.json | 21 + CVE-2024/CVE-2024-534xx/CVE-2024-53470.json | 29 + CVE-2024/CVE-2024-534xx/CVE-2024-53471.json | 25 + CVE-2024/CVE-2024-534xx/CVE-2024-53472.json | 29 + CVE-2024/CVE-2024-534xx/CVE-2024-53490.json | 21 + CVE-2024/CVE-2024-535xx/CVE-2024-53523.json | 25 + CVE-2024/CVE-2024-535xx/CVE-2024-53589.json | 25 + CVE-2024/CVE-2024-537xx/CVE-2024-53702.json | 56 ++ CVE-2024/CVE-2024-537xx/CVE-2024-53703.json | 56 ++ CVE-2024/CVE-2024-538xx/CVE-2024-53846.json | 56 ++ CVE-2024/CVE-2024-538xx/CVE-2024-53856.json | 64 +++ CVE-2024/CVE-2024-538xx/CVE-2024-53857.json | 56 ++ CVE-2024/CVE-2024-540xx/CVE-2024-54001.json | 56 ++ CVE-2024/CVE-2024-540xx/CVE-2024-54014.json | 64 +++ CVE-2024/CVE-2024-541xx/CVE-2024-54126.json | 82 +++ CVE-2024/CVE-2024-541xx/CVE-2024-54127.json | 78 +++ CVE-2024/CVE-2024-541xx/CVE-2024-54128.json | 56 ++ CVE-2024/CVE-2024-541xx/CVE-2024-54129.json | 78 +++ CVE-2024/CVE-2024-541xx/CVE-2024-54130.json | 78 +++ CVE-2024/CVE-2024-541xx/CVE-2024-54140.json | 86 +++ CVE-2024/CVE-2024-542xx/CVE-2024-54221.json | 4 +- CVE-2024/CVE-2024-546xx/CVE-2024-54674.json | 45 +- CVE-2024/CVE-2024-546xx/CVE-2024-54675.json | 45 +- CVE-2024/CVE-2024-546xx/CVE-2024-54679.json | 60 ++ CVE-2024/CVE-2024-61xx/CVE-2024-6156.json | 48 ++ CVE-2024/CVE-2024-62xx/CVE-2024-6209.json | 46 +- CVE-2024/CVE-2024-62xx/CVE-2024-6219.json | 48 ++ CVE-2024/CVE-2024-62xx/CVE-2024-6298.json | 52 +- CVE-2024/CVE-2024-65xx/CVE-2024-6515.json | 100 ++++ CVE-2024/CVE-2024-65xx/CVE-2024-6516.json | 100 ++++ CVE-2024/CVE-2024-67xx/CVE-2024-6784.json | 100 ++++ CVE-2024/CVE-2024-74xx/CVE-2024-7488.json | 12 +- CVE-2024/CVE-2024-82xx/CVE-2024-8299.json | 14 +- CVE-2024/CVE-2024-83xx/CVE-2024-8300.json | 14 +- CVE-2024/CVE-2024-96xx/CVE-2024-9677.json | 89 ++- CVE-2024/CVE-2024-97xx/CVE-2024-9705.json | 60 ++ CVE-2024/CVE-2024-97xx/CVE-2024-9706.json | 60 ++ CVE-2024/CVE-2024-97xx/CVE-2024-9760.json | 55 +- CVE-2024/CVE-2024-97xx/CVE-2024-9761.json | 57 +- CVE-2024/CVE-2024-97xx/CVE-2024-9762.json | 55 +- CVE-2024/CVE-2024-97xx/CVE-2024-9763.json | 55 +- CVE-2024/CVE-2024-97xx/CVE-2024-9769.json | 60 ++ CVE-2024/CVE-2024-98xx/CVE-2024-9852.json | 14 +- CVE-2024/CVE-2024-98xx/CVE-2024-9866.json | 64 +++ CVE-2024/CVE-2024-98xx/CVE-2024-9872.json | 60 ++ README.md | 86 ++- _state.csv | 589 ++++++++++++-------- 365 files changed, 23841 insertions(+), 1514 deletions(-) create mode 100644 CVE-2017/CVE-2017-133xx/CVE-2017-13308.json create mode 100644 CVE-2018/CVE-2018-93xx/CVE-2018-9386.json create mode 100644 CVE-2018/CVE-2018-93xx/CVE-2018-9388.json create mode 100644 CVE-2018/CVE-2018-93xx/CVE-2018-9390.json create mode 100644 CVE-2018/CVE-2018-93xx/CVE-2018-9391.json create mode 100644 CVE-2021/CVE-2021-09xx/CVE-2021-0937.json create mode 100644 CVE-2022/CVE-2022-411xx/CVE-2022-41137.json create mode 100644 CVE-2023/CVE-2023-480xx/CVE-2023-48010.json create mode 100644 CVE-2023/CVE-2023-509xx/CVE-2023-50913.json create mode 100644 CVE-2024/CVE-2024-100xx/CVE-2024-10056.json create mode 100644 CVE-2024/CVE-2024-101xx/CVE-2024-10178.json create mode 100644 CVE-2024/CVE-2024-102xx/CVE-2024-10247.json create mode 100644 CVE-2024/CVE-2024-103xx/CVE-2024-10320.json create mode 100644 CVE-2024/CVE-2024-104xx/CVE-2024-10480.json create mode 100644 CVE-2024/CVE-2024-105xx/CVE-2024-10551.json create mode 100644 CVE-2024/CVE-2024-105xx/CVE-2024-10578.json create mode 100644 CVE-2024/CVE-2024-106xx/CVE-2024-10689.json create mode 100644 CVE-2024/CVE-2024-106xx/CVE-2024-10692.json create mode 100644 CVE-2024/CVE-2024-107xx/CVE-2024-10716.json create mode 100644 CVE-2024/CVE-2024-107xx/CVE-2024-10777.json create mode 100644 CVE-2024/CVE-2024-108xx/CVE-2024-10836.json create mode 100644 CVE-2024/CVE-2024-108xx/CVE-2024-10848.json create mode 100644 CVE-2024/CVE-2024-108xx/CVE-2024-10849.json create mode 100644 CVE-2024/CVE-2024-108xx/CVE-2024-10879.json create mode 100644 CVE-2024/CVE-2024-108xx/CVE-2024-10881.json create mode 100644 CVE-2024/CVE-2024-109xx/CVE-2024-10933.json create mode 100644 CVE-2024/CVE-2024-109xx/CVE-2024-10937.json create mode 100644 CVE-2024/CVE-2024-111xx/CVE-2024-11148.json create mode 100644 CVE-2024/CVE-2024-111xx/CVE-2024-11149.json create mode 100644 CVE-2024/CVE-2024-111xx/CVE-2024-11155.json create mode 100644 CVE-2024/CVE-2024-111xx/CVE-2024-11156.json create mode 100644 CVE-2024/CVE-2024-111xx/CVE-2024-11158.json create mode 100644 CVE-2024/CVE-2024-111xx/CVE-2024-11178.json create mode 100644 CVE-2024/CVE-2024-112xx/CVE-2024-11201.json create mode 100644 CVE-2024/CVE-2024-112xx/CVE-2024-11204.json create mode 100644 CVE-2024/CVE-2024-112xx/CVE-2024-11276.json create mode 100644 CVE-2024/CVE-2024-112xx/CVE-2024-11292.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11316.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11317.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11323.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11324.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11336.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11339.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11341.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11352.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11368.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11379.json create mode 100644 CVE-2024/CVE-2024-114xx/CVE-2024-11420.json create mode 100644 CVE-2024/CVE-2024-114xx/CVE-2024-11429.json create mode 100644 CVE-2024/CVE-2024-114xx/CVE-2024-11444.json create mode 100644 CVE-2024/CVE-2024-114xx/CVE-2024-11450.json create mode 100644 CVE-2024/CVE-2024-115xx/CVE-2024-11585.json create mode 100644 CVE-2024/CVE-2024-116xx/CVE-2024-11687.json create mode 100644 CVE-2024/CVE-2024-117xx/CVE-2024-11779.json create mode 100644 CVE-2024/CVE-2024-118xx/CVE-2024-11823.json create mode 100644 CVE-2024/CVE-2024-119xx/CVE-2024-11941.json create mode 100644 CVE-2024/CVE-2024-119xx/CVE-2024-11942.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12003.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12027.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12028.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12060.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12064.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12094.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12110.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12130.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12155.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12187.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12188.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12227.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12228.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12229.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12230.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12231.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12232.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12233.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12234.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12235.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12247.json create mode 100644 CVE-2024/CVE-2024-309xx/CVE-2024-30961.json create mode 100644 CVE-2024/CVE-2024-309xx/CVE-2024-30962.json create mode 100644 CVE-2024/CVE-2024-309xx/CVE-2024-30963.json create mode 100644 CVE-2024/CVE-2024-309xx/CVE-2024-30964.json create mode 100644 CVE-2024/CVE-2024-378xx/CVE-2024-37860.json create mode 100644 CVE-2024/CVE-2024-378xx/CVE-2024-37861.json create mode 100644 CVE-2024/CVE-2024-378xx/CVE-2024-37862.json create mode 100644 CVE-2024/CVE-2024-378xx/CVE-2024-37863.json create mode 100644 CVE-2024/CVE-2024-389xx/CVE-2024-38910.json create mode 100644 CVE-2024/CVE-2024-389xx/CVE-2024-38920.json create mode 100644 CVE-2024/CVE-2024-407xx/CVE-2024-40763.json create mode 100644 CVE-2024/CVE-2024-415xx/CVE-2024-41579.json create mode 100644 CVE-2024/CVE-2024-421xx/CVE-2024-42195.json create mode 100644 CVE-2024/CVE-2024-453xx/CVE-2024-45318.json create mode 100644 CVE-2024/CVE-2024-453xx/CVE-2024-45319.json create mode 100644 CVE-2024/CVE-2024-458xx/CVE-2024-45841.json create mode 100644 CVE-2024/CVE-2024-471xx/CVE-2024-47133.json create mode 100644 CVE-2024/CVE-2024-488xx/CVE-2024-48839.json create mode 100644 CVE-2024/CVE-2024-488xx/CVE-2024-48840.json create mode 100644 CVE-2024/CVE-2024-488xx/CVE-2024-48843.json create mode 100644 CVE-2024/CVE-2024-488xx/CVE-2024-48844.json create mode 100644 CVE-2024/CVE-2024-488xx/CVE-2024-48845.json create mode 100644 CVE-2024/CVE-2024-488xx/CVE-2024-48846.json create mode 100644 CVE-2024/CVE-2024-488xx/CVE-2024-48847.json create mode 100644 CVE-2024/CVE-2024-490xx/CVE-2024-49041.json create mode 100644 CVE-2024/CVE-2024-515xx/CVE-2024-51541.json create mode 100644 CVE-2024/CVE-2024-515xx/CVE-2024-51542.json create mode 100644 CVE-2024/CVE-2024-515xx/CVE-2024-51543.json create mode 100644 CVE-2024/CVE-2024-515xx/CVE-2024-51544.json create mode 100644 CVE-2024/CVE-2024-515xx/CVE-2024-51545.json create mode 100644 CVE-2024/CVE-2024-515xx/CVE-2024-51546.json create mode 100644 CVE-2024/CVE-2024-515xx/CVE-2024-51548.json create mode 100644 CVE-2024/CVE-2024-515xx/CVE-2024-51549.json create mode 100644 CVE-2024/CVE-2024-515xx/CVE-2024-51550.json create mode 100644 CVE-2024/CVE-2024-515xx/CVE-2024-51551.json create mode 100644 CVE-2024/CVE-2024-515xx/CVE-2024-51554.json create mode 100644 CVE-2024/CVE-2024-515xx/CVE-2024-51555.json create mode 100644 CVE-2024/CVE-2024-522xx/CVE-2024-52270.json create mode 100644 CVE-2024/CVE-2024-522xx/CVE-2024-52271.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52564.json create mode 100644 CVE-2024/CVE-2024-527xx/CVE-2024-52798.json create mode 100644 CVE-2024/CVE-2024-534xx/CVE-2024-53442.json create mode 100644 CVE-2024/CVE-2024-534xx/CVE-2024-53457.json create mode 100644 CVE-2024/CVE-2024-534xx/CVE-2024-53470.json create mode 100644 CVE-2024/CVE-2024-534xx/CVE-2024-53471.json create mode 100644 CVE-2024/CVE-2024-534xx/CVE-2024-53472.json create mode 100644 CVE-2024/CVE-2024-534xx/CVE-2024-53490.json create mode 100644 CVE-2024/CVE-2024-535xx/CVE-2024-53523.json create mode 100644 CVE-2024/CVE-2024-535xx/CVE-2024-53589.json create mode 100644 CVE-2024/CVE-2024-537xx/CVE-2024-53702.json create mode 100644 CVE-2024/CVE-2024-537xx/CVE-2024-53703.json create mode 100644 CVE-2024/CVE-2024-538xx/CVE-2024-53846.json create mode 100644 CVE-2024/CVE-2024-538xx/CVE-2024-53856.json create mode 100644 CVE-2024/CVE-2024-538xx/CVE-2024-53857.json create mode 100644 CVE-2024/CVE-2024-540xx/CVE-2024-54001.json create mode 100644 CVE-2024/CVE-2024-540xx/CVE-2024-54014.json create mode 100644 CVE-2024/CVE-2024-541xx/CVE-2024-54126.json create mode 100644 CVE-2024/CVE-2024-541xx/CVE-2024-54127.json create mode 100644 CVE-2024/CVE-2024-541xx/CVE-2024-54128.json create mode 100644 CVE-2024/CVE-2024-541xx/CVE-2024-54129.json create mode 100644 CVE-2024/CVE-2024-541xx/CVE-2024-54130.json create mode 100644 CVE-2024/CVE-2024-541xx/CVE-2024-54140.json create mode 100644 CVE-2024/CVE-2024-546xx/CVE-2024-54679.json create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6156.json create mode 100644 CVE-2024/CVE-2024-62xx/CVE-2024-6219.json create mode 100644 CVE-2024/CVE-2024-65xx/CVE-2024-6515.json create mode 100644 CVE-2024/CVE-2024-65xx/CVE-2024-6516.json create mode 100644 CVE-2024/CVE-2024-67xx/CVE-2024-6784.json create mode 100644 CVE-2024/CVE-2024-97xx/CVE-2024-9705.json create mode 100644 CVE-2024/CVE-2024-97xx/CVE-2024-9706.json create mode 100644 CVE-2024/CVE-2024-97xx/CVE-2024-9769.json create mode 100644 CVE-2024/CVE-2024-98xx/CVE-2024-9866.json create mode 100644 CVE-2024/CVE-2024-98xx/CVE-2024-9872.json diff --git a/CVE-2005/CVE-2005-31xx/CVE-2005-3170.json b/CVE-2005/CVE-2005-31xx/CVE-2005-3170.json index 58dea851b2f..12f5876650d 100644 --- a/CVE-2005/CVE-2005-31xx/CVE-2005-3170.json +++ b/CVE-2005/CVE-2005-31xx/CVE-2005-3170.json @@ -2,8 +2,9 @@ "id": "CVE-2005-3170", "sourceIdentifier": "cve@mitre.org", "published": "2005-10-06T10:02:00.000", - "lastModified": "2024-11-21T00:01:16.247", + "lastModified": "2024-12-05T21:15:05.520", "vulnStatus": "Modified", + "cveTags": [], "descriptions": [ { "lang": "en", @@ -11,6 +12,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -47,6 +70,16 @@ "value": "CWE-295" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] } ], "configurations": [ diff --git a/CVE-2017/CVE-2017-133xx/CVE-2017-13308.json b/CVE-2017/CVE-2017-133xx/CVE-2017-13308.json new file mode 100644 index 00000000000..d21cf941b04 --- /dev/null +++ b/CVE-2017/CVE-2017-133xx/CVE-2017-13308.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2017-13308", + "sourceIdentifier": "security@android.com", + "published": "2024-12-05T22:15:18.177", + "lastModified": "2024-12-05T22:15:18.177", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9386.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9386.json new file mode 100644 index 00000000000..fbeb083c31d --- /dev/null +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9386.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9386", + "sourceIdentifier": "security@android.com", + "published": "2024-12-05T23:15:04.607", + "lastModified": "2024-12-05T23:15:04.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In reboot_block_command of htc reboot_block driver, there is a possible\n stack buffer overflow due to a missing bounds check. This could lead to\n local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9388.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9388.json new file mode 100644 index 00000000000..7182ec79b7f --- /dev/null +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9388.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9388", + "sourceIdentifier": "security@android.com", + "published": "2024-12-05T23:15:04.703", + "lastModified": "2024-12-05T23:15:04.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9390.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9390.json new file mode 100644 index 00000000000..0756cdac6bc --- /dev/null +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9390.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9390", + "sourceIdentifier": "security@android.com", + "published": "2024-12-05T23:15:04.793", + "lastModified": "2024-12-05T23:15:04.793", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In procfile_write of gl_proc.c, there is a possible out of bounds read of a\n function pointer due to an incorrect bounds check. This could lead to local\n escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9391.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9391.json new file mode 100644 index 00000000000..b983ff5483f --- /dev/null +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9391.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9391", + "sourceIdentifier": "security@android.com", + "published": "2024-12-05T23:15:04.877", + "lastModified": "2024-12-05T23:15:04.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In update_gps_sv and output_vzw_debug of\n vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor\n ker.c, there is a possible out of bounds write due to a missing bounds\n check. This could lead to local escalation of privilege with System\n execution privileges needed. User interaction is not needed for\n exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9392.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9392.json index 3f52b917c19..ec600052194 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9392.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9392.json @@ -2,16 +2,55 @@ "id": "CVE-2018-9392", "sourceIdentifier": "security@android.com", "published": "2024-12-04T18:15:08.833", - "lastModified": "2024-12-04T18:15:08.833", - "vulnStatus": "Received", + "lastModified": "2024-12-05T19:15:05.197", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En get_binary de vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar una escalada local de privilegios con privilegios de ejecuci\u00f3n de System necesarios. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9393.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9393.json index 4cd43b838c9..167c099469f 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9393.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9393.json @@ -2,16 +2,55 @@ "id": "CVE-2018-9393", "sourceIdentifier": "security@android.com", "published": "2024-12-04T18:15:09.850", - "lastModified": "2024-12-04T18:15:09.850", - "vulnStatus": "Received", + "lastModified": "2024-12-05T19:15:06.160", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En procfile_write de drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, existe una posible escritura OOB debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9394.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9394.json index b03b687cdfb..3dda1c32a7f 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9394.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9394.json @@ -2,16 +2,55 @@ "id": "CVE-2018-9394", "sourceIdentifier": "security@android.com", "published": "2024-12-04T18:15:10.003", - "lastModified": "2024-12-04T18:15:10.003", - "vulnStatus": "Received", + "lastModified": "2024-12-05T18:15:19.417", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En mtk_p2p_wext_set_key de drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, existe una posible escritura OOB debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una escalada local de privilegios, siendo necesarios los privilegios de ejecuci\u00f3n de System. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9395.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9395.json index a6829b70419..6551b2a9f24 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9395.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9395.json @@ -2,16 +2,55 @@ "id": "CVE-2018-9395", "sourceIdentifier": "security@android.com", "published": "2024-12-04T18:15:10.163", - "lastModified": "2024-12-04T18:15:10.163", - "vulnStatus": "Received", + "lastModified": "2024-12-05T18:15:19.590", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En mtk_cfg80211_vendor_packet_keep_alive_start y mtk_cfg80211_vendor_set_config de drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, existe una posible escritura OOB debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9396.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9396.json index 7ce1ce6b0c8..e3f87c2d59e 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9396.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9396.json @@ -2,16 +2,55 @@ "id": "CVE-2018-9396", "sourceIdentifier": "security@android.com", "published": "2024-12-04T22:15:18.457", - "lastModified": "2024-12-04T22:15:18.457", - "vulnStatus": "Received", + "lastModified": "2024-12-05T18:15:19.740", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En rpc_msg_handler y los controladores relacionados de drivers/misc/mediatek/eccci/port_rpc.c, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda provocar una escalada local de privilegios, siendo necesarios los permisos de ejecuci\u00f3n de System. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9397.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9397.json index 2ee52860d56..6f3c4c8411c 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9397.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9397.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9397", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:16.720", - "lastModified": "2024-12-05T00:15:16.720", - "vulnStatus": "Received", + "lastModified": "2024-12-05T17:15:05.140", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB\n write due to a missing bounds check. This could lead to local escalation of\n privilege with System execution privileges needed. User interaction is not\n needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9398.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9398.json index 9352ee74ba2..7e2dde8521a 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9398.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9398.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9398", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:17.383", - "lastModified": "2024-12-05T00:15:17.383", - "vulnStatus": "Received", + "lastModified": "2024-12-05T17:15:06.133", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In fm_set_stat of mediatek FM radio driver, there is a possible OOB write\n due to improper input validation. This could lead to local escalation of\n privilege with System execution privileges needed. User interaction is not\n needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9399.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9399.json index 94492cf9076..cd874f06cca 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9399.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9399.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9399", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:17.477", - "lastModified": "2024-12-05T00:15:17.477", - "vulnStatus": "Received", + "lastModified": "2024-12-05T17:15:06.303", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In /proc/driver/wmt_dbg driver, there are several possible out of bounds\n writes. These could lead to local escalation of privilege with System\n execution privileges needed. User interaction is not needed for\n exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9400.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9400.json index 2beffac318a..b11b3311177 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9400.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9400.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9400", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:17.570", - "lastModified": "2024-12-05T00:15:17.570", - "vulnStatus": "Received", + "lastModified": "2024-12-05T17:15:06.450", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In gt1x_debug_write_proc and gt1x_tool_write of\n drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c,\n there is a possible out of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9402.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9402.json index cd6d748a3fc..da9d94e5e77 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9402.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9402.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9402", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:17.663", - "lastModified": "2024-12-05T00:15:17.663", - "vulnStatus": "Received", + "lastModified": "2024-12-05T17:15:06.590", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9403.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9403.json index 1b4008c5df5..6af402701c9 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9403.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9403.json @@ -2,16 +2,55 @@ "id": "CVE-2018-9403", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:17.763", - "lastModified": "2024-12-05T00:15:17.763", - "vulnStatus": "Received", + "lastModified": "2024-12-05T17:15:06.730", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_-\n interface.c, there is a possible stack buffer overflow due to a missing\n bounds check. This could lead to local escalation of privilege in a\n privileged process with System execution privileges needed. User interaction\n is not needed for exploitation." + }, + { + "lang": "es", + "value": "En el controlador MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF de flp2hal_- interface.c, existe un posible desbordamiento del b\u00fafer de pila debido a la falta de una comprobaci\u00f3n de los l\u00edmites. Esto podr\u00eda provocar una escalada local de privilegios en un proceso privilegiado con permisos de ejecuci\u00f3n de System necesarios. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9404.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9404.json index 0c8120b0c9b..a09d7fdd758 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9404.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9404.json @@ -2,16 +2,55 @@ "id": "CVE-2018-9404", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:17.860", - "lastModified": "2024-12-05T00:15:17.860", - "vulnStatus": "Received", + "lastModified": "2024-12-05T16:15:18.023", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In oemCallback of ril.cpp, there is a possible out of bounds write due to an\n integer overflow. This could lead to local escalation of privilege with\n System execution privileges needed. User interaction is not needed for\n exploitation." + }, + { + "lang": "es", + "value": "En oemCallback de ril.cpp, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda provocar una escalada local de privilegios, siendo necesarios los permisos de ejecuci\u00f3n de System. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9407.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9407.json index 99a87ff5f39..c0a3273a5e5 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9407.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9407.json @@ -2,16 +2,55 @@ "id": "CVE-2018-9407", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:17.967", - "lastModified": "2024-12-05T00:15:17.967", - "vulnStatus": "Received", + "lastModified": "2024-12-05T16:15:18.983", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data." + }, + { + "lang": "es", + "value": "En emmc_rpmb_ioctl de emmc_rpmb.c, hay una divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda provocar una divulgaci\u00f3n de informaci\u00f3n de los datos del n\u00facleo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9408.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9408.json index cce9bb6a03d..add6cdf5585 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9408.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9408.json @@ -2,16 +2,55 @@ "id": "CVE-2018-9408", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:18.070", - "lastModified": "2024-12-05T00:15:18.070", - "vulnStatus": "Received", + "lastModified": "2024-12-05T16:15:19.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of\n Bounds Read due to a missing bounds check. This could lead to a local\n information disclosure with System execution privileges needed. User\n interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En m3326_gps_write y m3326_gps_read de gps.s, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar una divulgaci\u00f3n de informaci\u00f3n local con permisos de ejecuci\u00f3n de System necesarios. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json index 20c1709dfb4..c208d4d6f5f 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json @@ -2,8 +2,9 @@ "id": "CVE-2018-9412", "sourceIdentifier": "security@android.com", "published": "2024-11-19T22:15:18.813", - "lastModified": "2024-11-23T00:56:14.623", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T21:15:06.513", + "vulnStatus": "Modified", + "cveTags": [], "descriptions": [ { "lang": "en", @@ -48,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], "configurations": [ diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9439.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9439.json index b966421a4e8..b4e7983aa39 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9439.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9439.json @@ -2,16 +2,55 @@ "id": "CVE-2018-9439", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:18.337", - "lastModified": "2024-12-05T00:15:18.337", - "vulnStatus": "Received", + "lastModified": "2024-12-05T16:15:19.353", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In __unregister_prot_hook and packet_release of af_packet.c, there is a\n possible use-after-free due to improper locking. This could lead to local\n escalation of privilege in the kernel with System execution privileges\n needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En __unregister_prot_hook y packet_release de af_packet.c, existe un posible use-after-free debido a un bloqueo inadecuado. Esto podr\u00eda provocar una escalada local de privilegios en el kernel, con permisos de ejecuci\u00f3n de System necesarios. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-08-01", diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9462.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9462.json index 1fdd65690ba..ca6b86f6229 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9462.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9462.json @@ -2,16 +2,55 @@ "id": "CVE-2018-9462", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:18.433", - "lastModified": "2024-12-05T00:15:18.433", - "vulnStatus": "Received", + "lastModified": "2024-12-05T16:15:19.503", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to\n an incorrect bounds check. This could lead to local escalation of privilege\n with System execution privileges needed. User interaction is not needed for\n exploitation." + }, + { + "lang": "es", + "value": "En store_cmd de ftm4_pdc.c, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda provocar una escalada local de privilegios, siendo necesarios los permisos de ejecuci\u00f3n de System. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-08-01", diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9463.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9463.json index 70ace6c1279..0bd33073bbf 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9463.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9463.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9463", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:18.527", - "lastModified": "2024-12-05T00:15:18.527", - "vulnStatus": "Received", + "lastModified": "2024-12-05T16:15:19.650", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible\n out of bounds write due to an incorrect bounds check. This could lead to\n local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-08-01", diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9481.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9481.json index d578e437aee..cf46734e370 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9481.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9481.json @@ -2,13 +2,17 @@ "id": "CVE-2018-9481", "sourceIdentifier": "security@android.com", "published": "2024-11-20T18:15:19.940", - "lastModified": "2024-11-20T19:35:10.130", - "vulnStatus": "Received", + "lastModified": "2024-12-05T22:15:19.020", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En bta_hd_set_report_act de bta_hd_act.cc, existe una posible lectura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda provocar la divulgaci\u00f3n remota de informaci\u00f3n en el servicio Bluetooth sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { @@ -19,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 6.2, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.5, "impactScore": 3.6 @@ -53,7 +57,7 @@ ], "references": [ { - "url": "https://source.android.com/security/bulletin/2018-09-01", + "url": "https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d@%3Cdev.trafficserver.apache.org%3E", "source": "security@android.com" } ] diff --git a/CVE-2021/CVE-2021-09xx/CVE-2021-0937.json b/CVE-2021/CVE-2021-09xx/CVE-2021-0937.json new file mode 100644 index 00000000000..0abf4fe465a --- /dev/null +++ b/CVE-2021/CVE-2021-09xx/CVE-2021-0937.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2021-0937", + "sourceIdentifier": "security@android.com", + "published": "2024-12-05T22:15:19.270", + "lastModified": "2024-12-05T22:15:19.270", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-204xx/CVE-2021-20450.json b/CVE-2021/CVE-2021-204xx/CVE-2021-20450.json index e0c265957ab..f33565d1e4d 100644 --- a/CVE-2021/CVE-2021-204xx/CVE-2021-20450.json +++ b/CVE-2021/CVE-2021-204xx/CVE-2021-20450.json @@ -2,7 +2,7 @@ "id": "CVE-2021-20450", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-05-03T17:15:07.363", - "lastModified": "2024-05-06T12:44:56.377", + "lastModified": "2024-12-05T21:15:06.663", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,15 +32,25 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-565" + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196640", @@ -47,6 +59,14 @@ { "url": "https://www.ibm.com/support/pages/node/7149876", "source": "psirt@us.ibm.com" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196640", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://www.ibm.com/support/pages/node/7149876", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-302xx/CVE-2021-30205.json b/CVE-2021/CVE-2021-302xx/CVE-2021-30205.json index d3a0980b6d3..16d269cf0d3 100644 --- a/CVE-2021/CVE-2021-302xx/CVE-2021-30205.json +++ b/CVE-2021/CVE-2021-302xx/CVE-2021-30205.json @@ -2,8 +2,8 @@ "id": "CVE-2021-30205", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-27T14:15:09.737", - "lastModified": "2023-07-05T20:17:55.363", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T15:15:06.003", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 1.4 @@ -45,6 +45,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] } ], "configurations": [ @@ -72,6 +82,14 @@ "Exploit", "Issue Tracking" ] + }, + { + "url": "https://github.com/zyx0814/dzzoffice/issues/184", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-316xx/CVE-2021-31635.json b/CVE-2021/CVE-2021-316xx/CVE-2021-31635.json index 0b7198e9d2e..72738cd6ef1 100644 --- a/CVE-2021/CVE-2021-316xx/CVE-2021-31635.json +++ b/CVE-2021/CVE-2021-316xx/CVE-2021-31635.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31635", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T19:15:09.667", - "lastModified": "2023-07-05T13:50:31.657", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T16:15:19.800", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 @@ -45,6 +45,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] } ], "configurations": [ @@ -72,6 +82,14 @@ "Issue Tracking", "Third Party Advisory" ] + }, + { + "url": "https://github.com/jfinal/jfinal/issues/187", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-474xx/CVE-2021-47488.json b/CVE-2021/CVE-2021-474xx/CVE-2021-47488.json index fbbc7c2b5f4..b51398397ea 100644 --- a/CVE-2021/CVE-2021-474xx/CVE-2021-47488.json +++ b/CVE-2021/CVE-2021-474xx/CVE-2021-47488.json @@ -2,32 +2,15 @@ "id": "CVE-2021-47488", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-22T09:15:10.700", - "lastModified": "2024-05-22T12:46:53.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T14:15:18.520", + "vulnStatus": "Rejected", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Fix memory leak caused by missing cgroup_bpf_offline\n\nWhen enabling CONFIG_CGROUP_BPF, kmemleak can be observed by running\nthe command as below:\n\n $mount -t cgroup -o none,name=foo cgroup cgroup/\n $umount cgroup/\n\nunreferenced object 0xc3585c40 (size 64):\n comm \"mount\", pid 425, jiffies 4294959825 (age 31.990s)\n hex dump (first 32 bytes):\n 01 00 00 80 84 8c 28 c0 00 00 00 00 00 00 00 00 ......(.........\n 00 00 00 00 00 00 00 00 6c 43 a0 c3 00 00 00 00 ........lC......\n backtrace:\n [] cgroup_bpf_inherit+0x44/0x24c\n [<1f03679c>] cgroup_setup_root+0x174/0x37c\n [] cgroup1_get_tree+0x2c0/0x4a0\n [] vfs_get_tree+0x24/0x108\n [] path_mount+0x384/0x988\n [] do_mount+0x64/0x9c\n [<208c9cfe>] sys_mount+0xfc/0x1f4\n [<06dd06e0>] ret_fast_syscall+0x0/0x48\n [] 0xbeb4daa8\n\nThis is because that since the commit 2b0d3d3e4fcf (\"percpu_ref: reduce\nmemory footprint of percpu_ref in fast path\") root_cgrp->bpf.refcnt.data\nis allocated by the function percpu_ref_init in cgroup_bpf_inherit which\nis called by cgroup_setup_root when mounting, but not freed along with\nroot_cgrp when umounting. Adding cgroup_bpf_offline which calls\npercpu_ref_kill to cgroup_kill_sb can free root_cgrp->bpf.refcnt.data in\numount path.\n\nThis patch also fixes the commit 4bfc0bb2c60e (\"bpf: decouple the lifetime\nof cgroup_bpf from cgroup itself\"). A cgroup_bpf_offline is needed to do a\ncleanup that frees the resources which are allocated by cgroup_bpf_inherit\nin cgroup_setup_root.\n\nAnd inside cgroup_bpf_offline, cgroup_get() is at the beginning and\ncgroup_put is at the end of cgroup_bpf_release which is called by\ncgroup_bpf_offline. So cgroup_bpf_offline can keep the balance of\ncgroup's refcount." - }, - { - "lang": "es", - "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: cgroup: corrige la p\u00e9rdida de memoria causada por la falta de cgroup_bpf_offline Al habilitar CONFIG_CGROUP_BPF, se puede observar kmemleak ejecutando el siguiente comando: $mount -t cgroup -o none,name=foo cgroup cgroup / $umount cgroup/ objeto sin referencia 0xc3585c40 (tama\u00f1o 64): comm \"mount\", pid 425, sjiffies 4294959825 (edad 31.990s) volcado hexadecimal (primeros 32 bytes): 01 00 00 80 84 8c 28 c0 00 00 00 00 00 00 00 00 ......(....... 00 00 00 00 00 00 00 00 6c 43 a0 c3 00 00 00 00 ........lC...... retroceso : [] cgroup_bpf_inherit+0x44/0x24c [<1f03679c>] cgroup_setup_root+0x174/0x37c [] cgroup1_get_tree+0x2c0/0x4a0 [] 8 [] ruta_montaje+0x384/ 0x988 [] do_mount+0x64/0x9c [<208c9cfe>] sys_mount+0xfc/0x1f4 [<06dd06e0>] ret_fast_syscall+0x0/0x48 [] 0xbeb4daa8 Esto se debe a que desde El commit 2b0d3d3e4f cf (\"percpu_ref: reducir huella de memoria de percpu_ref en la ruta r\u00e1pida\") root_cgrp->bpf.refcnt.data es asignada por la funci\u00f3n percpu_ref_init en cgroup_bpf_inherit, que es llamada por cgroup_setup_root al montar, pero no se libera junto con root_cgrp al desmontar. Agregar cgroup_bpf_offline que llama a percpu_ref_kill a cgroup_kill_sb puede liberar root_cgrp->bpf.refcnt.data en la ruta de montaje. Este parche tambi\u00e9n corrige el commit 4bfc0bb2c60e (\"bpf: desacople la vida \u00fatil de cgroup_bpf del propio cgroup\"). Se necesita cgroup_bpf_offline para realizar una sanitizaci\u00f3n que libere los recursos asignados por cgroup_bpf_inherit en cgroup_setup_root. Y dentro de cgroup_bpf_offline, cgroup_get() est\u00e1 al principio y cgroup_put est\u00e1 al final de cgroup_bpf_release, que es llamado por cgroup_bpf_offline. Entonces cgroup_bpf_offline puede mantener el saldo del recuento de cgroup." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], "metrics": {}, - "references": [ - { - "url": "https://git.kernel.org/stable/c/01599bf7cc2b49c3d2be886cb438647dc25446ed", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/04f8ef5643bcd8bcde25dfdebef998aea480b2ba", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/b529f88d93884cf8ccafda793ee3d27b82fa578d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - } - ] + "references": [] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-07xx/CVE-2022-0788.json b/CVE-2022/CVE-2022-07xx/CVE-2022-0788.json index 72d85deb032..408e2f5c9e9 100644 --- a/CVE-2022/CVE-2022-07xx/CVE-2022-0788.json +++ b/CVE-2022/CVE-2022-07xx/CVE-2022-0788.json @@ -2,8 +2,9 @@ "id": "CVE-2022-0788", "sourceIdentifier": "contact@wpscan.com", "published": "2022-06-08T10:15:09.077", - "lastModified": "2024-11-21T06:39:23.920", + "lastModified": "2024-12-05T17:12:01.060", "vulnStatus": "Modified", + "cveTags": [], "descriptions": [ { "lang": "en", @@ -84,9 +85,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:wpmet:wp_fundraising_donation_and_crowdfunding_platform:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:wpmet:fundengine:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.5.0", - "matchCriteriaId": "9FE0C78E-E9F1-45BF-8F94-27A24E4FA134" + "matchCriteriaId": "3B20644E-0374-4A33-8613-21E431EC0336" } ] } diff --git a/CVE-2022/CVE-2022-411xx/CVE-2022-41137.json b/CVE-2022/CVE-2022-411xx/CVE-2022-41137.json new file mode 100644 index 00000000000..4689629aa64 --- /dev/null +++ b/CVE-2022/CVE-2022-411xx/CVE-2022-41137.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2022-41137", + "sourceIdentifier": "security@apache.org", + "published": "2024-12-05T10:15:04.450", + "lastModified": "2024-12-05T17:15:07.033", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Apache Hive\u00a0Metastore (HMS) uses\u00a0SerializationUtilities#deserializeObjectWithTypeInformation\u00a0method when filtering and fetching partitions that is unsafe and\u00a0can lead\u00a0to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data.\n\nIn real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish\u00a0a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/apache/hive", + "source": "security@apache.org" + }, + { + "url": "https://github.com/apache/hive/commit/60027bb9c91a93affcfebd9068f064bc1f2a74c9", + "source": "security@apache.org" + }, + { + "url": "https://issues.apache.org/jira/browse/HIVE-26539", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/jwtr3d9yovf2wo0qlxvkhoxnwxxyzgts", + "source": "security@apache.org" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/12/04/2", + "source": "af854a3a-2127-422b-91ae-364da2661108" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42860.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42860.json index 9670abb3a2e..eb6038bc1aa 100644 --- a/CVE-2022/CVE-2022-428xx/CVE-2022-42860.json +++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42860.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42860", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:10.647", - "lastModified": "2023-06-27T10:53:11.793", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T18:15:19.930", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] } ], "configurations": [ @@ -97,6 +107,30 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213488", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213493", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213494", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45439.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45439.json index 416d1e43637..2f2efe138c9 100644 --- a/CVE-2022/CVE-2022-454xx/CVE-2022-45439.json +++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45439.json @@ -2,8 +2,8 @@ "id": "CVE-2022-45439", "sourceIdentifier": "security@zyxel.com.tw", "published": "2023-01-17T02:15:09.427", - "lastModified": "2023-01-24T20:16:45.073", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-06T07:15:04.680", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -18,11 +18,13 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "security@zyxel.com.tw", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,39 +32,37 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 3.6 }, { - "source": "security@zyxel.com.tw", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", - "attackComplexity": "HIGH", + "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, - "exploitabilityScore": 1.6, + "exploitabilityScore": 2.8, "impactScore": 3.6 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "security@zyxel.com.tw", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,8 +71,8 @@ ] }, { - "source": "security@zyxel.com.tw", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "description": [ { "lang": "en", @@ -90,9 +90,10 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*", - "matchCriteriaId": "78473083-F702-4B81-AAA0-B66A0984FF6B" + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.17\\(abpc.3\\)c0", + "matchCriteriaId": "2052D047-7D2B-419F-BB98-110144616D7F" } ] }, @@ -101,10 +102,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*", - "versionEndExcluding": "5.17\\(abpc.3\\)c0", - "matchCriteriaId": "2052D047-7D2B-419F-BB98-110144616D7F" + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*", + "matchCriteriaId": "78473083-F702-4B81-AAA0-B66A0984FF6B" } ] } @@ -118,6 +118,13 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-wifi-credentials-and-improper-symbolic-links-of-ftp-for-ax7501-b0-cpe", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45441.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45441.json index b1a65250513..7bf210e2038 100644 --- a/CVE-2022/CVE-2022-454xx/CVE-2022-45441.json +++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45441.json @@ -2,8 +2,8 @@ "id": "CVE-2022-45441", "sourceIdentifier": "security@zyxel.com.tw", "published": "2023-02-07T02:15:07.967", - "lastModified": "2023-02-14T23:46:03.117", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-06T07:15:05.190", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -18,11 +18,13 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "security@zyxel.com.tw", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,39 +32,37 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 2.7 }, { - "source": "security@zyxel.com.tw", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", - "confidentialityImpact": "NONE", + "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "HIGH", - "baseScore": 8.2, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, - "impactScore": 4.7 + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "security@zyxel.com.tw", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,8 +71,8 @@ ] }, { - "source": "security@zyxel.com.tw", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "description": [ { "lang": "en", @@ -90,9 +90,10 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:zyxel:nbg-418n:v2:*:*:*:*:*:*:*", - "matchCriteriaId": "B864E108-4477-4D56-B635-95A4B5F86AE1" + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:nbg-418n_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.00\\(aarp.10\\)c0", + "matchCriteriaId": "4C634CD0-9066-41F5-83F5-AE3AB68A85F4" } ] }, @@ -101,10 +102,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:zyxel:nbg-418n_firmware:*:*:*:*:*:*:*:*", - "versionEndIncluding": "1.00\\(aarp.10\\)c0", - "matchCriteriaId": "4C634CD0-9066-41F5-83F5-AE3AB68A85F4" + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:nbg-418n:v2:*:*:*:*:*:*:*", + "matchCriteriaId": "B864E108-4477-4D56-B635-95A4B5F86AE1" } ] } @@ -118,6 +118,13 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-in-nbg-418n-v2-home-router", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46718.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46718.json index 799140a38df..1667ef4935e 100644 --- a/CVE-2022/CVE-2022-467xx/CVE-2022-46718.json +++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46718.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46718", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:10.743", - "lastModified": "2023-06-27T10:51:37.977", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T18:15:20.093", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] } ], "configurations": [ @@ -124,6 +134,38 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213531", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213532", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213533", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213534", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21175.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21175.json index 5b642787599..acf2b4d6e15 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21175.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21175.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21175", "sourceIdentifier": "security@android.com", "published": "2023-06-28T18:15:14.527", - "lastModified": "2023-06-30T19:09:31.007", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T16:15:20.097", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ @@ -71,6 +81,13 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21176.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21176.json index 6e5c8b594e3..61ca82f08f8 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21176.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21176.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21176", "sourceIdentifier": "security@android.com", "published": "2023-06-28T18:15:14.573", - "lastModified": "2023-06-30T19:12:04.187", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T16:15:20.230", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 4.4, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 0.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "CWE-400" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], "configurations": [ @@ -71,6 +81,13 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21187.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21187.json index a488fd18023..8cbcb31f9df 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21187.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21187.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21187", "sourceIdentifier": "security@android.com", "published": "2023-06-28T18:15:15.073", - "lastModified": "2023-07-05T20:16:39.883", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T16:15:20.347", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ @@ -71,6 +81,13 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21513.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21513.json index a1d0520145d..03c574acf91 100644 --- a/CVE-2023/CVE-2023-215xx/CVE-2023-21513.json +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21513.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21513", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-06-28T21:15:09.467", - "lastModified": "2023-07-06T21:23:49.590", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T16:15:20.473", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -14,11 +14,13 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "mobile.security@samsung.com", + "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,19 +28,19 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 6.8, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 0.9, - "impactScore": 5.9 + "impactScore": 5.2 }, { - "source": "mobile.security@samsung.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -46,16 +48,24 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 0.9, - "impactScore": 5.2 + "impactScore": 5.9 } ] }, "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + }, { "source": "nvd@nist.gov", "type": "Primary", @@ -67,12 +77,12 @@ ] }, { - "source": "mobile.security@samsung.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-269" + "value": "CWE-276" } ] } @@ -381,6 +391,13 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23516.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23516.json index d975c9bc98d..816caa2b4ff 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23516.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23516.json @@ -2,7 +2,7 @@ "id": "CVE-2023-23516", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:10.797", - "lastModified": "2023-07-27T04:15:14.380", + "lastModified": "2024-12-05T18:15:20.327", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ @@ -104,6 +114,30 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213603", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213604", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213605", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28191.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28191.json index ea6e3379000..f2049a9ac75 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28191.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28191.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28191", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.240", - "lastModified": "2023-07-27T04:15:22.380", + "lastModified": "2024-12-05T17:15:07.650", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] } ], "configurations": [ @@ -152,6 +162,54 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28202.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28202.json index 240a0d5fe04..a876674f661 100644 --- a/CVE-2023/CVE-2023-282xx/CVE-2023-28202.json +++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28202.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28202", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.290", - "lastModified": "2023-07-27T04:15:22.833", + "lastModified": "2024-12-05T17:15:07.837", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-640" + } + ] } ], "configurations": [ @@ -122,6 +132,38 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28826.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28826.json index f32a06206d4..b8b7feff938 100644 --- a/CVE-2023/CVE-2023-288xx/CVE-2023-28826.json +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28826.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28826", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.160", - "lastModified": "2024-03-13T23:15:45.693", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:30:17.053", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,35 +15,183 @@ "value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en iOS 16.7.6 y iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.6", + "matchCriteriaId": "E4D5AB12-A4B6-4456-A560-DD1FFE8E8CA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.6", + "matchCriteriaId": "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.4", + "matchCriteriaId": "A61173BD-535F-46FC-B40F-DA78B168E420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.5", + "matchCriteriaId": "69C4F06A-061F-46B3-8BB7-5C9B47C00956" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213984", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214082", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214083", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214085", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/kb/HT213984", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT213984", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214082", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214083", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214085", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT213984", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30902.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30902.json index 04b9ca51c2d..0013fe8a5f2 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30902.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30902.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30902", "sourceIdentifier": "security@trendmicro.com", "published": "2023-06-26T22:15:09.793", - "lastModified": "2023-06-30T14:15:33.933", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T15:15:06.587", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,23 +45,22 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ { "operator": "AND", "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", - "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" - } - ] - }, { "operator": "OR", "negate": false, @@ -78,6 +77,17 @@ "matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E" } ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] } ] } @@ -90,6 +100,14 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32351.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32351.json index 242f9d67980..1e023f5390c 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32351.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32351.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32351", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.383", - "lastModified": "2023-07-27T01:15:19.740", + "lastModified": "2024-12-05T17:15:08.357", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ @@ -73,6 +83,14 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213763", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32352.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32352.json index a8cdb3ab730..a0db2f23c81 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32352.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32352.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32352", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.427", - "lastModified": "2023-09-06T08:15:43.167", + "lastModified": "2024-12-05T17:15:08.470", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] } ], "configurations": [ @@ -142,6 +152,50 @@ { "url": "https://support.apple.com/kb/HT213761", "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/kb/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32353.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32353.json index ffc1e07dad7..062407fd964 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32353.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32353.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32353", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.470", - "lastModified": "2023-07-27T04:15:23.283", + "lastModified": "2024-12-05T16:15:20.873", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] } ], "configurations": [ @@ -73,6 +83,14 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213763", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32355.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32355.json index 0876eb8859e..e39df196638 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32355.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32355.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32355", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.553", - "lastModified": "2023-07-27T04:15:23.467", + "lastModified": "2024-12-05T16:15:21.057", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], "configurations": [ @@ -104,6 +114,30 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32357.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32357.json index e6d1ace9b8d..2e113840220 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32357.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32357.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32357", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.600", - "lastModified": "2023-07-27T04:15:23.567", + "lastModified": "2024-12-05T17:15:08.620", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 7.1, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 5.2 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ @@ -152,6 +162,54 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json index 46d8b33df29..da8d8e7b69e 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32360", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.647", - "lastModified": "2023-09-30T20:15:10.103", + "lastModified": "2024-12-05T17:15:08.780", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ @@ -108,6 +118,34 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32363.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32363.json index 5f98c556caf..69b47897503 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32363.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32363.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32363", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.693", - "lastModified": "2023-07-27T04:15:23.753", + "lastModified": "2024-12-05T17:15:08.917", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ @@ -73,6 +83,14 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32369.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32369.json index f62e7ba8e80..07a8d8053c5 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32369.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32369.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32369", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.870", - "lastModified": "2023-07-27T04:15:24.553", + "lastModified": "2024-12-05T21:15:06.850", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", + "baseScore": 6.0, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -26,9 +28,27 @@ "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", "baseScore": 6.0, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.5, "impactScore": 4.0 @@ -104,6 +124,30 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32371.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32371.json index 46acae3958b..f19320645e6 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32371.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32371.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32371", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.917", - "lastModified": "2023-07-27T04:15:24.877", + "lastModified": "2024-12-05T22:15:19.457", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,27 @@ "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "baseScore": 6.3, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 4.0 @@ -94,6 +114,22 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32372.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32372.json index cc7020ce2db..a154a261a72 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32372.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32372.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32372", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.963", - "lastModified": "2023-07-27T04:15:25.130", + "lastModified": "2024-12-05T22:15:19.630", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ @@ -122,6 +152,38 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32375.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32375.json index 164613bdc9d..27e5db22c80 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32375.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32375.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32375", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:12.050", - "lastModified": "2023-07-27T04:15:25.630", + "lastModified": "2024-12-05T22:15:19.837", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ @@ -89,6 +119,22 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32385.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32385.json index 188e5c1fd8a..10dc2788548 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32385.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32385.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32385", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:12.283", - "lastModified": "2023-07-27T04:15:27.267", + "lastModified": "2024-12-05T17:15:09.087", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], "configurations": [ @@ -93,6 +103,22 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32386.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32386.json index b7ea76774a3..7e9d5ef7a5e 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32386.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32386.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32386", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:12.333", - "lastModified": "2023-07-27T04:15:27.467", + "lastModified": "2024-12-05T17:15:09.213", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 1.4 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ @@ -104,6 +114,30 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32388.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32388.json index e251c70757c..27cb8025731 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32388.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32388.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32388", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:12.417", - "lastModified": "2023-07-27T04:15:28.020", + "lastModified": "2024-12-05T17:15:09.420", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], "configurations": [ @@ -140,6 +150,34 @@ { "url": "https://support.apple.com/en-us/HT213765", "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32389.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32389.json index ad09a1ca0a5..d0d100f544c 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32389.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32389.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32389", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:12.467", - "lastModified": "2023-07-27T04:15:28.263", + "lastModified": "2024-12-05T17:15:09.557", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ @@ -122,6 +132,38 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32390.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32390.json index e34c6612809..3b9e2b9cdf1 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32390.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32390.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32390", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:12.510", - "lastModified": "2023-09-06T08:15:43.340", + "lastModified": "2024-12-05T17:15:09.690", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 2.4, - "baseSeverity": "LOW" + "availabilityImpact": "NONE" }, "exploitabilityScore": 0.9, "impactScore": 1.4 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ @@ -112,6 +122,34 @@ { "url": "https://support.apple.com/kb/HT213761", "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/kb/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32391.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32391.json index a69d7691c83..9ef0ff6a005 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32391.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32391.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32391", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:12.557", - "lastModified": "2023-09-06T08:15:43.410", + "lastModified": "2024-12-05T16:15:21.210", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 4.6, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 0.9, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ @@ -134,6 +144,42 @@ { "url": "https://support.apple.com/kb/HT213761", "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/kb/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32395.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32395.json index a44f1fde249..50bd63a2a24 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32395.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32395.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32395", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:12.703", - "lastModified": "2023-07-27T04:15:29.920", + "lastModified": "2024-12-05T16:15:21.483", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ @@ -104,6 +114,30 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32397.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32397.json index fbd46176607..8a4e402a9f3 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32397.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32397.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32397", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:12.743", - "lastModified": "2023-07-27T04:15:30.267", + "lastModified": "2024-12-05T16:15:21.610", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ @@ -124,6 +134,38 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32399.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32399.json index fec36e7ebf4..d1c42c76790 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32399.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32399.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32399", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:12.827", - "lastModified": "2023-07-27T04:15:30.837", + "lastModified": "2024-12-05T16:15:21.827", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ @@ -122,6 +132,38 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32400.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32400.json index 8abd3871474..a02fefb406f 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32400.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32400.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32400", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:12.870", - "lastModified": "2023-09-06T08:15:43.573", + "lastModified": "2024-12-05T16:15:21.970", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], "configurations": [ @@ -112,6 +122,34 @@ { "url": "https://support.apple.com/kb/HT213761", "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/kb/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32403.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32403.json index e0a6833da5d..98b49723c3d 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32403.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32403.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32403", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:12.960", - "lastModified": "2023-07-27T04:15:31.420", + "lastModified": "2024-12-05T16:15:22.207", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ @@ -174,6 +184,62 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32404.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32404.json index 0bbaf36ae4c..6fd8756af6c 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32404.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32404.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32404", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:13.007", - "lastModified": "2023-09-06T08:15:43.653", + "lastModified": "2024-12-05T16:15:22.363", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ @@ -114,6 +124,34 @@ { "url": "https://support.apple.com/kb/HT213761", "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/kb/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32405.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32405.json index e07ca267217..74e6ccd92e2 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32405.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32405.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32405", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:13.047", - "lastModified": "2023-07-27T04:15:32.337", + "lastModified": "2024-12-05T16:15:22.507", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ @@ -104,6 +114,30 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32407.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32407.json index 37ad6a80367..5c53dd02553 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32407.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32407.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32407", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:13.093", - "lastModified": "2023-07-27T04:15:32.750", + "lastModified": "2024-12-05T16:15:22.650", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ @@ -179,6 +189,62 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32414.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32414.json index 0984015598b..79a18b19112 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32414.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32414.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32414", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:13.417", - "lastModified": "2023-07-27T04:15:35.130", + "lastModified": "2024-12-05T17:15:09.813", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 8.6, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.6, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 6.0 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] } ], "configurations": [ @@ -74,6 +84,14 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32415.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32415.json index df96bfed38e..224a7cacdd4 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32415.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32415.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32415", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:13.457", - "lastModified": "2023-07-27T04:15:35.437", + "lastModified": "2024-12-05T16:15:22.807", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-922" + } + ] } ], "configurations": [ @@ -110,6 +120,30 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32525.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32525.json index 8fe829dedf5..f3f687eff6a 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32525.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32525.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32525", "sourceIdentifier": "security@trendmicro.com", "published": "2023-06-26T22:15:10.183", - "lastModified": "2023-06-30T18:27:37.413", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T15:15:06.853", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 3.6 @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] } ], "configurations": [ @@ -80,6 +90,22 @@ "Third Party Advisory", "VDB Entry" ] + }, + { + "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-589/", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34672.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34672.json index 8ab2ad8ce54..82d5514d0af 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34672.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34672.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34672", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-23T19:15:09.097", - "lastModified": "2023-07-03T20:00:19.827", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T15:15:07.333", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -19,6 +19,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -26,9 +28,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 @@ -45,6 +45,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], "configurations": [ @@ -91,6 +101,21 @@ "Exploit", "Third Party Advisory" ] + }, + { + "url": "http://elenos.com", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] + }, + { + "url": "https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34672", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36664.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36664.json index 3bdbc73038b..fe5784e1781 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36664.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36664.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36664", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-25T22:15:21.463", - "lastModified": "2023-11-07T04:16:40.113", + "lastModified": "2024-12-05T15:15:07.693", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -49,6 +49,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] } ], "configurations": [ @@ -144,6 +154,41 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=706761", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] + }, + { + "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://security.gentoo.org/glsa/202309-03", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://www.debian.org/security/2023/dsa-5446", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42834.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42834.json index be67257156d..aad41444259 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42834.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42834.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42834", "sourceIdentifier": "product-security@apple.com", "published": "2024-02-21T07:15:47.977", - "lastModified": "2024-11-06T15:35:05.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T02:57:06.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,35 +52,144 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 6.2, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.5, "impactScore": 3.6 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.1", + "matchCriteriaId": "0B5787E4-1911-4926-9D81-492EFB438954" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.1", + "matchCriteriaId": "434A55CA-5660-4F40-B4A2-5ABAF4CA7263" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.2", + "matchCriteriaId": "81F8AB85-34DB-4536-ADDE-D0EB5DEBFD85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.3", + "matchCriteriaId": "E270DF97-8603-42D8-A31C-FCD89A7D2F1E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.1", + "matchCriteriaId": "F88E7355-ECFB-4EB0-9579-0C954C25355F" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213982", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213984", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213988", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214037", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214038", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213982", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213984", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213988", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214037", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214038", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42952.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42952.json index 57c15db5f47..08004ba79c7 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42952.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42952.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42952", "sourceIdentifier": "product-security@apple.com", "published": "2024-02-21T07:15:51.510", - "lastModified": "2024-02-22T19:07:27.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T19:56:22.987", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,141 @@ "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. Una aplicaci\u00f3n con privilegios de root puede acceder a informaci\u00f3n privada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.1", + "matchCriteriaId": "0B5787E4-1911-4926-9D81-492EFB438954" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.1", + "matchCriteriaId": "434A55CA-5660-4F40-B4A2-5ABAF4CA7263" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.1", + "matchCriteriaId": "BA796DD3-80AF-4E65-8080-EC309577F00D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.3", + "matchCriteriaId": "E270DF97-8603-42D8-A31C-FCD89A7D2F1E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213982", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213983", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213984", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214038", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213982", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213983", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213984", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214038", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42953.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42953.json index eb33db0c8ba..41d9ebf208b 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42953.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42953.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42953", "sourceIdentifier": "product-security@apple.com", "published": "2024-02-21T07:15:51.717", - "lastModified": "2024-11-07T16:35:10.020", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T19:52:16.060", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,31 +52,122 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.1", + "matchCriteriaId": "0B5787E4-1911-4926-9D81-492EFB438954" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.1", + "matchCriteriaId": "434A55CA-5660-4F40-B4A2-5ABAF4CA7263" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.1", + "matchCriteriaId": "6B71C095-CFB3-42E1-8582-0AD365DA7855" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.1", + "matchCriteriaId": "F88E7355-ECFB-4EB0-9579-0C954C25355F" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213982", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213984", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213987", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213988", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT213982", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213984", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213987", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213988", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45727.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45727.json index 86f8221f304..9eefa5e59d7 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45727.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45727.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45727", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-10-18T10:15:08.643", - "lastModified": "2024-12-04T02:00:02.410", - "vulnStatus": "Modified", + "lastModified": "2024-12-06T02:00:01.520", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { @@ -62,7 +62,7 @@ "cisaExploitAdd": "2024-12-03", "cisaActionDue": "2024-12-24", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "cisaVulnerabilityName": "North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability", + "cisaVulnerabilityName": "North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability", "weaknesses": [ { "source": "nvd@nist.gov", diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48010.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48010.json new file mode 100644 index 00000000000..ef9386df6d3 --- /dev/null +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48010.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2023-48010", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T20:15:20.260", + "lastModified": "2024-12-05T20:15:20.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://plaxidityx.com/blog/blog-post/is-your-memory-protecteduncovering-hidden-vulnerabilities-in-automotive-mpu-mechanisms/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.st.com/resource/en/reference_manual/rm0452-spc58-h-line--32-bit-power-architecture-automotive-mcu-triple-z4-cores-200-mhz-10-mbytes-flash-hsm-asild-stmicroelectronics.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49987.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49987.json index ea30864e16a..a6fcb5eafb6 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49987.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49987.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49987", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-07T01:15:51.980", - "lastModified": "2024-03-07T13:52:27.110", + "lastModified": "2024-12-05T20:15:20.770", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en el componente /management/term de School Fees Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro tname." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://github.com/geraldoalcantara/CVE-2023-49987", @@ -24,6 +59,14 @@ { "url": "https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/geraldoalcantara/CVE-2023-49987", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50913.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50913.json new file mode 100644 index 00000000000..c5716ccaa7b --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50913.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2023-50913", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T20:15:20.983", + "lastModified": "2024-12-05T20:15:20.983", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Oxide control plane software before 5 allows SSRF." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://docs.oxide.computer/security/advisories/20231215-1", + "source": "cve@mitre.org" + }, + { + "url": "https://oxide.computer", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52357.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52357.json index 93a8b4a9bc8..6422b025660 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52357.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52357.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52357", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T03:15:08.590", - "lastModified": "2024-02-20T19:50:53.960", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T20:15:21.220", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { @@ -15,7 +15,42 @@ "value": "Vulnerabilidad de discrepancia entre serializaci\u00f3n y deserializaci\u00f3n en el framework de vibraci\u00f3n. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la disponibilidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/2/", @@ -24,6 +59,14 @@ { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405", "source": "psirt@huawei.com" + }, + { + "url": "https://consumer.huawei.com/en/support/bulletin/2024/2/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6110.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6110.json index e66bcab42fd..c1ca78d6769 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6110.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6110.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6110", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-17T11:15:06.097", - "lastModified": "2024-11-18T17:11:17.393", + "lastModified": "2024-12-05T21:15:07.010", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,15 +32,25 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "LOW", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "LOW" }, "exploitabilityScore": 2.1, "impactScore": 3.4 } ] }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-237" + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2024:2737", diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0258.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0258.json index d06fd1f8055..2178c1bc1b5 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0258.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0258.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0258", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.293", - "lastModified": "2024-08-27T18:35:03.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T17:02:34.657", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -30,43 +52,166 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.2, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.5, "impactScore": 6.0 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.4", + "matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214086", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214088", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/24", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214086", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214088", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10056.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10056.json new file mode 100644 index 00000000000..a5956feba3d --- /dev/null +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10056.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-10056", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-05T10:31:38.303", + "lastModified": "2024-12-05T10:31:38.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3200766/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/contact-form-with-a-meeting-scheduler-by-vcita/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d1b419c-2276-415d-8c54-15da9125c442?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10178.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10178.json new file mode 100644 index 00000000000..69b23bc28e4 --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10178.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-10178", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-05T05:15:06.613", + "lastModified": "2024-12-05T05:15:06.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3199233%40gutentor%2Ftrunk&old=3179242%40gutentor%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/gutentor/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17ecebfd-b07f-415f-892f-e069ab84031a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10247.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10247.json new file mode 100644 index 00000000000..fc3a22fc349 --- /dev/null +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10247.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-10247", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T04:15:04.190", + "lastModified": "2024-12-06T04:15:04.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Video Gallery \u2013 Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://packetstormsecurity.com/files/179387/WordPress-Video-Gallery-YouTube-Gallery-And-Vimeo-Gallery-2.3.6-SQL-Injection.html", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/gallery-videos/trunk/admin/class-tsvg-list.php#L15", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3200979/gallery-videos/trunk/admin/class-tsvg-list.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5524582-5aac-48b4-ad67-7c4829d63ed0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10320.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10320.json new file mode 100644 index 00000000000..46a1c48172d --- /dev/null +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10320.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10320", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:04.710", + "lastModified": "2024-12-06T09:15:04.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/cookielay/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e014aa5-4fdf-458b-a975-e3ced7186dc2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-104xx/CVE-2024-10480.json b/CVE-2024/CVE-2024-104xx/CVE-2024-10480.json new file mode 100644 index 00000000000..9cee712454c --- /dev/null +++ b/CVE-2024/CVE-2024-104xx/CVE-2024-10480.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-10480", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-12-06T06:15:19.270", + "lastModified": "2024-12-06T06:15:19.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/725ac766-c849-49d6-a968-58fcc2e134c8/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10551.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10551.json new file mode 100644 index 00000000000..ab1739989d6 --- /dev/null +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10551.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-10551", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-12-06T06:15:22.090", + "lastModified": "2024-12-06T06:15:22.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/cd1aea4a-e5a6-4f87-805d-459b293bbf28/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10578.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10578.json new file mode 100644 index 00000000000..1cf506a0389 --- /dev/null +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10578.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-10578", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T06:15:22.200", + "lastModified": "2024-12-06T06:15:22.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://themes.trac.wordpress.org/browser/pubnews/1.0.7/inc/admin/admin.php#L1017", + "source": "security@wordfence.com" + }, + { + "url": "https://themes.trac.wordpress.org/changeset/250743/pubnews/1.0.8?contextall=1&old=245552&old_path=%2Fpubnews%2F1.0.7", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7eaa0117-5320-431f-b3d2-05a867901528?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10689.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10689.json new file mode 100644 index 00000000000..1301e65cddc --- /dev/null +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10689.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10689", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:05.033", + "lastModified": "2024-12-06T09:15:05.033", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The XLTab \u2013 Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3190826%40xl-tab&new=3190826%40xl-tab&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dbf8c216-aedd-4db9-aaa4-61bc0d7850cb?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10692.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10692.json new file mode 100644 index 00000000000..8c0800e7422 --- /dev/null +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10692.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10692", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:05.190", + "lastModified": "2024-12-06T09:15:05.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3203205/powerpack-lite-for-elementor/tags/2.8.2/modules/content-reveal/widgets/content-reveal.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d073d9df-0636-4884-b5d0-e2da779e5edf?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10716.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10716.json new file mode 100644 index 00000000000..9e24e17a4a7 --- /dev/null +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10716.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-10716", + "sourceIdentifier": "security@pega.com", + "published": "2024-12-05T16:15:23.767", + "lastModified": "2024-12-05T16:15:23.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@pega.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@pega.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://support.pega.com/support-doc/pega-security-advisory-e24-vulnerability-remediation-note", + "source": "security@pega.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10777.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10777.json new file mode 100644 index 00000000000..dee67a6a1fc --- /dev/null +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10777.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10777", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-05T10:31:38.960", + "lastModified": "2024-12-05T10:31:38.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3198665%40anywhere-elementor&new=3198665%40anywhere-elementor&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2138634-c149-4fd1-a33d-351bbf633ea3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10836.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10836.json new file mode 100644 index 00000000000..e56a6077ce6 --- /dev/null +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10836.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-10836", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T04:15:05.037", + "lastModified": "2024-12-06T04:15:05.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://themes.trac.wordpress.org/browser/flixita/1.0.76/core/customizer/customizer-notice/flixita-customizer-notify.php#L147", + "source": "security@wordfence.com" + }, + { + "url": "https://themes.trac.wordpress.org/browser/flixita/1.0.76/core/customizer/customizer-notice/flixita-customizer-notify.php#L188", + "source": "security@wordfence.com" + }, + { + "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=250697%40flixita%2F1.0.83&old=250119%40flixita%2F1.0.82", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/themes/flixita/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/131b5d57-2af1-4cc5-8b4e-019a050c3bb8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10848.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10848.json new file mode 100644 index 00000000000..6e855113e73 --- /dev/null +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10848.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10848", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-05T10:31:39.120", + "lastModified": "2024-12-05T10:31:39.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=250663%40newsmunch&new=250663%40newsmunch&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a2b0ff4-9471-4fd0-ac1a-ed5b7b4af4ff?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10849.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10849.json new file mode 100644 index 00000000000..a1ab0b77a48 --- /dev/null +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10849.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10849", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:05.350", + "lastModified": "2024-12-06T09:15:05.350", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=250662%40newsmash&new=250662%40newsmash&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb30dac-e0f3-43dd-a20d-9af6c7af3cb4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10879.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10879.json new file mode 100644 index 00000000000..92b19c0064a --- /dev/null +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10879.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-10879", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:05.507", + "lastModified": "2024-12-06T09:15:05.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ForumWP \u2013 Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.0/includes/admin/class-emails-list-table.php#L156", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.0/includes/admin/class-emails-list-table.php#L178", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10b3256b-5271-44b8-ab4d-05156d4f674b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10881.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10881.json new file mode 100644 index 00000000000..e89650118fa --- /dev/null +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10881.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10881", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-05T04:15:03.937", + "lastModified": "2024-12-05T04:15:03.937", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://radioplayer.luna-universe.com/update/#release-notes", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ed8a7f8-1af3-4b41-bfaf-fd1c35baa867?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10933.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10933.json new file mode 100644 index 00000000000..83bb0d4dc12 --- /dev/null +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10933.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-10933", + "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", + "published": "2024-12-05T20:15:21.417", + "lastModified": "2024-12-05T20:15:21.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.3, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sig", + "source": "9119a7d8-5eab-497f-8521-727c672e3725" + }, + { + "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/009_readdir.patch.sig", + "source": "9119a7d8-5eab-497f-8521-727c672e3725" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10937.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10937.json new file mode 100644 index 00000000000..26eae88791f --- /dev/null +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10937.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10937", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-05T09:15:04.377", + "lastModified": "2024-12-05T09:15:04.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3199720%40related-post%2Ftrunk&old=3126666%40related-post%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/85f7c69d-0b48-47af-9451-3cfd4326ffe5?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10961.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10961.json index 8f56f933762..fb434cfc024 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10961.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10961.json @@ -2,19 +2,24 @@ "id": "CVE-2024-10961", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-23T04:15:08.470", - "lastModified": "2024-11-23T04:15:08.470", - "vulnStatus": "Received", + "lastModified": "2024-12-06T01:15:16.933", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token." + }, + { + "lang": "es", + "value": "El complemento Social Login para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en todas las versiones hasta la 5.9.0 incluida. Esto se debe a que la verificaci\u00f3n del usuario que devuelve el token de inicio de sesi\u00f3n social es insuficiente. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador, si tienen acceso al correo electr\u00f3nico y el usuario no tiene una cuenta ya existente para el servicio que devuelve el token." } ], "metrics": { "cvssMetricV31": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -37,7 +42,7 @@ "weaknesses": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -47,6 +52,10 @@ } ], "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3201046/", + "source": "security@wordfence.com" + }, { "url": "https://wordpress.org/plugins/oa-social-login/", "source": "security@wordfence.com" diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11120.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11120.json index 87fa17e8669..a0f7935ce6f 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11120.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11120.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11120", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-15T02:15:17.757", - "lastModified": "2024-11-15T13:58:08.913", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:30:58.490", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "twcert@cert.org.tw", @@ -26,10 +26,12 @@ "cvssMetricV31": [ { "source": "twcert@cert.org.tw", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -37,9 +39,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 @@ -49,7 +49,7 @@ "weaknesses": [ { "source": "twcert@cert.org.tw", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -58,14 +58,157 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:geovision:gv-vs12_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C78AF1F-A287-4282-84F4-E6087250EEFE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:geovision:gv-vs12:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5A129787-4673-4701-933C-BD5365B61A53" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:geovision:gv-vs11_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EF1E4228-CE1E-4BAA-ADE8-F045B7A0B958" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:geovision:gv-vs11:-:*:*:*:*:*:*:*", + "matchCriteriaId": "42E883F3-769C-4266-B75C-98CCB217471C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8A816357-E53E-45DB-8655-2168D9B81F9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:geovision:gv-dsp_lpr:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "43C96B07-009A-44F1-97A4-91A4EC11B8CA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F102B6E2-FF3F-4A1A-B133-E06567EE6653" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CC0F181D-09E9-43CF-93A5-DA699F4436C5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F102B6E2-FF3F-4A1A-B133-E06567EE6653" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3699699F-80E7-44C8-8564-1448704BCCE0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11148.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11148.json new file mode 100644 index 00000000000..4b9ad1977b4 --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11148.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-11148", + "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", + "published": "2024-12-05T20:15:21.577", + "lastModified": "2024-12-05T20:15:21.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "YES", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/020_httpd.patch.sig", + "source": "9119a7d8-5eab-497f-8521-727c672e3725" + }, + { + "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/006_httpd.patch.sig", + "source": "9119a7d8-5eab-497f-8521-727c672e3725" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11149.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11149.json new file mode 100644 index 00000000000..4dae193f913 --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11149.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-11149", + "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", + "published": "2024-12-06T02:15:18.127", + "lastModified": "2024-12-06T02:15:18.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NO", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 5.3 + } + ] + }, + "references": [ + { + "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/014_vmm.patch.sig", + "source": "9119a7d8-5eab-497f-8521-727c672e3725" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11155.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11155.json new file mode 100644 index 00000000000..58afb551ab7 --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11155.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11155", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2024-12-05T18:15:20.933", + "lastModified": "2024-12-05T18:15:20.933", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A \u201cuse after free\u201d code execution vulnerability exists in the Rockwell Automation\u00a0Arena\u00ae that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11156.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11156.json new file mode 100644 index 00000000000..93ebd48f3cc --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11156.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11156", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2024-12-05T18:15:21.103", + "lastModified": "2024-12-05T18:15:21.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An \u201cout of bounds write\u201d code execution vulnerability exists in the\n\nRockwell Automation Arena\u00ae\n\n that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11158.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11158.json new file mode 100644 index 00000000000..2a4b277e44d --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11158.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11158", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2024-12-05T18:15:21.243", + "lastModified": "2024-12-05T18:15:21.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An \u201cuninitialized variable\u201d code execution vulnerability exists in the \n\nRockwell Automation Arena\u00ae\n\n that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-665" + } + ] + } + ], + "references": [ + { + "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11178.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11178.json new file mode 100644 index 00000000000..5474f3b01b4 --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11178.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11178", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T07:15:05.460", + "lastModified": "2024-12-06T07:15:05.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there\u2019s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/otp-login/tags/1.4.2/lib/otpl-class.php#L293", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/otp-login/tags/1.4.2/lib/otpl-class.php#L317", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3775d48-5985-475e-8fb9-c4c5fd044772?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11201.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11201.json new file mode 100644 index 00000000000..19136608484 --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11201.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-11201", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T06:15:22.533", + "lastModified": "2024-12-06T06:15:22.533", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/mycred/tags/2.7.5/includes/shortcodes/mycred_send.php#L63", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3203071/mycred/trunk/includes/shortcodes/mycred_send.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/mycred/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d1d9bee-4afa-44cc-8e7a-8a73ad018c4a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11204.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11204.json new file mode 100644 index 00000000000..d5d5e2631e5 --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11204.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11204", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:05.667", + "lastModified": "2024-12-06T09:15:05.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ForumWP \u2013 Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.1/includes/admin/class-columns.php#L313", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/forumwp/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd11abe3-8307-492b-beef-242fb21a4206?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11276.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11276.json new file mode 100644 index 00000000000..ee407397ed6 --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11276.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11276", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:05.827", + "lastModified": "2024-12-06T09:15:05.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3202588%40woo-pdf-invoice-builder&new=3202588%40woo-pdf-invoice-builder&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f21a86b-52f4-4563-afce-32f1949ce5a1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11292.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11292.json new file mode 100644 index 00000000000..6f09ac2bd25 --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11292.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11292", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:05.993", + "lastModified": "2024-12-06T09:15:05.993", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/wp-private-content-plus/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30c46b91-e371-480f-943a-3906d8b6bbba?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11316.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11316.json new file mode 100644 index 00000000000..3683a5714b6 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11316.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-11316", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:04.863", + "lastModified": "2024-12-05T13:15:04.863", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11317.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11317.json new file mode 100644 index 00000000000..f97b77ab46f --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11317.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-11317", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:05.747", + "lastModified": "2024-12-05T13:15:05.747", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11323.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11323.json new file mode 100644 index 00000000000..912ff0d69a3 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11323.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11323", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:06.157", + "lastModified": "2024-12-06T09:15:06.157", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ai-quiz/tags/1.1/functions.php#L688", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53591a3b-8a99-40e2-8145-1d7785bcbab4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11324.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11324.json new file mode 100644 index 00000000000..f3b7163cba7 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11324.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11324", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-05T10:31:39.313", + "lastModified": "2024-12-05T10:31:39.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/accounting-for-woocommerce/tags/stable/views/export.php#L46", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3201725/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f34b7518-5cb3-4b4e-8b18-927c08c045f7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11336.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11336.json new file mode 100644 index 00000000000..f1138e5686f --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11336.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11336", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:06.323", + "lastModified": "2024-12-06T09:15:06.323", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing or incorrect nonce validation via the cs_menu page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/clickbank-storefront/trunk/admin.inc.php#L700", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57789905-1e08-41c5-bfda-b1d6d33de4c0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11339.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11339.json new file mode 100644 index 00000000000..15c24cde935 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11339.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11339", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:06.497", + "lastModified": "2024-12-06T09:15:06.497", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's\r\n'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/smart-popup-blaster/trunk/admin/shortcodes.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e10f391a-6663-4222-8266-ab911c588b76?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11341.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11341.json new file mode 100644 index 00000000000..da121155b9f --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11341.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11341", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-05T10:31:39.520", + "lastModified": "2024-12-05T10:31:39.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3201717/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fa84344-8672-43e1-a430-094021f7366f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11352.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11352.json new file mode 100644 index 00000000000..5a08f687f72 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11352.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11352", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:06.650", + "lastModified": "2024-12-06T09:15:06.650", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/twentytwenty/tags/1.0.1/public/class-twentytwenty.php#L271", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/twentytwenty/tags/1.0.1/public/class-twentytwenty.php#L77", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f805982-1141-4e28-b28c-93483646cf99?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11368.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11368.json new file mode 100644 index 00000000000..9a5bf66697c --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11368.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11368", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:06.810", + "lastModified": "2024-12-06T09:15:06.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/splash-connector/tags/2.0.6/includes/class-splash-wordpress-settings.php#L259", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5be1cfcf-26f1-47d8-a48c-d9f385eb031a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11379.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11379.json new file mode 100644 index 00000000000..984253eaf45 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11379.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11379", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T05:15:05.813", + "lastModified": "2024-12-06T05:15:05.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'do_check' parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/threewp-broadcast/trunk/src/maintenance/controller.php#L55", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3200309/threewp-broadcast/trunk/src/maintenance/controller.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e9bf506f-17b1-4ec3-87ce-1ed78db6fb0b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11420.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11420.json new file mode 100644 index 00000000000..468332eaa60 --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11420.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11420", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-05T10:31:39.750", + "lastModified": "2024-12-05T10:31:39.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://themes.trac.wordpress.org/changeset/249744/blocksy/2.0.78/inc/components/contacts-box.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/02ad47d5-f011-4e0a-af29-088852d1e886?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11429.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11429.json new file mode 100644 index 00000000000..7dd421b2663 --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11429.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11429", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-05T06:15:19.090", + "lastModified": "2024-12-05T06:15:19.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews \u2013 Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/stars-testimonials-with-slider-and-masonry-grid/tags/3.3.2/plugin.class.php#L1368", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/stars-testimonials-with-slider-and-masonry-grid/trunk/plugin.class.php#L1368", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68250b6c-22c8-494f-b0b0-62b80cc4de0c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11444.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11444.json new file mode 100644 index 00000000000..d8c43440d31 --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11444.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11444", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:06.977", + "lastModified": "2024-12-06T09:15:06.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for unauthenticated attackers to delete modules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/cluevo-lms/tags/1.13.2/functions/functions.module-management.inc.php#L925", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cluevo-lms/tags/1.13.2/functions/functions.module-management.inc.php#L928", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a3056d4-5ee9-4b31-9ef8-0e55f470ad23?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11450.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11450.json new file mode 100644 index 00000000000..0ad2d5c9903 --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11450.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11450", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:07.137", + "lastModified": "2024-12-06T09:15:07.137", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3200917%40onlyoffice&new=3200917%40onlyoffice", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80b71264-5b0f-41cb-86c1-a052d1976597?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11585.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11585.json new file mode 100644 index 00000000000..d787a93b86f --- /dev/null +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11585.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11585", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T06:15:22.723", + "lastModified": "2024-12-06T06:15:22.723", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-hide-security-enhancer/tags/2.5.1/router/file-process.php#L43", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43c7056e-39d8-467e-92ec-33a31e5dafc9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11667.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11667.json index 81002dabdaa..baf9aa1a162 100644 --- a/CVE-2024/CVE-2024-116xx/CVE-2024-11667.json +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11667.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11667", "sourceIdentifier": "security@zyxel.com.tw", "published": "2024-11-27T10:15:04.210", - "lastModified": "2024-12-04T02:00:02.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T18:41:12.113", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -55,10 +75,196 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.00", + "versionEndIncluding": "5.38", + "matchCriteriaId": "18B592F1-F584-4573-AD75-398CE03F6627" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "788B28B2-E2EE-4D98-8862-15B121009B6E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.00", + "versionEndIncluding": "5.38", + "matchCriteriaId": "18B592F1-F584-4573-AD75-398CE03F6627" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4EDCC3C-8EE5-43D3-8739-34987F025DF2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03036815-04AE-4E39-8310-DA19A32CFA48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndIncluding": "5.38", + "matchCriteriaId": "CBEE7B76-74EB-4570-9A5B-071BA9E36DB9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndIncluding": "5.38", + "matchCriteriaId": "CBEE7B76-74EB-4570-9A5B-071BA9E36DB9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024", - "source": "security@zyxel.com.tw" + "source": "security@zyxel.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11687.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11687.json new file mode 100644 index 00000000000..76a3b625454 --- /dev/null +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11687.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11687", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:07.303", + "lastModified": "2024-12-06T09:15:07.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Next-Cart Store to WooCommerce Migration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3202036%40nextcart-woocommerce-migration&new=3202036%40nextcart-woocommerce-migration&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abcebcdb-e22a-4b6c-86db-f95b00260446?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11779.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11779.json new file mode 100644 index 00000000000..c053cd0c3ad --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11779.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-11779", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-05T10:31:39.980", + "lastModified": "2024-12-05T10:31:39.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wip-woocarousel-lite/trunk/shortcode/products_carousel.php#L52", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3199039/wip-woocarousel-lite/trunk/shortcode/products_carousel.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wip-woocarousel-lite", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50721265-dbbf-4032-a8d6-9cf42a986c0d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11823.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11823.json new file mode 100644 index 00000000000..4b9704c906a --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11823.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11823", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:07.463", + "lastModified": "2024-12-06T09:15:07.463", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/folder-gallery/trunk/foldergallery.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/folder-gallery/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4521959-416e-4ff5-96c0-bc4dbb0187b7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11941.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11941.json new file mode 100644 index 00000000000..c115f20ba7c --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11941.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-11941", + "sourceIdentifier": "mlhess@drupal.org", + "published": "2024-12-05T15:15:08.340", + "lastModified": "2024-12-05T16:15:23.893", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mlhess@drupal.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "references": [ + { + "url": "https://www.drupal.org/sa-core-2024-001", + "source": "mlhess@drupal.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11942.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11942.json new file mode 100644 index 00000000000..77ca12668bd --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11942.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-11942", + "sourceIdentifier": "mlhess@drupal.org", + "published": "2024-12-05T15:15:08.457", + "lastModified": "2024-12-05T16:15:24.033", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mlhess@drupal.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-390" + } + ] + } + ], + "references": [ + { + "url": "https://www.drupal.org/sa-core-2024-002", + "source": "mlhess@drupal.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12003.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12003.json new file mode 100644 index 00000000000..0db9c84c12e --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12003.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12003", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:07.630", + "lastModified": "2024-12-06T09:15:07.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generate_wp_system_page_content() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-system/trunk/wp-system.php#L70", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05bb119f-06e4-4f56-afc8-0c5a25266b02?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12027.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12027.json new file mode 100644 index 00000000000..2de04792469 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12027.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12027", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:07.803", + "lastModified": "2024-12-06T09:15:07.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/cf7-message-filter/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5754d2eb-dd31-4056-8a02-8b71b78f774b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12028.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12028.json new file mode 100644 index 00000000000..6f8f0972f70 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12028.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12028", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:07.957", + "lastModified": "2024-12-06T09:15:07.957", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/friends/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/980b16d4-3c4a-4ed1-af46-f39f3ec6dd19?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12060.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12060.json new file mode 100644 index 00000000000..8b42726d987 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12060.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12060", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:08.117", + "lastModified": "2024-12-06T09:15:08.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018wpmowebp-css-resources\u2019 and 'wpmowebp-js-resources' parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-media-optimizer-webp/trunk/wp-media-optimizer-webp.php#L229", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wp-media-optimizer-webp/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/183d1be9-4c05-4107-b039-3711034ef774?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12064.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12064.json new file mode 100644 index 00000000000..750b5406e98 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12064.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2024-12064", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-05T22:15:20.080", + "lastModified": "2024-12-05T22:15:20.080", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12094.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12094.json new file mode 100644 index 00000000000..eb6d8618b06 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12094.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-12094", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-12-05T13:15:05.923", + "lastModified": "2024-12-05T13:15:05.923", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0355", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12110.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12110.json new file mode 100644 index 00000000000..e97c44dec8c --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12110.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12110", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:08.270", + "lastModified": "2024-12-06T09:15:08.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/gold-addons-for-elementor/trunk/includes/admin/class-ajax.php#L107", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e103afe-3ae7-413f-92b2-0e4dd9436f3e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12130.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12130.json new file mode 100644 index 00000000000..3ec2fe27674 --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12130.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-12130", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2024-12-05T18:15:21.507", + "lastModified": "2024-12-05T18:15:21.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An \u201cout of bounds read\u201d code execution vulnerability exists in the Rockwell Automation\u00a0Arena\u00ae\n\n that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12148.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12148.json index d1d3463e5a1..8f5d5810809 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12148.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12148.json @@ -2,16 +2,43 @@ "id": "CVE-2024-12148", "sourceIdentifier": "security@devolutions.net", "published": "2024-12-04T18:15:12.003", - "lastModified": "2024-12-04T18:15:12.003", - "vulnStatus": "Received", + "lastModified": "2024-12-05T19:15:07.473", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints." + }, + { + "lang": "es", + "value": "La autorizaci\u00f3n incorrecta en el componente de validaci\u00f3n de permisos en Devolutions Server 2024.3.6.0 y versiones anteriores permite que un usuario autenticado acceda a algunos endpoints de informes." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { "source": "security@devolutions.net", diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12149.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12149.json index 093ae9b3d7d..2ea941c61f7 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12149.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12149.json @@ -2,16 +2,43 @@ "id": "CVE-2024-12149", "sourceIdentifier": "security@devolutions.net", "published": "2024-12-04T18:15:12.350", - "lastModified": "2024-12-04T18:15:12.350", - "vulnStatus": "Received", + "lastModified": "2024-12-05T19:15:07.627", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested." + }, + { + "lang": "es", + "value": "La asignaci\u00f3n incorrecta de permisos en el componente de solicitudes de acceso temporal en Devolutions Remote Desktop Manager 2024.3.19.0 y versiones anteriores en Windows permite que un usuario autenticado que solicita permisos temporales en una entrada obtenga m\u00e1s privilegios de los solicitados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ { "source": "security@devolutions.net", diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12151.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12151.json index ea1ee894697..a5cbbe2dfb2 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12151.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12151.json @@ -2,16 +2,43 @@ "id": "CVE-2024-12151", "sourceIdentifier": "security@devolutions.net", "published": "2024-12-04T18:15:12.850", - "lastModified": "2024-12-04T18:15:12.850", - "vulnStatus": "Received", + "lastModified": "2024-12-05T19:15:07.773", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets." + }, + { + "lang": "es", + "value": "La asignaci\u00f3n de permisos incorrecta en la funci\u00f3n de migraci\u00f3n de usuarios en Devolutions Server 2024.3.8.0 y versiones anteriores permite que los usuarios conserven sus antiguos conjuntos de permisos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + } + ] + }, "weaknesses": [ { "source": "security@devolutions.net", diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12155.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12155.json new file mode 100644 index 00000000000..56c042d0a22 --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12155.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12155", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:08.417", + "lastModified": "2024-12-06T09:15:08.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/sv100-companion/trunk/lib/modules/sv_settings/sv_settings.php#L47", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c244eb33-acaf-460b-ae1d-6688b21cc60f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12187.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12187.json new file mode 100644 index 00000000000..2415048ee6d --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12187.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12187", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-05T01:15:04.740", + "lastModified": "2024-12-05T01:15:04.740", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in 1000 Projects Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /showbook.php. The manipulation of the argument q leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://1000projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/PunyHunter/CVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.286908", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.286908", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.455058", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12188.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12188.json new file mode 100644 index 00000000000..9e177202a57 --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12188.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12188", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-05T01:15:04.943", + "lastModified": "2024-12-05T01:15:04.943", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in 1000 Projects Library Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /brains/stu.php. The manipulation of the argument useri leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://1000projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/SkGoing/CVE-repo_00/issues/4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.286909", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.286909", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.455061", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12227.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12227.json new file mode 100644 index 00000000000..c99ad40099b --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12227.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12227", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-05T14:15:19.400", + "lastModified": "2024-12-05T14:15:19.400", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. Upgrading to version 2.0.148.0 is able to address this issue. It is recommended to upgrade the affected component." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C", + "baseScore": 4.6, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + }, + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://shareforall.notion.site/MSI-Dragon-Center-NTIOLib_X64-0xC3506104-MmMapIoSpace-DOS-15160437bb1e801daf58d4aea052970e", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.286959", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.286959", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.456017", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.msi.com/Landing/dragon-center-download/nb", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12228.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12228.json new file mode 100644 index 00000000000..330ba3c6065 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12228.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12228", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-05T14:15:20.123", + "lastModified": "2024-12-05T14:15:20.123", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/PunyHunter/CVE/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.286974", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.286974", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.455059", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12229.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12229.json new file mode 100644 index 00000000000..12793de50e4 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12229.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12229", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-05T15:15:09.050", + "lastModified": "2024-12-05T15:15:09.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/qiyes233/CVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.286975", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.286975", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.455065", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12230.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12230.json new file mode 100644 index 00000000000..7bab23714aa --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12230.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12230", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-05T15:15:09.280", + "lastModified": "2024-12-05T15:15:09.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/subcategory.php. The manipulation of the argument category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wqywfvc/CVE/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.286976", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.286976", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.456517", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12231.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12231.json new file mode 100644 index 00000000000..dbe96c0e97f --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12231.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12231", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-05T16:15:24.933", + "lastModified": "2024-12-05T16:15:24.933", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/SkGoing/CVE-repo_00/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.286977", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.286977", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.455060", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12232.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12232.json new file mode 100644 index 00000000000..9620010f9e2 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12232.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12232", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-05T16:15:25.090", + "lastModified": "2024-12-05T16:15:25.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument newtitle/newdescr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/LamentXU123/cve/blob/main/xss3.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.286978", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.286978", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.456069", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12233.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12233.json new file mode 100644 index 00000000000..4a7b83e75da --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12233.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12233", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-05T17:15:11.037", + "lastModified": "2024-12-05T17:15:11.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/LamentXU123/cve/blob/main/RCE1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.286979", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.286979", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.456458", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12234.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12234.json new file mode 100644 index 00000000000..6e00875de94 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12234.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12234", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-05T17:15:11.213", + "lastModified": "2024-12-05T17:15:11.213", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://1000projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Hacker0xone/CVE/issues/17", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.286980", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.286980", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.456519", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12235.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12235.json new file mode 100644 index 00000000000..eb91422c03e --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12235.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12235", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-05T18:15:21.660", + "lastModified": "2024-12-05T18:15:21.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. It has been declared as critical. Affected by this vulnerability is the function doFilter of the file \\agile-bpm-basic-master\\ab-auth\\ab-auth-spring-security-oauth2\\src\\main\\java\\com\\dstz\\auth\\filter\\AuthorizationTokenCheckFilter.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sweatxi/rce/blob/main/AgileBPM_vertical_overreach.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.286981", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.286981", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.456529", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12247.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12247.json new file mode 100644 index 00000000000..3c7f72041fa --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12247.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-12247", + "sourceIdentifier": "responsibledisclosure@mattermost.com", + "published": "2024-12-05T16:15:25.243", + "lastModified": "2024-12-05T16:15:25.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "responsibledisclosure@mattermost.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "responsibledisclosure@mattermost.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://mattermost.com/security-updates", + "source": "responsibledisclosure@mattermost.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1938.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1938.json index 23662c7b515..30f9e0beaa6 100644 --- a/CVE-2024/CVE-2024-19xx/CVE-2024-1938.json +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1938.json @@ -2,7 +2,7 @@ "id": "CVE-2024-1938", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-02-29T01:43:57.600", - "lastModified": "2024-03-07T23:15:07.177", + "lastModified": "2024-12-05T14:15:20.310", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Type Confusion en V8 en Google Chrome anterior a 122.0.6261.94 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de objetos a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html", @@ -36,6 +71,26 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGM2WHYSZAUUPENB7YO6E5ONAKE6AKJ/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://issues.chromium.org/issues/324596281", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGM2WHYSZAUUPENB7YO6E5ONAKE6AKJ/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20737.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20737.json index 226c27d667d..f54e0c4302f 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20737.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20737.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20737", "sourceIdentifier": "psirt@adobe.com", "published": "2024-04-10T09:15:06.700", - "lastModified": "2024-04-10T13:23:38.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:09:48.830", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +51,62 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.6.5", + "matchCriteriaId": "4A32C7CF-0A3F-4150-8A68-ABCF2DBC4D27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0", + "versionEndExcluding": "24.2", + "matchCriteriaId": "71994735-1344-451F-A73E-EDC98B94B00E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/after_effects/apsb24-09.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://helpx.adobe.com/security/products/after_effects/apsb24-09.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20766.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20766.json index e5cae3a947d..effe6b85e96 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20766.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20766.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20766", "sourceIdentifier": "psirt@adobe.com", "published": "2024-04-10T13:51:37.820", - "lastModified": "2024-04-10T19:49:51.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:18:04.873", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +51,62 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionEndExcluding": "18.5.2", + "matchCriteriaId": "0D4D6CBC-9859-4891-9ACE-0D5B8CF231F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionStartIncluding": "19.0", + "versionEndExcluding": "19.3", + "matchCriteriaId": "ED24B673-483F-47CA-8231-7BFCC1217817" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/indesign/apsb24-20.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://helpx.adobe.com/security/products/indesign/apsb24-20.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20770.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20770.json index 53ea4f35a43..f6c0ab03ded 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20770.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20770.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20770", "sourceIdentifier": "psirt@adobe.com", "published": "2024-04-10T13:51:38.157", - "lastModified": "2024-04-10T19:49:51.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:20:53.207", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +51,62 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:photoshop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "24.7.3", + "matchCriteriaId": "F711123C-AC89-41FD-AEA6-BB95830115F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:photoshop:*:*:*:*:*:*:*:*", + "versionStartIncluding": "25.0", + "versionEndExcluding": "25.4", + "matchCriteriaId": "5D8E5B48-34D8-4D00-8D9E-FF24BF375993" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/photoshop/apsb24-16.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://helpx.adobe.com/security/products/photoshop/apsb24-16.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20771.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20771.json index 3557048aa84..d27ad80a69b 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20771.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20771.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20771", "sourceIdentifier": "psirt@adobe.com", "published": "2024-04-11T09:15:07.573", - "lastModified": "2024-04-11T12:47:44.137", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T14:45:44.193", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +51,62 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*", + "versionEndExcluding": "13.0.7", + "matchCriteriaId": "5C59965B-3828-457B-BF3F-08141406DD0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0.0", + "versionEndExcluding": "14.0.3", + "matchCriteriaId": "D0E834EC-6754-4B5F-BCA4-0BBB45E6FB9A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/bridge/apsb24-24.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://helpx.adobe.com/security/products/bridge/apsb24-24.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20772.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20772.json index 53510c8d71c..60d49bedd3c 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20772.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20772.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20772", "sourceIdentifier": "psirt@adobe.com", "published": "2024-04-10T13:51:38.357", - "lastModified": "2024-04-10T19:49:51.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:00:34.627", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -42,19 +42,81 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-121" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:media_encoder:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.6.5", + "matchCriteriaId": "71E0DA34-BADA-479F-B8B9-1DA7E9E13594" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:media_encoder:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0", + "versionEndExcluding": "24.3", + "matchCriteriaId": "5A783741-52BD-4DA9-8B99-15176030FC86" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], "references": [ { "url": "https://helpx.adobe.com/security/products/media-encoder/apsb24-23.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://helpx.adobe.com/security/products/media-encoder/apsb24-23.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20792.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20792.json index e42302290ee..6ae51b50bdc 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20792.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20792.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20792", "sourceIdentifier": "psirt@adobe.com", "published": "2024-05-16T09:15:09.313", - "lastModified": "2024-05-16T13:03:05.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T17:44:14.317", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +51,62 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", + "versionEndExcluding": "27.9.4", + "matchCriteriaId": "88DFD058-372A-417C-8192-B14FA401623B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", + "versionStartIncluding": "28.0", + "versionEndExcluding": "28.5", + "matchCriteriaId": "0985E08E-4341-4E84-A6EB-76C174B3FDEA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-30.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-30.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20793.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20793.json index 42651a92d36..ac815ba2607 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20793.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20793.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20793", "sourceIdentifier": "psirt@adobe.com", "published": "2024-05-16T09:15:09.560", - "lastModified": "2024-05-16T13:03:05.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T17:38:22.207", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +51,62 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", + "versionEndExcluding": "27.9.4", + "matchCriteriaId": "88DFD058-372A-417C-8192-B14FA401623B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", + "versionStartIncluding": "28.0", + "versionEndExcluding": "28.5", + "matchCriteriaId": "0985E08E-4341-4E84-A6EB-76C174B3FDEA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-30.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-30.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20794.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20794.json index 9dd71f820c0..e3fcd62fb78 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20794.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20794.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20794", "sourceIdentifier": "psirt@adobe.com", "published": "2024-04-11T11:15:47.350", - "lastModified": "2024-04-11T12:47:44.137", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T14:35:56.790", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +51,62 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:animate:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.0.5", + "matchCriteriaId": "B6CCC133-8B73-4F85-879A-2BEFF81ABBF8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:animate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.0.2", + "matchCriteriaId": "0B790007-D58A-45A7-931C-EEF79772F782" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/animate/apsb24-26.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://helpx.adobe.com/security/products/animate/apsb24-26.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20798.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20798.json index 760cd0ade92..27711186f59 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20798.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20798.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20798", "sourceIdentifier": "psirt@adobe.com", "published": "2024-04-11T09:15:07.893", - "lastModified": "2024-04-11T12:47:44.137", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T14:40:30.757", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +51,62 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", + "versionEndExcluding": "27.9.3", + "matchCriteriaId": "2A0871B0-F1D1-4D40-BE38-DED746FE6E07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", + "versionStartIncluding": "28.0", + "versionEndExcluding": "28.4", + "matchCriteriaId": "43945D11-D6D0-455F-9E3B-0742DEDD0084" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-25.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-25.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21005.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21005.json index e67a34447a1..cc82c1d9e11 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21005.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21005.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21005", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:14.373", - "lastModified": "2024-04-26T09:15:10.030", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T21:52:13.690", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -30,23 +32,125 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 3.1, - "baseSeverity": "LOW" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.6, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "00EDC8FF-13F2-4218-9EF4-B509364AE7B3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "938A32D1-FBAB-42AE-87A7-AB19402B561A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update401:*:*:*:*:*:*", + "matchCriteriaId": "B9155227-6787-4FAA-BB2C-C99D77DD2111" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update401:*:*:*:*:*:*", + "matchCriteriaId": "FD4CDABD-BC1E-4A23-8022-D7A0E615C9F4" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:data_infrastructure_insights_acquisition_unit:*:*:*:*:*:*:*:*", + "matchCriteriaId": "D681EB94-3D3A-4D25-8651-7596A966E568" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:data_infrastructure_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB7A9455-165A-42CE-B5D1-648AACB2ED05" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.netapp.com/advisory/ntap-20240426-0004/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240426-0004/", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21078.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21078.json index a8dc4bf7cac..1e0e61263d8 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21078.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21078.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21078", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:27.060", - "lastModified": "2024-04-17T12:48:31.863", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:17:22.947", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,19 +32,58 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:marketing:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2.3", + "versionEndIncluding": "12.2.13", + "matchCriteriaId": "CFF09012-F408-4F7D-A282-34ECA514CAB2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21079.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21079.json index 4bf975c730e..560f90f0a27 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21079.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21079.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21079", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:27.240", - "lastModified": "2024-04-17T12:48:31.863", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:17:32.190", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,19 +32,58 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:marketing:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2.3", + "versionEndIncluding": "12.2.13", + "matchCriteriaId": "CFF09012-F408-4F7D-A282-34ECA514CAB2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21082.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21082.json index 72857ffad79..4dcd9580973 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21082.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21082.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21082", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:27.780", - "lastModified": "2024-04-17T12:48:31.863", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:17:52.217", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,19 +32,61 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F59017DC-0258-45BD-89E4-DC8EBA922107" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "274A0CF5-41E8-42E0-9931-F7372A65B9C4" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21083.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21083.json index 69253e6b09e..7790c71e23c 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21083.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21083.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21083", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:27.953", - "lastModified": "2024-04-17T12:48:31.863", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:17:58.973", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -30,19 +32,61 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.2, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.2, "impactScore": 5.9 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F59017DC-0258-45BD-89E4-DC8EBA922107" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "274A0CF5-41E8-42E0-9931-F7372A65B9C4" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21106.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21106.json index c914eb937d7..01b5e04876a 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21106.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21106.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21106", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:31.940", - "lastModified": "2024-04-17T12:48:31.863", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:15:44.383", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,57 @@ "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.0, "impactScore": 4.0 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.16", + "matchCriteriaId": "B9585A17-FC9D-4451-B2FA-1AD770519E4E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21108.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21108.json index 6d537800f66..4cc3ad1d9cc 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21108.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21108.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21108", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:32.277", - "lastModified": "2024-04-17T12:48:07.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:15:56.193", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,57 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.16", + "matchCriteriaId": "B9585A17-FC9D-4451-B2FA-1AD770519E4E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21109.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21109.json index caacc78e0f3..5e6b7d763f1 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21109.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21109.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21109", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:32.440", - "lastModified": "2024-04-17T12:48:07.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:16:07.703", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -30,19 +32,57 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.9, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.2, "impactScore": 3.6 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.16", + "matchCriteriaId": "B9585A17-FC9D-4451-B2FA-1AD770519E4E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21111.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21111.json index f5d5cb594fd..5b61a2526be 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21111.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21111.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21111", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:32.780", - "lastModified": "2024-04-17T12:48:07.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:16:10.643", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,69 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.16", + "matchCriteriaId": "B9585A17-FC9D-4451-B2FA-1AD770519E4E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21112.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21112.json index 8930b58cfca..9ab1ee71301 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21112.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21112.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21112", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:32.957", - "lastModified": "2024-04-17T12:48:07.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:16:13.397", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,57 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.0, "impactScore": 6.0 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.16", + "matchCriteriaId": "B9585A17-FC9D-4451-B2FA-1AD770519E4E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21113.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21113.json index e3840cd18ce..ca93e1588ca 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21113.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21113.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21113", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:33.127", - "lastModified": "2024-04-17T12:48:07.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:16:15.940", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,57 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.0, "impactScore": 6.0 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.16", + "matchCriteriaId": "B9585A17-FC9D-4451-B2FA-1AD770519E4E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21115.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21115.json index f9357cfdb02..9896e82b9fc 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21115.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21115.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21115", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:33.467", - "lastModified": "2024-04-17T12:48:07.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:16:18.327", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,57 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.0, "impactScore": 6.0 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.16", + "matchCriteriaId": "B9585A17-FC9D-4451-B2FA-1AD770519E4E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21116.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21116.json index b6276a959a7..5cbdd5d4029 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21116.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21116.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21116", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:33.653", - "lastModified": "2024-04-17T12:48:07.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:16:20.707", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,69 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.16", + "matchCriteriaId": "B9585A17-FC9D-4451-B2FA-1AD770519E4E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21121.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21121.json index 5e1c5e65132..7ae19b45ccf 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21121.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21121.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21121", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:34.600", - "lastModified": "2024-04-17T12:48:07.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T15:16:24.950", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,57 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.0, "impactScore": 4.0 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.16", + "matchCriteriaId": "B9585A17-FC9D-4451-B2FA-1AD770519E4E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21131.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21131.json index 5c71fe10951..ba5dbde0d4d 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21131.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21131.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21131", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:13.210", - "lastModified": "2024-07-19T14:15:05.180", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T22:02:52.553", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 3.7, + "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -30,23 +32,185 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 3.7, - "baseSeverity": "LOW" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.2, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm:20.3.14:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "AA5074F2-F35B-499E-A181-E272449B044D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm:21.3.10:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "39F28D35-48E1-450D-884A-D2578C99E8EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*", + "matchCriteriaId": "E104024C-15B5-4EFB-A26B-C69D303933CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "CAEB1A60-678D-4BAF-9D95-43C9DCFC8D68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "AD14A144-2CA9-498E-84B9-87733E33C602" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:*:*:*:*", + "matchCriteriaId": "20DFA1BB-BA28-4CCA-835E-D09D469170FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*", + "matchCriteriaId": "54DCB9FD-A3FB-4901-A13F-9064921C77C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:11.0.23:*:*:*:*:*:*:*", + "matchCriteriaId": "21F9B73E-696B-4F6B-A019-83A68179E422" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:17.0.11:*:*:*:*:*:*:*", + "matchCriteriaId": "C52598F8-1859-4007-ABEE-03A463482F4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:21.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "62AE87F9-A4B3-4163-9A19-3E606CF72720" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:22.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3AD2D0EA-694D-4629-A1F7-244C9B154248" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:*:*:*:*", + "matchCriteriaId": "C5F6C67C-C4FF-44F1-BF6D-EE1E4D0D9E61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*", + "matchCriteriaId": "F70BAD0D-1601-4C61-B6B2-1A1DBB48B067" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:11.0.23:*:*:*:*:*:*:*", + "matchCriteriaId": "49A5200E-E144-4C02-BAAB-8EAF734EEC5F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:17.0.11:*:*:*:*:*:*:*", + "matchCriteriaId": "47E6B664-D2ED-425F-B27B-3E57278B1C7E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:21.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "06104137-B672-4AB8-AEB4-5AEE95D978FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:22.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F92B7DB4-7E5C-4961-8BB3-D3DF4A833E79" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FC1AE8BD-EE3F-494C-9F03-D4B2B7233106" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:data_infrastructure_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB7A9455-165A-42CE-B5D1-648AACB2ED05" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.netapp.com/advisory/ntap-20240719-0008/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2024.html", + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240719-0008/", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "secalert_us@oracle.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21138.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21138.json index 3ba3f8b8685..734c85c115c 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21138.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21138.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21138", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:14.620", - "lastModified": "2024-07-19T14:15:05.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T22:05:55.937", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.7, + "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -30,23 +32,185 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "LOW", - "baseScore": 3.7, - "baseSeverity": "LOW" + "availabilityImpact": "LOW" }, "exploitabilityScore": 2.2, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FC1AE8BD-EE3F-494C-9F03-D4B2B7233106" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:data_infrastructure_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB7A9455-165A-42CE-B5D1-648AACB2ED05" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm:20.3.14:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "AA5074F2-F35B-499E-A181-E272449B044D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm:21.3.10:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "39F28D35-48E1-450D-884A-D2578C99E8EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*", + "matchCriteriaId": "E104024C-15B5-4EFB-A26B-C69D303933CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "CAEB1A60-678D-4BAF-9D95-43C9DCFC8D68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "AD14A144-2CA9-498E-84B9-87733E33C602" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:*:*:*:*", + "matchCriteriaId": "20DFA1BB-BA28-4CCA-835E-D09D469170FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*", + "matchCriteriaId": "54DCB9FD-A3FB-4901-A13F-9064921C77C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:11.0.23:*:*:*:*:*:*:*", + "matchCriteriaId": "21F9B73E-696B-4F6B-A019-83A68179E422" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:17.0.11:*:*:*:*:*:*:*", + "matchCriteriaId": "C52598F8-1859-4007-ABEE-03A463482F4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:21.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "62AE87F9-A4B3-4163-9A19-3E606CF72720" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:22.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3AD2D0EA-694D-4629-A1F7-244C9B154248" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:*:*:*:*", + "matchCriteriaId": "C5F6C67C-C4FF-44F1-BF6D-EE1E4D0D9E61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*", + "matchCriteriaId": "F70BAD0D-1601-4C61-B6B2-1A1DBB48B067" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:11.0.23:*:*:*:*:*:*:*", + "matchCriteriaId": "49A5200E-E144-4C02-BAAB-8EAF734EEC5F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:17.0.11:*:*:*:*:*:*:*", + "matchCriteriaId": "47E6B664-D2ED-425F-B27B-3E57278B1C7E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:21.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "06104137-B672-4AB8-AEB4-5AEE95D978FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:22.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F92B7DB4-7E5C-4961-8BB3-D3DF4A833E79" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.netapp.com/advisory/ntap-20240719-0008/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2024.html", + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240719-0008/", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "secalert_us@oracle.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21139.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21139.json index a0b5c97a866..daf1085a878 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21139.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21139.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21139", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:14.847", - "lastModified": "2024-07-17T13:34:20.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T21:41:47.347", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,66 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.3, "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "5412263F-C075-4D94-9807-CB895A63708D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "43D14BEA-91DC-43B8-B733-5B4DF06E9D0D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21143.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21143.json index 1be65733147..1e8fd879118 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21143.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21143.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21143", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:15.587", - "lastModified": "2024-07-17T13:34:20.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T21:41:35.897", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,19 +32,58 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:istore:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2.3", + "versionEndIncluding": "12.2.13", + "matchCriteriaId": "6235EDBE-28A9-416D-A308-E62C640D8E43" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21149.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21149.json index e5fcfe2d6e4..7fd18d5150d 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21149.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21149.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21149", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:16.840", - "lastModified": "2024-07-17T13:34:20.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T21:41:33.037", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 8.1, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,58 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 8.1, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 5.2 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:enterprise_asset_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2.11", + "versionEndIncluding": "12.2.13", + "matchCriteriaId": "A5071F15-B3D4-4977-AA89-4445BA97C192" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21150.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21150.json index 99fa669f84e..0c80d9b2d34 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21150.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21150.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21150", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:17.023", - "lastModified": "2024-07-17T13:34:20.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T21:41:28.893", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,19 +32,57 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.8.2", + "matchCriteriaId": "A6CE52B2-1590-4DBA-A21A-7E59B3375FB5" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21151.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21151.json index 79aa71bccd1..7729dcfe7f2 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21151.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21151.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21151", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:17.210", - "lastModified": "2024-07-17T13:34:20.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T21:41:23.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,56 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "LOW", - "baseScore": 3.3, - "baseSeverity": "LOW" + "availabilityImpact": "LOW" }, "exploitabilityScore": 1.8, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", + "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21155.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21155.json index abf9fdd0089..0dafbf9c824 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21155.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21155.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21155", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:17.970", - "lastModified": "2024-07-17T13:34:20.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T21:40:12.850", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,19 +32,56 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 4.7, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21158.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21158.json index 6ccfedda803..d098410f937 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21158.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21158.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21158", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:18.333", - "lastModified": "2024-07-17T13:34:20.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T21:41:19.197", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,86 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.1, "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", + "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*", + "matchCriteriaId": "AF191D4F-3D54-4525-AAF5-B70D3FD2F818" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*", + "matchCriteriaId": "18F15FC6-947A-462A-8329-C52907799A7C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21167.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21167.json index a6d745a914d..fe13aa95213 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21167.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21167.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21167", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:20.073", - "lastModified": "2024-07-17T13:34:20.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T21:40:35.573", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 8.1, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,58 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 8.1, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 5.2 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:trading_community:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2.3", + "versionEndIncluding": "12.2.13", + "matchCriteriaId": "0870D334-9920-4FD6-A0F0-29E0BF9EE20E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21168.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21168.json index a94c45d0940..e9ef7cfebe1 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21168.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21168.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21168", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:20.253", - "lastModified": "2024-07-17T13:34:20.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T21:40:25.147", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,57 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.8.3", + "matchCriteriaId": "61FB6050-D543-4335-AB4F-089CFF390EB0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2024.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21322.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21322.json index aa8ac15a3bb..c9cb0e8c8ce 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21322.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21322.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21322", "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:34.160", - "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T19:48:40.407", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.2, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.2, "impactScore": 5.9 @@ -49,12 +49,50 @@ "value": "CWE-77" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:defender_for_iot:*:*:*:*:*:*:*:*", + "versionEndExcluding": "24.1.3", + "matchCriteriaId": "18FA07C5-9039-45DA-B262-AA77359E5AC7" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21323.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21323.json index 1a099be06d1..66c7ca1cc9f 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21323.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21323.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21323", "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:34.380", - "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T19:46:34.170", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 @@ -49,12 +49,50 @@ "value": "CWE-36" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:defender_for_iot:*:*:*:*:*:*:*:*", + "versionEndExcluding": "24.1.3", + "matchCriteriaId": "18FA07C5-9039-45DA-B262-AA77359E5AC7" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21324.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21324.json index 23d3d365068..af7998f78f3 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21324.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21324.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21324", "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:34.607", - "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T19:40:30.007", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.2, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.2, "impactScore": 5.9 @@ -49,12 +49,50 @@ "value": "CWE-269" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:defender_for_iot:*:*:*:*:*:*:*:*", + "versionEndExcluding": "24.1.3", + "matchCriteriaId": "18FA07C5-9039-45DA-B262-AA77359E5AC7" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21434.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21434.json index cc389f500ff..3471d3088e8 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21434.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21434.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21434", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:52.220", - "lastModified": "2024-04-11T20:15:31.620", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T03:25:12.337", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -49,12 +49,116 @@ "value": "CWE-197" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20596", + "matchCriteriaId": "90D10880-2D62-4AC6-9712-0A0519F50CEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "73FACDC7-EB1C-4F9E-8841-B4F5D740E833" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "6FBF7292-731F-493E-BF30-C8561ACFE379" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "2CA95D8E-CAD9-4D07-AE35-36D83D546AA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "968B931A-18E6-4425-B326-5A02C0B93A08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2836", + "matchCriteriaId": "D08CEC8B-343C-486E-B6FA-F4D60ACF7E63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.3296", + "matchCriteriaId": "4DBD4A55-729C-4F86-AE29-6067F62FD03A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.3296", + "matchCriteriaId": "A332CC68-568F-406B-8463-9FEF359BEA4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2333", + "matchCriteriaId": "5F08760C-CF31-4507-8CBD-21A2FEAE478C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.763", + "matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21434", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21434", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21438.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21438.json index 550848b5092..54b6f1275de 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21438.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21438.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21438", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:52.880", - "lastModified": "2024-04-11T20:15:32.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T03:25:34.603", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 @@ -49,12 +49,136 @@ "value": "CWE-369" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20596", + "matchCriteriaId": "90D10880-2D62-4AC6-9712-0A0519F50CEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "73FACDC7-EB1C-4F9E-8841-B4F5D740E833" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.4291", + "matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.4291", + "matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2899", + "matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.3447", + "matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.3447", + "matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2402", + "matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21438", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21438", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21440.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21440.json index 99c509272fc..c05e5100998 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21440.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21440.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21440", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:53.207", - "lastModified": "2024-05-29T00:15:36.073", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T03:25:52.233", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 @@ -49,12 +49,136 @@ "value": "CWE-197" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20596", + "matchCriteriaId": "90D10880-2D62-4AC6-9712-0A0519F50CEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "73FACDC7-EB1C-4F9E-8841-B4F5D740E833" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.4291", + "matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.4291", + "matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2899", + "matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.3447", + "matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.3447", + "matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2402", + "matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21440", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21440", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21441.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21441.json index 5d48067be81..4e17c370ca5 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21441.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21441.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21441", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:53.377", - "lastModified": "2024-04-11T20:15:32.360", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T03:15:20.800", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 @@ -49,12 +49,136 @@ "value": "CWE-190" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20596", + "matchCriteriaId": "90D10880-2D62-4AC6-9712-0A0519F50CEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "73FACDC7-EB1C-4F9E-8841-B4F5D740E833" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.4291", + "matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.4291", + "matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2899", + "matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.3447", + "matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.3447", + "matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2402", + "matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21441", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21441", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21444.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21444.json index 82f76592acd..ef52d23251d 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21444.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21444.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21444", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:53.907", - "lastModified": "2024-05-29T00:15:36.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T03:18:50.527", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 @@ -49,12 +49,136 @@ "value": "CWE-190" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20596", + "matchCriteriaId": "90D10880-2D62-4AC6-9712-0A0519F50CEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "73FACDC7-EB1C-4F9E-8841-B4F5D740E833" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.4291", + "matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.4291", + "matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2899", + "matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.3447", + "matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.3447", + "matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2402", + "matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21444", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21444", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21448.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21448.json index 39c30681e13..5f6768987fd 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21448.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21448.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21448", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:54.407", - "lastModified": "2024-05-29T00:15:36.470", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T03:19:21.767", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.0, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.3, "impactScore": 3.6 @@ -49,12 +49,50 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*", + "versionEndExcluding": "1.0.0.2024022302", + "matchCriteriaId": "53CCFB2B-DD6E-48C1-AD6C-2D4DCBFC29A7" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21448", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21448", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21450.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21450.json index 6b5166d6c7a..d37422a0f78 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21450.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21450.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21450", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:54.567", - "lastModified": "2024-04-11T20:15:33.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T03:19:41.673", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 @@ -49,12 +49,136 @@ "value": "CWE-190" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20596", + "matchCriteriaId": "90D10880-2D62-4AC6-9712-0A0519F50CEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "73FACDC7-EB1C-4F9E-8841-B4F5D740E833" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.4291", + "matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.4291", + "matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2899", + "matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.3447", + "matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.3447", + "matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2402", + "matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21450", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21450", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21451.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21451.json index 5559bc01985..b7da2becb16 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21451.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21451.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21451", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:54.743", - "lastModified": "2024-04-11T20:15:33.143", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T03:19:51.647", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 @@ -49,12 +49,136 @@ "value": "CWE-197" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20596", + "matchCriteriaId": "90D10880-2D62-4AC6-9712-0A0519F50CEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "73FACDC7-EB1C-4F9E-8841-B4F5D740E833" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.4291", + "matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.4291", + "matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2899", + "matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.3447", + "matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.3447", + "matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2402", + "matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21451", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21451", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21500.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21500.json index 50111608d74..ba6a7d3f8b4 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21500.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21500.json @@ -2,7 +2,7 @@ "id": "CVE-2024-21500", "sourceIdentifier": "report@snyk.io", "published": "2024-02-17T05:15:10.697", - "lastModified": "2024-02-20T19:50:53.960", + "lastModified": "2024-12-05T21:15:07.243", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 4.8, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.2, "impactScore": 2.5 @@ -49,6 +49,16 @@ "value": "CWE-307" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] } ], "references": [ @@ -63,6 +73,18 @@ { "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249864", "source": "report@snyk.io" + }, + { + "url": "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://github.com/greenpau/caddy-security/issues/271", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249864", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22085.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22085.json index eba7d1a859c..2280da4a8f3 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22085.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22085.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22085", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-20T05:15:45.890", - "lastModified": "2024-11-06T19:35:14.630", + "lastModified": "2024-12-05T21:15:07.383", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "Se descubri\u00f3 un problema en las versiones 1.1.4.15 y anteriores Elspec G5 digital fault recorder. El archivo shadow es legible para todo el mundo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -32,6 +55,10 @@ { "url": "https://www.elspec-ltd.com/support/security-advisories/", "source": "cve@mitre.org" + }, + { + "url": "https://www.elspec-ltd.com/support/security-advisories/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22258.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22258.json index 570542832e5..182cd1adbc8 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22258.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22258.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22258", "sourceIdentifier": "security@vmware.com", "published": "2024-03-20T04:15:08.600", - "lastModified": "2024-03-20T13:00:16.367", + "lastModified": "2024-12-05T21:15:07.530", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,19 +32,33 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-470" + } + ] + } + ], "references": [ { "url": "https://spring.io/security/cve-2024-22258", "source": "security@vmware.com" + }, + { + "url": "https://spring.io/security/cve-2024-22258", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22395.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22395.json index 092c5d592be..4f7ed48b20f 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22395.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22395.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22395", "sourceIdentifier": "PSIRT@sonicwall.com", "published": "2024-02-24T00:15:45.673", - "lastModified": "2024-02-26T13:42:22.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T17:04:30.223", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +32,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" }, "exploitabilityScore": 2.8, "impactScore": 3.4 @@ -42,19 +62,181 @@ "weaknesses": [ { "source": "PSIRT@sonicwall.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-287" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.2.1.11-65sv", + "matchCriteriaId": "6C75280E-A732-48B9-B8F3-CB7C572F8619" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.2.1.11-65sv", + "matchCriteriaId": "31C19423-BCCE-482F-8FDD-B380D9CAED91" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.2.1.11-65sv", + "matchCriteriaId": "6F45AF4D-2BD4-4242-86A4-03DEE95F1E09" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.2.1.11-65sv", + "matchCriteriaId": "D48A31D7-5066-405F-8F27-C52613E36306" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.2.1.11-65sv", + "matchCriteriaId": "B38CFE8A-C4A4-4321-8EDD-CDF177090177" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770" + } + ] + } + ] } ], "references": [ { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0001", - "source": "PSIRT@sonicwall.com" + "source": "PSIRT@sonicwall.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0001", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-227xx/CVE-2024-22717.json b/CVE-2024/CVE-2024-227xx/CVE-2024-22717.json index 151c3ddada9..e622e943592 100644 --- a/CVE-2024/CVE-2024-227xx/CVE-2024-22717.json +++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22717.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22717", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-11T20:15:33.237", - "lastModified": "2024-04-12T12:43:57.400", + "lastModified": "2024-12-05T21:15:07.650", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,11 +15,50 @@ "value": "La vulnerabilidad de Cross Site Scripting (XSS) en Form Tools 3.1.1 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del campo Nombre en la aplicaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://hakaisecurity.io/error-404-your-security-not-found-tales-of-web-vulnerabilities/", "source": "cve@mitre.org" + }, + { + "url": "https://hakaisecurity.io/error-404-your-security-not-found-tales-of-web-vulnerabilities/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23201.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23201.json index c3211647902..8170528c74f 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23201.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23201.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23201", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.343", - "lastModified": "2024-11-01T15:35:09.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T16:55:37.627", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 6.2, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.5, "impactScore": 3.6 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,54 +81,231 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "67189624-9996-4612-878A-B661BF9BC116" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "F927B013-925E-4474-B464-3FA0241F9269" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.4", + "matchCriteriaId": "A61173BD-535F-46FC-B40F-DA78B168E420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.5", + "matchCriteriaId": "69C4F06A-061F-46B3-8BB7-5C9B47C00956" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.3", + "matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.3", + "matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214055", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214059", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214060", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214061", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214083", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214085", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214055", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214059", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214060", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214061", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214055", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214059", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214060", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214061", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214083", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214085", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/kb/HT214055", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/kb/HT214059", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/kb/HT214060", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/kb/HT214061", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23205.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23205.json index 7414c150dde..7488bdeac55 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23205.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23205.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23205", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.393", - "lastModified": "2024-11-20T16:35:17.937", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T16:45:45.183", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,18 +81,79 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23216.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23216.json index 1b78ef29f70..97d2bcafcc0 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23216.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23216.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23216", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.447", - "lastModified": "2024-08-28T14:35:06.780", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T16:41:53.603", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 6.7, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 0.8, "impactScore": 5.9 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,30 +81,123 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.4", + "matchCriteriaId": "A61173BD-535F-46FC-B40F-DA78B168E420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.5", + "matchCriteriaId": "69C4F06A-061F-46B3-8BB7-5C9B47C00956" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214083", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214085", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214083", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214085", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23220.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23220.json index e87c55954eb..3fb24707585 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23220.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23220.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23220", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.500", - "lastModified": "2024-11-18T21:35:04.300", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T16:36:26.020", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.0, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,27 +52,97 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 4.0, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.5, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.1", + "matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214087", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214087", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23226.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23226.json index 3c3c314fa37..ea13b02cd6e 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23226.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23226.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23226", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.633", - "lastModified": "2024-08-07T18:35:01.913", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T16:33:06.327", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,51 +52,200 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.1", + "matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.4", + "matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214086", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214087", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214088", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/24", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214086", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214087", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214088", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23227.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23227.json index f57074bb31a..f019df7b409 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23227.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23227.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23227", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.683", - "lastModified": "2024-11-07T16:35:13.793", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T16:31:39.383", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,39 +52,142 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 6.2, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.5, "impactScore": 3.6 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.4", + "matchCriteriaId": "A61173BD-535F-46FC-B40F-DA78B168E420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.5", + "matchCriteriaId": "69C4F06A-061F-46B3-8BB7-5C9B47C00956" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214083", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214085", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214083", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214085", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23230.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23230.json index e4bfce0202c..b0e3af983e2 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23230.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23230.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23230", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.733", - "lastModified": "2024-10-31T15:35:27.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T16:29:16.003", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,30 +81,123 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.4", + "matchCriteriaId": "A61173BD-535F-46FC-B40F-DA78B168E420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.5", + "matchCriteriaId": "69C4F06A-061F-46B3-8BB7-5C9B47C00956" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214083", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214085", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214083", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214085", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23231.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23231.json index e23a86e687d..0ed512d2f30 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23231.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23231.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23231", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.780", - "lastModified": "2024-10-31T18:35:07.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T16:27:10.467", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,51 +52,209 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.6", + "matchCriteriaId": "E4D5AB12-A4B6-4456-A560-DD1FFE8E8CA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.4", + "matchCriteriaId": "E9F4BB50-D14B-4807-8F38-69ADFCE433BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.6", + "matchCriteriaId": "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.4", + "matchCriteriaId": "C2FE8515-300C-4B6F-92A0-7D1E6D93F907" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.5", + "matchCriteriaId": "69C4F06A-061F-46B3-8BB7-5C9B47C00956" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.4", + "matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214082", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214085", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214088", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/kb/HT214085", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/24", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214082", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214085", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214088", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214085", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23232.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23232.json index 37c87a1f149..9bceb086ddf 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23232.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23232.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23232", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.833", - "lastModified": "2024-03-13T21:15:56.087", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T19:50:23.700", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,89 @@ "value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos temporales. Este problema se solucion\u00f3 en macOS Sonoma 14.4. Es posible que una aplicaci\u00f3n pueda capturar la pantalla de un usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23233.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23233.json index 50d64042061..a132db013d3 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23233.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23233.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23233", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.880", - "lastModified": "2024-03-13T21:15:56.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T19:49:55.040", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,89 @@ "value": "Este problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.4. Una aplicaci\u00f3n maliciosa puede utilizar los derechos y permisos de privacidad otorgados a esta aplicaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23234.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23234.json index f2a923ccfd6..38a6c26809b 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23234.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23234.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23234", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.927", - "lastModified": "2024-08-27T16:35:08.620", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T02:48:33.647", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,30 +81,123 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.4", + "matchCriteriaId": "A61173BD-535F-46FC-B40F-DA78B168E420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.5", + "matchCriteriaId": "69C4F06A-061F-46B3-8BB7-5C9B47C00956" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214083", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214085", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214083", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214085", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23235.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23235.json index 39bc90e4534..af82508ba2a 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23235.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23235.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23235", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:47.970", - "lastModified": "2024-08-01T13:47:09.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T02:36:27.937", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.1, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.2, "impactScore": 5.9 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,46 +81,209 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.6", + "matchCriteriaId": "E4D5AB12-A4B6-4456-A560-DD1FFE8E8CA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.4", + "matchCriteriaId": "E9F4BB50-D14B-4807-8F38-69ADFCE433BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.6", + "matchCriteriaId": "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.4", + "matchCriteriaId": "C2FE8515-300C-4B6F-92A0-7D1E6D93F907" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.1", + "matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.4", + "matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/24", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214082", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214086", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214087", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214088", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214082", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214086", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214087", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214088", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23238.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23238.json index 9c506321640..fc6f209080f 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23238.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23238.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23238", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.020", - "lastModified": "2024-08-05T20:35:04.390", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T20:03:43.247", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 7.1, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 5.2 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,14 +81,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23240.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23240.json index fccc1dc3a91..eb6f8463eff 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23240.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23240.json @@ -2,8 +2,9 @@ "id": "CVE-2024-23240", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.110", - "lastModified": "2024-11-22T19:15:05.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T02:23:48.297", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", @@ -16,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -38,14 +59,56 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23241.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23241.json index 879ea96ad4f..4dcdf428a8e 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23241.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23241.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23241", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.153", - "lastModified": "2024-11-18T21:35:04.697", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T02:19:38.083", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 2.5 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,26 +81,113 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214086", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214086", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23242.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23242.json index 964e20edf85..69e7760a704 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23242.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23242.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23242", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.200", - "lastModified": "2024-11-04T22:35:02.393", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T02:13:50.147", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 1.4 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,18 +81,79 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23243.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23243.json index 49f63af9401..180736d5854 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23243.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23243.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23243", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-05T20:16:01.450", - "lastModified": "2024-11-05T22:35:03.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T17:10:47.297", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,23 +52,77 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/18", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23244.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23244.json index 07a8f73507e..b9e098ff9d3 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23244.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23244.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23244", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.243", - "lastModified": "2024-08-28T16:35:08.747", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T02:13:06.950", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -30,31 +52,107 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 6.7, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 0.8, "impactScore": 5.9 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.4", + "matchCriteriaId": "A61173BD-535F-46FC-B40F-DA78B168E420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214083", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214083", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23245.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23245.json index f5c8fa96083..b93688a1ad1 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23245.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23245.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23245", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.287", - "lastModified": "2024-11-04T21:35:04.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T02:08:18.640", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,39 +52,142 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 2.5 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.4", + "matchCriteriaId": "A61173BD-535F-46FC-B40F-DA78B168E420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.5", + "matchCriteriaId": "69C4F06A-061F-46B3-8BB7-5C9B47C00956" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214083", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214085", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214083", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214085", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23246.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23246.json index 30f11a80cbd..c924a2602eb 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23246.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23246.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23246", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.337", - "lastModified": "2024-07-03T01:47:40.097", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T02:02:26.433", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "baseScore": 8.1, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 8.1, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 5.2 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,46 +81,209 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.6", + "matchCriteriaId": "E4D5AB12-A4B6-4456-A560-DD1FFE8E8CA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.4", + "matchCriteriaId": "E9F4BB50-D14B-4807-8F38-69ADFCE433BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.6", + "matchCriteriaId": "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.4", + "matchCriteriaId": "C2FE8515-300C-4B6F-92A0-7D1E6D93F907" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.1", + "matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.4", + "matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214082", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214086", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214087", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214088", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/24", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214082", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214086", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214087", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214088", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23247.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23247.json index 47d89b92566..4f04d137850 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23247.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23247.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23247", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.387", - "lastModified": "2024-08-26T15:35:04.747", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T01:58:51.233", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,39 +52,142 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.4", + "matchCriteriaId": "A61173BD-535F-46FC-B40F-DA78B168E420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.5", + "matchCriteriaId": "69C4F06A-061F-46B3-8BB7-5C9B47C00956" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214083", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214085", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214083", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214085", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23248.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23248.json index 0266045cd02..c7188a722ff 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23248.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23248.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23248", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.433", - "lastModified": "2024-10-30T19:35:08.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T01:52:41.503", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 3.6 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,14 +81,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23249.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23249.json index 1885e1d0e4c..5658d64ced1 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23249.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23249.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23249", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.480", - "lastModified": "2024-12-04T21:15:21.770", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-06T01:51:51.123", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,22 +81,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23250.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23250.json index 991ef69c944..3666520c36a 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23250.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23250.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23250", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.523", - "lastModified": "2024-03-13T22:15:10.157", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T02:30:56.107", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,35 +15,183 @@ "value": "Se solucion\u00f3 un problema de acceso mejorando las restricciones de acceso. Este problema se solucion\u00f3 en tvOS 17.4, iOS 17.4 y iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. Es posible que una aplicaci\u00f3n pueda acceder a micr\u00f3fonos conectados por Bluetooth sin el permiso del usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.4", + "matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214086", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214088", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/24", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214086", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214088", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23253.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23253.json index 4eabaa2637a..3fa4a374326 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23253.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23253.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23253", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.620", - "lastModified": "2024-08-01T13:47:10.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T02:27:33.813", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 3.6 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,14 +81,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23254.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23254.json index d0a58d5c934..77d923f7f5e 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23254.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23254.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23254", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.663", - "lastModified": "2024-12-04T18:15:13.310", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-06T02:54:01.530", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -39,110 +59,291 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "DC7753BA-5DF8-4F98-8DA8-69DA473F8307" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.4", + "matchCriteriaId": "58227FD1-0619-45F6-AD19-25831899376A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.1", + "matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.4", + "matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", + "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.44.0", + "matchCriteriaId": "EF5BDB2C-7F5F-41B4-87C4-C4B938C7D317" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.44.0", + "matchCriteriaId": "336F9990-F267-4013-8353-5AA10039C515" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/20", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/24", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214086", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214087", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214088", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214089", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/20", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/24", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214086", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214087", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214088", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214089", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23255.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23255.json index b2d647560f5..1fd1bd4a912 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23255.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23255.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23255", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-08T02:15:48.713", - "lastModified": "2024-11-05T15:35:07.043", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-06T02:51:33.217", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 9.1, - "baseSeverity": "CRITICAL" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 5.2 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,18 +81,79 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214084", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23256.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23256.json index a2110c45643..ddbd9d098d9 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23256.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23256.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23256", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-05T20:16:01.503", - "lastModified": "2024-11-05T20:35:20.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T17:05:54.973", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,12 +17,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,23 +52,77 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 2.4, - "baseSeverity": "LOW" + "availabilityImpact": "NONE" }, "exploitabilityScore": 0.9, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.4", + "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Mar/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] + }, + { + "url": "https://support.apple.com/en-us/HT214081", + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/18", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214081", - "source": "product-security@apple.com" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24903.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24903.json index be7d4750788..b8a6543072b 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24903.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24903.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24903", "sourceIdentifier": "security_alert@emc.com", "published": "2024-03-01T14:15:53.320", - "lastModified": "2024-03-01T15:23:36.177", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T16:45:06.087", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +32,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.0, - "baseSeverity": "HIGH" + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.1, "impactScore": 5.9 @@ -51,10 +71,41 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10.00.10", + "versionEndExcluding": "5.22.00.16", + "matchCriteriaId": "92F6556D-7B58-4EEC-8223-6136973E083A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24904.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24904.json index 5cf6dab62b2..69f6103b6ab 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24904.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24904.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24904", "sourceIdentifier": "security_alert@emc.com", "published": "2024-03-01T14:15:53.517", - "lastModified": "2024-03-01T15:23:36.177", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T16:46:28.330", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", + "baseScore": 7.6, + "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -30,9 +32,27 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.8 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "baseScore": 7.6, - "baseSeverity": "HIGH" + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.2, "impactScore": 5.8 @@ -42,7 +62,7 @@ "weaknesses": [ { "source": "security_alert@emc.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +71,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.22.00.16", + "matchCriteriaId": "8D64FF31-AEE3-42CC-8C3E-A11C09C9C042" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24905.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24905.json index 0e31601134d..f6439691c0e 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24905.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24905.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24905", "sourceIdentifier": "security_alert@emc.com", "published": "2024-03-01T14:15:53.683", - "lastModified": "2024-03-01T15:23:36.177", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T16:47:29.837", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", + "baseScore": 7.6, + "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -30,9 +32,27 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.8 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "baseScore": 7.6, - "baseSeverity": "HIGH" + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.2, "impactScore": 5.8 @@ -42,7 +62,7 @@ "weaknesses": [ { "source": "security_alert@emc.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +71,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.22.00.16", + "matchCriteriaId": "8D64FF31-AEE3-42CC-8C3E-A11C09C9C042" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24907.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24907.json index 43c6f5ff87f..d03f13ceb61 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24907.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24907.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24907", "sourceIdentifier": "security_alert@emc.com", "published": "2024-03-01T14:15:53.843", - "lastModified": "2024-03-01T15:23:36.177", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T16:47:32.350", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", + "baseScore": 7.6, + "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -30,9 +32,27 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.8 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "baseScore": 7.6, - "baseSeverity": "HIGH" + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.2, "impactScore": 5.8 @@ -42,7 +62,7 @@ "weaknesses": [ { "source": "security_alert@emc.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +71,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.22.00.16", + "matchCriteriaId": "8D64FF31-AEE3-42CC-8C3E-A11C09C9C042" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-261xx/CVE-2024-26159.json b/CVE-2024/CVE-2024-261xx/CVE-2024-26159.json index b63d6a2f8da..8e8df4057cf 100644 --- a/CVE-2024/CVE-2024-261xx/CVE-2024-26159.json +++ b/CVE-2024/CVE-2024-261xx/CVE-2024-26159.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26159", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:54.903", - "lastModified": "2024-04-11T20:15:33.460", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T03:06:07.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 @@ -49,12 +49,136 @@ "value": "CWE-122" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20596", + "matchCriteriaId": "90D10880-2D62-4AC6-9712-0A0519F50CEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "73FACDC7-EB1C-4F9E-8841-B4F5D740E833" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.4291", + "matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.4291", + "matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2899", + "matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.3447", + "matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.3447", + "matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2402", + "matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26159", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26159", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-261xx/CVE-2024-26161.json b/CVE-2024/CVE-2024-261xx/CVE-2024-26161.json index 7d9d99074aa..e6a680bc489 100644 --- a/CVE-2024/CVE-2024-261xx/CVE-2024-26161.json +++ b/CVE-2024/CVE-2024-261xx/CVE-2024-26161.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26161", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:55.230", - "lastModified": "2024-04-11T20:15:33.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T03:13:28.823", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 @@ -49,12 +49,136 @@ "value": "CWE-122" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20596", + "matchCriteriaId": "90D10880-2D62-4AC6-9712-0A0519F50CEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "73FACDC7-EB1C-4F9E-8841-B4F5D740E833" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.4291", + "matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.4291", + "matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2899", + "matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.3447", + "matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.3447", + "matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2402", + "matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26161", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26161", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-261xx/CVE-2024-26162.json b/CVE-2024/CVE-2024-261xx/CVE-2024-26162.json index d925a6a04e6..df949510dd1 100644 --- a/CVE-2024/CVE-2024-261xx/CVE-2024-26162.json +++ b/CVE-2024/CVE-2024-261xx/CVE-2024-26162.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26162", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:55.400", - "lastModified": "2024-04-11T20:15:33.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T23:02:38.947", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 @@ -49,12 +49,148 @@ "value": "CWE-681" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.10240.20526", + "matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.10240.20526", + "matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "6FBF7292-731F-493E-BF30-C8561ACFE379" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "2CA95D8E-CAD9-4D07-AE35-36D83D546AA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "968B931A-18E6-4425-B326-5A02C0B93A08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2836", + "matchCriteriaId": "D08CEC8B-343C-486E-B6FA-F4D60ACF7E63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.3296", + "matchCriteriaId": "4DBD4A55-729C-4F86-AE29-6067F62FD03A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.3296", + "matchCriteriaId": "A332CC68-568F-406B-8463-9FEF359BEA4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2333", + "matchCriteriaId": "5F08760C-CF31-4507-8CBD-21A2FEAE478C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.763", + "matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26162", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26162", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26251.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26251.json index 5743c9cebab..ce5eadf51e3 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26251.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26251.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26251", "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:46.523", - "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T19:29:12.660", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -30,12 +32,30 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 6.8, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.6, "impactScore": 5.2 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 } ] }, @@ -49,12 +69,60 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", + "versionEndExcluding": "16.0.17328.20246", + "matchCriteriaId": "746929A1-E97A-42EB-84E2-9E1666F066A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", + "matchCriteriaId": "B850873B-E635-439C-9720-8BBE59120EE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", + "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26254.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26254.json index afaee0cc755..f9b10ebb65a 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26254.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26254.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26254", "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:47.133", - "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T19:14:00.320", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 @@ -49,12 +49,98 @@ "value": "CWE-822" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.4291", + "matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.4291", + "matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2899", + "matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.3447", + "matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.3447", + "matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2402", + "matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26254", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26254", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26257.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26257.json index cb26b6786d2..35eab44d519 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26257.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26257.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26257", "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:47.687", - "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T19:11:37.323", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -49,12 +49,54 @@ "value": "CWE-415" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:macos:*:*", + "matchCriteriaId": "0DF36AFA-B48C-4423-AD1C-78EEFF85EF2C" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-289xx/CVE-2024-28904.json b/CVE-2024/CVE-2024-289xx/CVE-2024-28904.json index 0432d644fd6..dcc326cca2f 100644 --- a/CVE-2024/CVE-2024-289xx/CVE-2024-28904.json +++ b/CVE-2024/CVE-2024-289xx/CVE-2024-28904.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28904", "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:49.210", - "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T18:54:13.320", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.1, "impactScore": 6.0 @@ -49,12 +49,50 @@ "value": "CWE-269" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28904", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28904", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-289xx/CVE-2024-28905.json b/CVE-2024/CVE-2024-289xx/CVE-2024-28905.json index f5b1742ef37..95d98b566d8 100644 --- a/CVE-2024/CVE-2024-289xx/CVE-2024-28905.json +++ b/CVE-2024/CVE-2024-289xx/CVE-2024-28905.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28905", "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:49.403", - "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T18:50:21.030", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.1, "impactScore": 6.0 @@ -49,12 +49,50 @@ "value": "CWE-269" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28905", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28905", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-289xx/CVE-2024-28907.json b/CVE-2024/CVE-2024-289xx/CVE-2024-28907.json index 10a443d4022..875bd5848ae 100644 --- a/CVE-2024/CVE-2024-289xx/CVE-2024-28907.json +++ b/CVE-2024/CVE-2024-289xx/CVE-2024-28907.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28907", "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:49.790", - "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T18:28:21.740", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.1, "impactScore": 6.0 @@ -49,12 +49,50 @@ "value": "CWE-59" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28907", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28907", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30961.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30961.json new file mode 100644 index 00000000000..3d52584f024 --- /dev/null +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30961.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-30961", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T23:15:05.030", + "lastModified": "2024-12-05T23:15:05.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/GoesM/ROS-CVE-CNVDs", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-planning/navigation2/issues/4175", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-planning/navigation2/pull/4180", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30962.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30962.json new file mode 100644 index 00000000000..2c11b0b7843 --- /dev/null +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30962.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-30962", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T23:15:05.147", + "lastModified": "2024-12-05T23:15:05.147", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/GoesM/ROS-CVE-CNVDs", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-planning/navigation2/issues/4177", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-planning/navigation2/pull/4206", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30963.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30963.json new file mode 100644 index 00000000000..1cbbdae7429 --- /dev/null +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30963.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-30963", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T23:15:05.267", + "lastModified": "2024-12-05T23:15:05.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/GoesM/ROS-CVE-CNVDs", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-planning/navigation2/issues/4157", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30964.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30964.json new file mode 100644 index 00000000000..eb976ad8368 --- /dev/null +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30964.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-30964", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T23:15:05.390", + "lastModified": "2024-12-05T23:15:05.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigator" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/GoesM/ROS-CVE-CNVDs", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-planning/navigation2/issues/4166", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-planning/navigation2/pull/4176", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3367.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3367.json index d47a342aa8a..baec12f950d 100644 --- a/CVE-2024/CVE-2024-33xx/CVE-2024-3367.json +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3367.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3367", "sourceIdentifier": "security@checkmk.com", "published": "2024-04-16T12:15:10.463", - "lastModified": "2024-08-26T10:15:05.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T14:28:32.407", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,12 +32,30 @@ "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.0, "impactScore": 4.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,12 +69,250 @@ "value": "CWE-88" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-88" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.0.0", + "matchCriteriaId": "C59985CE-68DF-433D-87BD-97EDCA81E039" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0A6AED3C-E447-429C-A028-B100CD51AB7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*", + "matchCriteriaId": "C66704F1-0B5E-4B43-8748-987022F378F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "0949F399-371B-409C-AF9F-32690D881440" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "42E1E31A-B5CC-45F2-A2E5-3EEF735499BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "4B364FCA-500C-458E-B997-82CD0B1D24F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "0B32E657-917B-482B-B6A4-3D3746992A4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "2119C732-E024-4DA6-8E47-9E08E5E12602" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*", + "matchCriteriaId": "4F0B99A8-A124-43BD-B8AA-EECC9112346F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "3FB7221E-BE9F-4529-8E07-8AD547FA3208" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "30A074AD-9499-46E3-AB67-D6CEE3AA01C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "A8BD0240-A22B-4273-BD47-C35A8C12E127" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "DAA5680F-1DD0-48AA-BB7F-15B27365F0FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "BC2F31CA-D4EB-44E6-9A09-5255D33F4A88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "CD80BD69-20C6-4E17-B165-98689179A5A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "B044D43B-0233-4A0D-A356-B9F9324E2777" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "7DE79896-EBE5-42F2-A126-2A871BBA1071" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*", + "matchCriteriaId": "51A44E69-EEA1-4B01-B7B3-5BF7B39819E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*", + "matchCriteriaId": "BCB65AEB-CF52-410B-92B1-2DCFB914FFA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "B7E17FA6-9011-489C-9FA9-368CA2D86FAE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "7BCEB6FF-668F-4313-9264-0BF021AFC45F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "F8B27218-A4FF-47BE-B578-6DB704478921" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "8735357F-16A7-4408-9DDD-1C6796BADBE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*", + "matchCriteriaId": "4505098C-0A2B-481E-A3DF-D6DF8EFA4DE7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "C12AFCCF-014E-4EEB-8F04-F1ACE182BA98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "66B85557-D5EC-4AF4-B97A-D2B80A58B3B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "233ECD21-FA72-43AF-8E4C-DAC27CC18F3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "E2342E2D-58B0-43E7-8C01-DF4678520F39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "1871B646-CA69-477F-B113-B901AC7B3934" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "EEC65A72-CAE1-4E28-83EF-7ECAFE921BB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "D8FDECBC-8213-495F-A932-C4310F7C1F87" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "CB49BC95-6AA8-4F53-A3D6-E199BF756AAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "050B6617-8FD4-47A6-BE4A-A52503A65812" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "4CA0FEC5-7036-47AF-A341-873B6C324B58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "1A020A77-7D84-4557-9B0B-D74A89BC1538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "D9770554-978B-4552-9E0E-CD6B6675243C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "1883D2F4-CB96-4DDE-87E8-D1990A3FA092" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "99AD6F39-AF67-4CB9-BED2-00CA75B9F5DB" + } + ] + } + ] } ], "references": [ { "url": "https://checkmk.com/werk/16615", - "source": "security@checkmk.com" + "source": "security@checkmk.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://checkmk.com/werk/16615", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35342.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35342.json index 3d4517e0843..5aa61ad3d57 100644 --- a/CVE-2024/CVE-2024-353xx/CVE-2024-35342.json +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35342.json @@ -2,7 +2,7 @@ "id": "CVE-2024-35342", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-28T17:15:10.517", - "lastModified": "2024-05-29T13:02:09.280", + "lastModified": "2024-12-05T21:15:07.970", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,11 +15,50 @@ "value": "Ciertos productos Anpviz permiten a usuarios no autenticados modificar o deshabilitar configuraciones relacionadas con la c\u00e1mara, como el volumen del micr\u00f3fono, el volumen del altavoz, la iluminaci\u00f3n LED, NTP, la detecci\u00f3n de movimiento, etc. Esto afecta a IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC. -D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8 y YM200E10 firmware v3.2.2.2 y anteriores y posiblemente m\u00e1s proveedores/modelos de c\u00e1maras IP." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], "references": [ { "url": "https://willgu.es/pages/anpviz-ip-camera-vuln.html", "source": "cve@mitre.org" + }, + { + "url": "https://willgu.es/pages/anpviz-ip-camera-vuln.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-378xx/CVE-2024-37860.json b/CVE-2024/CVE-2024-378xx/CVE-2024-37860.json new file mode 100644 index 00000000000..13495542217 --- /dev/null +++ b/CVE-2024/CVE-2024-378xx/CVE-2024-37860.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-37860", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T23:15:05.510", + "lastModified": "2024-12-05T23:15:05.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_amcl process" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/GoesM/ROS-CVE-CNVDs", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4005", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4336", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4339", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-378xx/CVE-2024-37861.json b/CVE-2024/CVE-2024-378xx/CVE-2024-37861.json new file mode 100644 index 00000000000..325946b2aa7 --- /dev/null +++ b/CVE-2024/CVE-2024-378xx/CVE-2024-37861.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-37861", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T23:15:05.633", + "lastModified": "2024-12-05T23:15:05.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/GoesM/ROS-CVE-CNVDs", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4005", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4335", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4338", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-378xx/CVE-2024-37862.json b/CVE-2024/CVE-2024-378xx/CVE-2024-37862.json new file mode 100644 index 00000000000..c429d24f184 --- /dev/null +++ b/CVE-2024/CVE-2024-378xx/CVE-2024-37862.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-37862", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T23:15:05.767", + "lastModified": "2024-12-05T23:15:05.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/GoesM/ROS-CVE-CNVDs", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4005", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4062", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-378xx/CVE-2024-37863.json b/CVE-2024/CVE-2024-378xx/CVE-2024-37863.json new file mode 100644 index 00000000000..36c8cabb520 --- /dev/null +++ b/CVE-2024/CVE-2024-378xx/CVE-2024-37863.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-37863", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T23:15:05.903", + "lastModified": "2024-12-05T23:15:05.903", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/GoesM/ROS-CVE-CNVDs", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4005", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4337", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38910.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38910.json new file mode 100644 index 00000000000..d6cd70a2d07 --- /dev/null +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38910.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-38910", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T23:15:06.020", + "lastModified": "2024-12-05T23:15:06.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/GoesM/ROS-CVE-CNVDs", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4379", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/pull/4397", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38920.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38920.json new file mode 100644 index 00000000000..ac0b9fe9529 --- /dev/null +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38920.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-38920", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T23:15:06.163", + "lastModified": "2024-12-05T23:15:06.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter`/amcl max_beams` ." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/GoesM/ROS-CVE-CNVDs", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4379", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/pull/4397", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40744.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40744.json index 1d62df2994d..6f8737b2b5d 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40744.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40744.json @@ -2,16 +2,43 @@ "id": "CVE-2024-40744", "sourceIdentifier": "security@joomla.org", "published": "2024-12-04T15:15:11.057", - "lastModified": "2024-12-04T17:15:14.007", - "vulnStatus": "Received", + "lastModified": "2024-12-05T17:15:11.570", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8." + }, + { + "lang": "es", + "value": "Carga de archivos sin restricciones a trav\u00e9s de una omisi\u00f3n de seguridad en el componente Convert Forms para Joomla en versiones anteriores a 4.4.8." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "security@joomla.org", diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40763.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40763.json new file mode 100644 index 00000000000..c1c846397dc --- /dev/null +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40763.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-40763", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2024-12-05T14:15:20.850", + "lastModified": "2024-12-05T17:15:11.720", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41156.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41156.json index cb5ed3e5275..18c831e5295 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41156.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41156.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41156", "sourceIdentifier": "cybersecurity@hitachienergy.com", "published": "2024-10-29T13:15:04.847", - "lastModified": "2024-12-04T11:30:48.937", - "vulnStatus": "Modified", + "lastModified": "2024-12-05T15:29:31.730", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -42,19 +42,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.7, + "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 1.2, "impactScore": 1.4 } ] diff --git a/CVE-2024/CVE-2024-415xx/CVE-2024-41579.json b/CVE-2024/CVE-2024-415xx/CVE-2024-41579.json new file mode 100644 index 00000000000..f3419f58818 --- /dev/null +++ b/CVE-2024/CVE-2024-415xx/CVE-2024-41579.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41579", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T20:15:22.057", + "lastModified": "2024-12-05T20:15:22.057", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/nerowander/380707503cfb078cbd6bed9fc9b12ad9", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/DTStack/Taier/issues/1184", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41624.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41624.json index f819128de79..0837b4f92a5 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41624.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41624.json @@ -2,7 +2,7 @@ "id": "CVE-2024-41624", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-29T16:15:04.917", - "lastModified": "2024-07-29T16:21:52.517", + "lastModified": "2024-12-05T21:15:08.143", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": " El control de acceso incorrecto en el altavoz inteligente nano Himalaya Xiaoya rom_version 1.6.96 permite que un atacante remoto tenga un impacto no especificado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "references": [ { "url": "http://himalaya.com", @@ -24,6 +59,14 @@ { "url": "https://github.com/x1ngg3/cve/tree/main/CVE-2024-41624", "source": "cve@mitre.org" + }, + { + "url": "http://himalaya.com", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://github.com/x1ngg3/cve/tree/main/CVE-2024-41624", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42195.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42195.json new file mode 100644 index 00000000000..b445d6d775f --- /dev/null +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42195.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42195", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-12-05T05:15:06.923", + "lastModified": "2024-12-05T05:15:06.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117908", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42455.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42455.json index bdac0958d52..7b6344feccc 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42455.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42455.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42455", "sourceIdentifier": "support@hackerone.com", "published": "2024-12-04T02:15:04.937", - "lastModified": "2024-12-04T02:15:04.937", + "lastModified": "2024-12-05T11:15:04.533", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process." + }, + { + "lang": "es", + "value": " Una vulnerabilidad en Veeam Backup & Replication permite que un usuario con pocos privilegios se conecte a servicios remotos y aproveche la deserializaci\u00f3n insegura mediante el env\u00edo de una colecci\u00f3n de archivos temporales serializados. Esta vulnerabilidad permite al atacante eliminar cualquier archivo del sistema con privilegios de cuenta de servicio. La vulnerabilidad se debe a una lista negra insuficiente durante el proceso de deserializaci\u00f3n." } ], "metrics": { @@ -35,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], "references": [ { "url": "https://www.veeam.com/kb4693", diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45318.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45318.json new file mode 100644 index 00000000000..64c2bf1608c --- /dev/null +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45318.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45318", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2024-12-05T14:15:21.000", + "lastModified": "2024-12-05T17:15:11.880", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45319.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45319.json new file mode 100644 index 00000000000..9599a0d1c0a --- /dev/null +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45319.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45319", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2024-12-05T14:15:21.127", + "lastModified": "2024-12-05T17:15:12.040", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the SonicWall SMA100 SSLVPN \n\nfirmware\u00a010.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45321.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45321.json index 27b4ad5d1aa..c34f00b66af 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45321.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45321.json @@ -2,7 +2,7 @@ "id": "CVE-2024-45321", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-27T04:15:09.010", - "lastModified": "2024-09-06T22:30:19.337", + "lastModified": "2024-12-05T18:47:30.633", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -22,19 +22,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", "attackVector": "NETWORK", - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.2, "impactScore": 5.9 }, { @@ -43,6 +43,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -50,9 +52,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45841.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45841.json new file mode 100644 index 00000000000..7a7bd9c271e --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45841.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-45841", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2024-12-05T10:31:40.227", + "lastModified": "2024-12-05T10:31:40.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN46615026/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.iodata.jp/support/information/2024/11_ud-lt1/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47133.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47133.json new file mode 100644 index 00000000000..e725bd2acf5 --- /dev/null +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47133.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-47133", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2024-12-05T10:31:40.430", + "lastModified": "2024-12-05T10:31:40.430", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN46615026/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.iodata.jp/support/information/2024/11_ud-lt1/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48839.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48839.json new file mode 100644 index 00000000000..dc518936679 --- /dev/null +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48839.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-48839", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:06.123", + "lastModified": "2024-12-05T13:15:06.123", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Input Validation vulnerability allows Remote Code Execution.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48840.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48840.json new file mode 100644 index 00000000000..21fba3293e6 --- /dev/null +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48840.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-48840", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:06.343", + "lastModified": "2024-12-05T13:15:06.343", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unauthorized Access vulnerabilities allow Remote Code Execution.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48843.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48843.json new file mode 100644 index 00000000000..326ed34f9f6 --- /dev/null +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48843.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-48843", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:06.500", + "lastModified": "2024-12-05T13:15:06.500", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Denial of Service vulnerabilities where found providing a potiential for device service disruptions.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:Red", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NEGLIGIBLE", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "RED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48844.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48844.json new file mode 100644 index 00000000000..abb87385008 --- /dev/null +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48844.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-48844", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:06.667", + "lastModified": "2024-12-05T13:15:06.667", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Denial of Service vulnerabilities where found providing a potiential for device service disruptions.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48845.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48845.json new file mode 100644 index 00000000000..a0da8ed1a60 --- /dev/null +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48845.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-48845", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:06.820", + "lastModified": "2024-12-05T13:15:06.820", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.07.02; \nNEXUS Series v3.07.02; \nMATRIX Series v3.07.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "baseScore": 9.4, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-521" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48846.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48846.json new file mode 100644 index 00000000000..62f3805202c --- /dev/null +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48846.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-48846", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:06.983", + "lastModified": "2024-12-05T13:15:06.983", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48847.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48847.json new file mode 100644 index 00000000000..bc7dcfbc642 --- /dev/null +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48847.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-48847", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:07.150", + "lastModified": "2024-12-05T13:15:07.150", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.01; \nNEXUS Series v3.08.01; \nMATRIX Series v3.08.01" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-328" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49041.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49041.json new file mode 100644 index 00000000000..bd62bba1d01 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49041.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49041", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-06T02:15:18.263", + "lastModified": "2024-12-06T02:15:18.263", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-449" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49041", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50010.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50010.json index 06982eaf034..f35f821e72a 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50010.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50010.json @@ -2,7 +2,7 @@ "id": "CVE-2024-50010", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.523", - "lastModified": "2024-11-08T16:15:41.030", + "lastModified": "2024-12-05T14:15:21.263", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 4.7, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.0, "impactScore": 3.6 @@ -98,6 +98,10 @@ "Patch" ] }, + { + "url": "https://git.kernel.org/stable/c/b8b0e9650eeb6637b4e1cf3d6aaf0e96f87862e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/c9b77438077d5a20c79ead95bcdaf9bd4797baaf", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50947.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50947.json index 3671a0fccb2..f84485a4eb9 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50947.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50947.json @@ -2,16 +2,43 @@ "id": "CVE-2024-50947", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-04T21:15:24.570", - "lastModified": "2024-12-04T21:15:24.570", - "vulnStatus": "Received", + "lastModified": "2024-12-05T20:15:22.180", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request." + }, + { + "lang": "es", + "value": "Un problema en kmqtt v0.2.7 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una solicitud manipulada espec\u00edficamente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://gist.github.com/pengwGit/40934164f68a8a45ebaacfcdeb598fcb", diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51114.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51114.json index 06447edb1dc..a847e70cf24 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51114.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51114.json @@ -2,16 +2,55 @@ "id": "CVE-2024-51114", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-03T20:15:15.360", - "lastModified": "2024-12-03T20:15:15.360", - "vulnStatus": "Received", + "lastModified": "2024-12-05T20:15:22.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file" + }, + { + "lang": "es", + "value": " Un problema en Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del archivo code/function/dpi/web_auth/customizable.php" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/ZackSecurity/VulnerReport/blob/cve/DCN/2.md", diff --git a/CVE-2024/CVE-2024-512xx/CVE-2024-51210.json b/CVE-2024/CVE-2024-512xx/CVE-2024-51210.json index d2b052e5782..071bc0f76d5 100644 --- a/CVE-2024/CVE-2024-512xx/CVE-2024-51210.json +++ b/CVE-2024/CVE-2024-512xx/CVE-2024-51210.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51210", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-04T21:15:24.697", - "lastModified": "2024-12-04T21:15:24.697", - "vulnStatus": "Received", + "lastModified": "2024-12-05T18:15:22.090", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", @@ -16,9 +16,48 @@ { "lang": "en", "value": "Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "es", + "value": "Firepad hasta la versi\u00f3n 1.5.11 permite a atacantes remotos, que tienen conocimiento de un ID de pad, recuperar tanto el texto actual de un documento como todo el contenido que se ha pegado previamente en el documento. NOTA: en varios productos similares, este es el comportamiento intencional para cualquiera que conozca el ID completo del documento y la URL correspondiente. NOTA: esta vulnerabilidad solo afecta a productos que ya no reciben soporte del fabricante." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://firebase.blog/posts/2013/04/announcing-firepad-our-open-source/", diff --git a/CVE-2024/CVE-2024-513xx/CVE-2024-51378.json b/CVE-2024/CVE-2024-513xx/CVE-2024-51378.json index d06a6090611..beb61894b24 100644 --- a/CVE-2024/CVE-2024-513xx/CVE-2024-51378.json +++ b/CVE-2024/CVE-2024-513xx/CVE-2024-51378.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51378", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-29T23:15:04.083", - "lastModified": "2024-12-04T16:15:26.087", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T02:00:01.677", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,10 @@ } ] }, + "cisaExploitAdd": "2024-12-04", + "cisaActionDue": "2024-12-25", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "CyberPanel Incorrect Default Permissions Vulnerability", "weaknesses": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51541.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51541.json new file mode 100644 index 00000000000..e2add763625 --- /dev/null +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51541.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-51541", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:07.303", + "lastModified": "2024-12-05T13:15:07.303", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Local File Inclusion vulnerabilities allow access to sensitive system information.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51542.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51542.json new file mode 100644 index 00000000000..71be902f327 --- /dev/null +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51542.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-51542", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:07.453", + "lastModified": "2024-12-05T13:15:07.453", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Configuration Download vulnerabilities allow access to dependency configuration information.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51543.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51543.json new file mode 100644 index 00000000000..84a85384a88 --- /dev/null +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51543.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-51543", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:07.613", + "lastModified": "2024-12-05T13:15:07.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Information Disclosure vulnerabilities allow access to application configuration information.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-15" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51544.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51544.json new file mode 100644 index 00000000000..37363ca0014 --- /dev/null +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51544.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-51544", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:07.767", + "lastModified": "2024-12-05T13:15:07.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Service Control vulnerabilities allow access to service restart requests and vm configuration settings.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-15" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51545.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51545.json new file mode 100644 index 00000000000..3492ddadd39 --- /dev/null +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51545.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-51545", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:07.920", + "lastModified": "2024-12-05T13:15:07.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51546.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51546.json new file mode 100644 index 00000000000..093e677870e --- /dev/null +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51546.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-51546", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:08.077", + "lastModified": "2024-12-05T13:15:08.077", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1287" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51548.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51548.json new file mode 100644 index 00000000000..ee21be7a51c --- /dev/null +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51548.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-51548", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:08.227", + "lastModified": "2024-12-05T13:15:08.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Dangerous File Upload vulnerabilities allow upload of malicious scripts.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51549.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51549.json new file mode 100644 index 00000000000..ebb973b756f --- /dev/null +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51549.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-51549", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:08.397", + "lastModified": "2024-12-05T13:15:08.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-36" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51550.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51550.json new file mode 100644 index 00000000000..0934d286702 --- /dev/null +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51550.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-51550", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:08.543", + "lastModified": "2024-12-05T13:15:08.543", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1287" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51551.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51551.json new file mode 100644 index 00000000000..737f7aba43c --- /dev/null +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51551.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-51551", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:08.700", + "lastModified": "2024-12-05T13:15:08.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.07.02; \nNEXUS Series v3.07.02; \nMATRIX Series v3.07.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1287" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51554.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51554.json new file mode 100644 index 00000000000..ce8436fa88a --- /dev/null +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51554.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-51554", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:08.843", + "lastModified": "2024-12-05T13:15:08.843", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-193" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51555.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51555.json new file mode 100644 index 00000000000..4c99d1130e2 --- /dev/null +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51555.json @@ -0,0 +1,130 @@ +{ + "id": "CVE-2024-51555", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:08.990", + "lastModified": "2024-12-05T15:15:10.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.07.02; \nNEXUS Series v3.07.02; \nMATRIX Series v3.07.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1393" + } + ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-521" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52269.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52269.json index dd14d4c7a0c..416d0343147 100644 --- a/CVE-2024/CVE-2024-522xx/CVE-2024-52269.json +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52269.json @@ -2,7 +2,7 @@ "id": "CVE-2024-52269", "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "published": "2024-12-04T12:15:19.500", - "lastModified": "2024-12-04T12:15:19.500", + "lastModified": "2024-12-05T11:15:06.340", "vulnStatus": "Received", "cveTags": [ { @@ -15,7 +15,11 @@ "descriptions": [ { "lang": "en", - "value": "** INITIAL LIMITED RELEASE **\n\nUser Interface (UI) Misrepresentation of Critical Information vulnerability in [WITHHELD] allows Content Spoofing.\nThe SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user.\nThis issue affects [WITHHELD]: through 2024-12-04." + "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing.\nThe SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user.\nFor reference see:\u00a0CVE-2024-52276\nThis issue affects DocuSign: through 2024-12-04." + }, + { + "lang": "es", + "value": "** LANZAMIENTO LIMITADO INICIAL ** La vulnerabilidad de tergiversaci\u00f3n de informaci\u00f3n cr\u00edtica en la interfaz de usuario (IU) en [WITHHELD] permite la suplantaci\u00f3n de contenido. El asistente de inteligencia artificial de SaaS ignora el contenido oculto que se muestra despu\u00e9s de firmar, lo que enga\u00f1a al usuario. Este problema afecta a [WITHHELD]: hasta el 4 de diciembre de 2024." } ], "metrics": { @@ -77,6 +81,10 @@ } ], "references": [ + { + "url": "https://www.loom.com/share/65ce5423d2a04e0bbd2688a178d5427f", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + }, { "url": "https://www.vulsec.org/advisories", "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52270.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52270.json new file mode 100644 index 00000000000..ebc0afce4b1 --- /dev/null +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52270.json @@ -0,0 +1,105 @@ +{ + "id": "CVE-2024-52270", + "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", + "published": "2024-12-05T11:15:06.837", + "lastModified": "2024-12-05T13:15:09.133", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", + "tags": [ + "exclusively-hosted-service" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing.\nDisplayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.\nThis issue affects DropBox Sign(HelloSign): through 2024-12-04." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "YES", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "RED" + } + } + ] + }, + "weaknesses": [ + { + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-451" + } + ] + } + ], + "references": [ + { + "url": "https://app.hellosign.com/", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + }, + { + "url": "https://drive.proton.me/urls/Z6DHXNRZQC#jkfO38rjOiOj", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + }, + { + "url": "https://new.space/s/ZuHoujvkjdzfY7Uihah7Yg#SKWLU_g2Cihfj4qsq9XNy6F4saxVAzD876PujiDOYfs", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + }, + { + "url": "https://sign.dropbox.com/", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + }, + { + "url": "https://www.loom.com/share/48f63594e14c49e19840ad9cb7d60453?sid=816c6afa-0b67-4b0b-98ff-d5c58d464038", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + }, + { + "url": "https://www.vulsec.org/advisories", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52271.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52271.json new file mode 100644 index 00000000000..c57cef34fda --- /dev/null +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52271.json @@ -0,0 +1,90 @@ +{ + "id": "CVE-2024-52271", + "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", + "published": "2024-12-05T14:15:21.417", + "lastModified": "2024-12-05T17:15:12.927", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.\n\n\nThis issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "RED" + } + } + ] + }, + "weaknesses": [ + { + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-451" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/documenso/documenso", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + }, + { + "url": "https://github.com/documenso/documenso/issues/1512", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + }, + { + "url": "https://www.documenso.com/", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + }, + { + "url": "https://www.vulsec.org/advisories", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52276.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52276.json index 232e1e67947..eff0e74a5d1 100644 --- a/CVE-2024/CVE-2024-522xx/CVE-2024-52276.json +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52276.json @@ -2,7 +2,7 @@ "id": "CVE-2024-52276", "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "published": "2024-12-04T11:30:50.947", - "lastModified": "2024-12-04T11:30:50.947", + "lastModified": "2024-12-05T11:15:07.360", "vulnStatus": "Received", "cveTags": [ { @@ -15,7 +15,11 @@ "descriptions": [ { "lang": "en", - "value": "** INITIAL LIMITED RELEASE **\n\nUser Interface (UI) Misrepresentation of Critical Information vulnerability in [WITHHELD] allows Content Spoofing.This issue affects [WITHHELD]: through 2024-12-04." + "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing.\n1. Displayed version does not show the layer flattened version, which is provided when the \"Print\" option is used.\n2.\u00a0Displayed version does not show the layer flattened version, which is provided when the combined download option is used.\n3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option.\nOnce download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.\nThis issue affects DocuSign: through 2024-12-04." + }, + { + "lang": "es", + "value": " ** LANZAMIENTO LIMITADO INICIAL ** La vulnerabilidad de tergiversaci\u00f3n de informaci\u00f3n cr\u00edtica en la interfaz de usuario (IU) en [WITHHELD] permite la suplantaci\u00f3n de contenido. Este problema afecta a [WITHHELD]: hasta el 4 de diciembre de 2024." } ], "metrics": { @@ -77,6 +81,18 @@ } ], "references": [ + { + "url": "https://drive.proton.me/urls/QD7Z493XX4#Yn3eKAjuZA5m", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + }, + { + "url": "https://new.space/s/3SG3wQxTSg7lq-vLzUjy-Q#mmrg4t0wMThwTqs9nogVHdLAjMFlkgFnKHn_Q8u9cCs", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + }, + { + "url": "https://www.loom.com/share/65ce5423d2a04e0bbd2688a178d5427f", + "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" + }, { "url": "https://www.vulsec.org/advisories", "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe" diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52277.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52277.json index af9b102d442..ff5fa59b6c5 100644 --- a/CVE-2024/CVE-2024-522xx/CVE-2024-52277.json +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52277.json @@ -2,13 +2,13 @@ "id": "CVE-2024-52277", "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "published": "2024-12-04T11:30:51.107", - "lastModified": "2024-12-04T13:15:06.080", + "lastModified": "2024-12-05T14:15:21.547", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.This issue affects DocuSeal: through 1.8.1, >1.8.1." + "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.\n\n\nThis issue affects DocuSeal: through 1.8.1, >1.8.1." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52336.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52336.json index 254273ec426..b8876fd3a7f 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52336.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52336.json @@ -2,7 +2,7 @@ "id": "CVE-2024-52336", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-26T16:15:17.093", - "lastModified": "2024-12-02T14:15:06.410", + "lastModified": "2024-12-05T14:15:21.663", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2024:10384", diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52564.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52564.json new file mode 100644 index 00000000000..f3494d747d1 --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52564.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-52564", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2024-12-05T10:31:40.663", + "lastModified": "2024-12-05T10:31:40.663", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1242" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN46615026/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.iodata.jp/support/information/2024/11_ud-lt1/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-526xx/CVE-2024-52676.json b/CVE-2024/CVE-2024-526xx/CVE-2024-52676.json index 45c7a45ce9d..7390f8bd9d6 100644 --- a/CVE-2024/CVE-2024-526xx/CVE-2024-52676.json +++ b/CVE-2024/CVE-2024-526xx/CVE-2024-52676.json @@ -2,16 +2,55 @@ "id": "CVE-2024-52676", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-04T17:15:15.207", - "lastModified": "2024-12-04T17:15:15.207", - "vulnStatus": "Received", + "lastModified": "2024-12-05T20:15:22.530", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php." + }, + { + "lang": "es", + "value": " Itsourcecode Online Discussion Forum Project v.1.0.0 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /bcc_forum/members/home.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/WTIMITW/System-with-Cross-site-Scripting-XSS-", diff --git a/CVE-2024/CVE-2024-527xx/CVE-2024-52798.json b/CVE-2024/CVE-2024-527xx/CVE-2024-52798.json new file mode 100644 index 00000000000..11576298622 --- /dev/null +++ b/CVE-2024/CVE-2024-527xx/CVE-2024-52798.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-52798", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-05T23:15:06.310", + "lastModified": "2024-12-05T23:15:06.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1333" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52943.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52943.json index 7e2bc0f81d1..ae494e0793d 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52943.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52943.json @@ -2,7 +2,7 @@ "id": "CVE-2024-52943", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T06:15:05.793", - "lastModified": "2024-11-18T17:11:17.393", + "lastModified": "2024-12-05T21:15:08.420", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.3, "impactScore": 2.7 @@ -43,6 +43,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -50,15 +52,25 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.3, "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://www.veritas.com/support/en_US/security/VTS24-013", diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53112.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53112.json index 5e26beca3f9..ee1d8690f68 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53112.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53112.json @@ -2,13 +2,17 @@ "id": "CVE-2024-53112", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-02T14:15:11.997", - "lastModified": "2024-12-02T14:15:11.997", - "vulnStatus": "Received", + "lastModified": "2024-12-05T12:15:19.190", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: uncache inode which has failed entering the group\n\nSyzbot has reported the following BUG:\n\nkernel BUG at fs/ocfs2/uptodate.c:509!\n...\nCall Trace:\n \n ? __die_body+0x5f/0xb0\n ? die+0x9e/0xc0\n ? do_trap+0x15a/0x3a0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? do_error_trap+0x1dc/0x2c0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? __pfx_do_error_trap+0x10/0x10\n ? handle_invalid_op+0x34/0x40\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? exc_invalid_op+0x38/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? ocfs2_set_new_buffer_uptodate+0x2e/0x160\n ? ocfs2_set_new_buffer_uptodate+0x144/0x160\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ocfs2_group_add+0x39f/0x15a0\n ? __pfx_ocfs2_group_add+0x10/0x10\n ? __pfx_lock_acquire+0x10/0x10\n ? mnt_get_write_access+0x68/0x2b0\n ? __pfx_lock_release+0x10/0x10\n ? rcu_read_lock_any_held+0xb7/0x160\n ? __pfx_rcu_read_lock_any_held+0x10/0x10\n ? smack_log+0x123/0x540\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x226/0x2b0\n ocfs2_ioctl+0x65e/0x7d0\n ? __pfx_ocfs2_ioctl+0x10/0x10\n ? smack_file_ioctl+0x29e/0x3a0\n ? __pfx_smack_file_ioctl+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? __pfx_ocfs2_ioctl+0x10/0x10\n __se_sys_ioctl+0xfb/0x170\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \n\nWhen 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular\ninode in 'ocfs2_verify_group_and_input()', corresponding buffer head\nremains cached and subsequent call to the same 'ioctl()' for the same\ninode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying\nto cache the same buffer head of that inode). Fix this by uncaching\nthe buffer head with 'ocfs2_remove_from_cache()' on error path in\n'ocfs2_group_add()'." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: anular la cach\u00e9 de un nodo que no ha podido entrar en el grupo Syzbot ha informado del siguiente ERROR: ERROR del kernel en fs/ocfs2/uptodate.c:509! ... Seguimiento de llamadas: ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? __pfx_ocfs2_ioctl+0x65e/0x7d0 ? __pfx_smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? bloqueo_dep_hardirqs_en_preparar+0x43d/0x780 ? lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... Cuando 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' ha fallado para el inodo particular en 'ocfs2_verify_group_and_input()', el cabezal de b\u00fafer correspondiente permanece en cach\u00e9 y la llamada posterior al mismo 'ioctl()' para el mismo inodo emite el BUG() en 'ocfs2_set_new_buffer_uptodate()' (intentando almacenar en cach\u00e9 el mismo cabezal de b\u00fafer de ese inodo). Solucione este problema quitando el cach\u00e9 del encabezado del b\u00fafer con 'ocfs2_remove_from_cache()' en la ruta de error en 'ocfs2_group_add()'." } ], "metrics": {}, @@ -25,6 +29,10 @@ "url": "https://git.kernel.org/stable/c/843dfc804af4b338ead42331dd58081b428ecdf8", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/ac0cfe8ac35cf1be54131b90d114087b558777ca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/b751c50e19d66cfb7360c0b55cf17b0722252d12", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53127.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53127.json index b13020570db..43b1cc4c1b1 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53127.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53127.json @@ -2,17 +2,25 @@ "id": "CVE-2024-53127", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-04T15:15:12.637", - "lastModified": "2024-12-04T15:15:12.637", + "lastModified": "2024-12-05T12:15:19.320", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K\"\n\nThe commit 8396c793ffdf (\"mmc: dw_mmc: Fix IDMAC operation with pages\nbigger than 4K\") increased the max_req_size, even for 4K pages, causing\nvarious issues:\n- Panic booting the kernel/rootfs from an SD card on Rockchip RK3566\n- Panic booting the kernel/rootfs from an SD card on StarFive JH7100\n- \"swiotlb buffer is full\" and data corruption on StarFive JH7110\n\nAt this stage no fix have been found, so it's probably better to just\nrevert the change.\n\nThis reverts commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \"mmc: dw_mmc: Fix IDMAC operaci\u00f3n con p\u00e1ginas mayores a 4K\" el commit 8396c793ffdf (\"mmc: dw_mmc: Fix IDMAC operaci\u00f3n con p\u00e1ginas mayores a 4K\") aument\u00f3 el max_req_size, incluso para p\u00e1ginas de 4K, causando varios problemas: - Arranque de p\u00e1nico del kernel/rootfs desde una tarjeta SD en Rockchip RK3566 - Arranque de p\u00e1nico del kernel/rootfs desde una tarjeta SD en StarFive JH7100 - \"El b\u00fafer swiotlb est\u00e1 lleno\" y corrupci\u00f3n de datos en StarFive JH7110 En esta etapa no se ha encontrado ninguna soluci\u00f3n, por lo que probablemente sea mejor simplemente revertir el cambio. Esto revierte el commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890." } ], "metrics": {}, "references": [ + { + "url": "https://git.kernel.org/stable/c/00bff71745bc3583bd5ca59be91e0ee1d27f1944", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/1635e407a4a64d08a8517ac59ca14ad4fc785e75", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53130.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53130.json index 19753a2957a..0adbebf1230 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53130.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53130.json @@ -2,13 +2,17 @@ "id": "CVE-2024-53130", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-04T15:15:12.927", - "lastModified": "2024-12-04T15:15:12.927", + "lastModified": "2024-12-05T12:15:19.417", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint\n\nWhen using the \"block:block_dirty_buffer\" tracepoint, mark_buffer_dirty()\nmay cause a NULL pointer dereference, or a general protection fault when\nKASAN is enabled.\n\nThis happens because, since the tracepoint was added in\nmark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev\nregardless of whether the buffer head has a pointer to a block_device\nstructure.\n\nIn the current implementation, nilfs_grab_buffer(), which grabs a buffer\nto read (or create) a block of metadata, including b-tree node blocks,\ndoes not set the block device, but instead does so only if the buffer is\nnot in the \"uptodate\" state for each of its caller block reading\nfunctions. However, if the uptodate flag is set on a folio/page, and the\nbuffer heads are detached from it by try_to_free_buffers(), and new buffer\nheads are then attached by create_empty_buffers(), the uptodate flag may\nbe restored to each buffer without the block device being set to\nbh->b_bdev, and mark_buffer_dirty() may be called later in that state,\nresulting in the bug mentioned above.\n\nFix this issue by making nilfs_grab_buffer() always set the block device\nof the super block structure to the buffer head, regardless of the state\nof the buffer's uptodate flag." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: correcci\u00f3n de null-ptr-deref en el punto de seguimiento block_dirty_buffer Al utilizar el punto de seguimiento \"block:block_dirty_buffer\", mark_buffer_dirty() puede provocar una desreferencia de puntero NULL o un fallo de protecci\u00f3n general cuando KASAN est\u00e1 habilitado. Esto sucede porque, dado que el punto de seguimiento se agreg\u00f3 en mark_buffer_dirty(), hace referencia al miembro dev_t bh->b_bdev->bd_dev independientemente de si el cabezal del b\u00fafer tiene un puntero a una estructura block_device. En la implementaci\u00f3n actual, nilfs_grab_buffer(), que toma un b\u00fafer para leer (o crear) un bloque de metadatos, incluidos los bloques de nodos de \u00e1rbol b, no establece el dispositivo de bloque, sino que lo hace solo si el b\u00fafer no est\u00e1 en el estado \"uptodate\" para cada una de sus funciones de lectura de bloque de llamada. Sin embargo, si el indicador uptodate est\u00e1 configurado en un folio/p\u00e1gina, y los cabezales de b\u00fafer se separan de \u00e9l mediante try_to_free_buffers(), y luego se adjuntan nuevos cabezales de b\u00fafer mediante create_empty_buffers(), el indicador uptodate puede restaurarse en cada b\u00fafer sin que el dispositivo de bloque se configure en bh->b_bdev, y mark_buffer_dirty() puede llamarse m\u00e1s tarde en ese estado, lo que da como resultado el error mencionado anteriormente. Solucione este problema haciendo que nilfs_grab_buffer() siempre configure el dispositivo de bloque de la estructura de superbloque en el cabezal de b\u00fafer, independientemente del estado del indicador uptodate del b\u00fafer." } ], "metrics": {}, @@ -17,6 +21,10 @@ "url": "https://git.kernel.org/stable/c/2026559a6c4ce34db117d2db8f710fe2a9420d5a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/7af3309c7a2ef26831a67125b11c34a7e01c1b2a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/86b19031dbc79abc378dfae357f6ea33ebeb0c95", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53131.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53131.json index 61bc0e9784a..3895281d018 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53131.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53131.json @@ -2,17 +2,25 @@ "id": "CVE-2024-53131", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-04T15:15:13.090", - "lastModified": "2024-12-04T15:15:13.090", + "lastModified": "2024-12-05T12:15:19.513", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_touch_buffer tracepoint\n\nPatch series \"nilfs2: fix null-ptr-deref bugs on block tracepoints\".\n\nThis series fixes null pointer dereference bugs that occur when using\nnilfs2 and two block-related tracepoints.\n\n\nThis patch (of 2):\n\nIt has been reported that when using \"block:block_touch_buffer\"\ntracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a\nNULL pointer dereference, or a general protection fault when KASAN is\nenabled.\n\nThis happens because since the tracepoint was added in touch_buffer(), it\nreferences the dev_t member bh->b_bdev->bd_dev regardless of whether the\nbuffer head has a pointer to a block_device structure. In the current\nimplementation, the block_device structure is set after the function\nreturns to the caller.\n\nHere, touch_buffer() is used to mark the folio/page that owns the buffer\nhead as accessed, but the common search helper for folio/page used by the\ncaller function was optimized to mark the folio/page as accessed when it\nwas reimplemented a long time ago, eliminating the need to call\ntouch_buffer() here in the first place.\n\nSo this solves the issue by eliminating the touch_buffer() call itself." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Serie de parches \"nilfs2: fix null-ptr-deref bugs on block tracepoints\". Esta serie corrige errores de desreferencia de puntero nulo que ocurren al usar nilfs2 y dos puntos de seguimiento relacionados con bloques. Este parche (de 2): Se ha informado que al usar el punto de seguimiento \"block:block_touch_buffer\", touch_buffer() llamado desde __nilfs_get_folio_block() causa una desreferencia de puntero NULL o un error de protecci\u00f3n general cuando KASAN est\u00e1 habilitado. Esto sucede porque, dado que el punto de seguimiento se agreg\u00f3 en touch_buffer(), hace referencia al miembro dev_t bh->b_bdev->bd_dev independientemente de si el cabezal del b\u00fafer tiene un puntero a una estructura block_device. En la implementaci\u00f3n actual, la estructura block_device se establece despu\u00e9s de que la funci\u00f3n regresa al llamador. Aqu\u00ed, touch_buffer() se utiliza para marcar el folio/p\u00e1gina que posee el encabezado del b\u00fafer como accedido, pero el asistente de b\u00fasqueda com\u00fan para folio/p\u00e1gina utilizado por la funci\u00f3n de llamada se optimiz\u00f3 para marcar el folio/p\u00e1gina como accedido cuando se reimplement\u00f3 hace mucho tiempo, eliminando la necesidad de llamar a touch_buffer() aqu\u00ed en primer lugar. Por lo tanto, esto resuelve el problema al eliminar la llamada a touch_buffer() en s\u00ed." } ], "metrics": {}, "references": [ + { + "url": "https://git.kernel.org/stable/c/085556bf8c70e2629e02e79268dac3016a08b8bf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/3b2a4fd9bbee77afdd3ed5a05a0c02b6cde8d3b9", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53136.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53136.json index 0b43b77b454..d66ce81f056 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53136.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53136.json @@ -2,17 +2,25 @@ "id": "CVE-2024-53136", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-04T15:15:13.737", - "lastModified": "2024-12-04T15:15:13.737", + "lastModified": "2024-12-05T12:15:19.617", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: revert \"mm: shmem: fix data-race in shmem_getattr()\"\n\nRevert d949d1d14fa2 (\"mm: shmem: fix data-race in shmem_getattr()\") as\nsuggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over\nNFS.\n\nAs Hugh commented, \"added just to silence a syzbot sanitizer splat: added\nwhere there has never been any practical problem\"." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: revert \"mm: shmem: fix data-race in shmem_getattr()\" Revert d949d1d14fa2 (\"mm: shmem: fix data-race in shmem_getattr()\") como lo sugiri\u00f3 Chuck [1]. Est\u00e1 causando bloqueos al acceder a tmpfs a trav\u00e9s de NFS. Como coment\u00f3 Hugh, \"agregado solo para silenciar un splat de sanitizador de syzbot: agregado donde nunca ha habido ning\u00fan problema pr\u00e1ctico\"." } ], "metrics": {}, "references": [ + { + "url": "https://git.kernel.org/stable/c/36b537e8f302f670c7cf35d88a3a294443e32d52", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/5874c1150e77296565ad6e495ef41fbf87570d14", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53140.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53140.json index fc26ee63b8e..afee520d66a 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53140.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53140.json @@ -2,17 +2,25 @@ "id": "CVE-2024-53140", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-04T15:15:16.803", - "lastModified": "2024-12-04T15:15:16.803", + "lastModified": "2024-12-05T12:15:19.703", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon't actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we're back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn't have to take a reference of its own." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netlink: termina el volcado pendiente al cerrar el socket Netlink admite el volcado iterativo de datos. Proporciona a las familias las siguientes operaciones: - start - (opcional) inicia el proceso de volcado - dump - asistente de volcado real, se sigue llamando hasta que devuelve 0 - done - (opcional) se empareja con .start, se puede usar para limpieza Todo el proceso es asincr\u00f3nico y las llamadas repetidas a .dump en realidad no ocurren en un bucle cerrado, sino que se activan en respuesta a recvmsg() en el socket. Esto le da al usuario control total sobre el volcado, pero tambi\u00e9n significa que el usuario puede cerrar el socket sin llegar al final del volcado. Para asegurarnos de que .start siempre est\u00e9 emparejado con .done, verificamos si hay un volcado en curso antes de liberar el socket y, si es as\u00ed, llamamos a .done. La complicaci\u00f3n es que los sockets pueden liberarse de BH y se permite que .done duerma. Entonces, usamos una cola de trabajo para diferir la llamada, cuando sea necesario. Lamentablemente, esto no funciona correctamente. Lo que postergamos no es la limpieza, sino la liberaci\u00f3n de una referencia en el socket. No tenemos garant\u00eda de que seamos due\u00f1os de la \u00faltima referencia; si alguien m\u00e1s tiene el socket, puede liberarlo en BH y volvemos al punto de partida. Sin embargo, todo el baile parece ser innecesario. Solo el usuario puede interactuar con los volcados, por lo que podemos limpiar cuando se cierra el socket. Y el cierre siempre ocurre en el contexto del proceso. Es posible que alg\u00fan c\u00f3digo asincr\u00f3nico a\u00fan acceda al socket despu\u00e9s del cierre, ponga en cola skbs de notificaci\u00f3n, etc., pero ning\u00fan volcado puede comenzar, finalizar o avanzar de otro modo. Elimine la cola de trabajo y vac\u00ede el estado del volcado directamente desde el controlador de liberaci\u00f3n. Tenga en cuenta que es posible realizar una desinfecci\u00f3n adicional en -next, por ejemplo, ahora siempre llamamos a .done antes de liberar la referencia del m\u00f3dulo principal, por lo que el volcado no tiene que tomar una referencia propia." } ], "metrics": {}, "references": [ + { + "url": "https://git.kernel.org/stable/c/114a61d8d94ae3a43b82446cf737fd757021b834", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/176c41b3ca9281a9736b67c6121b03dbf0c8c08f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2024/CVE-2024-534xx/CVE-2024-53442.json b/CVE-2024/CVE-2024-534xx/CVE-2024-53442.json new file mode 100644 index 00000000000..06559e7dd03 --- /dev/null +++ b/CVE-2024/CVE-2024-534xx/CVE-2024-53442.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-53442", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T20:15:22.693", + "lastModified": "2024-12-05T20:15:22.693", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://1d8.github.io/cves/cve_2024_53442/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/B16f00t/whapa", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-534xx/CVE-2024-53457.json b/CVE-2024/CVE-2024-534xx/CVE-2024-53457.json new file mode 100644 index 00000000000..7dd1b000927 --- /dev/null +++ b/CVE-2024/CVE-2024-534xx/CVE-2024-53457.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-53457", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T22:15:20.247", + "lastModified": "2024-12-05T22:15:20.247", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/tCu0n9/Stored-XSS-LibreNMS-Display-Name.git", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-534xx/CVE-2024-53470.json b/CVE-2024/CVE-2024-534xx/CVE-2024-53470.json new file mode 100644 index 00000000000..6d4b3f00c42 --- /dev/null +++ b/CVE-2024/CVE-2024-534xx/CVE-2024-53470.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-53470", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T16:15:25.743", + "lastModified": "2024-12-05T16:15:25.743", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/nilsonmori/WeGIA", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/nmmorette/vulnerability-research/blob/main/CVE-2024-53470/README.md", + "source": "cve@mitre.org" + }, + { + "url": "https://www.wegia.org", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-534xx/CVE-2024-53471.json b/CVE-2024/CVE-2024-534xx/CVE-2024-53471.json new file mode 100644 index 00000000000..5744999cf10 --- /dev/null +++ b/CVE-2024/CVE-2024-534xx/CVE-2024-53471.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-53471", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T16:15:25.867", + "lastModified": "2024-12-05T16:15:25.867", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/nilsonmori/WeGIA", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/nmmorette/vulnerability-research/blob/main/CVE-2024-53471/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-534xx/CVE-2024-53472.json b/CVE-2024/CVE-2024-534xx/CVE-2024-53472.json new file mode 100644 index 00000000000..f5a10849cb0 --- /dev/null +++ b/CVE-2024/CVE-2024-534xx/CVE-2024-53472.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-53472", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T16:15:25.977", + "lastModified": "2024-12-05T16:15:25.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/nilsonLazarin/WeGIA/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-53472", + "source": "cve@mitre.org" + }, + { + "url": "https://www.wegia.org", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-534xx/CVE-2024-53490.json b/CVE-2024/CVE-2024-534xx/CVE-2024-53490.json new file mode 100644 index 00000000000..e3cfb994ec5 --- /dev/null +++ b/CVE-2024/CVE-2024-534xx/CVE-2024-53490.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-53490", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T17:15:14.180", + "lastModified": "2024-12-05T17:15:14.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/DYX217/directory-traversal", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53523.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53523.json new file mode 100644 index 00000000000..14228b9307a --- /dev/null +++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53523.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-53523", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T21:15:08.573", + "lastModified": "2024-12-05T21:15:08.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Threezh1/JSFinder", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Threezh1/JSFinder/issues/33", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53589.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53589.json new file mode 100644 index 00000000000..33c524b9548 --- /dev/null +++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53589.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-53589", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T20:15:22.813", + "lastModified": "2024-12-05T20:15:22.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bushido-sec.com/index.php/2024/12/05/binutils-objdump-tekhex-buffer-overflow/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.gnu.org/software/binutils/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-537xx/CVE-2024-53702.json b/CVE-2024/CVE-2024-537xx/CVE-2024-53702.json new file mode 100644 index 00000000000..438bfa20851 --- /dev/null +++ b/CVE-2024/CVE-2024-537xx/CVE-2024-53702.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-53702", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2024-12-05T14:15:21.880", + "lastModified": "2024-12-05T16:15:26.077", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-338" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-537xx/CVE-2024-53703.json b/CVE-2024/CVE-2024-537xx/CVE-2024-53703.json new file mode 100644 index 00000000000..bd4f14f2073 --- /dev/null +++ b/CVE-2024/CVE-2024-537xx/CVE-2024-53703.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-53703", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2024-12-05T14:15:22.020", + "lastModified": "2024-12-05T15:15:11.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53846.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53846.json new file mode 100644 index 00000000000..364e000347d --- /dev/null +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53846.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-53846", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-05T17:15:14.477", + "lastModified": "2024-12-05T17:15:14.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/erlang/otp/security/advisories/GHSA-qw6r-qh9v-638v", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53856.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53856.json new file mode 100644 index 00000000000..07351e20d49 --- /dev/null +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53856.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-53856", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-05T16:15:26.237", + "lastModified": "2024-12-05T16:15:26.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-130" + }, + { + "lang": "en", + "value": "CWE-148" + }, + { + "lang": "en", + "value": "CWE-617" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/rpgp/rpgp/security/advisories/GHSA-9rmp-2568-59rv", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53857.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53857.json new file mode 100644 index 00000000000..aae0e576cda --- /dev/null +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53857.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-53857", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-05T16:15:26.393", + "lastModified": "2024-12-05T16:15:26.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/rpgp/rpgp/security/advisories/GHSA-4grw-m28r-q285", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-540xx/CVE-2024-54001.json b/CVE-2024/CVE-2024-540xx/CVE-2024-54001.json new file mode 100644 index 00000000000..bc439829a32 --- /dev/null +++ b/CVE-2024/CVE-2024-540xx/CVE-2024-54001.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54001", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-05T16:15:26.650", + "lastModified": "2024-12-05T16:15:26.650", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-4vvp-jf72-chrj", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-540xx/CVE-2024-54014.json b/CVE-2024/CVE-2024-540xx/CVE-2024-54014.json new file mode 100644 index 00000000000..5aa0034f772 --- /dev/null +++ b/CVE-2024/CVE-2024-540xx/CVE-2024-54014.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-54014", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2024-12-05T03:15:14.530", + "lastModified": "2024-12-05T03:15:14.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application installed on the user's device." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "baseScore": 3.6, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-939" + } + ] + } + ], + "references": [ + { + "url": "https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%81%8F%E3%82%A2%E3%83%97%E3%83%AA/id906930478", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://jvn.jp/en/jp/JVN03447226/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54126.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54126.json new file mode 100644 index 00000000000..aa86132f7f3 --- /dev/null +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54126.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-54126", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-12-05T13:15:09.290", + "lastModified": "2024-12-05T13:15:09.290", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router\u2019s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + }, + { + "lang": "en", + "value": "CWE-494" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0354", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54127.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54127.json new file mode 100644 index 00000000000..8d8d621a116 --- /dev/null +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54127.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-54127", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-12-05T13:15:09.440", + "lastModified": "2024-12-05T13:15:09.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0354", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54128.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54128.json new file mode 100644 index 00000000000..fd3d4a25508 --- /dev/null +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54128.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54128", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-05T17:15:15.130", + "lastModified": "2024-12-05T19:15:08.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/directus/directus/security/advisories/GHSA-r6wx-627v-gh2f", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54129.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54129.json new file mode 100644 index 00000000000..75794e571fd --- /dev/null +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54129.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-54129", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-05T16:15:26.873", + "lastModified": "2024-12-05T16:15:26.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The NASA\u2019s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the imc scheme with valid Service-Specific Part (SSP) in their Previous Node Block. The vulnerability can cause ION to become unresponsive. This vulnerability is fixed in 4.1.3s." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.2, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-665" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nasa-jpl/ION-DTN/security/advisories/GHSA-393w-w6jh-pq3j", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54130.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54130.json new file mode 100644 index 00000000000..8c6d9c64c04 --- /dev/null +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54130.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-54130", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-05T16:15:27.020", + "lastModified": "2024-12-05T16:15:27.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The NASA\u2019s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle with a Destination Endpoint ID (EID) set to dtn:none is received. This causes the node to become unresponsive to incoming bundles, leading to a Denial of Service (DoS) condition. This vulnerability is fixed in 4.1.3s." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.2, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nasa-jpl/ION-DTN/security/advisories/GHSA-7pj7-hfwv-q3v6", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54140.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54140.json new file mode 100644 index 00000000000..44c9062ed35 --- /dev/null +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54140.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-54140", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-05T22:15:20.400", + "lastModified": "2024-12-05T22:15:20.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify(). Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn't actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low. This vulnerability is fixed in 1.2.0." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.1, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sigstore/sigstore-conformance/pull/139", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/sigstore/sigstore-java/commit/23fb4885e6704a5df4977f7acf253a745349edf9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/sigstore/sigstore-java/security/advisories/GHSA-jp26-88mw-89qr", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54221.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54221.json index 7fb272938ae..f1ea680deae 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54221.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54221.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-05T00:15:19.200", "lastModified": "2024-12-05T00:15:19.200", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -38,7 +38,7 @@ "weaknesses": [ { "source": "audit@patchstack.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-546xx/CVE-2024-54674.json b/CVE-2024/CVE-2024-546xx/CVE-2024-54674.json index 40eea343efc..e5e97d9c2f3 100644 --- a/CVE-2024/CVE-2024-546xx/CVE-2024-54674.json +++ b/CVE-2024/CVE-2024-546xx/CVE-2024-54674.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54674", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-04T21:15:25.130", - "lastModified": "2024-12-04T21:15:25.130", - "vulnStatus": "Received", + "lastModified": "2024-12-05T19:15:08.947", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format." + }, + { + "lang": "es", + "value": "app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp en MISP hasta 2.5.2 ha almacenado XSS al exportar cl\u00fasteres personalizados al formato misp-galaxy." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/MISP/MISP/commit/d0330989e235a8a9f43c90817896de87a589ef7d", diff --git a/CVE-2024/CVE-2024-546xx/CVE-2024-54675.json b/CVE-2024/CVE-2024-546xx/CVE-2024-54675.json index 8b42d50e5c1..4ca25fce2a8 100644 --- a/CVE-2024/CVE-2024-546xx/CVE-2024-54675.json +++ b/CVE-2024/CVE-2024-546xx/CVE-2024-54675.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54675", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-04T21:15:25.263", - "lastModified": "2024-12-04T21:15:25.263", - "vulnStatus": "Received", + "lastModified": "2024-12-05T19:15:09.100", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow." + }, + { + "lang": "es", + "value": "app/webroot/js/workflows-editor/workflows-editor.js en MISP hasta 2.5.2 tiene XSS almacenado en la interfaz del editor para un flujo de trabajo ad-hoc." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/MISP/MISP/commit/e02c2b864a85d14d64adf9f878f9c7b2bdd15173", diff --git a/CVE-2024/CVE-2024-546xx/CVE-2024-54679.json b/CVE-2024/CVE-2024-546xx/CVE-2024-54679.json new file mode 100644 index 00000000000..cf4c24662ba --- /dev/null +++ b/CVE-2024/CVE-2024-546xx/CVE-2024-54679.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-54679", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-05T14:15:22.157", + "lastModified": "2024-12-05T19:15:09.263", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://cyberpanel.net/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/usmannasir/cyberpanel/commit/6778ad1eaae41f72365da8fd021f9a60369600dc", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6156.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6156.json new file mode 100644 index 00000000000..4e7c5541101 --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6156.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-6156", + "sourceIdentifier": "security@ubuntu.com", + "published": "2024-12-06T00:15:04.380", + "lastModified": "2024-12-06T00:15:04.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 3.8, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.0, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v", + "source": "security@ubuntu.com" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2024-6156", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-62xx/CVE-2024-6209.json b/CVE-2024/CVE-2024-62xx/CVE-2024-6209.json index 541dd189c0e..c88e8089ef5 100644 --- a/CVE-2024/CVE-2024-62xx/CVE-2024-6209.json +++ b/CVE-2024/CVE-2024-62xx/CVE-2024-6209.json @@ -2,13 +2,13 @@ "id": "CVE-2024-6209", "sourceIdentifier": "cybersecurity@ch.abb.com", "published": "2024-07-05T11:15:10.080", - "lastModified": "2024-07-08T15:35:25.837", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T13:15:09.583", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series\n\n v <=3.08.01\n\n; MATRIX Series \n\n v<=3.08.01 allows Attacker to access files unauthorized" + "value": "Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series\n\n v3.08.01\n\n; MATRIX Series \n\n v3.08.01 allows Attacker to access files unauthorized" }, { "lang": "es", @@ -23,6 +23,8 @@ "cvssData": { "version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:C/RE:H/U:Red", + "baseScore": 9.4, + "baseSeverity": "CRITICAL", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", @@ -54,19 +56,39 @@ "recovery": "IRRECOVERABLE", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "HIGH", - "providerUrgency": "RED", - "baseScore": 9.4, - "baseSeverity": "CRITICAL" + "providerUrgency": "RED" } } ], "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -74,9 +96,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 3.6 @@ -86,7 +106,7 @@ "weaknesses": [ { "source": "cybersecurity@ch.abb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -630,9 +650,13 @@ } ], "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + }, { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964", - "source": "cybersecurity@ch.abb.com", + "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] diff --git a/CVE-2024/CVE-2024-62xx/CVE-2024-6219.json b/CVE-2024/CVE-2024-62xx/CVE-2024-6219.json new file mode 100644 index 00000000000..85a2e69699b --- /dev/null +++ b/CVE-2024/CVE-2024-62xx/CVE-2024-6219.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-6219", + "sourceIdentifier": "security@ubuntu.com", + "published": "2024-12-06T00:15:04.530", + "lastModified": "2024-12-06T00:15:04.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 3.8, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.0, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://github.com/canonical/lxd/security/advisories/GHSA-jpmc-7p9c-4rxf", + "source": "security@ubuntu.com" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2024-6219", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-62xx/CVE-2024-6298.json b/CVE-2024/CVE-2024-62xx/CVE-2024-6298.json index 1ec0574bfba..1e8bc433e97 100644 --- a/CVE-2024/CVE-2024-62xx/CVE-2024-6298.json +++ b/CVE-2024/CVE-2024-62xx/CVE-2024-6298.json @@ -2,13 +2,13 @@ "id": "CVE-2024-6298", "sourceIdentifier": "cybersecurity@ch.abb.com", "published": "2024-07-05T11:15:10.617", - "lastModified": "2024-07-08T15:35:16.450", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-05T13:15:09.803", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01." + "value": "Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series\n\n v3.08.01\n\n; MATRIX Series \n\n v3.08.01 allows Attacker to execute arbitrary code remotely" }, { "lang": "es", @@ -23,6 +23,8 @@ "cvssData": { "version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:C/RE:H/U:Red", + "baseScore": 9.4, + "baseSeverity": "CRITICAL", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", @@ -54,19 +56,39 @@ "recovery": "IRRECOVERABLE", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "HIGH", - "providerUrgency": "RED", - "baseScore": 9.4, - "baseSeverity": "CRITICAL" + "providerUrgency": "RED" } } ], "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -74,9 +96,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 @@ -85,22 +105,22 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "cybersecurity@ch.abb.com", "type": "Primary", "description": [ { "lang": "en", - "value": "NVD-CWE-noinfo" + "value": "CWE-1287" } ] }, { - "source": "cybersecurity@ch.abb.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-20" + "value": "NVD-CWE-noinfo" } ] } @@ -640,9 +660,13 @@ } ], "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + }, { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964", - "source": "cybersecurity@ch.abb.com", + "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6515.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6515.json new file mode 100644 index 00000000000..50e46a503a2 --- /dev/null +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6515.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-6515", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:10.010", + "lastModified": "2024-12-05T13:15:10.010", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:X/V:D/RE:L/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NEGLIGIBLE", + "automatable": "NO", + "recovery": "NOT_DEFINED", + "valueDensity": "DIFFUSE", + "vulnerabilityResponseEffort": "LOW", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6516.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6516.json new file mode 100644 index 00000000000..7df4cc8b93b --- /dev/null +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6516.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-6516", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:10.197", + "lastModified": "2024-12-05T13:15:10.197", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Red", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NEGLIGIBLE", + "automatable": "NO", + "recovery": "USER", + "valueDensity": "DIFFUSE", + "vulnerabilityResponseEffort": "LOW", + "providerUrgency": "RED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", + "baseScore": 9.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-67xx/CVE-2024-6784.json b/CVE-2024/CVE-2024-67xx/CVE-2024-6784.json new file mode 100644 index 00000000000..1369986db71 --- /dev/null +++ b/CVE-2024/CVE-2024-67xx/CVE-2024-6784.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-6784", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2024-12-05T13:15:10.360", + "lastModified": "2024-12-05T13:15:10.360", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NEGLIGIBLE", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-74xx/CVE-2024-7488.json b/CVE-2024/CVE-2024-74xx/CVE-2024-7488.json index 35e65ff4086..efd8e68ffd9 100644 --- a/CVE-2024/CVE-2024-74xx/CVE-2024-7488.json +++ b/CVE-2024/CVE-2024-74xx/CVE-2024-7488.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7488", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-12-04T14:15:21.000", - "lastModified": "2024-12-04T15:15:18.310", + "lastModified": "2024-12-05T08:15:14.123", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: through 04.12.2024.\n\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way." + "value": "Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: 8.2.1.\u00a0\n\nNOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de validaci\u00f3n de entrada incorrecta en RestApp Inc. Online Ordering System permite ataques con n\u00fameros enteros. Este problema afecta al sistema de pedidos en l\u00ednea 8.2.1. NOTA: La vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 8.2.2 y no exist\u00eda antes de la 8.2.1." } ], "metrics": { @@ -38,7 +42,7 @@ "weaknesses": [ { "source": "iletisim@usom.gov.tr", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -48,7 +52,7 @@ }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8299.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8299.json index ccc2fa21933..8bd92d1ebd9 100644 --- a/CVE-2024/CVE-2024-82xx/CVE-2024-8299.json +++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8299.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8299", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2024-11-28T23:15:03.843", - "lastModified": "2024-11-28T23:15:03.843", - "vulnStatus": "Received", + "lastModified": "2024-12-06T06:15:22.917", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products." + }, + { + "lang": "es", + "value": "La vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada en ICONICS GENESIS64 en todas las versiones, Mitsubishi Electric GENESIS64 en todas las versiones y Mitsubishi Electric MC Works64 en todas las versiones permite que un atacante local autenticado ejecute un c\u00f3digo malicioso almacenando una DLL especialmente manipulada en una carpeta espec\u00edfica. Esto podr\u00eda provocar la divulgaci\u00f3n, manipulaci\u00f3n, destrucci\u00f3n o eliminaci\u00f3n de informaci\u00f3n en los productos afectados, o provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en los productos." } ], "metrics": { @@ -38,7 +42,7 @@ "weaknesses": [ { "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -52,6 +56,10 @@ "url": "https://jvn.jp/vu/JVNVU93891820", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + }, { "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" diff --git a/CVE-2024/CVE-2024-83xx/CVE-2024-8300.json b/CVE-2024/CVE-2024-83xx/CVE-2024-8300.json index 7cdd8aafc3a..e41176f8079 100644 --- a/CVE-2024/CVE-2024-83xx/CVE-2024-8300.json +++ b/CVE-2024/CVE-2024-83xx/CVE-2024-8300.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8300", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2024-11-28T23:15:04.743", - "lastModified": "2024-11-28T23:15:04.743", - "vulnStatus": "Received", + "lastModified": "2024-12-06T06:15:23.070", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products." + }, + { + "lang": "es", + "value": "La vulnerabilidad de c\u00f3digo muerto en ICONICS GENESIS64 versi\u00f3n 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 y 10.97.3 y Mitsubishi Electric GENESIS64 versi\u00f3n 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 y 10.97.3 permite que un atacante local autenticado ejecute un c\u00f3digo malicioso alterando una DLL especialmente manipulada. Esto podr\u00eda llevar a divulgar, alterar, destruir o eliminar informaci\u00f3n en los productos afectados, o causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en los productos." } ], "metrics": { @@ -38,7 +42,7 @@ "weaknesses": [ { "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -52,6 +56,10 @@ "url": "https://jvn.jp/vu/JVNVU93891820", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + }, { "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9677.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9677.json index 3c1e485d868..50f674312b2 100644 --- a/CVE-2024/CVE-2024-96xx/CVE-2024-9677.json +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9677.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9677", "sourceIdentifier": "security@zyxel.com.tw", "published": "2024-10-22T02:15:04.380", - "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-05T22:11:15.217", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "security@zyxel.com.tw", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +32,37 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "security@zyxel.com.tw", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +71,63 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:uos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.30", + "matchCriteriaId": "B53BCCF3-FFFC-4E52-997E-36A632C81F00" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED28D5ED-B21A-4CD6-947E-9C21EA801B7D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "09D15ECD-4942-407A-A62E-9785568C6B78" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD7E9028-1ECB-4D88-84D8-CFC589B429AE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE57BCA4-8631-460A-BFE3-BB765E5D009F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8832743A-99FA-417E-BCE1-4BF7D4CEF9BE" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024", - "source": "security@zyxel.com.tw" + "source": "security@zyxel.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9705.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9705.json new file mode 100644 index 00000000000..fa9f6748f2c --- /dev/null +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9705.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9705", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:08.577", + "lastModified": "2024-12-06T09:15:08.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin's templates." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-coming-soon/trunk/backend/tabs-content/templates/frontend-part/display-template.php#L139", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bef108a-2c68-4347-bf53-559b2d877f6b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9706.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9706.json new file mode 100644 index 00000000000..3e99923f707 --- /dev/null +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9706.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9706", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:08.727", + "lastModified": "2024-12-06T09:15:08.727", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-coming-soon/trunk/backend/tabs-content/templates/frontend-part/display-template.php#L105", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a535eb7f-5ec7-4b3b-b46f-4f09434d04b6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9760.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9760.json index 166932a8e69..23a0d632ac5 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9760.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9760.json @@ -2,15 +2,42 @@ "id": "CVE-2024-9760", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:30.040", - "lastModified": "2024-11-22T21:15:30.040", - "vulnStatus": "Received", + "lastModified": "2024-12-05T17:33:21.817", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24476." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos PDF PNG de Tungsten Automation Power. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas de Tungsten Automation Power PDF. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PNG. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24476." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +73,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tungstenautomation:power_pdf:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.1", + "matchCriteriaId": "07AF31C9-62C2-4FCA-975B-EEFCF34B8C78" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1357/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9761.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9761.json index 58099e69bb3..6694dfeb2cf 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9761.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9761.json @@ -2,15 +2,42 @@ "id": "CVE-2024-9761", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:30.160", - "lastModified": "2024-11-22T21:15:30.160", - "vulnStatus": "Received", + "lastModified": "2024-12-05T17:30:40.620", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24477." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos PDF de Tungsten Automation Power PDF. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas de Tungsten Automation Power PDF. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PDF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24477." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -37,7 +64,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +73,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tungstenautomation:power_pdf:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.1.0.1", + "matchCriteriaId": "A8BC369E-2EB0-4E2F-A071-702F62805271" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1366/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9762.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9762.json index 32ede576db9..15a1157c1f5 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9762.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9762.json @@ -2,15 +2,42 @@ "id": "CVE-2024-9762", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:30.277", - "lastModified": "2024-11-22T21:15:30.277", - "vulnStatus": "Received", + "lastModified": "2024-12-05T17:26:42.427", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tungsten Automation Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of OXPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24478." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos OXPS de Tungsten Automation Power PDF. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas de Tungsten Automation Power PDF. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos OXPS. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24478." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +73,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tungstenautomation:power_pdf:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.1", + "matchCriteriaId": "07AF31C9-62C2-4FCA-975B-EEFCF34B8C78" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1358/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9763.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9763.json index c6548d92909..34a89f419a5 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9763.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9763.json @@ -2,15 +2,42 @@ "id": "CVE-2024-9763", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:30.390", - "lastModified": "2024-11-22T21:15:30.390", - "vulnStatus": "Received", + "lastModified": "2024-12-05T17:20:19.707", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24479." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos PDF de Tungsten Automation Power PDF. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas de Tungsten Automation Power PDF. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PDF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24479." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +73,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tungstenautomation:power_pdf:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.1", + "matchCriteriaId": "07AF31C9-62C2-4FCA-975B-EEFCF34B8C78" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1359/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9769.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9769.json new file mode 100644 index 00000000000..3670299b08c --- /dev/null +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9769.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9769", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T04:15:05.200", + "lastModified": "2024-12-06T04:15:05.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Video Gallery \u2013 Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://packetstormsecurity.com/files/179304/WordPress-Gallery-2.3.6-Cross-Site-Scripting.html", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b57c9e58-64a6-48e8-8ef6-25608e4131e6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9852.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9852.json index 347cf4cf8a0..175409a30f3 100644 --- a/CVE-2024/CVE-2024-98xx/CVE-2024-9852.json +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9852.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9852", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2024-11-28T23:15:04.890", - "lastModified": "2024-11-28T23:15:04.890", - "vulnStatus": "Received", + "lastModified": "2024-12-06T06:15:23.200", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products." + }, + { + "lang": "es", + "value": "La vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada en ICONICS GENESIS64 en todas las versiones, Mitsubishi Electric GENESIS64 en todas las versiones y Mitsubishi Electric MC Works64 en todas las versiones permite que un atacante local autenticado ejecute un c\u00f3digo malicioso almacenando una DLL especialmente manipulada en una carpeta espec\u00edfica. Esto podr\u00eda provocar la divulgaci\u00f3n, manipulaci\u00f3n, destrucci\u00f3n o eliminaci\u00f3n de informaci\u00f3n en los productos afectados, o provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en los productos." } ], "metrics": { @@ -38,7 +42,7 @@ "weaknesses": [ { "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -52,6 +56,10 @@ "url": "https://jvn.jp/vu/JVNVU93891820", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + }, { "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9866.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9866.json new file mode 100644 index 00000000000..b399331be6b --- /dev/null +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9866.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9866", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:08.877", + "lastModified": "2024-12-06T09:15:08.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality to manage tickets. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This missing authorization aspect of this was patched in 2.4.1, while the Cross-Site Scripting was fully patched in 2.4.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3172740%40event-tickets-with-ticket-scanner&new=3172740%40event-tickets-with-ticket-scanner&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3201198%40event-tickets-with-ticket-scanner&new=3201198%40event-tickets-with-ticket-scanner&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dcf1133-d437-4f0a-b2cf-c91e0f6b6ca9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9872.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9872.json new file mode 100644 index 00000000000..bfec6b7fad1 --- /dev/null +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9872.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9872", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-06T09:15:09.040", + "lastModified": "2024-12-06T09:15:09.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including, 4.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts and update settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3200129/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/963c2d10-692b-4447-8d0b-7ccc2e533f01?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index debfa55042c..58813015d1f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-05T00:55:19.647283+00:00 +2024-12-06T09:59:00.639117+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-05T00:15:19.200000+00:00 +2024-12-06T09:15:09.040000+00:00 ``` ### Last Data Feed Release @@ -27,45 +27,75 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-12-04T01:00:10.096689+00:00 +2024-12-05T01:00:10.115758+00:00 ``` ### Total Number of included CVEs ```plain -272170 +272321 ``` ### CVEs added in the last Commit -Recently added CVEs: `19` - -- [CVE-2018-9397](CVE-2018/CVE-2018-93xx/CVE-2018-9397.json) (`2024-12-05T00:15:16.720`) -- [CVE-2018-9398](CVE-2018/CVE-2018-93xx/CVE-2018-9398.json) (`2024-12-05T00:15:17.383`) -- [CVE-2018-9399](CVE-2018/CVE-2018-93xx/CVE-2018-9399.json) (`2024-12-05T00:15:17.477`) -- [CVE-2018-9400](CVE-2018/CVE-2018-94xx/CVE-2018-9400.json) (`2024-12-05T00:15:17.570`) -- [CVE-2018-9402](CVE-2018/CVE-2018-94xx/CVE-2018-9402.json) (`2024-12-05T00:15:17.663`) -- [CVE-2018-9403](CVE-2018/CVE-2018-94xx/CVE-2018-9403.json) (`2024-12-05T00:15:17.763`) -- [CVE-2018-9404](CVE-2018/CVE-2018-94xx/CVE-2018-9404.json) (`2024-12-05T00:15:17.860`) -- [CVE-2018-9407](CVE-2018/CVE-2018-94xx/CVE-2018-9407.json) (`2024-12-05T00:15:17.967`) -- [CVE-2018-9408](CVE-2018/CVE-2018-94xx/CVE-2018-9408.json) (`2024-12-05T00:15:18.070`) -- [CVE-2018-9416](CVE-2018/CVE-2018-94xx/CVE-2018-9416.json) (`2024-12-05T00:15:18.153`) -- [CVE-2018-9439](CVE-2018/CVE-2018-94xx/CVE-2018-9439.json) (`2024-12-05T00:15:18.337`) -- [CVE-2018-9462](CVE-2018/CVE-2018-94xx/CVE-2018-9462.json) (`2024-12-05T00:15:18.433`) -- [CVE-2018-9463](CVE-2018/CVE-2018-94xx/CVE-2018-9463.json) (`2024-12-05T00:15:18.527`) -- [CVE-2024-12182](CVE-2024/CVE-2024-121xx/CVE-2024-12182.json) (`2024-12-04T23:15:04.703`) -- [CVE-2024-12183](CVE-2024/CVE-2024-121xx/CVE-2024-12183.json) (`2024-12-04T23:15:05.760`) -- [CVE-2024-12185](CVE-2024/CVE-2024-121xx/CVE-2024-12185.json) (`2024-12-05T00:15:18.677`) -- [CVE-2024-12186](CVE-2024/CVE-2024-121xx/CVE-2024-12186.json) (`2024-12-05T00:15:18.887`) -- [CVE-2024-53982](CVE-2024/CVE-2024-539xx/CVE-2024-53982.json) (`2024-12-04T23:15:05.943`) -- [CVE-2024-54221](CVE-2024/CVE-2024-542xx/CVE-2024-54221.json) (`2024-12-05T00:15:19.200`) +Recently added CVEs: `151` + +- [CVE-2024-53589](CVE-2024/CVE-2024-535xx/CVE-2024-53589.json) (`2024-12-05T20:15:22.813`) +- [CVE-2024-53702](CVE-2024/CVE-2024-537xx/CVE-2024-53702.json) (`2024-12-05T14:15:21.880`) +- [CVE-2024-53703](CVE-2024/CVE-2024-537xx/CVE-2024-53703.json) (`2024-12-05T14:15:22.020`) +- [CVE-2024-53846](CVE-2024/CVE-2024-538xx/CVE-2024-53846.json) (`2024-12-05T17:15:14.477`) +- [CVE-2024-53856](CVE-2024/CVE-2024-538xx/CVE-2024-53856.json) (`2024-12-05T16:15:26.237`) +- [CVE-2024-53857](CVE-2024/CVE-2024-538xx/CVE-2024-53857.json) (`2024-12-05T16:15:26.393`) +- [CVE-2024-54001](CVE-2024/CVE-2024-540xx/CVE-2024-54001.json) (`2024-12-05T16:15:26.650`) +- [CVE-2024-54014](CVE-2024/CVE-2024-540xx/CVE-2024-54014.json) (`2024-12-05T03:15:14.530`) +- [CVE-2024-54126](CVE-2024/CVE-2024-541xx/CVE-2024-54126.json) (`2024-12-05T13:15:09.290`) +- [CVE-2024-54127](CVE-2024/CVE-2024-541xx/CVE-2024-54127.json) (`2024-12-05T13:15:09.440`) +- [CVE-2024-54128](CVE-2024/CVE-2024-541xx/CVE-2024-54128.json) (`2024-12-05T17:15:15.130`) +- [CVE-2024-54129](CVE-2024/CVE-2024-541xx/CVE-2024-54129.json) (`2024-12-05T16:15:26.873`) +- [CVE-2024-54130](CVE-2024/CVE-2024-541xx/CVE-2024-54130.json) (`2024-12-05T16:15:27.020`) +- [CVE-2024-54140](CVE-2024/CVE-2024-541xx/CVE-2024-54140.json) (`2024-12-05T22:15:20.400`) +- [CVE-2024-54679](CVE-2024/CVE-2024-546xx/CVE-2024-54679.json) (`2024-12-05T14:15:22.157`) +- [CVE-2024-6156](CVE-2024/CVE-2024-61xx/CVE-2024-6156.json) (`2024-12-06T00:15:04.380`) +- [CVE-2024-6219](CVE-2024/CVE-2024-62xx/CVE-2024-6219.json) (`2024-12-06T00:15:04.530`) +- [CVE-2024-6515](CVE-2024/CVE-2024-65xx/CVE-2024-6515.json) (`2024-12-05T13:15:10.010`) +- [CVE-2024-6516](CVE-2024/CVE-2024-65xx/CVE-2024-6516.json) (`2024-12-05T13:15:10.197`) +- [CVE-2024-6784](CVE-2024/CVE-2024-67xx/CVE-2024-6784.json) (`2024-12-05T13:15:10.360`) +- [CVE-2024-9705](CVE-2024/CVE-2024-97xx/CVE-2024-9705.json) (`2024-12-06T09:15:08.577`) +- [CVE-2024-9706](CVE-2024/CVE-2024-97xx/CVE-2024-9706.json) (`2024-12-06T09:15:08.727`) +- [CVE-2024-9769](CVE-2024/CVE-2024-97xx/CVE-2024-9769.json) (`2024-12-06T04:15:05.200`) +- [CVE-2024-9866](CVE-2024/CVE-2024-98xx/CVE-2024-9866.json) (`2024-12-06T09:15:08.877`) +- [CVE-2024-9872](CVE-2024/CVE-2024-98xx/CVE-2024-9872.json) (`2024-12-06T09:15:09.040`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` - -- [CVE-2024-49232](CVE-2024/CVE-2024-492xx/CVE-2024-49232.json) (`2024-12-05T00:15:19.063`) +Recently modified CVEs: `212` + +- [CVE-2024-52276](CVE-2024/CVE-2024-522xx/CVE-2024-52276.json) (`2024-12-05T11:15:07.360`) +- [CVE-2024-52277](CVE-2024/CVE-2024-522xx/CVE-2024-52277.json) (`2024-12-05T14:15:21.547`) +- [CVE-2024-52336](CVE-2024/CVE-2024-523xx/CVE-2024-52336.json) (`2024-12-05T14:15:21.663`) +- [CVE-2024-52676](CVE-2024/CVE-2024-526xx/CVE-2024-52676.json) (`2024-12-05T20:15:22.530`) +- [CVE-2024-52943](CVE-2024/CVE-2024-529xx/CVE-2024-52943.json) (`2024-12-05T21:15:08.420`) +- [CVE-2024-53112](CVE-2024/CVE-2024-531xx/CVE-2024-53112.json) (`2024-12-05T12:15:19.190`) +- [CVE-2024-53127](CVE-2024/CVE-2024-531xx/CVE-2024-53127.json) (`2024-12-05T12:15:19.320`) +- [CVE-2024-53130](CVE-2024/CVE-2024-531xx/CVE-2024-53130.json) (`2024-12-05T12:15:19.417`) +- [CVE-2024-53131](CVE-2024/CVE-2024-531xx/CVE-2024-53131.json) (`2024-12-05T12:15:19.513`) +- [CVE-2024-53136](CVE-2024/CVE-2024-531xx/CVE-2024-53136.json) (`2024-12-05T12:15:19.617`) +- [CVE-2024-53140](CVE-2024/CVE-2024-531xx/CVE-2024-53140.json) (`2024-12-05T12:15:19.703`) +- [CVE-2024-54221](CVE-2024/CVE-2024-542xx/CVE-2024-54221.json) (`2024-12-05T00:15:19.200`) +- [CVE-2024-54674](CVE-2024/CVE-2024-546xx/CVE-2024-54674.json) (`2024-12-05T19:15:08.947`) +- [CVE-2024-54675](CVE-2024/CVE-2024-546xx/CVE-2024-54675.json) (`2024-12-05T19:15:09.100`) +- [CVE-2024-6209](CVE-2024/CVE-2024-62xx/CVE-2024-6209.json) (`2024-12-05T13:15:09.583`) +- [CVE-2024-6298](CVE-2024/CVE-2024-62xx/CVE-2024-6298.json) (`2024-12-05T13:15:09.803`) +- [CVE-2024-7488](CVE-2024/CVE-2024-74xx/CVE-2024-7488.json) (`2024-12-05T08:15:14.123`) +- [CVE-2024-8299](CVE-2024/CVE-2024-82xx/CVE-2024-8299.json) (`2024-12-06T06:15:22.917`) +- [CVE-2024-8300](CVE-2024/CVE-2024-83xx/CVE-2024-8300.json) (`2024-12-06T06:15:23.070`) +- [CVE-2024-9677](CVE-2024/CVE-2024-96xx/CVE-2024-9677.json) (`2024-12-05T22:11:15.217`) +- [CVE-2024-9760](CVE-2024/CVE-2024-97xx/CVE-2024-9760.json) (`2024-12-05T17:33:21.817`) +- [CVE-2024-9761](CVE-2024/CVE-2024-97xx/CVE-2024-9761.json) (`2024-12-05T17:30:40.620`) +- [CVE-2024-9762](CVE-2024/CVE-2024-97xx/CVE-2024-9762.json) (`2024-12-05T17:26:42.427`) +- [CVE-2024-9763](CVE-2024/CVE-2024-97xx/CVE-2024-9763.json) (`2024-12-05T17:20:19.707`) +- [CVE-2024-9852](CVE-2024/CVE-2024-98xx/CVE-2024-9852.json) (`2024-12-06T06:15:23.200`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 0afa4c50803..6a75a893a2d 100644 --- a/_state.csv +++ b/_state.csv @@ -14101,7 +14101,7 @@ CVE-2005-3166,0,0,9f609c658afabe106bf0998792baccee8ec7a1a3776c78d9e6cdb56f9c9e4f CVE-2005-3167,0,0,fc775c022df5f947ef940ea9d22d69e01674172ab466b929aa1d2de39bed7c18,2024-11-21T00:01:15.870000 CVE-2005-3168,0,0,519b3e33d7d5c3b3c891f2638d7b05c9e2eab3d694b3c8f4ba99e4e7aae09b01,2024-11-21T00:01:16.003000 CVE-2005-3169,0,0,3c0ba789270261af79dd7fc7fef49f976cd95258310555a3c2102fc70021cb7d,2024-11-21T00:01:16.123000 -CVE-2005-3170,0,0,4186304035966fc98286af302cfbccbef004bbf4a6e4f8192c3558b6a7c6905d,2024-11-21T00:01:16.247000 +CVE-2005-3170,0,1,c33b27ab9d5279d0896e39d97c584b9c604291558f6ef8ad8581156cecb923fa,2024-12-05T21:15:05.520000 CVE-2005-3171,0,0,ad712bf4daae420e6d3c86e986a103f973b87cee54532ccd0c5e98d24275c580,2024-11-21T00:01:16.380000 CVE-2005-3172,0,0,88a23b37c6649adfb39b5ebce2a75626042dd34f4e9c396f5177cf65d454ba9a,2024-11-21T00:01:16.503000 CVE-2005-3173,0,0,f5e799f42e080f9a434c4606329814792e24df135e42471c1c01c38d92f3d86b,2024-11-21T00:01:16.633000 @@ -97059,6 +97059,7 @@ CVE-2017-13304,0,0,bc01bf9619a2ed9e9969de4c65bf442a5fec6030e332a0ad95cf9c9671c48 CVE-2017-13305,0,0,2acce61b5781c64283da81f61da07d2eadea1d7bd22b7b38dbaaa4a20fc64699,2019-10-03T00:03:26.223000 CVE-2017-13306,0,0,423f74da95b3c89ac4494a0b8267dc23743708bc4de0a0cc92f3a3c6e2cdbb52,2019-10-03T00:03:26.223000 CVE-2017-13307,0,0,e83357c9230d3ea5a0100316af468cc9cffb10b590fc6474a2652e4724796965,2019-10-03T00:03:26.223000 +CVE-2017-13308,1,1,38ee1fd0b2d8ab5b38a45c4d2e6a52531b9181d9a13dca686af92f9c786c17ba,2024-12-05T22:15:18.177000 CVE-2017-13309,0,0,491cd9f7b41a6bb9dabc0009989d6e787b291b96b83a3c335f7bb247a54fd391,2024-11-18T17:11:56.587000 CVE-2017-1331,0,0,fbfa6b4058c65afc0dadcb6abf2b300b566ab5bd4820053710fa36c8414eaba4,2017-08-09T12:43:53.857000 CVE-2017-13310,0,0,7f209153c492fb41fd760d206817d716da1e9c7c4982d2ed8ff14992dd5fbbb0,2024-11-19T17:35:00.887000 @@ -126941,28 +126942,32 @@ CVE-2018-9377,0,0,e4a0a8bd1ac9734ae148f92ac66c4e7d1d997837e82ad8c47cc9f88531e107 CVE-2018-9380,0,0,e6fbe63ca9b9f94eed7d3113363726fcbc9fd32f362f8de02b396f07c6dcdef2,2024-12-02T22:15:08.237000 CVE-2018-9381,0,0,6d23302b8a97082a76241d451afb14bf577899eb10a0c0816bc7882dabaf95b5,2024-12-02T22:15:08.493000 CVE-2018-9385,0,0,a04751693f742cd9abca42cb6fa43b673fbcc24bbf305f54b6cb4b8b3d812bd4,2018-12-12T21:37:19.207000 -CVE-2018-9392,0,0,49e7b9f23a88c682cbbb44bc61a5ba9c2ca4fa0f281672e6345a23150430e818,2024-12-04T18:15:08.833000 -CVE-2018-9393,0,0,b6af74fd0caf19ec65a302341dc419c40d160016677c975b82b1482a5d64f5d6,2024-12-04T18:15:09.850000 -CVE-2018-9394,0,0,3d3b4f1d67e3b9aaf482e66f7658cdeeb9e9c9c0e737adcd8dcee7e000eb075a,2024-12-04T18:15:10.003000 -CVE-2018-9395,0,0,dd0529bb234903930decc878c54e926214965a12290f9375b0d2e04679edbb01,2024-12-04T18:15:10.163000 -CVE-2018-9396,0,0,be4ec7a86532032b0b52439a51ec71718fbc5b2e121bb3fd2f699ac8af262ab6,2024-12-04T22:15:18.457000 -CVE-2018-9397,1,1,865c13b1cdf647dc5fef487404361160d0d516c924179476bf843050fb56d096,2024-12-05T00:15:16.720000 -CVE-2018-9398,1,1,e7c164b62e28113c95653fd4619211f272e12c115b0e49a53cfcc4154d42b93e,2024-12-05T00:15:17.383000 -CVE-2018-9399,1,1,1f3576e286a238cf561fa1ea7b0570d5dfc3436546f136a1800b2b258ba9272d,2024-12-05T00:15:17.477000 -CVE-2018-9400,1,1,a872cf04a48531f55bad2616d034910b435a839210c8a44b376fe558c69e8b60,2024-12-05T00:15:17.570000 -CVE-2018-9402,1,1,0c0ee48cafcc964c832f786945a4832fe13345d8861a1f578dfc07c63c848670,2024-12-05T00:15:17.663000 -CVE-2018-9403,1,1,5a1773b4c93feff6099751813a2d625b60fdd1e160769ecdda110bfb5f468d2e,2024-12-05T00:15:17.763000 -CVE-2018-9404,1,1,ee5c60911d4e61bbfbd32416ceb84d704d696520e3a8e3663173475c9ccfb96a,2024-12-05T00:15:17.860000 -CVE-2018-9407,1,1,aa94efb731d65f03ca7fa4179f44a512b4650f96f267065d883fb74d96d2cdac,2024-12-05T00:15:17.967000 -CVE-2018-9408,1,1,91a6b56cfda55b86424f75110beb68a12e1b8987ecd19fd1fba15f9962a821a7,2024-12-05T00:15:18.070000 +CVE-2018-9386,1,1,45ba5d4d0e0f7d7b3776b3f708962712cf8bb6d60d44dfe7a3dac3bbcca7feb1,2024-12-05T23:15:04.607000 +CVE-2018-9388,1,1,004e7e4e744846ea2604a46a64f5c23fa1a926873ec4d1c000fd6c655f39ea8a,2024-12-05T23:15:04.703000 +CVE-2018-9390,1,1,5f8bb52259623be827ac21344e0e24009f609094b85f2365a19b1cd7c7cd87b2,2024-12-05T23:15:04.793000 +CVE-2018-9391,1,1,0b911ce46761adc8d7c99a74ccf642290d823ae848c436c79b5477a729d42795,2024-12-05T23:15:04.877000 +CVE-2018-9392,0,1,c32dba2c2a98106922261098b9038433eb88bfdab15b7f8a7fa0f36bbfd4c11c,2024-12-05T19:15:05.197000 +CVE-2018-9393,0,1,df4b64b8c51b0367567eab39ff6262d599db50bab473af04af8577fd63acfbdb,2024-12-05T19:15:06.160000 +CVE-2018-9394,0,1,48a2d54d752724661cb58ac865254bb340812823a8ae32c423c07cbd5c941282,2024-12-05T18:15:19.417000 +CVE-2018-9395,0,1,7b075014ffd9dfbf129f323ece9584ec1fa0dd24b2d2c8f7ca91d89a4d0a7f76,2024-12-05T18:15:19.590000 +CVE-2018-9396,0,1,b16928ed7b4d1033908bd8e17d816719267d3ffeec447e6dbde677a4c02aed9b,2024-12-05T18:15:19.740000 +CVE-2018-9397,0,1,bd94974c65d291e5e287921e637372ecfdfaf7a5f653d8bd06b4d3e2c61c9a87,2024-12-05T17:15:05.140000 +CVE-2018-9398,0,1,ed2676897ed62a4d835841e4645961445b47d7c7e1ecd9370fc212bd2438c0e5,2024-12-05T17:15:06.133000 +CVE-2018-9399,0,1,985517c3d5baba00f2d7cdfe0d01ba1d6336d831feb861a32b781ae85319b2dc,2024-12-05T17:15:06.303000 +CVE-2018-9400,0,1,0a30589e9b2b82aa31f61dfe84204f8b5bb6815c2bd03395c978b3fb32b6c0e4,2024-12-05T17:15:06.450000 +CVE-2018-9402,0,1,78eb458785c574a3b5b4da1c54346af59979bbf46a65d507ae4f48d26ba69ad9,2024-12-05T17:15:06.590000 +CVE-2018-9403,0,1,ec2b9f0a7c16f7ac93049a7ecad3f6e815a9048127808029d008134435dd3fae,2024-12-05T17:15:06.730000 +CVE-2018-9404,0,1,b29f2aeaede821330aebb4f2bd7d59f3f18dd3a57e2f203d03bc948acee2ddbd,2024-12-05T16:15:18.023000 +CVE-2018-9407,0,1,5c46d1ea1f90ba1ac8ce1e68156810dad72e19653c07190829ccc6c8a7edaa0d,2024-12-05T16:15:18.983000 +CVE-2018-9408,0,1,5c42660fc0373e3794b978085bc6f141b8964d1061bb0f50eefa0272a9e13f8c,2024-12-05T16:15:19.117000 CVE-2018-9409,0,0,ebcda6f7e24e6f698fa6ccd47d9f60bf8bc1c7442cbc31f290fa0b923152d8a0,2024-11-20T20:35:04.480000 CVE-2018-9410,0,0,67eeebcbba32822e3887bccb33fae18efb160aec58d1cb7ea07ebe4be1e04e64,2024-11-22T22:28:51.533000 CVE-2018-9411,0,0,e176a59ad08b39fe1e6853540b0f5379b5df64366124dc7ef673195cfcdd7002,2024-11-22T22:30:25.617000 -CVE-2018-9412,0,0,8f50260d1e8b65957e2cb05a966f6136a2dee829d699d386c0ca2a63e589e17c,2024-11-23T00:56:14.623000 +CVE-2018-9412,0,1,10d38b173d55eca5b05216994307fc04e70cea7770610d73cdc37fe177407f32,2024-12-05T21:15:06.513000 CVE-2018-9413,0,0,c6f4ac4e24b60889b670534f191861c4c8edbffd728fe1cd291cd8a7e281fa1d,2024-12-03T19:15:06.147000 CVE-2018-9414,0,0,1502707cba8022d2a56ca7e99daf57548667b3f30de1f8fb22b96c6af7e6c423,2024-12-03T18:15:11.267000 CVE-2018-9415,0,0,ed7c0b7190441eec3d5a1d3e25bd99949f1ee50503dc12cac8466031b55d4227,2018-12-12T21:36:26.237000 -CVE-2018-9416,1,1,373cdf7225c7559792a4f468d73303345b1a39b95130c5511372cb7fca809092,2024-12-05T00:15:18.153000 +CVE-2018-9416,0,0,373cdf7225c7559792a4f468d73303345b1a39b95130c5511372cb7fca809092,2024-12-05T00:15:18.153000 CVE-2018-9417,0,0,d14f6cd2cf635e766e90a973936df96c48a6f5ddbb0b86d066715267e8c688d6,2024-11-22T22:08:46.630000 CVE-2018-9418,0,0,e851384c008e3a0dde6b54cd54b3ee4e68c29533e11960a94ecde9efdfeb4b80,2024-12-03T16:15:18.587000 CVE-2018-9419,0,0,c18c29ca18cc221fa9a8a8c05cd34721a5a1c5a074ea2d5aabaa414db75bd8e3,2024-11-22T22:07:33.540000 @@ -126984,7 +126989,7 @@ CVE-2018-9435,0,0,d7acfbd9b6a8baf8942238ac46af38dbe5f587b828fc107ea7ec1738ffbada CVE-2018-9436,0,0,c8a247a24c83592bc549534ae7eaaefb20fd255e25c6b61b4321b051f8f1edfb,2018-12-12T21:25:58.460000 CVE-2018-9437,0,0,2fe7c032447c4aee2d71cdb7773a63d008648862a1635a0096aea7442fa776a0,2018-12-12T21:23:38.690000 CVE-2018-9438,0,0,9dbca74422ec533040b998a41e1e9831a0ef457b53367dc472271daa39aa9ea8,2019-10-03T00:03:26.223000 -CVE-2018-9439,1,1,56c1d73ddeaff461c1649b437c00a42de7145c3bb85ac77f3c544aef5f8c8343,2024-12-05T00:15:18.337000 +CVE-2018-9439,0,1,6c0e426da43a52e312a86d90f8de14b7a7b9c552546a1b4044eb66621bbf28ba,2024-12-05T16:15:19.353000 CVE-2018-9440,0,0,5d528d97aa009b19faaf4b76b2810035a508f7ff2a656fcd3a5ea6d1c0d4ebd7,2024-11-22T21:30:26.993000 CVE-2018-9441,0,0,71136ecdc98eab935890efab417789f90a76dae71108e4492cad31255e59036a,2024-12-03T15:15:06.620000 CVE-2018-9444,0,0,845df1a91dbb86e10e94c2948d2846f136bb91fcf20699ed819d25cc42061c97,2019-10-03T00:03:26.223000 @@ -127002,8 +127007,8 @@ CVE-2018-9456,0,0,d351e6127aaab11e959d66e48149c6a0e215677d529b8762f507558293e037 CVE-2018-9457,0,0,4ba55ba142e7078e2f212cda844d0dde689b9f253951c701c7bca4abadf51053,2020-08-24T17:37:01.140000 CVE-2018-9458,0,0,1dbbb9d699cf29709cb646fc9beae0f8b0ab2caf8cfb40eec8d64b76e1fb2af0,2019-10-03T00:03:26.223000 CVE-2018-9459,0,0,37f92a3a8615ac08ad1157d56af457710a07fd1019b073a6d5f8014670ff7598,2019-01-30T20:03:52.930000 -CVE-2018-9462,1,1,40e9d147e31a848be70f05b1fc0980bdcfa3fa814876c35c2fab02142e291f0d,2024-12-05T00:15:18.433000 -CVE-2018-9463,1,1,ec17b25d7eafc239367a57e9fdc71bc58093c8fa6897f1a95fb94002b6363da7,2024-12-05T00:15:18.527000 +CVE-2018-9462,0,1,540ee33ffecd012f35f758009e680a6a3e25796e7f391013823a45d54277917d,2024-12-05T16:15:19.503000 +CVE-2018-9463,0,1,5f23d237849a2b1447db672364de0872693453896bd3bbd8aa23af2ec7322d88,2024-12-05T16:15:19.650000 CVE-2018-9465,0,0,3393303102eece75c592f8058027ea52136d9a6fe887ab46a73f746fe5320e57,2018-12-12T14:31:22.043000 CVE-2018-9466,0,0,bc89e5541a7affcae76e355ac6dd04545e33b28bb1353f7de122171894d43a8f,2024-11-22T21:29:09.617000 CVE-2018-9467,0,0,69625315124f1f32171dff50284884bdc16e0f68c40918ae0aea06be6a273180,2024-11-22T21:27:26.783000 @@ -127020,7 +127025,7 @@ CVE-2018-9477,0,0,dc13b19992f78434791a0fbc13a8edc462f7906dc94916facd9ae82c958a18 CVE-2018-9478,0,0,e62c7e60234a00aab239fe0bf28caf2fee794b5fbe6ede6546cbb5aad76f7733,2024-11-20T19:35:07.310000 CVE-2018-9479,0,0,019da2b825e07153cd168d654e8fa2b554132cee5892ca29f3fba26b51246f16,2024-11-20T19:35:08.127000 CVE-2018-9480,0,0,7d2bc9d3d402ad7b751be65da82b421799466990f6d6bfffb54761b6d52c46d2,2024-11-20T19:35:09.023000 -CVE-2018-9481,0,0,2e6e23f49e804ad13c814a4a55ffe419aecc075c670e854d63326bf3024a6da3,2024-11-20T19:35:10.130000 +CVE-2018-9481,0,1,1cca595074175f544c12bcb1055b73dafbba8510c30562d3fe9cf6b46a189df2,2024-12-05T22:15:19.020000 CVE-2018-9482,0,0,46da710fbe56476783bc00e35fb2014c86285ab8f035637b7dcf7815f9b954cb,2024-11-20T19:35:11.110000 CVE-2018-9483,0,0,84ad1db0d1f7efd9beb78ab661a079e810de5c191e41ebc0e6d40304afa5e585,2024-11-20T19:35:11.993000 CVE-2018-9484,0,0,ab9a6d34f3c239a98e606ce81ca46dfdd65bf0dee026aa6d5f426b65c2e5f557,2024-11-20T19:35:12.870000 @@ -165531,6 +165536,7 @@ CVE-2021-0933,0,0,69af4f2daadc3f587068425b9d453f64d73e270c1cf7fbc0e1dda1dbb2f70d CVE-2021-0934,0,0,59fd2f9e9dbba783f090a2c05958c15519b7f41693ca587a0465aa6d558caa88,2023-08-08T14:22:24.967000 CVE-2021-0935,0,0,2716d21664d6a2f023afaaaab4828779ea877049d4151ced5e4492028ec6088f,2021-10-26T16:48:54.723000 CVE-2021-0936,0,0,0bc1b3240cfa22bde90fd8124ac0c91b56bcf761674ebee99806c96767ebc575,2021-10-26T16:54:39.777000 +CVE-2021-0937,1,1,0ab0ebd905cc5f7e1a6a28f3a4b525ee87a676e82a7a87d1f020e7f91f594d92,2024-12-05T22:15:19.270000 CVE-2021-0938,0,0,a66b94c21dcc0d01416e5117a740ef9a774e15aebb7db06d48cfbc93c925312e,2021-10-26T15:07:08.787000 CVE-2021-0939,0,0,e86e19a1b812af75a7240d67c84377d34bcfdb2edcc7699626e513f16d0f7449,2021-10-26T15:18:00.863000 CVE-2021-0940,0,0,cd67719a0b2c0ec11b6e2a1f80b5ee12036bee49eea3ce540f49f880111ee775,2021-10-26T14:29:32.777000 @@ -166997,7 +167003,7 @@ CVE-2021-20446,0,0,1c91677a2376f4f6d526461036fc8d4abae2a8771e58efed6befed0a7b10c CVE-2021-20447,0,0,abb81cea09b437814c19ff3a1f486ffd4cf38126a95db1ec6ecdf383225a759d,2021-03-31T21:02:24.123000 CVE-2021-20448,0,0,f6ca21a8cbf8a4ddda26793ecd0b524644a4071b37f555065b20837dc817ed6d,2021-05-03T18:40:31.180000 CVE-2021-2045,0,0,372545f8c102031a39336788f5c80e942079161d162efc283eb0a82cd566123c,2024-11-21T06:02:15.393000 -CVE-2021-20450,0,0,870955bf915ef21db35ddf0915c70eb582f2ef3afe1f7ff25df9387fe7a3281c,2024-05-06T12:44:56.377000 +CVE-2021-20450,0,1,c277954dcc01142621c71d59d5d1fc644df23a1ada38b6368abecc3ca6c27d2c,2024-12-05T21:15:06.663000 CVE-2021-20451,0,0,d2d1afb9724b768f8b9e5a3c46904f055999cc3bdbf91fda1e4572e0ae545814,2024-05-06T12:44:56.377000 CVE-2021-20453,0,0,f13170a033c7a422eebc211aec6bee5b72e03f8f51dac1f3f80c3e30b849198b,2022-05-03T16:04:40.443000 CVE-2021-20454,0,0,e33e5f824658eb4083da671ec12e3dee677373705fe72ca50587190bc4c2eb7b,2021-04-23T19:48:30.763000 @@ -174598,7 +174604,7 @@ CVE-2021-30199,0,0,26d97db5ae9e557327dd919c8507da60bfc1682571eca519b3b1d07acb5d5 CVE-2021-3020,0,0,72642484be6f5bcab9fb7ee48a06b60f9fa8fec8a59174f20bb3c995c1c03b43,2023-08-08T14:22:24.967000 CVE-2021-30201,0,0,dafd9506b1eb3140707968cf0b05aced483d0625f80a6e74cc986c5aa1910c79,2022-04-29T18:14:15.950000 CVE-2021-30203,0,0,b1e85751e662e7d61e8b50b4f66319d543b270d988cf93074f603f95f6baf87a,2023-07-05T19:50:58.443000 -CVE-2021-30205,0,0,7e92b83990b6d521ae51e1572044374b2b51b438e59b863830001f9fb2e150e7,2023-07-05T20:17:55.363000 +CVE-2021-30205,0,1,528c5cb76b3fcb459ecd392cdead376c46502fa3374bb56b51818249065d38d6,2024-12-05T15:15:06.003000 CVE-2021-30209,0,0,c1d1b504e4c6a698d41de9a6a3f372d9891f98477b1e1d8fc4d80b961f06ba1a,2021-04-23T20:12:13.167000 CVE-2021-3021,0,0,be707124faa4646bd3f3768a806b031b465a890861b83e001c79e7946ee7920c,2024-11-21T06:20:46.230000 CVE-2021-30211,0,0,6dff00dceca25823aabee462590e8a6c3d928b3474830d359f8ba76e25b3fc12,2021-05-14T19:02:13.407000 @@ -175835,7 +175841,7 @@ CVE-2021-3163,0,0,f89f199ffc0e3c2684b0aac0ac37483ae65d0f30da935d016d1ec03fc1ec55 CVE-2021-31630,0,0,93c7a1da8d5d487512cf8a33c3ec73387c3509a9a3dc3421321cfea5271501d6,2022-05-03T16:04:40.443000 CVE-2021-31631,0,0,e4685f84a5797c763b0e66c36a5ba70eed0e1714a692dde8526e51ca26b8ff7d,2021-12-07T14:02:09.200000 CVE-2021-31632,0,0,e692188d243a7872a36e5424d25a260426040a6c83172902699779720b13cc77,2021-12-07T14:03:06.170000 -CVE-2021-31635,0,0,4558c8a5e107e1e82cc4e644378ea1e57cc3aa155055a1c9bb1949e4308a979a,2023-07-05T13:50:31.657000 +CVE-2021-31635,0,1,03b763ed91707c02537b9501698cb605aac23a44437f9d4da524275239cb84d7,2024-12-05T16:15:19.800000 CVE-2021-31637,0,0,33ae060eeb7fe2576e1640e9ca400ebb83fe1fbb90ec7b97dc6e15653a4f7589,2023-03-22T01:32:09.007000 CVE-2021-3164,0,0,fcba3f790d69977e07bc77ea2a703f691482f679b930a174a0005a4a28f4c71e,2024-11-21T06:21:02.377000 CVE-2021-31641,0,0,c114686ae2510c64533e71869c1131bf092f0108188a6c3b1dd6ff33551dbdba,2021-06-08T20:26:41.403000 @@ -187622,7 +187628,7 @@ CVE-2021-47484,0,0,035fc4f20b8bb0051e7d41d7acbf3080e74faff5b61ebfb91fef9fe6e51bb CVE-2021-47485,0,0,c5a619e9b3a8d428185f18d7c380bfa0d68a0465beb69fc44f1b93fc5d7419ac,2024-05-22T12:46:53.887000 CVE-2021-47486,0,0,41d64af05f9f7e7f079d43365667fcc12c2bdc11c6514c521a628dc553dcbe93,2024-07-03T01:38:02.550000 CVE-2021-47487,0,0,37fda3dbde69565646173f301baa99f70441700610bcbfc8402f3e27ab23c916,2024-05-28T19:15:08.983000 -CVE-2021-47488,0,0,feb3708d16b45c996f2b8532e45bbd928707d83327cc31f4d762765d6eae6d2d,2024-05-22T12:46:53.887000 +CVE-2021-47488,0,1,6bd518faf568ee263bd5be6b79978583251019752295859beb9e265d517b8683,2024-12-05T14:15:18.520000 CVE-2021-47489,0,0,8528fb54f50b248c5394bdfe5a1f0f958adaf678f3630220742d3a1e1617aa91,2024-05-22T12:46:53.887000 CVE-2021-47490,0,0,e30d1fa22901bc22e5516eb0e2758b111e45a2ee2510ade5b148d6e264b4c7b8,2024-05-22T12:46:53.887000 CVE-2021-47491,0,0,f9a4ce6319732d76a86ef53a89279887b58681e4b57594351152311014b520b1,2024-05-22T12:46:53.887000 @@ -188464,7 +188470,7 @@ CVE-2022-0784,0,0,e48d40c58ce3ce7833c554da7040f158daa7a8c59cce03439f9f284445f7a9 CVE-2022-0785,0,0,f43405ae2636ca349c6ea0d9748275c66e22cb10b944e5085a7e76831d6cb119,2024-11-21T06:39:23.570000 CVE-2022-0786,0,0,f8750e75a59df83b0a6524f3d916e7839c25f77dd9a8d0181448db050f5f705c,2024-11-21T06:39:23.690000 CVE-2022-0787,0,0,d24e98e4b65f225e45d1030dfd1f84a06209e1b41592c15e9339499ef05fef67,2024-11-21T06:39:23.803000 -CVE-2022-0788,0,0,e5ca00ddd5a125f238fa2ffc8b344429f7aa1eff3be92016dedf02ab227965e6,2024-11-21T06:39:23.920000 +CVE-2022-0788,0,1,b0c70f95c2aa92604fb57e55e860695ba1eb50ff92a4236215299590ab5696be,2024-12-05T17:12:01.060000 CVE-2022-0789,0,0,f03613d99cdda048824d840d1bf79c65b68ed65b7eee2930d01a0eddcf276f15,2024-11-21T06:39:24.037000 CVE-2022-0790,0,0,52d8c0610fe26e74a24cd009ae502cc0378ff159d1eb6ce20f5ff1af0ea0e7f2,2024-11-21T06:39:24.163000 CVE-2022-0791,0,0,645740339539c2573275f5763f9cb0bee41836873e226a39960a3d52b18942cd,2024-11-21T06:39:24.310000 @@ -207121,6 +207127,7 @@ CVE-2022-41133,0,0,088bf9671968c99fb23f3c0411fdafec9410cff50b2d1346a6feab4c1b081 CVE-2022-41134,0,0,e3041eb43eac7f101fae7398b3e70f5d3ce9064fdb5e4b42fde7249eb5b868d1,2023-11-07T03:52:43.257000 CVE-2022-41135,0,0,4ea4888d7cba31286c51322dbeb320c51e319a748b97fead6814a11154b33ac8,2022-11-23T19:37:18.823000 CVE-2022-41136,0,0,a801e1ad68bf193c349d0c7b181d3df141eabd0a41c1d499a3df4c2a784cb939,2022-11-09T13:48:33.217000 +CVE-2022-41137,1,1,6b9869b70f34f433c7f49122ab549f9b668b33983d7e8e99f8a9267a3bcd3737,2024-12-05T17:15:07.033000 CVE-2022-41138,0,0,9aab14bfba2cf6d4eb0e448cadae69d22cc934ec062e280dbe34fd8fc9bd1258,2022-10-07T13:20:24.543000 CVE-2022-41139,0,0,ea9acf531d44cdf5970356df78585b20dbbbdd5898050903dd74a69c80ad6acd,2022-10-19T05:08:24.670000 CVE-2022-4114,0,0,d831f077636dad5fbe187d0c9c5ecd71bb5ed79c3a981e13701bd6322de086c0,2023-11-07T03:56:57.973000 @@ -208524,7 +208531,7 @@ CVE-2022-42857,0,0,cdcf832ca21268788c00b206c507e4baf85763977b13479d6144d4ecea8b4 CVE-2022-42858,0,0,ac32d8701544284a16fa8a8644ad93f42860f2d61f63553bbbac09e0ed1d0ec4,2023-04-14T00:49:01.310000 CVE-2022-42859,0,0,58fd8e1f3433ad231be5828b17b63c8c60345f527a21fadfc7b20f0c3a2ba979,2023-11-07T03:53:39.450000 CVE-2022-4286,0,0,d57b89bce707a60becec135b0c12042f0afa4be688f63f128258066f9dc86023,2023-11-07T03:57:25.743000 -CVE-2022-42860,0,0,7b6722b6862a962f96eb11557b62e5d117df1e3c9c245bd5c9b9f26725e93b32,2023-06-27T10:53:11.793000 +CVE-2022-42860,0,1,f07f01093947dd5a1be267c1670c5e33c77da8c29b0b1395fb35d023c1840997,2024-12-05T18:15:19.930000 CVE-2022-42861,0,0,8773f2c3735d7a3a351c676356225207f7d99016eaf6a518c6a02c7cb50fcb2d,2022-12-21T15:54:54.807000 CVE-2022-42862,0,0,4b27cc2aeac561ef379119e4bb04ff21d71ffc7b78b79e82628c5ae71159b844,2022-12-21T15:55:48.200000 CVE-2022-42863,0,0,2a9e44bb176a17f0efac94fb517513cc503f5800577b81fb592afb461ffb8bf0,2023-05-30T06:15:30.217000 @@ -210338,10 +210345,10 @@ CVE-2022-45435,0,0,673278c35544b11bce4a6cb5571e396b0d55e78356d846077c11a393d6da9 CVE-2022-45436,0,0,01abc9de441e7cf126d73173671bae6f589d837af990bbfdbda81f6af399b51b,2023-10-18T12:15:08.737000 CVE-2022-45437,0,0,d5888961b8eaff0022b16b4f48be6d067f28e135c23188633d5739030e59b5a3,2023-10-18T12:15:08.917000 CVE-2022-45438,0,0,97e9e188c681c49bbcf28e1650c7c19afcb8566d4de35937a02217c0d4831abb,2023-11-07T03:54:43.120000 -CVE-2022-45439,0,0,3d4135a46e7cc1e12184cf083253ea0845cc5fc22d242a2814349925ab48a856,2023-01-24T20:16:45.073000 +CVE-2022-45439,0,1,660d82d88de49529d1bb4fdd5e4bdcc9eff6042525cfb408cbeeaedaaced1a3c,2024-12-06T07:15:04.680000 CVE-2022-4544,0,0,e4c68d06692a27425b25edce623d7804fc27cdfa2fb6f6a5514424ce890540bb,2023-11-07T03:58:06.470000 CVE-2022-45440,0,0,f29300f8a9679228652e714073e4afcd589eab6ec4324e03384c3888b3696b95,2023-07-07T18:42:12.577000 -CVE-2022-45441,0,0,6941386fff2f0b2caa31488935b46e3cfc58507f2b76e9fae3af400a9b22ea5b,2023-02-14T23:46:03.117000 +CVE-2022-45441,0,1,d8274b8f5f70778ac2a239a4f45eded09c9f1d72c00e3911f6e732c43a3bdfd1,2024-12-06T07:15:05.190000 CVE-2022-45442,0,0,31670bb507eabd78ef05d1367170f9c115621e1a9d642d0a10423dab08d81087,2023-02-01T15:47:27.760000 CVE-2022-45444,0,0,c52570583a53122eaad4c68e011fde2fa4247c9e3dab4ac383736eb3d282974c,2023-11-07T03:54:43.403000 CVE-2022-45447,0,0,8cbfe73ac93e4590c0a1077dab8cc70998a4357b04cca60773075e3e786c4c14,2023-09-22T16:29:56.070000 @@ -211236,7 +211243,7 @@ CVE-2022-46713,0,0,2b3d0fd6257254a18558e0ab8ce2c9f3baa3fd71df65f784ea6926b9bbc76 CVE-2022-46715,0,0,6779bf5233f59e29396c4e1997eda9b8b93dc5b719b1909a4c0d6930cc3cac72,2023-06-27T10:52:49.890000 CVE-2022-46716,0,0,c9aa713b634226ea9c2b6d88253acde1b75e9ddb4e4ccaa843e3b7a06b133480,2023-04-14T22:50:00.043000 CVE-2022-46717,0,0,b1b5c7f66809830ac7819d893784d338e0641a7432e4c6d7ac551d797f9f8b2f,2023-06-06T23:15:09.547000 -CVE-2022-46718,0,0,507b6f0fd9315ba020980721de2ff52cad7d1b55d38760fb28cc3b3764480ae4,2023-06-27T10:51:37.977000 +CVE-2022-46718,0,1,0d29a2e43bd89f9da7903b4919ee8d3d26f633178ae7e74ed30a87430fb4b98b,2024-12-05T18:15:20.093000 CVE-2022-46719,0,0,c556d1c8e4cec6f1708a76e4f56e1770d03a9008f0fd1910f774141108142259,2023-11-07T03:55:51.027000 CVE-2022-4672,0,0,9c2e59790280420d462ec305448b87221671610a4df920be27309373361e4116,2023-11-07T03:58:33.343000 CVE-2022-46720,0,0,a4866f6c76c74ef985b56ff02afeafaffb2d3f6684cd4df17a3bd7d8b53f6392,2023-11-07T03:55:51.277000 @@ -215874,8 +215881,8 @@ CVE-2023-21171,0,0,3b7859be643848844f7b752610a235cf4d57d06ef258797801cbdf2cc886c CVE-2023-21172,0,0,3483eb8d6eb712ad97cf27fd476c94b8573be210b95297dfee4bf0ba85645321,2023-06-30T18:04:16.583000 CVE-2023-21173,0,0,ec342148229c204219375bc8daf71a8cdbc1c7385d8e93ed8cc3d0de411d20c6,2023-06-30T18:51:09.053000 CVE-2023-21174,0,0,8a41beb6429fb6f3d2d71c7b635626b2c254a4cc8abf63500fc0f968c04d23bf,2023-06-30T18:52:27.157000 -CVE-2023-21175,0,0,9a4bfebc54574633734f990beb22552ec6dd59fd63255eb6932644829a840416,2023-06-30T19:09:31.007000 -CVE-2023-21176,0,0,b4889bff267fcb6c19338bfd6ba59e7353ae666531e9981ac40642586f055857,2023-06-30T19:12:04.187000 +CVE-2023-21175,0,1,0f13a4e1b689adcf8cba60f61efe0f4bd1672b3b1e9a6218e29cbfdb700dc567,2024-12-05T16:15:20.097000 +CVE-2023-21176,0,1,ef1ea228d5c38c24fdefada294767f8749384af4102d3fd346042e3c7764fa01,2024-12-05T16:15:20.230000 CVE-2023-21177,0,0,2f9d0b76970b263c24d25155dfb855f560db90b07fdf495e549e60a1dd54b60e,2023-06-30T19:23:25.413000 CVE-2023-21178,0,0,f73eb7fa72c2f5c67caf2112bcbc776a690762fdc42d18ae5acf134daeb865e4,2023-06-30T21:20:09.863000 CVE-2023-21179,0,0,98fe046ec9ec82206c6fb0b8345c7710bd62753f0a45f781feb56b00c0cc73c1,2023-06-30T21:20:41.290000 @@ -215887,7 +215894,7 @@ CVE-2023-21183,0,0,2286580ddc8e8c828b53ecc52416e14744580e1fb73aa59dad4850ce63e22 CVE-2023-21184,0,0,b5e44d5ab12f1876a6252304c37f76641985c9a98afa4a7fedc69e046a6689f2,2023-07-05T20:37:32.573000 CVE-2023-21185,0,0,a372832232bd38ef51b228b4346dbb487b34f1e3aea90bbdbe1daa118d2dfb7d,2023-07-05T20:36:43.733000 CVE-2023-21186,0,0,e86617d8b22ba6e48e4876f25aee117ce8f7e3fa3864696e5e2ba2dd82522514,2023-07-05T20:35:40.533000 -CVE-2023-21187,0,0,5f5e69a9a48c25bba9cdac3bf1f67003576dfb77ca8f48c933862e2768baf768,2023-07-05T20:16:39.883000 +CVE-2023-21187,0,1,2cb2d8db980ed830b9f68bd13b61416b855c7e0107be29acb63bf924403fa95a,2024-12-05T16:15:20.347000 CVE-2023-21188,0,0,bc014b0a65e92f259cb080cd896a9402878499860dba0ee8d36469c44f9e0d81,2023-07-05T20:12:24.047000 CVE-2023-21189,0,0,489bbd3df372002bf2da27abb9a7d63c1e7d17bd20e334202f434432004964f0,2023-07-05T20:29:00.037000 CVE-2023-2119,0,0,684a9f1d8e5382e027ba45e6c4d6d7f5a8c0768eb5df5038313f3b90f337af17,2023-11-07T04:12:00.240000 @@ -216217,7 +216224,7 @@ CVE-2023-2151,0,0,2627cea95e292c8a4c63032209acd1eb041c949d60ebbdf15ef37d5992d7b5 CVE-2023-21510,0,0,7e668a7ce8a44060e31ace854f6b9bc0b01eb61088edb8184203a0b2e37a6fba,2023-05-11T01:11:12.747000 CVE-2023-21511,0,0,0b2764e30c7f278213776a61fcc9bdd4af16ccb3909318121009d58c761d7334,2023-05-11T01:19:13.570000 CVE-2023-21512,0,0,d8a471bf0ecbbcc9116c309dabb311603b1284eada992358495af80302bc6d3c,2023-07-07T13:55:14.693000 -CVE-2023-21513,0,0,58f015e3ef121828922518fb1dce43e7ebd19be096f353471e466f3ab6e64837,2023-07-06T21:23:49.590000 +CVE-2023-21513,0,1,f6b72ad449ef51d3306ff53b82db63d8ef0fdc642f7c10ccc8e58842915ff42e,2024-12-05T16:15:20.473000 CVE-2023-21514,0,0,6ba56250a8709740f56d569fb32c5e1475ebefe22df1ce1627458356725c3704,2023-06-21T15:18:17.423000 CVE-2023-21515,0,0,2ab82becc3240d98d890deddb29f10a96a48f6a0906d31b81ba467fa5ec104ed,2023-06-03T03:42:38.067000 CVE-2023-21516,0,0,4dfdeafae029d7cdd83d291cf61caf8967262358489553b7fcbf151dc6b907c5,2023-06-03T03:50:20.003000 @@ -217850,7 +217857,7 @@ CVE-2023-23511,0,0,77bcf2029ab59aa68a9e31f76cd6ec6b62fdc88db14619d8a3a93f3d21c3f CVE-2023-23512,0,0,2c830aa9cb9e2ad4c20783256710b8ce46e146c235896bb1ac6781a67d0e96d8,2023-07-27T04:15:13.983000 CVE-2023-23513,0,0,227e4d870e7cbd5d4610603c2d000b9ea8261929d509f8fa18d1a13a03480ecf,2024-08-01T18:35:02.847000 CVE-2023-23514,0,0,a804dabbb2903efb058755dd17db1568378fc2fd065771e3acd411878795c683,2023-07-27T04:15:14.157000 -CVE-2023-23516,0,0,dc7f0ef3e4f23ac300c5e4f8f1a06a39a352defe629e6db822b233de1f16d4ca,2023-07-27T04:15:14.380000 +CVE-2023-23516,0,1,642fb93fd27c63e523bbbbd8ec697d800beb99b36c421b23b39ea2a2701fa5db,2024-12-05T18:15:20.327000 CVE-2023-23517,0,0,ab345983f5d83c67962eb917424083b6e32da9f77f3276995a01c83856bde944,2023-07-27T04:15:14.467000 CVE-2023-23518,0,0,4ef40483badcd30020a5fe8dec78e131c02a2a0d605fe793d53fe40728aa31f1,2023-07-27T04:15:14.547000 CVE-2023-23519,0,0,53c1b157cb23133eff4d6c69200ce443d60ae4ed93042d03da94cffe09e9f9b8,2023-07-27T04:15:14.630000 @@ -221648,7 +221655,7 @@ CVE-2023-28188,0,0,ce1d631bc1ff070cbe9255b138fa3331925644b237537349ed3580b39d917 CVE-2023-28189,0,0,8175e564df8662d683f7cd5b5eb45b5334016b31b23d288d60e02ed8cf6aa22c,2023-07-27T04:15:22.207000 CVE-2023-2819,0,0,3c20f8a330bf2edb1c17b0a2df22373e17acca766fa26eb0b9e62e37ca599218,2023-11-07T04:13:23.167000 CVE-2023-28190,0,0,3acb94a21651a823cd3b8350ef9dca128a4d4ca76fc383a9ffe2fab974ade359,2023-07-27T04:15:22.297000 -CVE-2023-28191,0,0,ba59d1894361282dd5abc641d59361481e998562e9dd4e730494a6a0e06d6788,2023-07-27T04:15:22.380000 +CVE-2023-28191,0,1,6664ec9e1968effd5625736bb352c1ff2957736653242e5c49084c5c4ffb4a69,2024-12-05T17:15:07.650000 CVE-2023-28192,0,0,653df8f0dd5c6235ae5b8f3759759761cbbc94be9bec11f0440968297023c1ae,2023-07-27T04:15:22.473000 CVE-2023-28194,0,0,c5b7ec8a5d918bf9ec6ca55388a932627bda3a560563fe6bdbd35045f209a322,2023-07-27T04:15:22.567000 CVE-2023-28195,0,0,d87984bf1ec16ad4557f8ddf631f2d493f34ca200183054d51d9eabe2394c710,2023-09-08T15:43:22.570000 @@ -221658,7 +221665,7 @@ CVE-2023-28199,0,0,6223d43bc481ef68e68af9c0ebbf065903cb1441e00165ed43367c8291c3f CVE-2023-2820,0,0,12da12cd23c4d3320c1302746cfbf668b4eb472ac460d2ed1b66eeac8e1ec719,2023-06-28T19:26:01.313000 CVE-2023-28200,0,0,1b41caa01ac494f72962dcc1851ef51646dce9229c742579749dd529704c0ae3,2023-11-17T19:33:06.590000 CVE-2023-28201,0,0,803996df6887be4fc084e2c3e8b12d31eba6477bebb0d7ba2992371a246e94ae,2023-07-27T04:15:22.747000 -CVE-2023-28202,0,0,589f455868acda369056c0797d8aba302ff90e5b46442220314e9f5fd825b630,2023-07-27T04:15:22.833000 +CVE-2023-28202,0,1,191014a0200c592d291fa5fba60b126bce7fe013f7105ee7dd188bda0cdcf7fe,2024-12-05T17:15:07.837000 CVE-2023-28203,0,0,08b7d691ce4073abd2047d44f3bfc2b8f9629f4639fbe9b37d88ced68dbebf69,2023-08-03T14:03:36.787000 CVE-2023-28204,0,0,e49dee97f06d329286722ef2bfa1ac07e658839948c87270b4c3ec4810ce19f0,2024-06-27T19:05:08.367000 CVE-2023-28205,0,0,32c4f6a9c2c955502c4cabf4e84e2d0162b743df595f8aa8ceda5c752d584b5d,2024-06-27T19:31:48.657000 @@ -222271,7 +222278,7 @@ CVE-2023-28820,0,0,8b70a72a8f8cc09bb006f47031b88620c0ac808f8d102cf0e15713615b214 CVE-2023-28821,0,0,4b09838e4d4a8a2917bcf5cdf5f612433b074dcb7548d0d3a766e80a60b71dbc,2023-05-05T13:40:26.043000 CVE-2023-28823,0,0,87894b474b71bc3e46b9c394031dd0006588b5abb19d7f1ecdad5a5928c0beff,2023-11-07T04:10:54.510000 CVE-2023-28824,0,0,6217e10c10df3a710e40602c4b5f6e2e19457c4fb3b380905849d51ad7a71391,2023-06-08T13:47:32.470000 -CVE-2023-28826,0,0,72ba642b7be16a1b258eb748f3c254740948996853f940079d44c2390c589230,2024-03-13T23:15:45.693000 +CVE-2023-28826,0,1,061d57499e91aa7f7d7e9a5cdbe935c63e6d5b1984dfae847aae42bb570c0771,2024-12-05T15:30:17.053000 CVE-2023-28827,0,0,f44108e508cde369d66ca1dbd483ecbe772822ac164d5e3df873ccb3ff8f8959,2024-09-10T12:09:50.377000 CVE-2023-28828,0,0,7c01788f5690e47da77e68839cb118243068e2077bb180cffc0de77a5125e0bc,2023-05-09T13:15:17.273000 CVE-2023-28829,0,0,4b5cff9cda965725817b3e2e0f35976766e508ef08936a9897600a6795af5299,2023-07-05T17:36:45.750000 @@ -223775,7 +223782,7 @@ CVE-2023-30899,0,0,c95fb59fa6974921929c43a7b27b5c48bb6bee11016ce8122fb5c60688989 CVE-2023-3090,0,0,6b8def9601134991d95ba9058d7db16d3564aa5e8a8f026dd5b99877c903c81a,2024-06-26T15:54:02.870000 CVE-2023-30900,0,0,5ec449e80a412a9dd9cb351fac04840501ea02c3c51d7a39b3fe16e59481fd43,2023-10-16T18:20:19.453000 CVE-2023-30901,0,0,6290bb46124d97e5b1b37644ad0986450f267f5dc35d5b3e7eef697c3f8604d8,2024-01-09T10:15:15.077000 -CVE-2023-30902,0,0,2c079b380e99abd22fc5a2117ac8f6f49f606d90c152c1c27d6ea71bccb98ec6,2023-06-30T14:15:33.933000 +CVE-2023-30902,0,1,b5391dbbbbfdfa6ef158fa2e9aa856173ac9fb4648dd482dcefc06e39dc4d01b,2024-12-05T15:15:06.587000 CVE-2023-30903,0,0,705695ec6b67276baeb28d4892c6f030e0eb095e5e99d712c62c2352512add22,2023-06-29T15:32:57.790000 CVE-2023-30904,0,0,b83da390631855b93bac25f8d2f6d7c8ceda35ae1a14b5532264386983985f5a,2023-06-29T15:40:01.620000 CVE-2023-30905,0,0,7f366aaf3e32386bc6e6595cddfcc160e6fe244dcb07f3b19ab617c0190ad9a2,2023-06-29T15:49:56.300000 @@ -224851,32 +224858,32 @@ CVE-2023-32348,0,0,6ea12bd90b9a58e0bbb2c612a5ce45d8211d0d8b26391a9e8047510cbcc51 CVE-2023-32349,0,0,d103f45b6bd3841b3bce10b891f3b320b2aa4eeaf8dd86e473d20cb2a4c10408,2023-06-01T17:54:27.743000 CVE-2023-3235,0,0,29911b7e4a23005b3ecd7d095df296982c0b39491f9bbeed48bfd8521f9cee7f,2024-05-17T02:27:22.443000 CVE-2023-32350,0,0,c76e830b8fa4d9ee6b355b71959948fca928dbcc0ec1d4744cee9a03d6990a9b,2023-06-01T17:55:09.873000 -CVE-2023-32351,0,0,5cc1a0678ec54de703db628e49afad9ad3bf6e693e15067952cb57d246eab933,2023-07-27T01:15:19.740000 -CVE-2023-32352,0,0,70cbec30aa03d539b73d8be1c158f674ad9eab2850432c8cefe3dc32afea1afc,2023-09-06T08:15:43.167000 -CVE-2023-32353,0,0,a443de5675134b32e593db4189b04db1d021fcfe54594b1d108a63c1c040394d,2023-07-27T04:15:23.283000 +CVE-2023-32351,0,1,8abb0c727139c1a90d5102f2ca0d9980c934a1e15cdeeeeb67d74b58884c46e7,2024-12-05T17:15:08.357000 +CVE-2023-32352,0,1,283c961c6ee48407fc9ea3be28023f1b1fc235003863597257ba37d9897f6d94,2024-12-05T17:15:08.470000 +CVE-2023-32353,0,1,32c9640dafa7baf1552c2f7c3d9581b130f5d1f437ee599cf02c3cba57aa2f12,2024-12-05T16:15:20.873000 CVE-2023-32354,0,0,43a88b4ba993627c13e46b10a910793528aacd999fffcd768358b6674dac26d7,2023-07-27T04:15:23.377000 -CVE-2023-32355,0,0,184654aecc2c649a8da5e78a0cf8eb4b831d26b2ae6c4ebb709a17cd6679fe45,2023-07-27T04:15:23.467000 +CVE-2023-32355,0,1,eb3f3328639712a77a44c87115d171c54bebe320890b16333d8f0ccc07f54071,2024-12-05T16:15:21.057000 CVE-2023-32356,0,0,d4ad27ef7bbe9d6d1214d0426f298cad7a4b71f242fc57139897bd5f8a637655,2023-09-08T15:52:10.390000 -CVE-2023-32357,0,0,94e6d5ce17fe51c241dd4d8654c616cb6b285b1471807b42e9944cffeab0956b,2023-07-27T04:15:23.567000 +CVE-2023-32357,0,1,cadb2185ce69140feed2a12024eb9be32d32612ebb26f3387dadda31b14c1e86,2024-12-05T17:15:08.620000 CVE-2023-32358,0,0,7bccc7ab88e5b74c1ad4ca8a41e7abe05364b69696211021fe4f01fd4eabd34c,2023-08-19T00:42:12.697000 CVE-2023-32359,0,0,73fb1a1e70120c40daea90ec802dfcc5b6f81e95be02d21f2b041cbf1eb08a28,2024-01-31T15:15:09.417000 CVE-2023-3236,0,0,8dab384d1d815266e8b3925e93c12536ebe085c8572ee8b2445a657cc84e2964,2024-05-17T02:27:22.540000 -CVE-2023-32360,0,0,177a7ac544f96f138860e6dfe08239fe62790fa9b58083af89aa92a75312c5aa,2023-09-30T20:15:10.103000 +CVE-2023-32360,0,1,981e6fcb488f45e1b01c28f58e1234eaccd10dd5855e9315cf7a82005ca321e8,2024-12-05T17:15:08.780000 CVE-2023-32361,0,0,72d6fe48df774fb772487df6aa29d6bf5d302aa914c4bcfd927b4a22e1d4bd16,2023-11-07T04:14:33.137000 CVE-2023-32362,0,0,5b8acdf9f21aab07f7d0510417fb3087f3116e4488ce725f804f5004e7f3f2be,2023-09-08T15:51:50.657000 -CVE-2023-32363,0,0,e83467a0d01e9ea3e4ee44c187d3b2dae1cc6f883aea589bea3fd9efce4cacae,2023-07-27T04:15:23.753000 +CVE-2023-32363,0,1,1962309e96d2b352caf2ae6d56b1245c945fbf1eb54c85e0d5eab3364846a35d,2024-12-05T17:15:08.917000 CVE-2023-32364,0,0,f4f14de879101f31edf95e3942057f8faf77a03a58bb8d9733025515c557c54b,2023-08-01T19:52:56.127000 CVE-2023-32365,0,0,df9d32e99f3a94eff931e53617e0cf5bd363ec3081e343c46ab323881b97d481,2023-07-27T04:15:24.027000 CVE-2023-32366,0,0,e33271ffdd82a7d909e8cb66f61d8580f0c7b2987745e66d89937ba72473896d,2024-08-26T21:35:00.723000 CVE-2023-32367,0,0,17d62b016906df71d998003375d88c547682fe3fca8e717f934d6a5b4c147bb7,2023-07-27T04:15:24.180000 CVE-2023-32368,0,0,db5c9e491031f83b90352f007fb53543c7ad9456194912e77736a4fe7d2b825a,2023-07-27T04:15:24.367000 -CVE-2023-32369,0,0,445da3e61c66d5172efa316e670ee9057dccf4b59fdec353a728ff582840ae85,2023-07-27T04:15:24.553000 +CVE-2023-32369,0,1,49dbf5bff660a406f8ca994d5b57c0bccd337d628e6a7998f74539e09af3d553,2024-12-05T21:15:06.850000 CVE-2023-3237,0,0,7075b51e760d6070000679b16dd94aa987938ad8c23a100286259aa9046713ab,2024-05-17T02:27:22.640000 CVE-2023-32370,0,0,4b04e3dc810850e499164bfb9562c4155fb61dd1919f412d6e277a8ddd940080,2024-01-05T14:15:46.447000 -CVE-2023-32371,0,0,ab53df06b371bc6d6cfeb3f4794ea53020cbbe591e39622b9a5c1d810110a6c1,2023-07-27T04:15:24.877000 -CVE-2023-32372,0,0,3b0eec21905aba452928c8d2e0f159b88ca9e98486749e4d87d60934d3e89167,2023-07-27T04:15:25.130000 +CVE-2023-32371,0,1,2f4c4f84beaa5a69eb96316f215170b842018fba70a0460d227c16b6ae4ad731,2024-12-05T22:15:19.457000 +CVE-2023-32372,0,1,3735b4d95466ee316c3a874d27abb685a259a2edfa2f44f9a0507c56a6f3dc1e,2024-12-05T22:15:19.630000 CVE-2023-32373,0,0,e58611d8bbe263c91fe66521e73f36c2c2357749263f7e5515c2c16f5d9d74fa,2024-06-27T19:22:10.753000 -CVE-2023-32375,0,0,8ea7d69c1d1bb293682d09633e7b465fb6cb9d40822a02f7dd24d2089e2b4b7e,2023-07-27T04:15:25.630000 +CVE-2023-32375,0,1,363d658b705a2905988a4381992e7e285988cfbbe26cd1b6b8bb78ee269b1a27,2024-12-05T22:15:19.837000 CVE-2023-32376,0,0,34e064519ab04c0392d17e0a49abc62daa3574a6f14bd43d88d9581aa86b88ed,2023-07-27T04:15:25.947000 CVE-2023-32377,0,0,6af25d684890a26201beb9d40364160469cabdd12e6e95208ffbcbceb3cc9584,2023-10-05T13:13:00.927000 CVE-2023-32378,0,0,1f1f932f5df34bcffae5b2b2e0e6547ffda55f6b481d67ecdb5c055eb312bece,2024-01-18T14:47:06.280000 @@ -224887,30 +224894,30 @@ CVE-2023-32381,0,0,2fa75527e437eef94cb12e994e10ebb83f2747d1dd657852a1f98bb98327a CVE-2023-32382,0,0,94eded32bf87d67aa1c30638dcc95db88021cf189644f23ebc71ce681c0b5e7f,2023-07-27T04:15:26.730000 CVE-2023-32383,0,0,db847567cd04370d90373f8c76bf366def9d2564e1b647312e7eef049027988d,2024-01-18T14:46:30.137000 CVE-2023-32384,0,0,24d3d274c093580c663299cf54b2dc1c50dc0282824ced112cc17f37bd0b44cd,2023-07-27T04:15:27.003000 -CVE-2023-32385,0,0,0cf6204f61a3d3d061fb702cd46a194164e6116b780234a11121ebac4ef67688,2023-07-27T04:15:27.267000 -CVE-2023-32386,0,0,cfc4445f58db484dc02f6edf46ef5e4efe4a7cc10c7658bbc4489fb849efd6a3,2023-07-27T04:15:27.467000 +CVE-2023-32385,0,1,8d0e0841a302cf24a5854b733dd4c215d34285cf291387a24218cff56789f990,2024-12-05T17:15:09.087000 +CVE-2023-32386,0,1,139c6fd6cb2804ab24ba7c8eedb77d478bf6ccbd82f1559a60a3db19c57f810e,2024-12-05T17:15:09.213000 CVE-2023-32387,0,0,db24420b88eb14f802ad7e665122b3b0e279dbb192f4cf17260c2fb2602214ad,2023-07-27T04:15:27.747000 -CVE-2023-32388,0,0,941075fc841c53bf9416963ca114834d8f8a7d2ac55b9b92a196c5f6f21c5983,2023-07-27T04:15:28.020000 -CVE-2023-32389,0,0,05da8b196d622db341ea3489c75d8a614fc481a562173b118f4e369bbe55fb33,2023-07-27T04:15:28.263000 +CVE-2023-32388,0,1,44ebf04d5202342997555028c4fc28fe13dccc4f462d64692e33a7d86cb56cb4,2024-12-05T17:15:09.420000 +CVE-2023-32389,0,1,de799e7b07824c3f922bf431fb6f079413762d859eea5508ad44ea44f3885718,2024-12-05T17:15:09.557000 CVE-2023-3239,0,0,bec6c19ca389830d125d32b2ebdd7f272fea9a1201a28651f354660f832d0b12,2024-05-17T02:27:22.860000 -CVE-2023-32390,0,0,ca7878ff03abc255376c033041512d6c91bf561aa5f4b10c6ef0abaf7497b8bc,2023-09-06T08:15:43.340000 -CVE-2023-32391,0,0,7f660cd8fe9cb75d288cbe6f181901a71361d53f4aa2f21bf85afb8d82ef07fe,2023-09-06T08:15:43.410000 +CVE-2023-32390,0,1,68831c310a4a2c33053d91a73321d5ecb889686219bf76c3fc63c0245a8fb51e,2024-12-05T17:15:09.690000 +CVE-2023-32391,0,1,7f90c0397e19202f581a0a0db164a6880a679e41d337103710444e7c176ffb68,2024-12-05T16:15:21.210000 CVE-2023-32392,0,0,85e53ccb31e7710784da31ac09fefd49756873ab363bce0184ce4a0a060903b4,2023-07-27T04:15:28.957000 CVE-2023-32393,0,0,04429f0e4984593640661824a187d48c0dd02cc27249572ee4550dfe4eeddfeb,2024-01-05T14:15:46.657000 CVE-2023-32394,0,0,1f71bc6c31d6507b23ec6babbf8801fa603966515c73514cd63cc3c240a286e2,2023-07-27T04:15:29.723000 -CVE-2023-32395,0,0,d950ac79c016de7b4bc0b66e42b55077b5f57e5170c1b385dd0646bb0d91effb,2023-07-27T04:15:29.920000 +CVE-2023-32395,0,1,a5581be121d65d27fa627f9791b9c9c799245eeced135ac555e5fc16fa9ed33a,2024-12-05T16:15:21.483000 CVE-2023-32396,0,0,a157ce1e0be322ae011f1101a7308cdbdcef2ee9869307c5b56b9c5ad438a5bd,2023-11-07T04:14:33.503000 -CVE-2023-32397,0,0,7edfbe40f8bb7170bf83134b6cf89511086b8837e46430072d259e2bddce21ab,2023-07-27T04:15:30.267000 +CVE-2023-32397,0,1,c772170feb4c9ed4feb30df30531a4eb817caed65c718832738d9fe677e9b27a,2024-12-05T16:15:21.610000 CVE-2023-32398,0,0,6e6ab159590d3ea258c8b24b855188878457cc30e196d98cfc9abbccb11ea221,2023-07-27T04:15:30.587000 -CVE-2023-32399,0,0,f162f817ccf738b4e83b4f908cd750f2362548e8be12636c1122a73d3094e349,2023-07-27T04:15:30.837000 +CVE-2023-32399,0,1,0b5609b43e025a89ce45c506b5ab330c251b7afa57c55b7cbab82208c5c93e22,2024-12-05T16:15:21.827000 CVE-2023-3240,0,0,48d5b94d9467459d800972afbc11280eda9e6b418e471ebe4b47514fa1058c90,2024-05-17T02:27:22.967000 -CVE-2023-32400,0,0,6fd8b5a37f2e433320bc9ad7f22ac44149935851954e52aa4b7784d4bb3d8a1e,2023-09-06T08:15:43.573000 +CVE-2023-32400,0,1,b9fa5bf727d37f9a6bf5c29fb0284e9d32d759686b7ea360fe3d32ae0b6c4dba,2024-12-05T16:15:21.970000 CVE-2023-32401,0,0,45f00b0fa5527f5016de9ae71204966cb299ba73667bb1f7b7c7e0be9e01d3fd,2024-01-18T14:45:33.753000 CVE-2023-32402,0,0,2c1ffafcca7b31f4b352ee313889178054c2c37f61033f9bc07a8462f21a6bfd,2023-07-27T04:15:31.103000 -CVE-2023-32403,0,0,237c03a430c63dc6882c825fe2f3a3955c7ea9a0457f7b7caa09dad9290021af,2023-07-27T04:15:31.420000 -CVE-2023-32404,0,0,ab2d1c53e4adea71cd53d6d44f034e6fbc49d7a63f14695bf934a55a55b39323,2023-09-06T08:15:43.653000 -CVE-2023-32405,0,0,d6ec933e14fc5a1c6143dc38d3639088a4e72b6ce334c638fe4395e26bd48fb5,2023-07-27T04:15:32.337000 -CVE-2023-32407,0,0,520e7bb99274d13af89a3fa4a42fba43b239a810d6f5b61b129ad94fed93666f,2023-07-27T04:15:32.750000 +CVE-2023-32403,0,1,fed5b671fd261519b18ca5fe50e0459894bd5050cfd54dddd6ba3dfa3a8b51b6,2024-12-05T16:15:22.207000 +CVE-2023-32404,0,1,6cdf35cb6263b9c680ea8dc81713cf36cb75552f6f43705b97451cde0198ee0d,2024-12-05T16:15:22.363000 +CVE-2023-32405,0,1,066e16e1725da134cfd2fec336f3962448666fb7bf1e730a4e208618dfc6ec68,2024-12-05T16:15:22.507000 +CVE-2023-32407,0,1,cd68ebad80c351089d7aae49edf3c6f8e50c7e542200dd990eec1498172ec03e,2024-12-05T16:15:22.650000 CVE-2023-32408,0,0,93c7da00a8ef61789a1f58703249de845146d2ed2efe717bef9e62eab53f69a4,2023-07-27T04:15:33.080000 CVE-2023-32409,0,0,9558df817da441c19c4f165d5a1f39bcbf0d3c7a6cfcf97eebf97e5dfd387f2a,2024-06-27T19:21:56.703000 CVE-2023-3241,0,0,bad098032567c3f660c95d593ce0dc1da535a0e36deb68e8696c17ca6e774bc7,2024-05-17T02:27:23.087000 @@ -224918,8 +224925,8 @@ CVE-2023-32410,0,0,5348d446e0a8a1d08280cf9511f8fd069b56933e6bc6d3a82ff3162a6ebe1 CVE-2023-32411,0,0,e63d95853baa480f15d4c0f4142e44d578f0072fea3fe052d38dfafa4ef2ed45,2023-07-27T04:15:34.007000 CVE-2023-32412,0,0,4b3b4890cf6855ee88645449f9b22d28cf9503e73ff45b6eed93c9781a601d8b,2023-07-27T04:15:34.367000 CVE-2023-32413,0,0,149ccc939f82bf268ccad89fee44986e04016aeba1adddcc2c661d44f0d2b497,2023-07-27T04:15:34.737000 -CVE-2023-32414,0,0,fa6525bb7681c459cfe2e33a6ea7cf815e79ab0e62287a71a94539dde9ede524,2023-07-27T04:15:35.130000 -CVE-2023-32415,0,0,96fa6eae8f221b9a47a59ca4cc9351dc0fa58ca6ba14b14a15a5171433a1b47f,2023-07-27T04:15:35.437000 +CVE-2023-32414,0,1,20539197c94f6b3e0f5468a9d771a48a2bb146e5e0078f6789ff02808946b65f,2024-12-05T17:15:09.813000 +CVE-2023-32415,0,1,947ba69002b2bbe548e1cfb247b65d1ac6b0a5cad3681f2575680d6f909ca8ec,2024-12-05T16:15:22.807000 CVE-2023-32416,0,0,1a8e3b833f50b96b700f5f81732ab547e243a4c27b5f823ddd2ff9401c65654f,2023-08-01T19:33:14.997000 CVE-2023-32417,0,0,04ec232bce9741055ca69819059af5b7140710ba2d9767584d63e128e1cad6da,2023-09-06T08:15:43.720000 CVE-2023-32418,0,0,a38d997bb881cacc97126bc5819582142f57b1cec9acd3ac92e393cda146f1d7,2024-10-23T14:35:07.963000 @@ -225028,7 +225035,7 @@ CVE-2023-32521,0,0,d4b525fd6cd3d13cc0105dc7f22c9a0aedd035d632c0a001a98334067d4a0 CVE-2023-32522,0,0,92f96dc54927f00ca3760c049a4271fa99e35ab4abda072f0af41569d0f3c211,2023-06-30T17:10:43.140000 CVE-2023-32523,0,0,6e9c7dd712d66bad6f05fa0da41feefe1e4344d9b4fd4f86d7ccfce1b2981277,2023-06-30T18:27:07.793000 CVE-2023-32524,0,0,f0d16b252ba060697bfd123a9bea1ed5c21a60f191f01d82f04984a5b3a09d62,2023-06-30T18:27:24.527000 -CVE-2023-32525,0,0,1cbc46983d9e325370aa19663e8f1766f4f84eb542d3f88b20c98b524da6e160,2023-06-30T18:27:37.413000 +CVE-2023-32525,0,1,357e8947e9faf36c911b1dfaa6054753b39b0ffb9ce87590a0c2b8a17fb07441,2024-12-05T15:15:06.853000 CVE-2023-32526,0,0,fbbf0c879afbd49cff70c8803a1b705b276186a43a353ddf8e0bb9128afc0aef,2024-12-04T17:15:09.067000 CVE-2023-32527,0,0,e86827d45a671971d002ff56af57555f983e50a3f139e9a563163126dc215271,2024-12-04T17:15:09.210000 CVE-2023-32528,0,0,9e7cd6fdb4c7bdb9770b33de36113c9d2ceac0a99cb95b4ba87d5e5cbe8a8038,2024-12-04T17:15:09.343000 @@ -226760,7 +226767,7 @@ CVE-2023-34666,0,0,f76cf75345a2bd20080da0cef9068a77c71e3c695d022a60971bedfbfde43 CVE-2023-34669,0,0,84f15f4322d888707b0f12022052977a199f3f375af1086b4b7510f2159ddce3,2024-10-31T16:35:02.160000 CVE-2023-3467,0,0,ddc36a6bccdbf9a5a9a861700923fd29fe11a713965e08cbdb4c6b677ce12f22,2023-07-28T14:54:03.353000 CVE-2023-34671,0,0,430d38ebac24604129811785b11fbd0ccb77bf10a78e39ac10ab6ee086c1ed45,2023-07-05T15:42:10.257000 -CVE-2023-34672,0,0,cb2a7a4c8015815cf4d1af3a124a789fdee78dca5922cf1fe574ae2bbe4be569,2023-07-03T20:00:19.827000 +CVE-2023-34672,0,1,4a68b221316670f7c247849901da85dd5b1f8c262917fbbebad21793df20f8e2,2024-12-05T15:15:07.333000 CVE-2023-34673,0,0,cf59bec60d560105c561639349a0207ab7801ad452cdec423ee2d3680c113ebe,2023-07-05T16:30:36.027000 CVE-2023-34682,0,0,7df08d0855f9391051bbe2dd073bf9f9d548976e195be24714f3525c96664c49,2023-11-07T04:15:46.490000 CVE-2023-3469,0,0,ff38650ce7d6f0882432e387191924cd1e6610aaa875b6dca504410fb0986c9d,2023-07-06T18:43:07.970000 @@ -228042,7 +228049,7 @@ CVE-2023-36660,0,0,ad7c1f7373c5b945a36f43bfd7436865285dadbe767514c354144bedcded1 CVE-2023-36661,0,0,5247281fd64ad231820c2cf082e219768d26856c142e5ef8a99c934fa014866b,2023-07-06T18:02:31.260000 CVE-2023-36662,0,0,d08afa95cff5b30035b86d373059b1a47519460a0eb588c33e5a6b78b440100e,2023-07-06T17:54:23.273000 CVE-2023-36663,0,0,77304b9745337e95f5809266debc6f17befa424b547f8d761c2306adab5a3f0d,2023-07-05T16:07:21.250000 -CVE-2023-36664,0,0,379ceec6f65ae7a32c03db50ecaaa4a01d499ac629611e104311023b480a90fc,2023-11-07T04:16:40.113000 +CVE-2023-36664,0,1,57d41114ec1799a79bb27b613cb9271112a0999bfa8dd5a684592bf230a283a5,2024-12-05T15:15:07.693000 CVE-2023-36665,0,0,7958b6f9cc0ac74c4d63a0fb8fb514da5d93b67afce1bd226abb93fad35b9019,2024-06-28T18:15:03.283000 CVE-2023-36666,0,0,82e0a703856d153aee5f87ca3be1fc191450f7abf8faad32ec3a6bd87a71a661,2023-07-03T19:07:18.410000 CVE-2023-36667,0,0,e7056acd042a904e8a4bd0f08af759d019fca13087d81ec48d791f2f9b961568,2024-09-04T19:35:04.670000 @@ -232882,7 +232889,7 @@ CVE-2023-42830,0,0,9622822082e6d489decb51a66ff30e0a25a850d4f889ef38731f27c29845d CVE-2023-42831,0,0,15c2657a6cda93c32bf9e6d0e8961db6424b2c5d0a3a331db0a572f126ae013e,2024-01-17T20:51:35.577000 CVE-2023-42832,0,0,d4139f8d7ebcb6dbe3f816f6f2093afb5b55323ca863cc15652de2caab2f0de4,2024-01-17T21:16:29.277000 CVE-2023-42833,0,0,e734eedae2bb752eeb00548b60901154a053eb23181a33e00797702140032cb8,2024-11-06T20:35:06.280000 -CVE-2023-42834,0,0,08d87def638a26a5eb9093b6708a8eacf657bb89462798c60d907ee1b3410e44,2024-11-06T15:35:05.580000 +CVE-2023-42834,0,1,14e2fba0f6e9a7407b7066d6e47f2e3f9c9cd1e34de0be9cbc98c4daf103a291,2024-12-06T02:57:06.637000 CVE-2023-42835,0,0,9956dc456ba41773404d8f44ad7b269b3f7a358f4e5a280c805b86e2ebbfd44f,2024-12-04T22:34:26.587000 CVE-2023-42836,0,0,57dd9f5214333cc32869174710fab8ff9c58d3ed310e22708cf2b23e79addefb,2024-02-22T19:07:27.197000 CVE-2023-42838,0,0,d2c7cb1076afde325efe19ebd9189ea0f891ccc309473cf4021fe8881f3b600e,2024-08-09T16:35:01.893000 @@ -232995,8 +233002,8 @@ CVE-2023-42949,0,0,4ba4d25f4f34dd7299f1ae8679a2668afa3ca4ced4c250397b32835ae7ad7 CVE-2023-4295,0,0,ec334b74dcc01539baa3eed8300f24e0d43c22b250be6de255e7d71ca4f97cb4,2023-12-28T17:14:36.030000 CVE-2023-42950,0,0,f1d5850b892570a96c5f59ef6bdf8fbbd22dba2618afa507113cc84e9d5cfb6a,2024-08-09T16:35:02.990000 CVE-2023-42951,0,0,121a5c0c1d17502bed7317173a1705a78522289256ce9a61da10683dfe7402d1,2024-12-03T20:26:23.957000 -CVE-2023-42952,0,0,ac8164a1e95a71f3635337c8d1e1e316d92bbb5ce2c711d62963ba080fa32811,2024-02-22T19:07:27.197000 -CVE-2023-42953,0,0,c3b7092a84e4c9cf27e3a04a908a1a891d4da828332a56e4b0bb35d9d921787e,2024-11-07T16:35:10.020000 +CVE-2023-42952,0,1,6891ee256bdc72cf6a4c57b42f33beb2238326aae5a4615a12a4c5ea4a2a6b07,2024-12-05T19:56:22.987000 +CVE-2023-42953,0,1,be651a2585df3a4d1b6fbc44895268b21cb745aefd4866e02b3d268354be1ed1,2024-12-05T19:52:16.060000 CVE-2023-42954,0,0,f45971a666787f6e4609a5b8ff1e50e22211581a6c5afdc32f83d4251ddb5301,2024-08-27T20:35:05.607000 CVE-2023-42955,0,0,048bd99f0ab58fd5fb77045b6c0168d4d4fb97b035ea28ad7d10928caea120b4,2024-07-03T01:41:33.800000 CVE-2023-42956,0,0,098d5d1f6f35394898bbf2736732c1ea792bae31bf2ecd344322af062de54fc3,2024-11-01T19:35:12.537000 @@ -234722,7 +234729,7 @@ CVE-2023-45722,0,0,4240dd682886c768ab9b9a025ce52687e223d3b5bc66b3a8ef1362427eaf3 CVE-2023-45723,0,0,d75569efe29622a0fceee924d9f808ceeedc0897b5e709cd04faad485aeb7c09,2024-01-09T18:52:37.707000 CVE-2023-45724,0,0,d957afe86c592e8319388b49220462c05dc155b1c149c8e2b8f7290372cc8a41,2024-01-09T18:34:41.837000 CVE-2023-45725,0,0,4be92db793dd202daa1a3bc98875d9a583e5498eb2cacfe9e3765b156e332912,2023-12-20T18:32:15.360000 -CVE-2023-45727,0,0,991a37c6085d2ca4438ad04bc42df3d6720bc6a7ce42792ad8991a36e1444693,2024-12-04T02:00:02.410000 +CVE-2023-45727,0,1,c0b7ed959fd28982f805814ae773fe107a83554a4dbaf4131ecae5263c9c8b7a,2024-12-06T02:00:01.520000 CVE-2023-4573,0,0,8c2c56b4c0641002c802a71d0b3ecc92540f29cc9ee6db1aabe5f4a00eb5a7e0,2024-10-21T13:55:03.510000 CVE-2023-45733,0,0,b0aa2fba9e6a64d0852357607afb3a43fdbb4b3413ce5b91e26ae220829c70ff,2024-05-17T18:36:05.263000 CVE-2023-45734,0,0,bcdee8c11a0e8a4792b5d7f342842becf89dbf6ffedf6c74619e3ac3b10011b3,2024-09-09T12:21:53.383000 @@ -236346,6 +236353,7 @@ CVE-2023-47997,0,0,adf3bd3842bbaa4e3d56daa3899d6ded9569c164a8d525bb0c3220ccfa06d CVE-2023-4800,0,0,41468685d01ad94d397ffb50e03252ad778de69218af2433f2c1b521aa1b12a7,2023-11-07T04:22:59.303000 CVE-2023-48003,0,0,c9d805be14258c4370e3c771971b644189c996da5e4797413f5f8c8cfe384acf,2024-01-04T03:17:21.990000 CVE-2023-4801,0,0,6d91ace5e5dbde3e9be86a10c19859ddbf8d800bd4f88bd2dcb1605820846a52,2023-09-15T19:06:01.270000 +CVE-2023-48010,1,1,aa99d005151b69b8c3dc23e9d74de98416be8bb53c6d1bbc30610e813180f7d5,2024-12-05T20:15:20.260000 CVE-2023-48011,0,0,d7e314e8fa896e07cb9708e9227c6a0cc193c95c69cc326420252e48daa8d12b,2024-08-29T20:35:30.350000 CVE-2023-48013,0,0,610730d68ed31e7d815fc300fc5a1c987a47e782fccb1b10b45f97db518366ff,2023-11-22T17:42:31.463000 CVE-2023-48014,0,0,738346c72b6f8c86152b7d9871945acc9ab341ba2989b226f98065d9ff4f0d4d,2023-11-22T17:38:29.293000 @@ -237845,7 +237853,7 @@ CVE-2023-49983,0,0,e9c175afb8b1e7f2cb699e467ef065d438ddc85b687b14c4ebacca195e140 CVE-2023-49984,0,0,a57d9275694d3ef020d9d7f055ba3135dbd08d9dbc13b6168e119b324272f7a6,2024-08-05T15:35:08.213000 CVE-2023-49985,0,0,48621d95c58dd65f642543dd394ac7e9d6daa5b1663d066d6d97b86f6ff66be2,2024-08-04T12:35:03.467000 CVE-2023-49986,0,0,0bfa07ebd9dbe1f0457cbd00aed62c65d63f7c4a056604f06d8368c48ba916b7,2024-08-05T16:35:03.407000 -CVE-2023-49987,0,0,6666894146cb92f75fc70a6c668cf409191be8d05d66fdbc2b6973b27220807d,2024-03-07T13:52:27.110000 +CVE-2023-49987,0,1,b4e109e2508280ce944041d4910bd65d47d15ff58e2c03f58540ccf627f98faf,2024-12-05T20:15:20.770000 CVE-2023-49988,0,0,af3f01af8abbd20907ca3d22a8fb2f0ce6ca13f1af6f9bf92429d44550b8b49a,2024-08-16T18:35:02.507000 CVE-2023-49989,0,0,8df1969668f4784b3aa305612d6516447c61c41a729e4e36322e658aab5c3304,2024-08-28T15:35:08.730000 CVE-2023-4999,0,0,a9caefdd4df7e960da2284d3ca94a538ae47e3d7f39d9ecb83734266ebc3a13e,2023-11-07T04:23:17.550000 @@ -238380,6 +238388,7 @@ CVE-2023-50901,0,0,9d28e82599d39d480c472aa4a6903c81f31a1f5089365a9535e3b931854c9 CVE-2023-50902,0,0,504cd643898a7bc9ec645ee1b1a6396b1411bd18a914c3eab7567bef7c52ce55,2024-01-05T16:21:34.563000 CVE-2023-50905,0,0,227b513834ccb933eaaa4ec5f656b3600ed541d68106bc4e0cd277296952a8db,2024-02-29T13:49:29.390000 CVE-2023-5091,0,0,c7cec8ac0ed74b7bec3e72292573f05043de9e8a9ce53b24a41d3fe5231601fe,2024-01-12T13:39:11.443000 +CVE-2023-50913,1,1,cb4c279f202d601f67995e11904e2c0b22bcf9081de109192fb2e8cd8035366a,2024-12-05T20:15:20.983000 CVE-2023-50914,0,0,b9a3b99e6dc877c892cd69f7f83eb476e322aeb24c5e1b4d7b94bc557819e92b,2024-08-01T13:45:27.550000 CVE-2023-50915,0,0,00a3ea633ae9e4b305c66a6f1d527334c4e7bed6ec1f5b05792ab5b0d7042af6,2024-07-03T01:42:59.473000 CVE-2023-50916,0,0,00ac90d6f74533f9d83a8d94ffd39828316e52d159ef6dd1a2642e91e75f657d,2024-01-19T17:49:52.770000 @@ -239395,7 +239404,7 @@ CVE-2023-52353,0,0,c85321a66aa40615f097e7c4b005042b61f142e80160f23edcb6164f85977 CVE-2023-52354,0,0,b83a0ae26910aeb4d8be73792a9bb48b3e532279f0f31aeebd210df1fbcb691b,2024-01-29T16:56:40.830000 CVE-2023-52355,0,0,461ea908f7dd6b61786b879539aa67641b818dbc1dc97626ddbece62684b7542,2024-05-17T17:37:57.793000 CVE-2023-52356,0,0,7dccc26c119ffd507dca45bc259afb8dfb8baea8acfee17fa269d8f7d722129f,2024-09-16T20:15:45.480000 -CVE-2023-52357,0,0,26288d103cd637bbcda04e71a721251665a0c23a32b663f57db1b9fc577e9b50,2024-02-20T19:50:53.960000 +CVE-2023-52357,0,1,b381a8467f1660c45f59b4116a47411eb9cea09a3ba91f746d6740a39df7c6fb,2024-12-05T20:15:21.220000 CVE-2023-52358,0,0,7c9601112ec312a1dc4d0e883a26142a68f2368228707be8b0f1eb6cd36b27ff,2024-11-14T20:35:09.213000 CVE-2023-52359,0,0,c42a0504fa8d5279c90e2ecc0d752e3045b67971944e9a1090f1657f4d4452b1,2024-04-08T18:48:40.217000 CVE-2023-5236,0,0,fb6c3d46b555cdb6e2e8cfed896e892086c77c4bb29daa7e1e3231fc7a825bf9,2024-09-16T14:15:13.093000 @@ -240759,7 +240768,7 @@ CVE-2023-6105,0,0,82435afa25eb7550d0e45ccbf0eba9061b370409fae39d8090a99844af1a15 CVE-2023-6106,0,0,ae91015644451dfca9c79cc801f41a8f42f29bbb36bdfedf4a0231658f4cb3a9,2023-11-14T00:15:09.157000 CVE-2023-6107,0,0,e811d92eba6ac3deb110f0cf4cc81f419a250d458faa228969121b465199206c,2023-11-14T00:15:09.193000 CVE-2023-6109,0,0,a744b3064096685c694a02401e0433f531812ac3fb3fd9d6e9f0d5115e399cc3,2023-11-20T17:44:03.723000 -CVE-2023-6110,0,0,4781a92ae56ed6a77cf2e81811d5e470d32de6a73044b8adcbb1ccb627c00fd9,2024-11-18T17:11:17.393000 +CVE-2023-6110,0,1,239d69fa6692aa0628a456c38e2a68efcbbe30623b91c183a376df288c2f0d56,2024-12-05T21:15:07.010000 CVE-2023-6111,0,0,47cd61f7586b016ccc4fffdba30d6fdbb7a21baf1123d9b978442365f2b434d6,2024-08-27T15:10:01.897000 CVE-2023-6112,0,0,b8d1d79eb6ef2513ba0ef61ffb8f237ee6a6b925021c5d5a8bf64d39fa9a231d,2024-01-31T17:15:22.707000 CVE-2023-6113,0,0,40596376e95b50f33f80c119c844af68d86e0219e8c6355bb1d5865e23549a46,2024-01-08T19:05:26.813000 @@ -242005,7 +242014,7 @@ CVE-2024-0254,0,0,de302d5d0ac8333076bd57fcf27799860f8cd9a96dba5b5199660ac1c1c9aa CVE-2024-0255,0,0,afbd5a5a3eb07143ea6a540bb91423dcbd767857bf8de1817834725449712d8e,2024-02-07T23:31:10.567000 CVE-2024-0256,0,0,b6e196abc3ef115e245cef14caea6a454bbd5c0b69e9db2f674093da7a713844,2024-02-14T19:17:28.387000 CVE-2024-0257,0,0,258560867c3af1d170317d16f1c8425f6150f32ff89af20f60461ed912252e8a,2024-04-18T13:04:28.900000 -CVE-2024-0258,0,0,551a6ac7facbbca52d2de02756963fdecfce7587c74d0cb2ed34ee67b54e682f,2024-08-27T18:35:03.520000 +CVE-2024-0258,0,1,de598a8d9a48f3dbf7d42462a59473fd720120a03255d63cc2f75dd01e58f92a,2024-12-05T17:02:34.657000 CVE-2024-0259,0,0,d7f7cd8d41ff0a11823d2692a68cbbacf9b166214b16e2d0bdbff3371b417bb7,2024-03-28T16:07:30.893000 CVE-2024-0260,0,0,e1b3063fcd2c6d587cf09d60a45fc6e58a9abb0e8cb5ee779a27cc08a4f45cd8,2024-05-17T02:34:26.090000 CVE-2024-0261,0,0,b930dccca83fd43f2f5c9c9f3d5ed2e051b85cae130cf567cd9c1a232d3d169b,2024-05-17T02:34:26.227000 @@ -242741,6 +242750,7 @@ CVE-2024-10049,0,0,885c4f58797b80385cdce80d924e46fe2b372795dfe14e40121472290c664 CVE-2024-1005,0,0,1191b4a20d5b719ff3ba58b8e13bb4278d19f2133e7221e782230a58acb2d18f,2024-05-17T02:35:09.367000 CVE-2024-10050,0,0,d8b5aaf0fed099523fa2ba7c0c86d11fc479440388170ed27b77f7313b983d74,2024-10-25T12:56:07.750000 CVE-2024-10055,0,0,f23c4e0430e3651b3e5a88876f1cbabbd51c53a5add393f17e3c2bc07307aa14,2024-10-22T16:28:59.297000 +CVE-2024-10056,1,1,62a3bb546069de1852b3a920d5a685649470a47bf996eacc36d90004a0f1bc7b,2024-12-05T10:31:38.303000 CVE-2024-10057,0,0,d8a525e53057703eafafe41b97e25f6595177cb8b862a21217c338a0239a3d3c,2024-10-21T20:53:22.813000 CVE-2024-1006,0,0,fe82f3d0065ffa9f2a59eb5b63e144d9442dc24b73dc23626043d548cf903e88,2024-05-17T02:35:09.467000 CVE-2024-10068,0,0,d30a41a047eea99fec87733a3e9cf71e01923d623f7bff84eb08ba80a39dc81d,2024-10-18T12:52:33.507000 @@ -242834,6 +242844,7 @@ CVE-2024-10173,0,0,a9b223ad26342bae0ecb573e6f6a805ec316d304fdef819b8c7ff56b9edef CVE-2024-10174,0,0,a0f6f9748ed58b4d61b8a06d5104db49ea86f5545087e7fa4f3a87cfe2771da0,2024-11-13T17:01:16.850000 CVE-2024-10175,0,0,734076eff23d6e6d04981560500c97bf65e49392fc92c6fb158f63387ae16f6b,2024-11-27T07:15:07.020000 CVE-2024-10176,0,0,142987a8f419783b163ba6354525e6bb8e3054620537017112986773c0d037e4,2024-10-25T12:56:07.750000 +CVE-2024-10178,1,1,f76c4c6265a7c98615505b30c151cdd71a61f1bcb981715ca46dc9a366acef7b,2024-12-05T05:15:06.613000 CVE-2024-10179,0,0,b6f906bf2251f6ec1278434f5e59f81c6d3b24bc371546ed64bbf189a1c8b783,2024-11-12T13:55:21.227000 CVE-2024-1018,0,0,6a41753bbb9bddfdeb27e8da1aa301f604399583ccfe73ec2b7c0e024f66f45f,2024-05-17T02:35:10.733000 CVE-2024-10180,0,0,eeda8a52eb376af37ac54d80ec17aa95c78c556dda331af160350bff0915b632,2024-10-25T12:56:07.750000 @@ -242883,6 +242894,7 @@ CVE-2024-1024,0,0,d47b3d3840cd70db883d335219cea52b6b4fa0e3fdfc3f4d41efc4b833dff6 CVE-2024-10240,0,0,895bb52e7bb345d17c9a0ae1c62601f710a16d97de65064646b494f8c5ebb315,2024-11-26T20:15:24.487000 CVE-2024-10241,0,0,ae512d639185a0ae3de570db96ee11e8b4269e6da724c94a52e42eddaeb0b4fe,2024-10-29T14:34:04.427000 CVE-2024-10245,0,0,a0531404f8e42b22ebf8edf706088f8f3bbff70573c99f5feaf6c300487731f6,2024-11-12T13:55:21.227000 +CVE-2024-10247,1,1,24a05c6044f08d690fc3f64600ae3d7b98f2f39a069fea0ef1eea33934b393be,2024-12-06T04:15:04.190000 CVE-2024-10250,0,0,8accb693817c35c7e4f9fa710076ead819720d8653e5052fbeeec31b3a5b47d2,2024-10-25T16:37:32.777000 CVE-2024-1026,0,0,e127bb5d00442b36eed0e6ff6513a3a42c45706876a3a5f2167365447fb898e7,2024-05-17T02:35:11.320000 CVE-2024-10260,0,0,3fc6271026f0bd75baed990c1f531b6cb5cd59bb7e2014db7bba249f8fd50659,2024-11-19T21:20:51.707000 @@ -242935,6 +242947,7 @@ CVE-2024-10315,0,0,fc67345ce3f8b85c1315f801096c845854d65014875c5d0d66a0f4c7ddb39 CVE-2024-10318,0,0,c9c0b32165e110789e705dc55263c8f26a928f9dce25281896f08d394c1b97f7,2024-11-08T19:51:49.380000 CVE-2024-10319,0,0,521a2584bb331a8cf29df932b8069e068af4d281b03c20cc06073eb127cb6582,2024-11-08T15:25:16.317000 CVE-2024-1032,0,0,06925fc416f8ceea7fb895efc2e3f765d4f064c5150968a9409448741aa1fb78,2024-05-17T02:35:11.947000 +CVE-2024-10320,1,1,94d6e2d04684f86c93f43cf49eed2cae611edae51fc38710a4b6f6728afdf094,2024-12-06T09:15:04.710000 CVE-2024-10323,0,0,05fb05b5af6eb70332696a9f115bfe34c070859ec6fbc1a30ebcb9ed7138d926,2024-11-12T13:55:21.227000 CVE-2024-10325,0,0,c08c979174e26f8d150eddd86715833c9dd9c108d95d7744f309e5766003bdcb,2024-11-13T20:01:05.097000 CVE-2024-10327,0,0,5a1546502e73211d148718e818d15cec9bc5841df26bde254740ef77c9d65b28,2024-10-25T12:56:07.750000 @@ -243067,6 +243080,7 @@ CVE-2024-10477,0,0,ec5d3377a9eba885093e83f0ffc2c5214a9fc83d05d2bcf419cfa0429899b CVE-2024-10478,0,0,a63bf38a8bfa46322ffe79a3260a2e62e4168a517fb088dc75202387c0a46091,2024-10-29T14:34:04.427000 CVE-2024-10479,0,0,2cf095341510f03aced116cfbd158587751b5caab0b78f9cc79bac97953009f3,2024-10-29T14:34:04.427000 CVE-2024-1048,0,0,2f01cec4b27d0961417641b66cfc5a0fef8e061182b01c0d7a954dc28bdc8a2f,2024-09-16T16:15:12.907000 +CVE-2024-10480,1,1,38b67fe890ef38a30238f6be6e863afe840ddba71c01d1d8b0b1ce482ea593d4,2024-12-06T06:15:19.270000 CVE-2024-10484,0,0,cfc6eede1df3b39f4709d402340f7fd6c7b0dde4f6a05c7bc473a031666f3752,2024-12-03T06:15:07.617000 CVE-2024-10486,0,0,6b6a9c7c1d7688efbd788cfa89c1b8eec85247981e0e8dab673908aaadf969ce,2024-11-19T21:57:32.967000 CVE-2024-10487,0,0,78655a991e24aa9dd082cd3faff3773a1cc1b0ed3ddfc55ae09b7e96ee30ac89,2024-11-01T12:57:35.843000 @@ -243114,6 +243128,7 @@ CVE-2024-10544,0,0,d84fa7aeaabdc2cfe5861efef74c5b30022ed51487865228c56366868169c CVE-2024-10546,0,0,fe7c4bb80388357d2012de9abcf9bdb2510a4d8644b958f5e63299c9a417e4c8,2024-11-01T12:57:03.417000 CVE-2024-10547,0,0,dd2ca02968fac3313f4dd9066814c9e75a14176f7b83142b042cd18e8be62972,2024-11-12T13:56:24.513000 CVE-2024-1055,0,0,ccc78f7d4bd63bcc448b5e62f7789de0e1a26ab036272b89eca521cba41a35e3,2024-02-14T18:59:33.780000 +CVE-2024-10551,1,1,4d741542d83fb616f1488aec710df9c6b019f35122d966b9be9a5d8b2810fd02,2024-12-06T06:15:22.090000 CVE-2024-10556,0,0,9e890aa0736585c2680fcc04ab1fac9d39c575c83d0f2617bdc1a9e76edbcf53,2024-11-01T20:51:35.617000 CVE-2024-10557,0,0,916270a9974bff554871e6150633c47888d2f31193bcd036f4a8e8f28cf81721,2024-11-01T20:48:56.980000 CVE-2024-10559,0,0,f02de87419b06f79046e87a4e20909e93937f86137fa0aad3ef812234236acf4,2024-11-01T20:43:41.070000 @@ -243127,6 +243142,7 @@ CVE-2024-10573,0,0,ba06e0f3da2c6f2632d921dee19a754bb6e0516ca246eb8c3791b840d56af CVE-2024-10575,0,0,924d12914fd797ca7b437680e7624f960ff1fb4e9a84f0339e46e831bcf19838,2024-11-19T17:28:06.750000 CVE-2024-10576,0,0,5273d95cdbc38a37c97287170f89c975c483ddbcbea5bbeb00609c4fb3df0b0f,2024-12-04T12:15:18.463000 CVE-2024-10577,0,0,a22bb88e9d80100e8493f63e77c4cd5ab2a37147944c69ab526442c593c29d99,2024-11-13T17:01:16.850000 +CVE-2024-10578,1,1,c7642c2e49592bfc86e89b20249e5e10e4dd4495b85c8b74fb22597437f59f8b,2024-12-06T06:15:22.200000 CVE-2024-10579,0,0,33dc3315e2727505fbb01f5c18514afec0197a3f447e5606ebb8c22a898a16da,2024-11-26T11:21:58.330000 CVE-2024-1058,0,0,6b5e9e2c8572168cf164dc3fe2cb55f99ab49ff2791e71ab226d135ab3271443,2024-02-29T13:49:29.390000 CVE-2024-10580,0,0,dc89cc21045c9cc73685aa7872f0fc2976b76d809ecd6edbecc861d600764295,2024-11-27T07:15:07.920000 @@ -243209,8 +243225,10 @@ CVE-2024-10685,0,0,1d5e3517448dda5f262310078551ab26523509e6a1746aada937566f5315b CVE-2024-10686,0,0,fcdad82b29385ae50029c826386214a0438adfef3126687e07ca7cc6d49750a6,2024-11-14T18:15:17.943000 CVE-2024-10687,0,0,2d74811f2fc6d3aaef423135ea18016bd4a20ce3a927ba94efb8aa3eac4c5b2f,2024-11-08T15:26:52.523000 CVE-2024-10688,0,0,2bcb0cc2d0a39373aaf27b3a9b6b49c4606abf5541b93372733fc379535c54ca,2024-11-12T13:56:24.513000 +CVE-2024-10689,1,1,d069ff2e20ab3e0205a65d83c7c24eaf2130d3b8d4319f6462d60806ce50d068,2024-12-06T09:15:05.033000 CVE-2024-1069,0,0,9f4b19e535b82e8b50b814b402985dc45959fb8eebaa25a120ba3f787349c9c3,2024-02-06T20:11:52.587000 CVE-2024-10691,0,0,db2c0688a52bf60c2a1055a856c5f32b6875efacbb339285fcf0094be8a5d17a,2024-11-15T15:15:05.943000 +CVE-2024-10692,1,1,f01a8e205d8fea2fad01369dcd74a3495c00798b203e3d01cba50d89c526a110,2024-12-06T09:15:05.190000 CVE-2024-10693,0,0,2a11d3d5f51d0b8c3f7c9ca79b8ec09785ef4fc759c11326213a65170220169f,2024-11-12T13:56:24.513000 CVE-2024-10694,0,0,05c164a4732350edd5fee46247e775b1e69a11363b78cebc8b6784de8da1fb44,2024-11-11T21:15:06.030000 CVE-2024-10695,0,0,c91c88b2e014c926c977a623d612f44936109b69ef58435a4fdca68abda40e21,2024-11-14T19:44:16.020000 @@ -243227,6 +243245,7 @@ CVE-2024-1071,0,0,203dd69d50b387b330a57560d4e66e827311506680b4f1e4c4b62b6aa39416 CVE-2024-10710,0,0,5e7c2f6f8d036436e8970bbc3c9b61158d8fb2052d5ec036090fdb11e7558d66,2024-11-25T17:15:11.747000 CVE-2024-10711,0,0,667b67eedaf55d76b13f0d67159b73016c214e768164f9d0df569a4659871c82,2024-11-07T17:04:37.663000 CVE-2024-10715,0,0,a0586864202123c788b39c9152d7bb58a990061badde7177b34380925db28d59,2024-11-08T20:25:37.380000 +CVE-2024-10716,1,1,66a27ac2456848619d1643565537c9747956c2c3779db7c70d3dda19b0ce066d,2024-12-05T16:15:23.767000 CVE-2024-10717,0,0,15bf585ae057ebcf6ec6298dedd5d0b0b84d2a3f7b0625f84537e2f339a063a0,2024-11-13T17:01:16.850000 CVE-2024-1072,0,0,d1340477909607c729b87fb4231ec3eb5b83c947dd2f9537edfb72049dfc44f6,2024-02-13T19:44:28.620000 CVE-2024-10728,0,0,d63611d9b35ef25e3339ce61319937e82fe061367061d14bd65df1fb29db59cf,2024-11-18T17:11:17.393000 @@ -243273,6 +243292,7 @@ CVE-2024-10766,0,0,e35f492b9f66f3ec904d31d42b260648e53321433ee2cae35a4e477e4ef29 CVE-2024-10768,0,0,594fbdf596dfab7cfec85356d137af72f3f7c97c4f287c31f07abfe79e0c4dc2,2024-11-06T15:04:45.200000 CVE-2024-1077,0,0,9052c519c4a7de5cf3516fc923116c25b788d5b36a137a2e416fb3d37403344d,2024-07-03T01:44:58.330000 CVE-2024-10770,0,0,0f5897dd9aba481faece95da66f5bd3d6a2ccff92cbfd04ce22fd4f1ffbf1962,2024-11-12T13:56:24.513000 +CVE-2024-10777,1,1,3b1d73e1a971a48dac25456c2710dc464cc6938365e3cee5ecfa9c80b527be78,2024-12-05T10:31:38.960000 CVE-2024-10778,0,0,079913d9652b6f58f66290bfdff6b3da5883740d014ac44b1539fe6c742670ea,2024-11-13T17:01:16.850000 CVE-2024-10779,0,0,03484221afac3766470b5ced8d3332eee24d28c027104d12405179c89d30afec,2024-11-12T13:56:24.513000 CVE-2024-1078,0,0,88568fa2f20f5ea8de25fda48576808429bbc616448df571a879f056db565620,2024-02-14T18:39:51.437000 @@ -243311,6 +243331,7 @@ CVE-2024-10827,0,0,6577ad366fcac00efbf959f7905ba60a1d9c696b896b68d8b10d38d71dfd5 CVE-2024-10828,0,0,9da06f8abbfbcaacd480e3cb9360e183a4e68531d13b5b9c29e9ebf926bd00cf,2024-11-19T17:41:59.290000 CVE-2024-1083,0,0,f65354685ac9d5e6ec0c7d89ef33fa98a96cad0e23da0316206039cbd9c94fda,2024-03-13T18:16:18.563000 CVE-2024-10832,0,0,62a14165c2bfceccd0cb2c15eea0735aefe0fbbd394f951f7a83dbf1d8b6e8a4,2024-12-04T03:15:04.427000 +CVE-2024-10836,1,1,22a80913997d03d40d2021e5a2fe20cbf0536b1c80d7f3409f3ce4ac4dc4e14d,2024-12-06T04:15:05.037000 CVE-2024-10837,0,0,c80ee8e64cd911e3ab2efc7873524bd8e71ebc0fc7365371148c92b52a8b267a,2024-11-12T13:56:24.513000 CVE-2024-10839,0,0,875c06c79916e12949a66a5e4eacd5341cb54bd81b19032a81163fe905b89056,2024-11-13T20:19:01.647000 CVE-2024-1084,0,0,b38be98d35d4290a3ce2408da5081c91dd802a2448815858b2cd8d2247674e10,2024-10-17T15:46:42.330000 @@ -243319,6 +243340,8 @@ CVE-2024-10841,0,0,1914449d57ff1a3babaaf40b7a33b002037c2a6558bba70a8f37b24e8f321 CVE-2024-10842,0,0,7aeafb02fa0f31956e4616acda70affdbdea4445fee41471b949ff3589528b00,2024-11-06T22:43:19.327000 CVE-2024-10844,0,0,ab92f6f85407dca15cb1e5a84778b8d496e0601ae883a0bd7f3db6703a1b0447,2024-11-06T22:38:13.800000 CVE-2024-10845,0,0,e23b6836533b6527e69274c9897179b623fe8ac43fca2950e064d79cbfdb6f9f,2024-11-06T22:38:03.347000 +CVE-2024-10848,1,1,95044672fcbadc1e0a27b42b7376f970e2c278e0caf1c04735799936bb1c964d,2024-12-05T10:31:39.120000 +CVE-2024-10849,1,1,0cfd6611569705412d45f0c6b830e37cfa7862b00280f4f5e292057c9f76dc1a,2024-12-06T09:15:05.350000 CVE-2024-1085,0,0,1d186f1dd445cf86c8be70ef01a658a198ecb65ca5305ee36e96f272e65874b8,2024-02-05T20:41:40.513000 CVE-2024-10850,0,0,b309e17883fbf12d4c11b9c2d070fc7eb6553e6857feda2b45f49aa05f89a48f,2024-11-13T17:01:16.850000 CVE-2024-10851,0,0,bb060e17bfcaee979e3c022ab213f6f8185e0d32d9334f9a45831591a3ac5358,2024-11-13T17:01:16.850000 @@ -243341,8 +243364,10 @@ CVE-2024-10875,0,0,f25d99b636c46f59305dd89e678091362bb421c122afe8c605690d8f28fed CVE-2024-10876,0,0,bbf9ae62b029e2f20c90d639924bd19ca16772574bbaf6f19776b0310de3890f,2024-11-12T13:56:24.513000 CVE-2024-10877,0,0,301531ad65e2e5f16ea91c20f67a17c0b37faac5d5c530e39dd36f416491799c,2024-11-19T15:52:44.487000 CVE-2024-10878,0,0,1a7fde41fde9a1253bf88bbce7de1ba6b0177b00122e66cff5a6abdbebd8e281,2024-11-26T18:15:18.827000 +CVE-2024-10879,1,1,22d2162de20fc2c251ff275f8efee5617e155af4fab67ff828f6f4d4f451027a,2024-12-06T09:15:05.507000 CVE-2024-1088,0,0,7487e11aa2518f6cc93d89dd95a39f5c8d6e4a1b2567cf073eed09f7df78257a,2024-03-05T13:41:01.900000 CVE-2024-10880,0,0,f5b2a2bccc52a05f172e2c0ad2b5afc9b167416f1cf01859cec0a3709050aa36,2024-11-23T05:15:06.207000 +CVE-2024-10881,1,1,16a995fae3f181f674a1d3dcc9343d132711dcb3a9e09bf35d12496ebdfff990,2024-12-05T04:15:03.937000 CVE-2024-10882,0,0,d50cca8abf620c67a958717eb4d933afb7abd51207b4b48e13771e9f1de70410,2024-11-13T17:01:16.850000 CVE-2024-10883,0,0,591fb34dd03e0d1e5f0e5dcf7a5df450cfd7ed4e0c6fa74361f3a75f2590a9a6,2024-11-18T17:11:17.393000 CVE-2024-10884,0,0,af8d0f69b33cc9c8b5f395f0e60a6b7ec1fd0ec15994d8ada3cc1ff2f49e0e48,2024-11-18T17:11:17.393000 @@ -243377,7 +243402,9 @@ CVE-2024-10926,0,0,d4b8448490b176d20ac7d5dd5d9abfb0445d0f8f33211ac22e460a561e976 CVE-2024-10927,0,0,d3a2ac626abf49efd428bfd5d4bd0b321173b570828e9a03e0ee1adb36e65542,2024-11-22T19:14:48.190000 CVE-2024-10928,0,0,862f1a88452be3b22edef7e2642809ba572832547c6da90647052695aaf77de0,2024-11-22T19:10:19.290000 CVE-2024-1093,0,0,de7ad9b72d87a55cf339c2dc774b7bea1d33bb68e3b932a439fb6fd6a0ef5b53,2024-03-05T13:41:01.900000 +CVE-2024-10933,1,1,13097ab8d5d13d6fd090605f874ed50533a9a61b28c0d36521f33f3189a5c8b5,2024-12-05T20:15:21.417000 CVE-2024-10934,0,0,f60a07deaf666cea5de4e92244d84e71b893bfd0f1ab972caa5337b18183f411,2024-11-18T17:11:56.587000 +CVE-2024-10937,1,1,f1bb58198c212c968f1d5a28ab423763da2ddda477c5e255e35dc9d594aefea0,2024-12-05T09:15:04.377000 CVE-2024-1094,0,0,e9e492360318e20689e515fe6138ed3b8630e834f4abf2efeafd987f7e7b2dc6,2024-06-17T12:42:04.623000 CVE-2024-10941,0,0,13c9aa5648736117eddcc05b7c7bbd41bd256da81c39332a1bd9e9e846bf4626,2024-11-08T19:01:25.633000 CVE-2024-10943,0,0,0ccd8432f0f0e1492058026cc01938e6138a4fa1c4553945683b272d10510561,2024-11-13T17:01:58.603000 @@ -243390,7 +243417,7 @@ CVE-2024-10952,0,0,3ef553c3805085272ae18e3e787acd63955ce5b8788bac59c4b02534c1553 CVE-2024-10953,0,0,496fd56d3a163ffff52ed6786827de0c1da0afb8656a03af3cf0cf6c1de87d4a,2024-11-12T13:56:54.483000 CVE-2024-10958,0,0,5ab671d0f18f16536cdc1e49a5ce9e7bd51980aaa21f74ae418c3b86ac578dbd,2024-11-14T14:57:23.103000 CVE-2024-1096,0,0,9e6ec92aa91c226f1dce82b660bd82ecda12366a7db0465d5ab79a9947cb0a51,2024-03-21T02:51:34.720000 -CVE-2024-10961,0,0,ff5c4087b88a049ca92f5361dd0ef2b5cfd7df7cb6a192a6baa0e0dbb9e86b84,2024-11-23T04:15:08.470000 +CVE-2024-10961,0,1,4a5dff05569e8c840a1fbc59c3367b15e681c98f036051571da83eeda89d3631,2024-12-06T01:15:16.933000 CVE-2024-10962,0,0,cc07a6052d335762b681821acc9ab9361629b4ad0b389a0c9ce7ad2399cf435f,2024-11-15T13:58:08.913000 CVE-2024-10963,0,0,eee86a3aedc7174854dc69b5daad7ddd56acd624730edee3419c240e1ae079c9,2024-11-11T18:15:14.487000 CVE-2024-10964,0,0,d9d58631af9cb33d656cf8e223a1d9710738586bc4b83eadc7f5ba1bdba8472a,2024-11-26T01:36:31.033000 @@ -243514,7 +243541,7 @@ CVE-2024-11117,0,0,44ab0c5f984ce9aed4e52f00adac2e7b146a348c1dbadd3cdaa1ba5594ee1 CVE-2024-11118,0,0,3cb9dc4e6bf92f2b2e528e62858236fed3c3ca228a01d299464afefceafe42e1,2024-11-18T17:11:17.393000 CVE-2024-11119,0,0,1258694a897799a95e4b0f41beafa605b721c49bcdb5e7db3c60c482ab25b1c0,2024-11-26T09:15:05.413000 CVE-2024-1112,0,0,a074043c8f95f29514c3f59ea2279c09f17d99731ab21d34b196cbe82c1cf23d,2024-02-09T14:34:41.827000 -CVE-2024-11120,0,0,368b83ae5902e34b0c550f99a9e3cbb6abf3210b2f6a699d61899ee63a5aa2ff,2024-11-15T13:58:08.913000 +CVE-2024-11120,0,1,7af0e910409ce94e1784d246a9bc666514629c59f170ac1c941aa43f20eb3e21,2024-12-05T15:30:58.490000 CVE-2024-11121,0,0,f1b88a6c44030f80112660a393b156d9c1cd2da4af92bd0d72b008c5bbe51631,2024-11-12T16:15:20.770000 CVE-2024-11122,0,0,4f0b3c4154dbf2342791d135c7f29cb97c201f7ff7c1344ce8a9cc62fc691be2,2024-11-12T16:15:20.873000 CVE-2024-11123,0,0,f8fedab122b215cdaef5bfb6f8913de6badf59670c272c995a7959bf83e03207,2024-11-12T16:15:20.990000 @@ -243529,9 +243556,14 @@ CVE-2024-11138,0,0,7b0edb369e2d9df427aea00759a3991acb4ee32080a1e83cba9502f5a7a36 CVE-2024-1114,0,0,4ba1cd03fbc35862ac6b2ce79da50122dd303ea22f4f4a45a352ffb5be12a8ee,2024-05-17T02:35:14.777000 CVE-2024-11143,0,0,96ffaa2455664e18d60b42605835ada70f7b0d6d8faec6d0bfd534d22c653ec3,2024-11-18T15:03:56.927000 CVE-2024-11145,0,0,3738165869fe25349bba8fb98171e1f4dedc6c9049342172a78ba671f869bf13,2024-11-26T20:15:25.270000 +CVE-2024-11148,1,1,3e27c5ecdbf9368ea7745ab9af540a4f7d26012d96da6eb12d17d472072aa326,2024-12-05T20:15:21.577000 +CVE-2024-11149,1,1,403739e1100fdbfba21604c94e5cfcecf06b9f64eb12bf3d164a7b1ae5623ab5,2024-12-06T02:15:18.127000 CVE-2024-1115,0,0,4dae9d3d8bef65fab3d547368288cc3126446be18b7fc740123f9a96bd6241e2,2024-05-17T02:35:14.880000 CVE-2024-11150,0,0,a42c681646aa4974b2ce83b0b93c5af4c26316891f1e3dd7bf6a226e6b2cf362,2024-11-19T16:57:05.407000 CVE-2024-11154,0,0,9c2f24e5b2c6bb0a1acf0aba74e4e593d635b23a924a1df484d24fc0dc0da623,2024-11-20T14:15:17.500000 +CVE-2024-11155,1,1,3141a4c3b16589023c0d58ce63678a7d08b24b7d9f52724b10132ecdbf56081e,2024-12-05T18:15:20.933000 +CVE-2024-11156,1,1,06cc28f3fdf4eafe724151e70cccd2e253f75b6a4b1a92b35065fa80954c8225,2024-12-05T18:15:21.103000 +CVE-2024-11158,1,1,972d238793f3738c1182d87bd077c2f01dbe60c146ec2b3626aa1cbfb5265b13,2024-12-05T18:15:21.243000 CVE-2024-11159,0,0,40c853846b1f5260f445d8196c4d1f6aec01e81777411e7a4839d765e27bfc1a,2024-11-26T22:15:17.720000 CVE-2024-1116,0,0,4196b5c71a0d802f4c1e9b3a43ac71c958f929e96b26e1ebb01241c6bd176fa3,2024-05-17T02:35:14.983000 CVE-2024-11160,0,0,c2a00c83ebfc94083c99410ffbf76862f5cddeb9d6f2530e0ed9a430c75b3087,2024-11-27T18:15:08.620000 @@ -243541,6 +243573,7 @@ CVE-2024-1117,0,0,0eff4d8f06fdd3645727772834638be79e19128758cbe94b2a8e7a297167b8 CVE-2024-11175,0,0,a70e7384355b41e57dbae42f60548787ddcd5e64369094201d6e3104c030e304,2024-11-15T22:50:48.817000 CVE-2024-11176,0,0,43e0b836ac427f00f128c5bd48d6743fd191b6efbf5ad7ecd847f5f279d2ce59,2024-11-20T09:15:04.447000 CVE-2024-11177,0,0,8c99c0c39c3f108563a151156fda0a6b1a87540fcc7cd34f8c23a7dc6256065e,2024-11-26T17:15:22.473000 +CVE-2024-11178,1,1,88fd37ec83f58799851dee6171e6aa96459a237aab617357fda7452771f05503,2024-12-06T07:15:05.460000 CVE-2024-11179,0,0,38e54346776befead02bb0d90bed5d6fc177bf14c23bd48810b55bacf50173db,2024-11-22T16:55:03.947000 CVE-2024-1118,0,0,6c399aaded9e96cfac900ecbd30e202d5a6a42d5625667c3de9725b65dc62fc3,2024-02-10T04:13:01.030000 CVE-2024-11182,0,0,550276b9543adbab2608aeeaeb156b493c7ea7fcd794d8e2722b73a2104ac612,2024-11-19T19:08:15.657000 @@ -243554,8 +243587,10 @@ CVE-2024-11198,0,0,51d6daea956d8949d0eebe7d036d8836a4c8d5c266ea899d7a1d4229a0290 CVE-2024-11199,0,0,1b252293dc51d6f43d3121b045d01eb3c6301ad12927e01a257a520b4287caef,2024-11-23T10:15:03.897000 CVE-2024-1120,0,0,4ae965ad3da5f8a3235e6e58dd82dd504b21e474d229ae465351f9f2ed6318d2,2024-03-01T14:04:04.827000 CVE-2024-11200,0,0,f4d97ea48501a65608a17fa4e2270dbe4daddfc571376bcd024e4292966bd946,2024-12-03T14:15:19.923000 +CVE-2024-11201,1,1,2400a3fff7c4756286421f46f94ce219c368f9dae4da912926dc56c7db0d65f8,2024-12-06T06:15:22.533000 CVE-2024-11202,0,0,51d8d259b86d0f0a0aaf1b7832edde09bf21ffb4ef806afcd5ff2c031b036ac7,2024-11-26T08:15:03.710000 CVE-2024-11203,0,0,51c484c857cf59c3f813a2e3506116f16f445f710b53772d92de1b4f877cc338,2024-11-28T09:15:04.007000 +CVE-2024-11204,1,1,1b902872d8d56ac838bb30e32deaa2c5385b128a323037f02bc4a73a9bc76977,2024-12-06T09:15:05.667000 CVE-2024-11206,0,0,4dabdbee4189d67c14faab7077a38bbebaaf9a0412b9485b8ea9f96e93b55b84,2024-11-15T13:58:08.913000 CVE-2024-11207,0,0,98c51622a761e0f4191d7b9bd2fdd9da6fc0915a6a97cca51529b9e5f809abed,2024-11-15T13:58:08.913000 CVE-2024-11208,0,0,eece2216dd32411003d7f73e496d57c02295784efeef0aa80d5e4c5d3e98a4f6,2024-11-19T19:38:51.637000 @@ -243606,10 +243641,12 @@ CVE-2024-11262,0,0,5bda125849c583f0ebaa29ca4d26cf0dcf9667997688ed2241531b87cb595 CVE-2024-11263,0,0,6a1ac9d3a12801a9f848747b946a0ac459e1982e45197319659c04e5ba98bfce,2024-11-18T17:11:17.393000 CVE-2024-11265,0,0,f4b2a3318dbaf2f938f5bb6f39194c9b65cc4b5c5a1f983e90346e6df34abb44,2024-11-23T06:15:18.310000 CVE-2024-1127,0,0,fc004f13d69dd65990588f481257d3c8dd60a3804cfac37ac389768e5b88f08c,2024-03-13T18:16:18.563000 +CVE-2024-11276,1,1,bec6f6d7f70ddc5f33f40077c2ca48024f960e5925873d26e2cd076944abd586,2024-12-06T09:15:05.827000 CVE-2024-11277,0,0,70fa881c494ed4e8a3131fb313821feca0fce09e01d4dad197524b7869b481b5,2024-11-26T20:59:50.643000 CVE-2024-11278,0,0,cc19a6be7ba80ee301c92f54c29f2c5c95b3da6dd7918df5b7b1d59f8e31a90e,2024-11-20T05:15:16.530000 CVE-2024-1128,0,0,de5352d9c421a908307277eb7da3f5f6fcfc08a095ea033ab740d4804aa5ccea,2024-02-29T13:49:29.390000 CVE-2024-1129,0,0,bb6d36851ed2d72741a575302302ac57d511f2bf349c6ca7db7385fd53c3529a,2024-02-29T13:49:29.390000 +CVE-2024-11292,1,1,8e181c8a393edba6783bed2cf63b9d618d019b541573667e83a8b264e80a628f,2024-12-06T09:15:05.993000 CVE-2024-11293,0,0,e46a7eec96404bb5101b51ea354f9204e8dfdf0f3886dd047246796d18fd27a6,2024-12-04T08:15:06.343000 CVE-2024-11296,0,0,b5d9d945be4839f25d895d1859f75ba059f45889157013a41666f5c27008260c,2024-11-22T23:15:04.507000 CVE-2024-11298,0,0,d8f84875ecbdb5e5ed14a2aa3c38c3b3c8b003b9c3de892f6ca47d32136bf2e9,2024-11-22T23:15:04.983000 @@ -243626,10 +243663,14 @@ CVE-2024-11312,0,0,47c631428ee31ff974ee21755583eeecc572701cd5c627d74250c06df5188 CVE-2024-11313,0,0,54cbfe18e9f9ec4cec89510df9ece23bf28d5a2015bcc6d7f6abc41521dde19a,2024-11-20T15:16:41.033000 CVE-2024-11314,0,0,246dedf95548c9e98cc9b4c3a9d38990919f55537fa02d10de1bc950b9d7f7bc,2024-11-20T15:16:25.653000 CVE-2024-11315,0,0,1e40368af4a59fc021b722b7bfa068a2b5cf4504701d2e4dd12e6291f7427d58,2024-11-20T15:16:14.550000 +CVE-2024-11316,1,1,3acc54e73a22543c8fc79fe5f6a57223d825e19d356f51dc38301cb6579acb18,2024-12-05T13:15:04.863000 +CVE-2024-11317,1,1,ade745e5cefa4cf5bf45920eb84430fd91268110de7d62120356e25cd7ff36d4,2024-12-05T13:15:05.747000 CVE-2024-11318,0,0,9febe7cf088687dfbeb6d2d8f74590e0f8059ffca33de9b68ad34437f87d2118,2024-11-18T17:11:17.393000 CVE-2024-11319,0,0,10049ab876319f9ecb08a7b21cc61880e37e90d0ecd4d79058dbd3eba0407f5e,2024-11-20T14:59:38.297000 CVE-2024-1132,0,0,3de6e62885ac8497a4c1d8f4950ebedc171b13b33dfedd6a9eea9ae164fd993a,2024-07-03T01:45:01.507000 CVE-2024-11320,0,0,043dd45fc8afc6a3f6d5124b009a260902c28d8e6731495b55f0e622c6d087a7,2024-11-26T17:26:33.327000 +CVE-2024-11323,1,1,fe6c4abcb6520792924b391cb014a8d5e6a41ac24f15f5e456d25994e6bc1b95,2024-12-06T09:15:06.157000 +CVE-2024-11324,1,1,488b7e62366c4a9086d212f9c909a0d6b63bf80e00073241feeb20f5eaa9b760,2024-12-05T10:31:39.313000 CVE-2024-11325,0,0,14da4d35c2181419813fe9ac1dccdd051d8a95ab923f557a3b686e3cf070cb30,2024-12-03T10:15:05.067000 CVE-2024-11326,0,0,3601bc2a8aa6c701a70d06e299ecc68b5e3f45dc7fc87ab827ff5000b9b49cb5,2024-12-03T11:15:04.867000 CVE-2024-1133,0,0,b8b851364368259dd533f1c71b437f741276dcf99770b03558b5d9cd5d3f095a,2024-02-29T13:49:29.390000 @@ -243637,9 +243678,13 @@ CVE-2024-11330,0,0,1c458fab138aae3f3b89b170e15e7403fdc2fbe304c8cf0cbc41ae122ec08 CVE-2024-11332,0,0,21d8101c0dd73a7dc8b4a9b045dbbf7a2c40f682ad21bdcbf98ef68d6b970235,2024-11-23T05:15:06.520000 CVE-2024-11333,0,0,7bd6c29c4bbfb5c77858b460729ae0ecbf03de7fe91a74338bffbe34088cea25,2024-11-28T09:15:04.170000 CVE-2024-11334,0,0,f7fc893b8a37cca506fd20fe68edd8509ed855f99666ff9db346702f3632cf66,2024-11-26T17:33:49.477000 +CVE-2024-11336,1,1,59be6ee9636b26a44710979a0cd80b49126de8af672393f61beee061deddb36e,2024-12-06T09:15:06.323000 +CVE-2024-11339,1,1,8807856c461167897ed051bd55630e4e1dcd73aae11bc3c06044372af159eaad,2024-12-06T09:15:06.497000 CVE-2024-1134,0,0,92ca7b611a6a52333e888fa3a581b5dbc5c29b22a5e7e62eb553cb40e2cb6d77,2024-05-24T13:03:05.093000 +CVE-2024-11341,1,1,8488efc484429fb531edadbebfec2e08fbd34af42dcfbcd29bedc9c388b00106,2024-12-05T10:31:39.520000 CVE-2024-11342,0,0,bac43c65bfe7c40167758b1f761e157674244a484facce7f4cc928fc94d88934,2024-11-26T04:15:04.030000 CVE-2024-1135,0,0,c4e807742cebaf6bf696946dfb175a5e42a114f551ef03f8a1a000797bbd864f,2024-06-30T23:15:02.563000 +CVE-2024-11352,1,1,3e29015c6ddb727a2fde19c192da7eef0aa6d301384cc964189003e83042cffc,2024-12-06T09:15:06.650000 CVE-2024-11354,0,0,87986c107f2d598ec9b5e54e0419b4149d63b452699e5d17cc10ffbc61f46d56,2024-11-26T17:34:55.767000 CVE-2024-1136,0,0,afecf0ebdd615b0db4af51c2dffb234fe058d5206cf056cda6c9c969b40b0967,2024-02-28T14:06:45.783000 CVE-2024-11360,0,0,659b24fc81e4938ca0374fdfc531183f0da8359af24c60f66cd39ca705cc7b8c,2024-11-26T17:36:08.113000 @@ -243647,9 +243692,11 @@ CVE-2024-11361,0,0,51b4837c758190b2e89b9741bdbd5713d8df3163c1cfcf1bc7c03ae151745 CVE-2024-11362,0,0,599844bd1e179abb8b921862d85c28565007a2c44d214b4e47236193a9a93da1,2024-11-23T04:15:08.617000 CVE-2024-11365,0,0,0e66126dac632663f20d3d9475ab7eeeaaf1783cab23902c99ae23613a9ecef6,2024-11-26T17:43:23.240000 CVE-2024-11366,0,0,0f9b628cb0a6551e49c2b0bbc5d2c17299a846d436784571555ac2d2a27d1c85,2024-11-28T09:15:04.313000 +CVE-2024-11368,1,1,6d5ec67e149ff34ee613ecbd5ce5afa9ea269c31ef5ced20f5651aa4cc3be3ec,2024-12-06T09:15:06.810000 CVE-2024-1137,0,0,7770507df04fd140e1caae778f76cfb6c15abcb49e56639ed0158e45600edd60,2024-10-31T15:35:20.503000 CVE-2024-11370,0,0,dd87b64b129f6809c8edd7b234994b231659964606722e4f84f6ae489936a5a5,2024-11-26T17:53:22.707000 CVE-2024-11371,0,0,85695f69ddb998fd54276702b9a185a3c971e606e7563fb96aaec381d1eef5d0,2024-11-26T18:01:57.250000 +CVE-2024-11379,1,1,e522b0badffd57dd62f47ed91d06b9180d29d29b4ea6cd79d06edaddd6bb8dc1,2024-12-06T05:15:05.813000 CVE-2024-1138,0,0,82205a90b4164fa73ef6a7a95de3da9e244cf92b71ef2ebb779a9979063152da,2024-03-13T12:33:51.697000 CVE-2024-11385,0,0,b8c574c75cf2cea00a757d377dc474503f06328c73f6861f0cd8dff47b3ce271,2024-11-26T18:04:49.077000 CVE-2024-11387,0,0,570819d44f260948aed21f18e713c0988e86544acdb78701fe81de7ec470e4a6,2024-11-23T05:15:06.833000 @@ -243673,12 +243720,16 @@ CVE-2024-1141,0,0,31012446f41a8e14cd01fac5beb57c8618f6593d63d8f6abd3fca30a025146 CVE-2024-11415,0,0,33ba95f5490e63268a39f93ff44091ae19cc0b92e1f270172254ccc6ede1d872,2024-11-23T04:15:08.760000 CVE-2024-11418,0,0,1127e4fb83ac3b30a1c36f88e01c5bf8c71390c841aa598dea17c87ce6d3a185,2024-11-26T04:15:05.237000 CVE-2024-1142,0,0,444665e5d63ad8c810b6738875a9c2a9c27bc01781467ef31bed70fec17787e6,2024-03-21T12:58:51.093000 +CVE-2024-11420,1,1,ecb6914abef6aedf5670b7fac7f90447b6716a728443a993a5a1eeb5eb744814,2024-12-05T10:31:39.750000 CVE-2024-11426,0,0,2b83b72f632671d15edef71a2fe1b0898a6bd6d43d5d87a70cb93682f02396e8,2024-11-23T05:15:07.153000 +CVE-2024-11429,1,1,0963da197e06f7baeb81d456c4cfe062961097d61222aed163e42065708bf4f1,2024-12-05T06:15:19.090000 CVE-2024-1143,0,0,b8d0c26da5a42e6a02317cbe9672f530b65f02168ce7a3fde71211ebe1a9550d,2024-02-09T19:08:27.423000 CVE-2024-11431,0,0,b8bb7503cec0f1c97409d5d96fa693f0c0a3c2fbf2f6e1d737e15cdb7da79d5d,2024-11-28T09:15:04.470000 CVE-2024-1144,0,0,546e0bd85767acb1f88a8198b87bd681b7ca87705a2ab38d3ca6ac16bba85f8b,2024-03-19T13:26:46 +CVE-2024-11444,1,1,2edd0c3bb45a8ae799545f36893c4fb10bb8a03380c886469d46fb66bd8be746,2024-12-06T09:15:06.977000 CVE-2024-11446,0,0,58ee3306e8d72a71b4c73e9400de7c4b9a7a44ede260329876f7cb058e66c8ed,2024-11-23T07:15:04.820000 CVE-2024-1145,0,0,fa713ba5e7e18de90151eee1a4726d9f9f0863a5fccb48575e3f29ec11b8835c,2024-03-19T13:26:46 +CVE-2024-11450,1,1,d2ee04496c8c47519fdfbff6c2f51d7916dabba900f086e73e0187f4c8852e0a,2024-12-06T09:15:07.137000 CVE-2024-11453,0,0,5a92196f1949efd85a5ee687acf7700234668e98610de2c7d4557dd8f3aebb90,2024-12-03T08:15:05.830000 CVE-2024-11458,0,0,6849bad28a4b41fcdd85ffcf4846b0c6058567a8a7be243965c5d4ff08dab5b5,2024-11-28T09:15:04.640000 CVE-2024-1146,0,0,c681ac136637104b7d43e23a49d30f381f11dad3f3f7ec48919504256a9e5b2a,2024-03-19T13:26:46 @@ -243789,6 +243840,7 @@ CVE-2024-11579,0,0,7fb9e4fe2baff2fb6647b473faf8a6c357600e54b9fec9fbf9a44d6a6097d CVE-2024-1158,0,0,3f0844fda5c657ec14fc878f4ca458f05346302835336ebfa8e7bba85b29f7d9,2024-03-13T18:16:18.563000 CVE-2024-11580,0,0,1533093b10721a5a9d087be9fd055f274a9f73f281e8c826ac88fc7550ab2dad,2024-11-22T21:15:17.133000 CVE-2024-11581,0,0,542160d1be89c3da845f4d24bd4022bd60afa8df929836d85949b351ae8fb0a5,2024-11-22T21:15:17.257000 +CVE-2024-11585,1,1,41d3ff5a44ee410f2ad12863a785baa2b29cca35164e95348a1af44ceaca1cec,2024-12-06T06:15:22.723000 CVE-2024-11586,0,0,e5108ab65d70608787de70c3e510f85ce33e95747e983d47cc258456bc62f44e,2024-11-25T18:15:10.123000 CVE-2024-11587,0,0,da366856f804e85e70745473ffd836e0a1a145660e1cb2bd604db9460e7f0d03,2024-11-22T21:15:27.747000 CVE-2024-11588,0,0,08d454ed1206ff32bb2bf5c765516083d1abb53c857b8252091f3b93bd106bb6,2024-11-22T21:02:06.303000 @@ -243833,7 +243885,7 @@ CVE-2024-11663,0,0,6a74e18ba052e37c1e8b2cbba30892c27dc6677553d13b3a96791fde2ffc8 CVE-2024-11664,0,0,83233ba3e20edddfb394bd0dc34d74a27fcc2b46bb551381a62ca91949e86aca,2024-12-04T19:28:26.773000 CVE-2024-11665,0,0,86a5623ad291d6e005e52a68942920dbe4f41f173faf07762b4fa8c9734c648c,2024-12-04T17:43:55.183000 CVE-2024-11666,0,0,a7e124e4e7b7bca398eeda63d114e258fa78223da80e0f950915de9498ee814c,2024-12-03T15:40:14.907000 -CVE-2024-11667,0,0,de0c11a87d2ca2552722880f013198690865f3d7a4b8c44eb443085c54a28213,2024-12-04T02:00:02.410000 +CVE-2024-11667,0,1,ce6d48b4de0eaf3d12114b664e41d9fab47e37c308089b2d05ba855dbdab2734,2024-12-05T18:41:12.113000 CVE-2024-11668,0,0,76595504dbd2b64d21bcff47f11c8e8cc91ab680fc6cee5f2ffc1737d953cc2b,2024-11-26T19:15:22.027000 CVE-2024-11669,0,0,a5de8e98bfb8b633c540619e4d481ef856cf620fef729b0da27716832b9fbae5,2024-11-26T19:15:22.367000 CVE-2024-1167,0,0,ed50fa0852f2fbdcdff47243517d528056863b720fcd10bdada66efed3504e8a,2024-02-09T20:20:51.900000 @@ -243850,6 +243902,7 @@ CVE-2024-1168,0,0,b74b0b0c267c02c66f0f474186eac7335d29517290a9638a292d9de8edcd7c CVE-2024-11680,0,0,1415befe3c792193abfef469dafa7463a81c8604ddd2ae59420450f5f0258ce0,2024-12-04T02:00:02.410000 CVE-2024-11684,0,0,9f2fe09eb8e335ba8391a949cbf48c636db8bb7de80a47009590f5cdfa3e8218,2024-11-28T09:15:04.793000 CVE-2024-11685,0,0,2626aaa1c85fe00c7037f15a9af93889a5b226726b04ceaddbef8ece377d16ab,2024-11-28T09:15:04.950000 +CVE-2024-11687,1,1,84514bb98732ffc9ca2906ea8e96ab481d88f84c1648da7b939544b1044de35c,2024-12-06T09:15:07.303000 CVE-2024-1169,0,0,a43d6b50f47e310e039f1575550f9d1fe159a31a77f5a57027ebd3dc489ff540,2024-03-07T13:52:27.110000 CVE-2024-11691,0,0,7a53223ef1bbb0483180a0674c22f2ddfbf700b35cfbc415f7446deb28e06f8a,2024-11-27T16:15:12.330000 CVE-2024-11692,0,0,2e2a368d2bad10eec3d1f66bd6815192775038dd3ccc98b4295042a1e55ff9d0,2024-11-27T16:15:12.530000 @@ -243885,6 +243938,7 @@ CVE-2024-1176,0,0,3a9729597b8ae5d1f7a6b2981371f9af662d86aa4ba3ac1ac5a3a2992dbcfc CVE-2024-11761,0,0,eb52b6beba84d5e3aa94afd1e69b06248988bf9736924036fa502f3813b0779d,2024-11-28T09:15:05.090000 CVE-2024-11769,0,0,813b4ca9ddd71efa0b3a700e3dc2f1f4d157f2578ab3364b1b16bb776e1239cc,2024-12-04T08:15:06.680000 CVE-2024-1177,0,0,d9cdcff987bd78d6f32a7f8b0a8d2970109268852041331a890d212ad12ebb88,2024-02-13T14:06:04.817000 +CVE-2024-11779,1,1,b36a22a7a819f7306395169ed86d70d6bdb02395fe7e0dc8e57e0bb502b50a3b,2024-12-05T10:31:39.980000 CVE-2024-1178,0,0,1ff4a71536018366c289bfb8a1aa1adef7208a3ae26719efcdb84bec870fcd3d,2024-03-05T13:41:01.900000 CVE-2024-11782,0,0,e3d9ca853e3de7c456298225b3bac758bc6cc14e92c8dd2b7f7b36c0bd838f02,2024-12-03T10:15:05.320000 CVE-2024-11786,0,0,6cf20be08bd72bdf18f1b37af5fd1777457199a33f3d53de54fd985237bb5f39,2024-11-28T09:15:05.243000 @@ -243917,6 +243971,7 @@ CVE-2024-11818,0,0,03353c8ea92f63bcb93155865a1eb5dbe1fed70391bddfd4d8cf954b88283 CVE-2024-11819,0,0,4ad555b58c0b6ae087a0e197e14f318c0818cf9ebf662c2c2b44a9340719cc17,2024-12-03T15:00:58.693000 CVE-2024-1182,0,0,fa905e4a8a46b36f13d15329274923ae221fc1fe7f91daf124410752f4903054,2024-07-05T12:55:51.367000 CVE-2024-11820,0,0,851b7a45884f50f3792038cee6a0dd94b1414d7c7c3cad4aa15d26efb61c7827,2024-12-03T14:54:20.297000 +CVE-2024-11823,1,1,39aa0fbc102b8a9648f017c9098019c8c94234f421f38dd89f51eddc70f54f40,2024-12-06T09:15:07.463000 CVE-2024-11828,0,0,246e1e2eab57884aa3d4d52a63d8c3c77eefda7cf137c7c25e51217c37ae62b7,2024-11-26T19:15:22.910000 CVE-2024-1183,0,0,b9ca697d85173799c910606842f064c322818be1aee71b1208c43495b066c09a,2024-04-16T13:24:07.103000 CVE-2024-1184,0,0,0bd0336a802b5a07ef17cf4c3337487d1573b3f8590cc13c2e3f9ac276b1f143,2024-05-17T02:35:16.900000 @@ -243945,6 +244000,8 @@ CVE-2024-1193,0,0,ffb9a4095d8f9913e32a4a9fb84e7d515c719215bffa9c1271257c84c94703 CVE-2024-11933,0,0,ff719b80c8b04b1955877df42e564ce90eac2c09e4f59c20e785f18a1e8804d6,2024-12-03T16:04:10.350000 CVE-2024-11935,0,0,9c769b1c4d867474a0ead8d3d33ccb8daaae06c82d486a8ac440c6198046b3e0,2024-12-04T13:15:05.910000 CVE-2024-1194,0,0,2ada7ec0067a4a6c15e16c8b6d60d2605ff0ff50c80d53e3de0a5fe7493767f7,2024-05-17T02:35:17.933000 +CVE-2024-11941,1,1,a22d4f126379cd23fab32eff7ac35d36ca73679077d565711169df70fc99af87,2024-12-05T16:15:23.893000 +CVE-2024-11942,1,1,b0307c3d5deb4f1958153d56169209064a816f43c966e68315b932939b90f0c7,2024-12-05T16:15:24.033000 CVE-2024-1195,0,0,524480b99d81e527b71e9b6d2b12e0f3d16697f860efe8d11194cd8cf60ecd57,2024-05-17T02:35:18.037000 CVE-2024-11952,0,0,1cf8955e26709babaa743e659edcf01ad0b08b777d583067e6146dcc8a8319e6,2024-12-04T09:15:04.637000 CVE-2024-11959,0,0,8e4c044a79a34553dacc3bbf68fddd2b6e5f24a72d4b7a0c2b06bf8643853e87,2024-12-04T16:52:55.150000 @@ -243981,51 +244038,72 @@ CVE-2024-1200,0,0,cbf824dd51d7a3b837d210f60d3bc2fcd8c0de7dc55b64bf2469e6bd3fafa8 CVE-2024-12000,0,0,b554fb7516e14db1feaba750220ae1f899d45d1ef9cfed719bdd93039699e21a,2024-11-30T12:15:17.200000 CVE-2024-12001,0,0,d124c0f10f30b54eb4f74d57e35bd484e6cb76bb299b65c3d619c3385b273728,2024-11-30T13:15:04.140000 CVE-2024-12002,0,0,2d664898f022b9ee65d7e21df2d171082c6696d82f0f74082488bdac27e9a6cc,2024-11-30T13:15:04.610000 +CVE-2024-12003,1,1,e39ee63656708893dab4dc4b108494b2da97ab05cd1b7a687dd08b180fa7d4d8,2024-12-06T09:15:07.630000 CVE-2024-12007,0,0,d09eb162fd0802cb9d12367e01f06496d503cbf35d3d8593ef98baeac09d1ac1,2024-12-01T23:15:05.310000 CVE-2024-1201,0,0,f9834193bbb62b403f23d3357a53cc3ad9bb6173e269e5c9bf81a47c0a1a0786,2024-02-09T19:27:29.517000 CVE-2024-12015,0,0,76bde5ba443e4cef655d444ed6b12009e494b1530b8cc5faad4f131977067c23,2024-12-02T14:15:05.383000 CVE-2024-1202,0,0,6132da5e9762048f130f38f4ec670738f94221153725a0b95c9666bf5c59cb16,2024-08-01T19:15:32.277000 +CVE-2024-12027,1,1,b07bc9ebf86d55ca4d4202d4183b292edfd688ea96a18cfc9c2743bb8022fe76,2024-12-06T09:15:07.803000 +CVE-2024-12028,1,1,3a016067946ceb575c1ce2102c1a4c66b572ec677dd5ff5e9a6cb269099e33cd,2024-12-06T09:15:07.957000 CVE-2024-1203,0,0,b776394b4b874eaeeae3e5b604198862b49ad905e4e26e755c608f17ba381dab,2024-03-13T18:16:18.563000 CVE-2024-1204,0,0,227dcadf8be17e7ba46954487209fff721db299a9b29c34d65c82dfa9a2b5cb2,2024-07-03T01:45:05.337000 CVE-2024-1205,0,0,0a0d23d8cab3c22e48da3af802fa5d4730efda2f1ae3f246ab487b1969fd7c36,2024-03-20T13:00:16.367000 CVE-2024-12053,0,0,2b398607da9e0d35894a5dae028909ee96e509eaf1448f83891a86a3497d90af,2024-12-03T20:15:14.513000 CVE-2024-12056,0,0,178a01d22970ecd4324357f85a8e355aa2bb3fef2b11d0929147803ddf53d972,2024-12-04T15:15:09.700000 CVE-2024-1206,0,0,5f77d40826619ff076a6ee2348b6f5023dd16e0c591d0d5d735c076214b8b61d,2024-02-29T13:49:29.390000 +CVE-2024-12060,1,1,644901248b240633d1bf09b18ac3be3cb4b4da5cf3470b8aa3951034daf743cd,2024-12-06T09:15:08.117000 CVE-2024-12062,0,0,053134064f0b6efbb78d94709d74965493fd7936bfcf08f9a9a8ec7d826131fc,2024-12-03T10:15:05.493000 +CVE-2024-12064,1,1,5bbffd5016c2c66c65f1cad07469a2c9304ddde32e6765225186e453c653a401,2024-12-05T22:15:20.080000 CVE-2024-1207,0,0,dcc484c1fca006f292c23965347128c235a983932753c8f043310e93d42eeea4,2024-02-15T02:05:42.313000 CVE-2024-1208,0,0,931317b38cffca1e6ab678e3f4e10db5d686e3bb7ffa9e092bfb0d5704f0fe50,2024-02-13T14:06:24.090000 CVE-2024-12082,0,0,3b55c847ee02ef0d7f4b58fecd9285e5b3b7a20be8f27582ab2fdc4ac93dfac6,2024-12-03T13:15:04.843000 CVE-2024-1209,0,0,b007174870c79d931de8bd87795b421ecc64b354efa55388cf8747cc0f9b9382,2024-02-14T16:51:40.300000 +CVE-2024-12094,1,1,6e383cc75b3f85962bcdf8903d07540ef3fc4cb3d2555f929b41425068cb2b8a,2024-12-05T13:15:05.923000 CVE-2024-12099,0,0,841784c9ec00c84b54988fece9d557d8124e99bf7bce550f257ab735648093ba,2024-12-04T04:15:04.287000 CVE-2024-1210,0,0,2bd6c4d9a535fadb91354d7280da4ed73754e214ed933073c198034626ca398d,2024-02-14T17:26:54.873000 CVE-2024-12101,0,0,cf6330eb409e982923b4b0b78cc8d64ad396889b9513f5530cedf911c9fe2802,2024-12-03T16:15:20.910000 CVE-2024-12107,0,0,4ecf985355ed02c46a47df39da30f4f8d3067f06e5bf8632c870b7442c3264aa,2024-12-04T11:15:05 +CVE-2024-12110,1,1,df41c055b98257c7a9327ff9aa5849e930007a93b976107bd410198bb49d28cf,2024-12-06T09:15:08.270000 CVE-2024-1212,0,0,da6373ae7bafa80bc186105339e693a9592b96e608bda44b9b7e9a26c6194323,2024-11-19T17:24:39.480000 CVE-2024-12123,0,0,a64c5f1053ac9ab8204a334c665b77f722022f7905b787d927f9f5c425016fc1,2024-12-04T04:15:04.430000 CVE-2024-1213,0,0,73c928f5e166c2f8b5a80c38e18cb771f40a6d802d77253df887196bd9243584,2024-03-21T12:58:51.093000 +CVE-2024-12130,1,1,8b102573bde86cefdf9817d180228a85876f9f70f2df38cee3e1eeca99cf5661,2024-12-05T18:15:21.507000 CVE-2024-12138,0,0,b627f71d7eb0f3c5b092a28495f539873055e1ed13f91ef3e777df6f0a6a06f4,2024-12-04T14:15:19.413000 CVE-2024-1214,0,0,3ce61bef6906de47cb6dca47166861f981b3b7a12f38cc6bc1c75e176d1b9b5e,2024-03-21T12:58:51.093000 CVE-2024-12147,0,0,cac5338edd63a709f0dff46286a39277514d44aea9788828cfd66ae51ff59bfb,2024-12-04T18:15:11.803000 -CVE-2024-12148,0,0,db25f5c501fe08b8cd7e84c34b3735ece6a93ddb363d1c2ab475087f12643b30,2024-12-04T18:15:12.003000 -CVE-2024-12149,0,0,65ec0bfa07587c461aad324bc4785af374208d8492b5aabe4f8113ef74c9936d,2024-12-04T18:15:12.350000 +CVE-2024-12148,0,1,2d82ecdcd1ae8b06b2bbc4387f4ec8d5588d3a1672ec54422fedc0a9fcb34bf5,2024-12-05T19:15:07.473000 +CVE-2024-12149,0,1,6cea541fb8390eb73924fcce3986b6c54a0134049e02ebc343dd9227319eb6b2,2024-12-05T19:15:07.627000 CVE-2024-1215,0,0,a5f81972c1c766d6a1a96567c8d27bfbbda6117700102c01b81784829175fa50,2024-05-17T02:35:19.200000 -CVE-2024-12151,0,0,abe4093b15b72a0aaf39aa376793d8a1e5de09a117d86ddaf539a4d3630eb020,2024-12-04T18:15:12.850000 +CVE-2024-12151,0,1,958cd3e076f1ea17ca0ad827def723dfad6dc87ee6b3f8172337cf6f1994be20,2024-12-05T19:15:07.773000 +CVE-2024-12155,1,1,1ef1aeaa7a5887baed2018f81740ecf52e3e9576f0680c8bcc6d84d921decb55,2024-12-06T09:15:08.417000 CVE-2024-1216,0,0,2ac4284b62a708a705b7ab9ac6ff4ec2f3952b584d951b1f83e5c9b3524c781f,2024-03-21T02:51:38.760000 CVE-2024-1217,0,0,6075c1c30cf8dbd69ffc4f54a2c1be059316219999cb061c49a6d509b11c4db7,2024-02-29T13:49:29.390000 CVE-2024-1218,0,0,453752a0899f8b793ec74c90c12a7ff24c5b2280b6a6b9717bccd3f166c7f71e,2024-02-29T13:49:29.390000 CVE-2024-12180,0,0,61084dd183d3aa387fa066c78a1d4e8a02556683b3d433df77c7a37a0bc5ddba,2024-12-04T22:15:22.140000 CVE-2024-12181,0,0,a823a1c69c583a4446529ba818f035f88d02d4f2069dbfd50a5fc407697713ed,2024-12-04T22:15:22.360000 -CVE-2024-12182,1,1,15ddd14efb83c51acee17680a63a199146875daa00665f3c96e33c6836f3b6cb,2024-12-04T23:15:04.703000 -CVE-2024-12183,1,1,d438bd6f5a2a8910d65646433d2116124b666769076366fac6c2c5a94e87f41a,2024-12-04T23:15:05.760000 -CVE-2024-12185,1,1,04beedac9b3b6533752316ebb077596e5d2714c1724abca428fa34b5b0c1e3ae,2024-12-05T00:15:18.677000 -CVE-2024-12186,1,1,78acc65d8cbab7782be71d3d63ab3e5bc81a297d4dd52703fb654f3e49e3eec7,2024-12-05T00:15:18.887000 +CVE-2024-12182,0,0,15ddd14efb83c51acee17680a63a199146875daa00665f3c96e33c6836f3b6cb,2024-12-04T23:15:04.703000 +CVE-2024-12183,0,0,d438bd6f5a2a8910d65646433d2116124b666769076366fac6c2c5a94e87f41a,2024-12-04T23:15:05.760000 +CVE-2024-12185,0,0,04beedac9b3b6533752316ebb077596e5d2714c1724abca428fa34b5b0c1e3ae,2024-12-05T00:15:18.677000 +CVE-2024-12186,0,0,78acc65d8cbab7782be71d3d63ab3e5bc81a297d4dd52703fb654f3e49e3eec7,2024-12-05T00:15:18.887000 +CVE-2024-12187,1,1,1b75eaf4af3b82f3f6ae2d3ef66cb1b799934ba6028a5996825fc020acfa0333,2024-12-05T01:15:04.740000 +CVE-2024-12188,1,1,66db3484cdaeb32f42037ae44b4ec53de67bd9f35b6870dd46f53c64f3172207,2024-12-05T01:15:04.943000 CVE-2024-1219,0,0,c458cc72658e7a053403f6629df47005daa64a22965acf0ef87a52df05752215,2024-07-03T01:45:05.720000 CVE-2024-12196,0,0,08b9439397a0ecc83e711e8fc5c4b8790edac0a417409dd477ea63113d832e9d,2024-12-04T21:15:21.090000 CVE-2024-1220,0,0,3cf4ec368701eb9f29bed8e0aee16ed45bee1642c821201a62addfd605d76a71,2024-03-06T15:18:08.093000 CVE-2024-1221,0,0,f57b38e01f2045763b64023d54cd14b115226519f5b5549123f745e94b8ad6f9,2024-09-26T04:15:07.007000 CVE-2024-1222,0,0,5d7d5aee4e7308a5e1ea882d199b9214632e9928d03f04d754209bedd842261e,2024-09-26T04:15:07.170000 +CVE-2024-12227,1,1,ba90ebb2cf382c847aea04197c034e5e0e145f9bb34caf2219ef0758e476d6a3,2024-12-05T14:15:19.400000 +CVE-2024-12228,1,1,353a3a916da52ef36097b2d639faef8998fc482342506720f79e426405663748,2024-12-05T14:15:20.123000 +CVE-2024-12229,1,1,adb1fd4b89607e98bff14eb314304a0aa5f49a489bd55820568b65ba6b7f2476,2024-12-05T15:15:09.050000 CVE-2024-1223,0,0,d42314693c58e5b08f0a5ac59bbde9dd4cd508567ac5750cc8416f01d6c1186f,2024-09-26T04:15:07.270000 +CVE-2024-12230,1,1,c0999779adf008f86a2dea6891a8d9cc865a7c681397bbfba0bca0d0fc5b7e0d,2024-12-05T15:15:09.280000 +CVE-2024-12231,1,1,2d61cd97d30688f5839da3e8db4d5653c16d2d28938561890550be74fc098362,2024-12-05T16:15:24.933000 +CVE-2024-12232,1,1,8ac258fec8b1773cf95dd11c943fcd65f455678e8beaddd5071d54b1acd6e5b3,2024-12-05T16:15:25.090000 +CVE-2024-12233,1,1,05b9925f1297f182adba9298e65b877490d4cb6f74e3cd9a5f7f5b2f5c9df9d4,2024-12-05T17:15:11.037000 +CVE-2024-12234,1,1,b3ba7fe58734507b9783d54d59c093a131dfed39e4489eb6a25c50671ceb7418,2024-12-05T17:15:11.213000 +CVE-2024-12235,1,1,38f1b3feacaad948f40ac9e8f67e1ff40424da9b6b0097b46c94da1cb9b5c6b9,2024-12-05T18:15:21.660000 CVE-2024-1224,0,0,5ae6c514ac328cf1da04b8ed0644857500ebf34ce993b80e4e918efec900b252,2024-03-06T15:18:08.093000 +CVE-2024-12247,1,1,d5c2fdaf4ab27cb3f776fad80cd63211a094668755f28e461521a00bf1e54442,2024-12-05T16:15:25.243000 CVE-2024-1225,0,0,a853f4976fb83c6334355e0444e701230a93393d2963cd320d17d46d82664837,2024-05-17T02:35:19.560000 CVE-2024-1226,0,0,8468709c7e5985706a02eafa0534a9ca6154e724547969096693c3d6c6d57a0a,2024-03-12T16:02:33.900000 CVE-2024-1227,0,0,3107f30bc54f20049fdac9a8d2aa05cabbd90f7d48a70b5eb8ee4219e193157c,2024-03-12T16:02:33.900000 @@ -244696,7 +244774,7 @@ CVE-2024-1934,0,0,df6bc0820efaa227ff0593f2f377a2941dbe3870867c525b59689743a10c0b CVE-2024-1935,0,0,ca5903a177c0640c0e970926382a56ffbeaa4621c2c3291cf867a2ac2d3da56b,2024-03-13T18:15:58.530000 CVE-2024-1936,0,0,4ae9db8b468cef69ab430d1b278181ad452cb868b5583bc17d9cdc39eeb96809,2024-11-26T14:15:20.260000 CVE-2024-1937,0,0,7a30bc166390d821e1f1e23579a9b82c6e7a58933428574c00dfd39409fe3c39,2024-07-16T13:43:58.773000 -CVE-2024-1938,0,0,c00952c8fb5bee70009fa8cb4edae0ee23e0cf49f38d1396820ee571c21d4610,2024-03-07T23:15:07.177000 +CVE-2024-1938,0,1,45372ed0cf6315712611817c25963a7ec749d20f74abca94103d20e47b827172,2024-12-05T14:15:20.310000 CVE-2024-1939,0,0,7635ee63b7a711f60a96b5ac9be806a92dc586d1be5007d27a4ea5f2f8739d3c,2024-08-27T21:35:07.627000 CVE-2024-1940,0,0,4f9f4862eb1e6b7652f757b60ccb034b4f77619e6171d9f3805603ac6e0c779f,2024-06-06T13:59:09.023000 CVE-2024-1941,0,0,a76203f312446d946fd2aa0249e4548432f84767e6f8c287b9e182a489b4a8f0,2024-03-01T14:04:26.010000 @@ -245310,7 +245388,7 @@ CVE-2024-20733,0,0,980da2e14a6e2b93f6c724dcb9f0eb83468c2e8bb9426c88d7d05cad50b17 CVE-2024-20734,0,0,ae32e8f155c4568ecf906525c3606aa8518a3c54bf0d2d93ef13a54a0a0a61de,2024-03-01T23:07:08.780000 CVE-2024-20735,0,0,7f602082b83c75af61f423dc61a35835f7519ac84540b03dd4211e3c1231073b,2024-03-12T14:54:29.657000 CVE-2024-20736,0,0,60ca92845b9282544e6e9ea2c365b3d29fb1c0b234b60381a7185badb42c97c3,2024-03-12T14:54:37.200000 -CVE-2024-20737,0,0,0d8c97fe4d8070bce813ec3b747f50d9d77a59fa0d4fdf875818b37c84e18920,2024-04-10T13:23:38.787000 +CVE-2024-20737,0,1,810ac54ab4bd1c1209c5c62f1250812a632893121c758fd3f17d8bed703a1af1,2024-12-05T15:09:48.830000 CVE-2024-20738,0,0,234845e3658080b4965af41cf35a03b6397a154442f1c582db87a847336205c9,2024-03-15T17:15:07.907000 CVE-2024-20739,0,0,66e13416f7ab022d3486880880fe2c50c46b451e65e18cd68cbfff77699ffce7,2024-02-15T14:28:20.067000 CVE-2024-2074,0,0,7d373614838a94921c8511a8888765e9ed3349ea79e8e599534f642442667245,2024-05-17T02:38:02.163000 @@ -245341,14 +245419,14 @@ CVE-2024-20762,0,0,38b6f44fa06a6bde99e5ad99c71f1112bb49089ff24e4849455ae10a13e28 CVE-2024-20763,0,0,c4ae7ee1e5da223faf7f6ab1679656c9b9fede84d1024a9c5eedb3023d54e4a7,2024-12-04T15:15:36.200000 CVE-2024-20764,0,0,425a15ec3fa98912e0e2b2e3e32bf3ee284d81cfd6b2ca0b093427879549fe69,2024-12-04T15:15:25.463000 CVE-2024-20765,0,0,ad91982b1363103e7d071a542448be4f43c1d446a44c46149dd1d5563e96bd7d,2024-02-29T18:06:42.010000 -CVE-2024-20766,0,0,898b775b089dd9caddb4b4690630a4034df5907c7b03a6ac372c91b73b803f73,2024-04-10T19:49:51.183000 +CVE-2024-20766,0,1,bfca5323466cc1012d6d58a3c5208333eb3eb3e1679285a5dd3ab428ac29b509,2024-12-05T15:18:04.873000 CVE-2024-20767,0,0,899fd635a0014761ced37cbe14634fda9e5e98e3a2888379f978a49261ff3455,2024-12-04T22:15:59.953000 CVE-2024-20768,0,0,fca9dcc18fdb5e923a7d5ffae471944f30c53e8970448c3d9b0c0d1182566ccc,2024-12-03T21:46:08.623000 CVE-2024-20769,0,0,4c236b05669b68ca5ce041ed8b26b6adfc2e0cb9e4a3ee0955957eb96f78ccb6,2024-06-14T19:30:30.037000 CVE-2024-2077,0,0,e7bd6e3d8e34c4ba57719bf938fdc690e0425d907fa9aeaa848477a4c8d06182,2024-05-17T02:38:02.460000 -CVE-2024-20770,0,0,2220817887bead81dba660b5070a9bfc8174373fc0e12fc00c386ef0f159eda4,2024-04-10T19:49:51.183000 -CVE-2024-20771,0,0,8a01399cb8521b5aca859010ad7618c854f0ca880963c5cf7f625b81f5f7e387,2024-04-11T12:47:44.137000 -CVE-2024-20772,0,0,0595740a6eaf79276b6566faf58cddbacedcbdb42883617ae6f1fbf05ec92018,2024-04-10T19:49:51.183000 +CVE-2024-20770,0,1,2e26ee7a0a7cbf939fbf82e2115ccc0eccabc07cb41ca12e34292631ae8ae754,2024-12-05T15:20:53.207000 +CVE-2024-20771,0,1,bdbef488f0405354c26b5d6ecf058aa9a6b39ec365278cd0d25ddad79c775a2b,2024-12-05T14:45:44.193000 +CVE-2024-20772,0,1,df6c7fd78f4053de24e5d688cc78a61d8b0bb1024737465f0fe5ee656fe3f948,2024-12-05T15:00:34.627000 CVE-2024-20778,0,0,ff0325b925cb52cb989cf8c7c41190d57642e73ce4423016f8a454a3042e872d,2024-12-03T22:21:38.357000 CVE-2024-20779,0,0,13c70af693a01da502cbe2a0eab32d0d39e9953765af33985baf7dd03d5d7482,2024-12-03T22:21:48.793000 CVE-2024-2078,0,0,95d50b0faa2bb79eb927804f750375a6eb355124e82816799090199109d7ea11,2024-03-01T14:04:04.827000 @@ -245363,13 +245441,13 @@ CVE-2024-20789,0,0,2be0d33fe7f6a2ca915ce1bc566125c1928c2c16133fd8fdef1172ad2e465 CVE-2024-2079,0,0,f10772ba31d142dba517b938901fc1b75b6b0e63ac1ac474e47c5b00d72243ad,2024-03-14T12:52:16.723000 CVE-2024-20790,0,0,3934bc21914c68bc7f6c87d335433310d3f22ed71eccb1f27568a92329715bb0,2024-08-19T18:58:42.660000 CVE-2024-20791,0,0,7463d03dabc7b9776b7c6cb0ee52300d4d429ab1ee6b989659f0c15283375972,2024-12-04T22:39:52.703000 -CVE-2024-20792,0,0,f743a82f55d36974fd9055bf0c833f5b4f50402bf02427344d220e686fedd52f,2024-05-16T13:03:05.353000 -CVE-2024-20793,0,0,79df2b707e1cbc4e53b872f4870eee47d97e91541b8737f8089fe7049103b0ad,2024-05-16T13:03:05.353000 -CVE-2024-20794,0,0,009cfcab48094bcf6aabe6ba2b455d8a62e38422e17ebb73b841667a8ce258e2,2024-04-11T12:47:44.137000 +CVE-2024-20792,0,1,e94f391b1586de359da38607b7ee652a2554c8a3d7e5df287395313f11eb69a1,2024-12-05T17:44:14.317000 +CVE-2024-20793,0,1,feb06d499e7d9065e770fe18e51ca20183229a7c057cf2978533a8d549d5802a,2024-12-05T17:38:22.207000 +CVE-2024-20794,0,1,f512ca36dd7bbe40d1c5c335aa3154304722b8424402fba85531e6250ecbe72b,2024-12-05T14:35:56.790000 CVE-2024-20795,0,0,32420077536f65e7d836635f10a09f330c98616d65d4b5b98da6ff3774af1866,2024-12-04T15:15:06.780000 CVE-2024-20796,0,0,8bc604a05d3d3d5125b73c5595aaf9705529daec2c4fd945b4fd3b85d08d1716,2024-12-04T15:06:27.790000 CVE-2024-20797,0,0,326cec9f5b28616467af89b63e5afe1a94492d7fb972a282db20cd2b654df1b3,2024-12-04T15:01:17.957000 -CVE-2024-20798,0,0,8b948926eaf9bb7762236e345460aa95eaff4b64e6ad072852daab65eab7f1c6,2024-04-11T12:47:44.137000 +CVE-2024-20798,0,1,991b08e1c7be5147b4327feee578932848f0aab28df8b83918f4bdf0c2e1dcc2,2024-12-05T14:40:30.757000 CVE-2024-20799,0,0,8428cb712862354c385635b67f043354a5a529f6758e50018b2185b88daa17c7,2024-12-03T14:18:15.477000 CVE-2024-2080,0,0,739bb7bc16949ce8dc42f086707a1965c48b8c0e80b8a96770d78539ca010524,2024-03-22T12:45:36.130000 CVE-2024-20800,0,0,e90a6af871b5675be42c72ef35b247ceac517172f67ea5e497ab2a65b8ef6be6,2024-12-03T14:16:35.813000 @@ -245589,7 +245667,7 @@ CVE-2024-21001,0,0,416215f17e5ee7b6fd02766a3fe7252d7bc684b3302f3dd4a683e3f6400ab CVE-2024-21002,0,0,7f5c86fdcff82f93225a75a7e73262c6da92b927148218de7deb268aa0c73332,2024-10-31T16:35:04.067000 CVE-2024-21003,0,0,90a06bec930da30c9a00d7e245d95aa433119de047332777b49810dcb3c38582,2024-04-26T09:15:09.823000 CVE-2024-21004,0,0,74d75259359885feb58e67b784c7f0a497e76221cd93421bf881ed958c2f234c,2024-10-31T15:35:24.047000 -CVE-2024-21005,0,0,3a0033bb21374d9be43479eee698b2830f41d8d2a9d0eb123f27394e5de66035,2024-04-26T09:15:10.030000 +CVE-2024-21005,0,1,b12d0a7c3c205873871a05e86599f19556e7c7b41345074e358578c611af2af9,2024-12-05T21:52:13.690000 CVE-2024-21006,0,0,b66db085bb99aa21625f1949517478b22e3fbdd786db1c25a0e1b28fb3539492,2024-11-27T16:36:05.623000 CVE-2024-21007,0,0,318b973189a970b7ce55f9b439b79912feb01731965e9cf4d9ebb34a06f5b815,2024-08-21T15:35:03.230000 CVE-2024-21008,0,0,79c8ede7039b9ab861b81e9c13133e11dccfa6b5370f6dc01cdafe6899c0cddb,2024-11-27T16:35:56.737000 @@ -245667,13 +245745,13 @@ CVE-2024-21074,0,0,051e1574ad44e9fc134434d9fc9291336fdac976a78056659b667cad82103 CVE-2024-21075,0,0,8b46952e5245f6968a5f3ddc66b10ae2b4f79d4c31914d663054014762397cb6,2024-12-04T16:28:44.167000 CVE-2024-21076,0,0,cdb3cc254612d1752c3cffca87777e374b4c26fcac1665448f74861effaad989,2024-07-08T14:17:21.220000 CVE-2024-21077,0,0,178901293d2450ee4b65a744f15a73938d06d8b3c198af6954429932020daece,2024-12-04T16:27:52.697000 -CVE-2024-21078,0,0,666a72e4a2d5b5f435878899403d81c38c2bdad2a7569b00e5fa81b904f101c2,2024-04-17T12:48:31.863000 -CVE-2024-21079,0,0,685618112ea4ba42a7d4f3e9d1bef3ac6bcb6bebbbb5721a0fae57be1a5a6663,2024-04-17T12:48:31.863000 +CVE-2024-21078,0,1,3c58057f42bbb0adf71d1e55713932139d3788f707e7b7aa7c04496c5abba50e,2024-12-05T15:17:22.947000 +CVE-2024-21079,0,1,9f333b5a6668bfc55c617df1ab0b439cf4a721f5b936e07eedb797977ab1060f,2024-12-05T15:17:32.190000 CVE-2024-2108,0,0,9a499dbebde221ddf489f66723ebb5541c2e31460bf0818d8c825cfb43b4c9a0,2024-03-29T12:45:02.937000 CVE-2024-21080,0,0,115dcbf69c74627419ccf4630158e1826dae15574ebcc45a32af2b3a90937c42,2024-04-17T12:48:31.863000 CVE-2024-21081,0,0,e418c554ecd53c605c7c87bdcecced08262c98d27ae2118827b00e82ce34de53,2024-04-17T12:48:31.863000 -CVE-2024-21082,0,0,469486e7dd02ed32af747e60a838d04a7ab7298f6bea626389427415d5d00411,2024-04-17T12:48:31.863000 -CVE-2024-21083,0,0,bd8073f27e07f4e915d31cb56ae21b7fdc1a5f9f75e5474b0686fe0a316fa36f,2024-04-17T12:48:31.863000 +CVE-2024-21082,0,1,23528ce4eadc112aa9bc788303822bb833428e0b0c509b154559e37fa226ff61,2024-12-05T15:17:52.217000 +CVE-2024-21083,0,1,64c8564082dc81aaed6fbe25b7860e0025083c7b87c1d2d7ba9fd1db0a5d76d8,2024-12-05T15:17:58.973000 CVE-2024-21084,0,0,3ecf39fd228939a2dce5544ec5b78321dcd296bd51eedb006c227a11eff8a7bd,2024-07-03T01:46:30.583000 CVE-2024-21085,0,0,35f35fe8bd121dd226d197202c7e8879f1a74507a7dcab9fe69eee683b63b49a,2024-04-26T09:15:11.447000 CVE-2024-21086,0,0,6968d09fe669a4367750ca8567b719597691a3493bb1bcb4d376ae2557ab644a,2024-04-17T12:48:31.863000 @@ -245698,24 +245776,24 @@ CVE-2024-21102,0,0,e0c4528cdd1a9369fffd301868d00884311048b2a3539b7313328ec89feb0 CVE-2024-21103,0,0,2f3299fda2cbf8e902f3515fd0d48b9d8de5702ec09ff6c5557d6ae05b059de3,2024-04-17T12:48:31.863000 CVE-2024-21104,0,0,eebfe4dd9b21aaa35ec722f534d9449bff2c7a22cb7852b7fed566ff1ff264ce,2024-04-17T12:48:31.863000 CVE-2024-21105,0,0,fc58e283f6d0e4d970fd8ad2b639eb7f30380b543f0c738a670fbf8a20f2d5da,2024-12-04T21:15:21.417000 -CVE-2024-21106,0,0,ab50f512ef43406c6bec553aae7f9997284c506ca99d62550b6d1b274cae0f7e,2024-04-17T12:48:31.863000 +CVE-2024-21106,0,1,a30edb35fea21ae503094dc51bdc2a886ed27ec86c93160503156ca074c6a005,2024-12-05T15:15:44.383000 CVE-2024-21107,0,0,8b22c366b8e56e1eace3e0c72769115530475e44eb4f180061f1d02595110799,2024-08-15T15:35:03.743000 -CVE-2024-21108,0,0,457a95edc17f2d19406b77901b0315a9c16fbc7197ac7f42787f9b5f2f03b290,2024-04-17T12:48:07.510000 -CVE-2024-21109,0,0,13d20bf3677261be2a53b120554676e417e029919531127b8331decaf3e0f066,2024-04-17T12:48:07.510000 +CVE-2024-21108,0,1,fd423a12539e8c09f87e127e452da9461cea6406c29611a08852fc29f6e42176,2024-12-05T15:15:56.193000 +CVE-2024-21109,0,1,2cdefd680a6ab811e13df46c6ff4e0e53802f3d11f9b5114a4b41f728d406acc,2024-12-05T15:16:07.703000 CVE-2024-2111,0,0,6adfb64278e268a55141857a7e32fae75bf1ecf0e5097a377cb5910d9bfa0b89,2024-03-28T12:42:56.150000 CVE-2024-21110,0,0,2fb76e40bdb06e3e3079fd1da0264d6fd11a04c3085a1e1767dcd00caebab0fc,2024-08-15T15:35:04.813000 -CVE-2024-21111,0,0,a4bd64a6248fb685a1f5cd3f64253f1bc5d465a5d8c33da50a6b56c616fbffc7,2024-04-17T12:48:07.510000 -CVE-2024-21112,0,0,3843b79307daf90b6a1d0b5fe81ebf05f9b8f1c6159511f73ad1005727089ea0,2024-04-17T12:48:07.510000 -CVE-2024-21113,0,0,27396ff3e441e5311fb8ad3fdb1a14daec1460b787f5096e64cb0d17049922ca,2024-04-17T12:48:07.510000 +CVE-2024-21111,0,1,d1007003b8928975104f465061b195211d37baee917d9559690213da6d2f17a5,2024-12-05T15:16:10.643000 +CVE-2024-21112,0,1,30ebe28dea93a310d7817229f8d8215d1a4835a7b8c2f2532ca140170f88c01a,2024-12-05T15:16:13.397000 +CVE-2024-21113,0,1,a674c043adb2e6f812feaa0b76c1eba7fe54e06e1fa6fa3aa917621bf806fd05,2024-12-05T15:16:15.940000 CVE-2024-21114,0,0,0880b4b822c0833beb112d172fe417240b3cb185b690f6da3505b6f7c47508fd,2024-08-15T15:35:05.830000 -CVE-2024-21115,0,0,b1c90510e7789603a593fb63cf663c692bc761a2febc313e5f2e11a678db9f6e,2024-04-17T12:48:07.510000 -CVE-2024-21116,0,0,72e72f8f571890e066dee87876aa4475cbba55214ef3d60e82bbaa99711e97c4,2024-04-17T12:48:07.510000 +CVE-2024-21115,0,1,496a4de74dae60676025a8190e17db1ffb37f7b6383cea5ce028d6646b9ac1d2,2024-12-05T15:16:18.327000 +CVE-2024-21116,0,1,530494b4820398a7e8822219c84574822b4caa9ee5be4bfb8cfeeaa311d39227,2024-12-05T15:16:20.707000 CVE-2024-21117,0,0,c00c4008bc12621d52c01b8472214c0be8ae4e9de0cb223458bb38ef939dfb04,2024-04-17T12:48:07.510000 CVE-2024-21118,0,0,f114752b89d9b7c0657ca7ba9e9d4a87c147c0dace0ecb0acd8bb329459af8ce,2024-04-17T12:48:07.510000 CVE-2024-21119,0,0,9381600d4aa69a4373e482e4320b8fc62fa345594208c335b64ab5a7d172dea7,2024-04-17T12:48:07.510000 CVE-2024-2112,0,0,a9796693bf64fe8c1cb1a520a8b14d3b45df38763dca2df6ddc6b2059d00055c,2024-04-10T13:23:38.787000 CVE-2024-21120,0,0,b0038d7950fd54e728ca8204a661eead3f856b119245dfad7d926e5d9d2db135,2024-10-31T13:35:03.740000 -CVE-2024-21121,0,0,8a0d5fd4a744b9f97fa1125505a479ab3d5433ac8cc3bef173d2253a6f64884a,2024-04-17T12:48:07.510000 +CVE-2024-21121,0,1,9ac261a7c1bd85ffa11909e26538fa893d3223e0fe9f63f750076aae3f28b40e,2024-12-05T15:16:24.950000 CVE-2024-21122,0,0,a57d97d459ac8321977230309495b6b2091491e8fde03b0b41f454ed964830a6,2024-07-17T13:34:20.520000 CVE-2024-21123,0,0,8c72f1c73a001d9161e97028c4b8e5ddbcaa0643e6c0119430a4f24fcfa6e126,2024-11-05T17:35:07.230000 CVE-2024-21125,0,0,c3aedccd5f2f41a9e45a064d67ee45329b8145530c13b6049ea13801d9df3e52,2024-10-17T17:09:51.787000 @@ -245725,34 +245803,34 @@ CVE-2024-21128,0,0,a145f2e2070fdebdd9e11a955844fdac14e4a09532d458684cf1193933bc2 CVE-2024-21129,0,0,30c0af8944aeb2eb7fc7339cf788bb6181288ae99fc2db33dd0500850fb91267,2024-10-17T16:58:12.090000 CVE-2024-2113,0,0,d820f9174045c4a91c8de22b2f318d393b16e5183ad826479f5c93fd64192dc6,2024-03-29T12:45:02.937000 CVE-2024-21130,0,0,13e5e480b47df9c035f480a63cbeba0c6ce05798db1fa3dc667fa306c070c11b,2024-10-17T16:58:22.037000 -CVE-2024-21131,0,0,02165835cc6f0e203728409c02066c414e0700a6416e43c004ac7c1741f0e57f,2024-07-19T14:15:05.180000 +CVE-2024-21131,0,1,cbb105905c471220b312faf2fb5f451cff70a7e39e24ad3148da40dcd960a567,2024-12-05T22:02:52.553000 CVE-2024-21132,0,0,683d4a8132332ad86fddc10cd15bb59076d052bf865226f7944ae794277a5d4e,2024-08-28T17:40:31.727000 CVE-2024-21133,0,0,a9876891a6c2a6c3d77b30af6f76ad94e03c5c4618a7edf1f3af119bbca64cb8,2024-10-31T18:35:06.540000 CVE-2024-21134,0,0,8b2526b0e292ceacbf0cc57aaf65cf091a298a6098fd630f182d8f8af262d4ce,2024-10-17T16:58:38.650000 CVE-2024-21135,0,0,ba0250ef42fd2872339c049bf92d12e0db71762fc207c75bb73b68f494e9f6b5,2024-10-17T16:58:53.687000 CVE-2024-21136,0,0,0b3d31fd31b74b67777283c1c23811ac7b0b473c6d3e3e94fd2f66077b9a369c,2024-08-28T17:59:36.023000 CVE-2024-21137,0,0,9e3a5623d772a366034541e9b2d4f898f3c845463eff2ff73a0db681cbd04d62,2024-10-17T16:59:04.443000 -CVE-2024-21138,0,0,48e73281e1321884b4e1b592183d2ed2dbef5bea392b3b824bf77e00d538c447,2024-07-19T14:15:05.290000 -CVE-2024-21139,0,0,ac1e7874c883d227974696e6da1f4ea74ebc9ccd7cdf45b6f9f9065cbabb6c27,2024-07-17T13:34:20.520000 +CVE-2024-21138,0,1,d0d0b0a12c7b85c6dba3caf14a4e4255ab34fd114c7599491ad8667be8269073,2024-12-05T22:05:55.937000 +CVE-2024-21139,0,1,fe897a22f596246451165960a477437c52a9909798bf29b04507b256239ed7d5,2024-12-05T21:41:47.347000 CVE-2024-21140,0,0,4152c752f631d64c27b06e5115099663133590db63a2cfff7e518248f96c3d60,2024-08-01T13:46:27.193000 CVE-2024-21141,0,0,f6351581c68c52a0fcae66a77dd601ef15127184835385b5e0479a9d14461be6,2024-08-28T17:58:43.457000 CVE-2024-21142,0,0,426d1a3f4d5eb091ec704405144203a0f68ebdfbeee6844133217e729852f98a,2024-10-17T16:41:45.793000 -CVE-2024-21143,0,0,00d3158bf58fdef1b0ea359eb4fd1877d407a38c8141a35ed2d92f7d5fd7ff90,2024-07-17T13:34:20.520000 +CVE-2024-21143,0,1,bdb93532d171a4a630b505a3bee9742639756c06c1f168d853a9606fec7c3819,2024-12-05T21:41:35.897000 CVE-2024-21144,0,0,47e09fd5fcc37ec82730b14b6c143601a9e80d79dcae6217efe43cc12a904fd4,2024-09-18T15:15:42.963000 CVE-2024-21145,0,0,0f20eb889de8290fa5c2ea280bb176cf511605c155717bdaded7ab58008b835d,2024-09-20T13:46:53.830000 CVE-2024-21146,0,0,7afb077336ce7ba3c6e73dd702aa8036e113fd3088789a47d72ac48f75e1b9ab,2024-11-15T21:35:04.493000 CVE-2024-21147,0,0,d581db22cc70629aa91eb51c988684be29e1ff1430ebd94500067b05edd568f0,2024-08-13T00:49:47.367000 CVE-2024-21148,0,0,5e054bb367a8e9656b43550b5962eaa7f739f26520f7472e3f916549fb13304b,2024-08-28T16:56:18.687000 -CVE-2024-21149,0,0,ee2bd3223896d48493ed4bc80a50d18703c1a2b0e21db09049566849fca16635,2024-07-17T13:34:20.520000 +CVE-2024-21149,0,1,5811ca6341b7bd71d378ffe4b7aa0e6ce984400aee7e293a1bc17b7e0223c704,2024-12-05T21:41:33.037000 CVE-2024-2115,0,0,66506b198b4ece0adfc9016031263e6294a50c545f577c56b849d0c705d750c7,2024-04-05T12:40:52.763000 -CVE-2024-21150,0,0,8bf7ad156aade7fa3f13e2261e319a8085198969642f90d90774096fb77f35b3,2024-07-17T13:34:20.520000 -CVE-2024-21151,0,0,e8ca35bec02993425acd90acfb4d2e73c5aae2b099512170076bd06c14602c1e,2024-07-17T13:34:20.520000 +CVE-2024-21150,0,1,8f01743e08e2fe4dd90f9dcfe08d2f28b72387f6a09bed79464d548d2fd5d62d,2024-12-05T21:41:28.893000 +CVE-2024-21151,0,1,a40de30df874f70da60b00e59ec2ad841d27e9b5852648334be4b8efc130ffae,2024-12-05T21:41:23.637000 CVE-2024-21152,0,0,b2610bd2c7701194ba56c825a61e9ba1ea84b82c16dc44ae810ef7cc4bff4111,2024-08-01T13:46:31.340000 CVE-2024-21153,0,0,fb20f04f00fbd9902df909e6edacf1b7ee25352a9294f3fab6e03e96a0219c8e,2024-08-01T13:46:32.083000 CVE-2024-21154,0,0,1a1dc7feb370658527dc8d119e01f7bd2aee512c610b505c2d85ac23770689c0,2024-11-05T16:35:12.537000 -CVE-2024-21155,0,0,a8a570c6113128d8e322a917915d458e58ad7e39aa8fddcd9ddda272c2940422,2024-07-17T13:34:20.520000 +CVE-2024-21155,0,1,928cab7069e01417dbd511bb7d32b37eeae602e67cbf5d4ae990f5bca4d82841,2024-12-05T21:40:12.850000 CVE-2024-21157,0,0,315926cdf75dae9d7abad1f8c0a69c5cc5a373e5c33c0fafbdda67e1c2ea80bc,2024-10-17T16:41:59.087000 -CVE-2024-21158,0,0,abd2177430b15289f1dafe8369befc77334519d6a9221a02b1f5bfbbc009d276,2024-07-17T13:34:20.520000 +CVE-2024-21158,0,1,f78c67c7b7a2a8889d251d744d816fc3970c8c2c9af0b3bdf0fdbc5ec66e1cd0,2024-12-05T21:41:19.197000 CVE-2024-21159,0,0,ea59ffe4a9094b1298bb947fb6b967dd0aa22b220bae2019df03e057b1418de3,2024-10-17T16:42:37.273000 CVE-2024-2116,0,0,db5680b78c73e9ed7444fef2da21a0c5bcac8a3e521c07413a62cc0c6dfac6ff,2024-03-29T12:45:02.937000 CVE-2024-21160,0,0,a320e2eb0ff08c92073721638eb6d155a062e8c9c6430252ebed120cc696a530,2024-10-17T16:42:49.290000 @@ -245762,8 +245840,8 @@ CVE-2024-21163,0,0,1872814ba074bfe708996e143a82ace0036cc05723000fe962850f4837704 CVE-2024-21164,0,0,dbe60a5799862110e1bcaaaf92025ecfccc35d4b3c7e33902e20957fc9a2019e,2024-08-28T17:00:58.533000 CVE-2024-21165,0,0,dabab484b919218d3e6ff0c2a6cf2040e9bda41dff7415dbae32ae776164209a,2024-08-28T16:43:23.220000 CVE-2024-21166,0,0,22490d24959ae63bf601e15ce523bb25af11fe0abaf668ecd9e7ce18e864749d,2024-10-17T16:15:33.437000 -CVE-2024-21167,0,0,68c8f227666c06298257f7b468706125c2676562df674ce8154b7de7b4496211,2024-07-17T13:34:20.520000 -CVE-2024-21168,0,0,c69572c1110a4cc480c0e5afb70d08f9984a6bb55f4f3c55f471c687df059b4a,2024-07-17T13:34:20.520000 +CVE-2024-21167,0,1,8b59d4671b1098d28bd5d245f52d94563296b8fb8a1079f5eaa553ae941031a5,2024-12-05T21:40:35.573000 +CVE-2024-21168,0,1,1d7ff8a0064725f05cfe0f32ae36e5719d9a46aee21e11446f913b9f961a0304,2024-12-05T21:40:25.147000 CVE-2024-21169,0,0,75cfaa7dbb3017d69d1c32e7c9a3a07923f1edef87ef625d3961fd8622ff3f69,2024-08-01T13:46:34.717000 CVE-2024-2117,0,0,79d7dda411024d417201240caa69efdac6b41c6c0da01c1949cb476b1159e785,2024-04-10T13:23:38.787000 CVE-2024-21170,0,0,af70aab138e0b6f00f1af224e9aedbd73a234a8cfd2b7ba1d7eec319bf92e458,2024-10-17T17:11:10.947000 @@ -245902,9 +245980,9 @@ CVE-2024-21318,0,0,4af76d6077d85cc6ac1b2e5fbbea392e5599de7981dc9d0bbea11cee80660 CVE-2024-21319,0,0,a45f0ade862ff8aa7d45c69afb58ce07a8fc07a6b33b2d3562e36e6b68b9d714,2024-05-29T00:15:19.120000 CVE-2024-2132,0,0,9c9f85003a3bbe664082841aaa6842fc8427ec33d1f793f142740721a6f1bc65,2024-04-08T18:48:40.217000 CVE-2024-21320,0,0,1544a0032e12417b8a82b7f3c2e9e5a98e43a6ec8efa8a7b35ff924135d33adb,2024-05-29T00:15:19.243000 -CVE-2024-21322,0,0,b6596875984bc785e7a41755623724a4851e3931f5f83d102e91fa04b61a8405,2024-04-10T13:24:00.070000 -CVE-2024-21323,0,0,fc728f9c6948ece0e236c28613ad12c0e49c4c1835afc7dc74f28a4f7f1bf741,2024-04-10T13:24:00.070000 -CVE-2024-21324,0,0,97bc22b3b4c5fbe5f495a141e7d747bea998b9172d4fca2e5c52aa6900db5a48,2024-04-10T13:24:00.070000 +CVE-2024-21322,0,1,5254384463ea6d7e4749402c9f42ec0fd459cafdffcc14849d240d03b7b3dda4,2024-12-05T19:48:40.407000 +CVE-2024-21323,0,1,cd1610bfd15abe5aa854eb73e7a271fb8e4d96650c20f96afa4706af3e7ed1f1,2024-12-05T19:46:34.170000 +CVE-2024-21324,0,1,616e9b3113e7731624a941bbb7b546ee644a41f570a842c5b2c06ef6ac54179b,2024-12-05T19:40:30.007000 CVE-2024-21325,0,0,de61e2c052e088e775f782fdb4829f0d6750f367516bdc4932453fb53ebaa4da,2024-05-29T00:15:19.370000 CVE-2024-21326,0,0,f34f0aafed36b91f17703d5def33de9c20c3612256f0b6ed0d82e475eb3b1a32,2024-06-11T15:15:59.227000 CVE-2024-21327,0,0,4f03b71551d35238d051ce4191a84fd4ed70f20cd0325a0539a93715fb41d3dd,2024-05-29T00:15:19.510000 @@ -246024,26 +246102,26 @@ CVE-2024-21430,0,0,0c82706eb5221197af87e1f265a82dd4b412c443a76d8a68cabb9de79ab86 CVE-2024-21431,0,0,adb271f7c07729890dc0e6600645b6eea17bdcd896aadfcebe92e54de18d6777,2024-11-29T20:44:56.373000 CVE-2024-21432,0,0,b26b06b5af97e258df7fe189dd0fd737f77add3019eecc5409fe9334ce5a5d02,2024-11-29T20:47:25.987000 CVE-2024-21433,0,0,100deeaf7e9386a87e131a946114df15ff214b00b65b78941702d176f64f5d82,2024-11-29T20:47:35.220000 -CVE-2024-21434,0,0,b1361f70a03881d0b7783b1f104c7680681900021804a88dbbfddef6ed773234,2024-04-11T20:15:31.620000 +CVE-2024-21434,0,1,02c3f631f3f68f254b123b85a31471dfa3f9595f96204ecdef5f442eefba8034,2024-12-05T03:25:12.337000 CVE-2024-21435,0,0,af4c6ac7ef76f0f67a1ba6277b5a8737b11e09d1129e2401445d4e52e15c50e8,2024-05-29T00:15:35.713000 CVE-2024-21436,0,0,00556a431a6d8f3334e9f93cd607dfc16f3cab8684b005c0250ef6e1b8b30f19,2024-05-29T00:15:35.830000 CVE-2024-21437,0,0,7b8aba4a1f0684255f2697284e5733a9c1601c9f827d056c5a7ee4c50e2d755b,2024-04-11T20:15:31.943000 -CVE-2024-21438,0,0,1d7a5151d9c33c0baf994a60f6d18340d085494e6f9d8ee0113597b7014cad90,2024-04-11T20:15:32.050000 +CVE-2024-21438,0,1,8e8bc0e231eae099706565597bcad2d302b11da17a75677f8a81dec1cd59dfe8,2024-12-05T03:25:34.603000 CVE-2024-21439,0,0,ee34109113b14b10d9803940def30a508e0902365ef9aae397dd305d5f7f5bd1,2024-04-11T20:15:32.153000 CVE-2024-2144,0,0,a6f9fa90eef86396d656c0b4b51fcab0fe3e6279579c8b4e2055ce7bd4b2d26f,2024-04-01T01:12:59.077000 -CVE-2024-21440,0,0,d637d136172a3ac45d733fdc9fd9af5700551f78fa94c1434ad895bce7a0ef23,2024-05-29T00:15:36.073000 -CVE-2024-21441,0,0,cc357394e8c65055611e9e386b93b8212d186951cc285db076bec0089c554515,2024-04-11T20:15:32.360000 +CVE-2024-21440,0,1,1259e2b506f536c13fe55e40d7ba60f51486a69462fae5526e6743dbca1db03d,2024-12-05T03:25:52.233000 +CVE-2024-21441,0,1,0a4dc823b20e791363ed6237d2233d35d039061038cc40d1dd049cedef8731f8,2024-12-05T03:15:20.800000 CVE-2024-21442,0,0,be2e0dd515187a1e0adc62d98948bae7dfff021413d0a1a4d3a361e90224b010,2024-04-11T20:15:32.457000 CVE-2024-21443,0,0,e29a27f7b4b9f802c4b4242fc14ab3f09c08eb021ebfcf63ce67953f107eedc1,2024-04-11T20:15:32.563000 -CVE-2024-21444,0,0,aaba939ec1c9bd095171b9febc852b2cd0736e55be56e32f152535e47a56a222,2024-05-29T00:15:36.297000 +CVE-2024-21444,0,1,a8c6c6274226dbd29fa0d9ac33fdf9a2b6daef7a6f57066d1b02a7561d909a58,2024-12-05T03:18:50.527000 CVE-2024-21445,0,0,1e9644529a4c09a7e7b867fd24131ae695337874b20e05fc2c8f29a74f020b12,2024-04-11T20:15:32.753000 CVE-2024-21446,0,0,d91af89ff77312fee55a3cb5f9839f37302d10ad728d89077b6cfd938f9718c3,2024-04-11T20:15:32.857000 CVE-2024-21447,0,0,bcb33d59d4cc54b7944f70b43838b78d2de28c13052766332282f9f8eec5b1e5,2024-04-10T13:24:00.070000 -CVE-2024-21448,0,0,40142b83431d484ca38acbb788d7523f2721d5755a5a237be8e19334b7e92f0f,2024-05-29T00:15:36.470000 +CVE-2024-21448,0,1,c996f0b534b3ac1fa41f31656478310b178c17dadb7c6ed03fa7e6cc9f999d5d,2024-12-05T03:19:21.767000 CVE-2024-21449,0,0,27f3d582dff3d2bb33572fa82e89104038d6a5ee6fed407b847c3b8beb7fca5c,2024-08-20T15:48:51.190000 CVE-2024-2145,0,0,827ab96169cf8c47e9ce401a991ae891b3ddee0c4e3c5089f0bba0550e86a7e8,2024-05-17T02:38:04.100000 -CVE-2024-21450,0,0,25401a86ed4cf6aee58f7dc7ff8bede6f2584b071ad1edcb27bf966a0a91c76a,2024-04-11T20:15:33.050000 -CVE-2024-21451,0,0,fda859879476242f447364ed932f4e097d32ef677cea24910429c5be2e67982f,2024-04-11T20:15:33.143000 +CVE-2024-21450,0,1,f0a59d43934884427929c09c7f63e0e4c95c6897cf36f4d7453ea519900780ea,2024-12-05T03:19:41.673000 +CVE-2024-21451,0,1,c20f96721db68a100bffd827cf1d9357aa52b67030e54c756043a7a911552d0b,2024-12-05T03:19:51.647000 CVE-2024-21452,0,0,9f708d763548b34c7c49c3f0348df362d48fec38e955d6efb9dc3104c88d6865,2024-04-12T09:15:09.877000 CVE-2024-21453,0,0,da605aa15089d99be623e883beeca2f93e21f8fdda0997652a458a217ea7b701,2024-04-12T09:15:09.977000 CVE-2024-21454,0,0,bb3c6f4e967eb55a8c57e103a3dd8be0b010cb457fa764651101d90478af9307,2024-04-12T09:15:10.083000 @@ -246094,7 +246172,7 @@ CVE-2024-21497,0,0,8aedc196ee518fe8560cc512f459ccbfc6592e8201a18667b2196e5e6bb6b CVE-2024-21498,0,0,3c9376a89b1471a3f3dcd2f26b2302ecf028dd3649469284754d6d6bbe15e588,2024-08-01T13:46:44.130000 CVE-2024-21499,0,0,056024a19cf11190da9415625f86200e7f99c9c1c15d5f4eac3772c0369f1c48,2024-02-20T19:50:53.960000 CVE-2024-2150,0,0,c22643bdc0b2ebd66d5b5ba194b52141f4bdaa1a38843b6dbc7c558d59d8b77c,2024-05-17T02:38:04.570000 -CVE-2024-21500,0,0,e32cca032c5c817f0140a0fc7fc7560c3a63cfca90476fe248b7470595a38be1,2024-02-20T19:50:53.960000 +CVE-2024-21500,0,1,6cd1594c4e223fc3885480361acdb48625b73f48d694e68856a788a09c0a91e8,2024-12-05T21:15:07.243000 CVE-2024-21501,0,0,d04e2442e85706ba7437e49b49125d8ebfada3b71184a475809a9f06322396f6,2024-08-28T18:35:07.823000 CVE-2024-21502,0,0,fb5ae175e215ddb01ef01146351120b7135179219e17913fc19fbdc46d2b3141,2024-02-26T13:42:22.567000 CVE-2024-21503,0,0,e2363221420f9e91165d2e5e4f11cb5254f6968c7e760608a87c93e517f340a6,2024-07-03T01:46:41.680000 @@ -246547,7 +246625,7 @@ CVE-2024-22081,0,0,c0e23ef382492c7380a92e96cb3bb331fbab187b3695f4beebcf35389003e CVE-2024-22082,0,0,459e25d191876c4f00cade807052f238137ad057437a31854486c01937977cf9,2024-08-05T19:35:02.233000 CVE-2024-22083,0,0,74b45b5af8b189a98f0ae3f5de93a8890b5154c871aa478787fd07cc6c45d260,2024-11-18T19:35:02.710000 CVE-2024-22084,0,0,0e122ae85d4de51fb69a5bdf68cc5b622f1fc44a5c7c74096438459ba25e7679,2024-08-03T20:35:04.983000 -CVE-2024-22085,0,0,9bb660a953db76f501963932fc60e0d5afb5a0529b26a144a0fb7fc6555c5828,2024-11-06T19:35:14.630000 +CVE-2024-22085,0,1,3ab2ee6b79cb1c1b0769fa3c6728e6de2f766ff3353cbf9f5c8f353ea357be6f,2024-12-05T21:15:07.383000 CVE-2024-22086,0,0,1d7696b944cd1a26a2cc7bdc48a35b3903f2aec00a961a7e53e9ced659d9458d,2024-01-11T17:04:07.660000 CVE-2024-22087,0,0,4384797ae7846daec0107426d58d87d7c4784c559db16808176350ae4c959dce,2024-01-11T17:03:51.967000 CVE-2024-22088,0,0,b895d73398c482c8e6acdb9bb17741aa9b7a4b9e58038e199e46754d5e3337bd,2024-09-04T21:35:06.700000 @@ -246712,7 +246790,7 @@ CVE-2024-22254,0,0,20d7e9ec4979d70b7eb4baedee6a35555829a7b91aea3c15baf85c60eb6e5 CVE-2024-22255,0,0,8e7a40c5bf54cf100359b6bd89ec7ed5b7b9b1826e219d741464964078f159ff,2024-11-04T18:35:06.477000 CVE-2024-22256,0,0,dcbf1bed6a2eb60ed505918b467b6ef5ef784547429273c505574abd3ae01acd,2024-03-12T15:01:32.347000 CVE-2024-22257,0,0,deda0b5f6a8517bc02c2038e4f08a84e8e42d2c5375167943196ec92b20f1e7c,2024-11-12T16:35:07.147000 -CVE-2024-22258,0,0,4b97201062488eaff51b24fbc9ae28b1f946f20fc4b3f47d5337472a99498617,2024-03-20T13:00:16.367000 +CVE-2024-22258,0,1,eaf12a7c8ad5854401b0c00d5a13b7faba9eb9c686cffc7642b0b9f286c4d6d9,2024-12-05T21:15:07.530000 CVE-2024-22259,0,0,1619807ca0dd0d25e590483ba5fe046c92691b86131dda52a5fc321e717fd519,2024-07-03T01:47:10.080000 CVE-2024-2226,0,0,d1bdd7002c5ec8a69fcb10676a03d7f656c6960181e2ea18b4c07683d5e897e3,2024-04-10T13:23:38.787000 CVE-2024-22260,0,0,e3a7574003b5b18daf6b51fa1429cdd15224050e7a447a5b564d582e7ec99a92,2024-06-28T10:27:00.920000 @@ -246839,7 +246917,7 @@ CVE-2024-22390,0,0,55902feb124ae1975588cd87c6024bd399658d0d39667fda823793e05c4f6 CVE-2024-22391,0,0,1f24cf22f6c35797cf3f1b5f513aeb27d6c9ee9188ababd3d8b06daf33275477,2024-05-05T03:15:06.950000 CVE-2024-22393,0,0,708a22f5d3d86e394b7bd57dc98253e578e5dadb2c4096ced276d5893ef994b3,2024-08-01T13:46:55.723000 CVE-2024-22394,0,0,2d2cacf44303c3f2d5173aeda14462e9b46618509e14fff72aa5e0f1e00e04f1,2024-08-22T19:35:11.720000 -CVE-2024-22395,0,0,0d29784f93066fed6298e77c63a9a7ba15d287ad4907fe05e0ebf699a961fc21,2024-02-26T13:42:22.567000 +CVE-2024-22395,0,1,f5a9d3a805e1203fac3ac334907116e26be91933941b94b88e6ef77604f5fb3e,2024-12-05T17:04:30.223000 CVE-2024-22396,0,0,a5f00b94b83832b467db4300982cd3b6b686890c80cea01a13cc610352a5b12f,2024-07-03T01:47:17.270000 CVE-2024-22397,0,0,a22476279a0935a827e77ac005c3f79785c215cd6755d834d6f6f936f670c7bd,2024-03-14T12:52:09.877000 CVE-2024-22398,0,0,ba44b0d25e7b758fa53c63cdc26c43f1429982b9cc2c5eed3635a95b6d6d99db,2024-08-08T22:35:01.020000 @@ -247003,7 +247081,7 @@ CVE-2024-22705,0,0,38c53b7360a246ae2257473aab7550bc6bc1aeb88a628a6e1cec6eda2e0b6 CVE-2024-2271,0,0,0882664d094a449b5e5d987e142c8cc32868dd26cc6d9ea16d12cc743d1ab93c,2024-05-17T02:38:08.133000 CVE-2024-22714,0,0,a9e8e25ef22da74b6de4ad04262ddb714bc83c7539ac3ba25c2f4f5074b70359,2024-01-24T20:28:11.080000 CVE-2024-22715,0,0,b4a745df0ad0b8ec34d469bcc0776699e2d75171257c5217f0f753481edb107f,2024-01-24T20:13:00.880000 -CVE-2024-22717,0,0,ca261a195338eae13cf040fced9dcd4c7f6388ad3c49be3f2e5ac8b4d2ac8c4b,2024-04-12T12:43:57.400000 +CVE-2024-22717,0,1,fb8b7477f75ee6999c04eedbacd4fb1d6d9fe527858c4508a7eb004e8245258f,2024-12-05T21:15:07.650000 CVE-2024-22718,0,0,fdbc5618325a454d8b333a1e48c28cf1aecdc2c23be645f7cd092c43b90b9ed7,2024-04-12T12:43:57.400000 CVE-2024-22719,0,0,83a68735925631248610a829cf1fad56584a2b44d3b80b260536c3c972d1bc32,2024-11-07T17:35:13.377000 CVE-2024-2272,0,0,bc7fc0edef953b8e6907a8afb1963293ca16cc15ca659728d50442893cc6726e,2024-05-17T02:38:08.237000 @@ -247247,10 +247325,10 @@ CVE-2024-23193,0,0,94365d7de57d8ce926c2c7ac02ef89a93b80020f4b39156cd6a94092ab50f CVE-2024-23194,0,0,089c2460385496ae22f7a90553a23720c6ebf4be452b1a50dfaeb1dc5b6ea1ab,2024-07-11T13:05:54.930000 CVE-2024-23196,0,0,e45d2b288ffc42c77c53256d3583d28293621dd89d142259811f8fe52d06b396,2024-02-10T04:06:14.577000 CVE-2024-23198,0,0,21e5938f4d74c8281bf8790da1b84875167859241f1d6235396b8f1f5665d0ec,2024-11-15T14:00:09.720000 -CVE-2024-23201,0,0,2015a286fe1ca1d8b9078d39d11c89a41b6be37be9d18a49416dd892d150a982,2024-11-01T15:35:09.553000 +CVE-2024-23201,0,1,6ed91e352afbe440084318a506bc61cae0112de96fcbe1ed002ee6097d98108d,2024-12-05T16:55:37.627000 CVE-2024-23203,0,0,35efc69ad503e337d3e396ab83791d4158b674a366899f0534bda8815d3c1835,2024-03-13T22:15:09.117000 CVE-2024-23204,0,0,afae0f8b3e19ab8973af8b7a3b489e4bd91d0fdadf5faf2aa71183f3a9158566,2024-03-13T23:15:45.887000 -CVE-2024-23205,0,0,4697a73bf9bc3e8ddfb255725f1c8d01e58d660cc4bf4e35d026b49c729dc759,2024-11-20T16:35:17.937000 +CVE-2024-23205,0,1,e18ee594460a44f1f65af5f62c86fe10e8903646c6e9896a40c7de1ae7cf9620,2024-12-05T16:45:45.183000 CVE-2024-23206,0,0,507c84e2d0e52cafc2157e9d16706cbde18b562da92731ec0900997e5c935fac,2024-06-12T10:15:29.787000 CVE-2024-23207,0,0,3409f59ce48ebab075a426e39ec672741159cf18513a93ddf138321de73422df,2024-01-26T21:23:37.840000 CVE-2024-23208,0,0,fb50bbc6e7452dfc70caf10aadd5a5063e9a046d2405a71df1d4be3aec2b5c7e,2024-10-21T11:35:04.960000 @@ -247261,49 +247339,49 @@ CVE-2024-23212,0,0,f80d0116e96d75ecefd545c3526dcd4d5f88bcbed5b339e1c95b1820f7413 CVE-2024-23213,0,0,3accb2e6ca7cc402e236c9474680e18edadbd0d691e602685b9c7a01131e56df,2024-06-12T10:15:29.957000 CVE-2024-23214,0,0,33119634a46fa5c4e530acd0e9c618db34847fde568cfa47bd7b42b58ac780ef,2024-06-12T10:15:30.080000 CVE-2024-23215,0,0,33fc650ebd8d97f7539b32750e085a2fd8b81965edd8ee0561acd57fa017b4eb,2024-01-30T16:17:32.130000 -CVE-2024-23216,0,0,f8f18e7552f290902a4ebbaf17adb29e0e3fc3f3d4000accb9bf87224755f7f4,2024-08-28T14:35:06.780000 +CVE-2024-23216,0,1,a071586855d0a31e12513bd3a731e9c1c7bcfd99ed067760a92233d83d2d25c8,2024-12-05T16:41:53.603000 CVE-2024-23217,0,0,22b8aabc2c537f06727d28ccece5638ac7f57c64b05d618b0085cec7c37d61be,2024-03-13T22:15:09.273000 CVE-2024-23218,0,0,764d9591d3c5e993d8e4b9e38693ec8072deb6341bcae3b3215d2e62a14277ea,2024-03-13T23:15:46.027000 CVE-2024-23219,0,0,478ca77553ffcd9677d8ceaf589ef8d6cf6bae32d2a8df76b85c410ad74b3348,2024-01-30T14:36:42.017000 CVE-2024-2322,0,0,776e33fcdf567ae537046234d62ca7db5b963706682e8716d8d5dc09cd7f8be6,2024-04-03T12:38:04.840000 -CVE-2024-23220,0,0,f101ffaef9dad46b0d302b5c295ba98ebf46d5f444c97ba83b37945ab744597e,2024-11-18T21:35:04.300000 +CVE-2024-23220,0,1,56ec6c9a0c3f534e407a25990b76d9f9791ed14187a0ea0d7f9d644c10ee29ca,2024-12-05T16:36:26.020000 CVE-2024-23222,0,0,234fbc8851ab910f53af22b06eaa70a751c876141fb023e6fa28056f96c7e426,2024-11-29T15:05:53.577000 CVE-2024-23223,0,0,464a4cf7e8bb6b5e08b4ad8ad5f4cdf79fe55ec2d8d88009937799f33564faa5,2024-01-27T03:48:24.797000 CVE-2024-23224,0,0,fa172b394ba1cf6f7733db8331430ccce1bd8679933444bf6fb2bfbefeaa9833,2024-01-27T03:45:02.100000 CVE-2024-23225,0,0,5e4a7bac3a06241496875f13b40354e356bfb680348fe60d93915e2d4f0c623e,2024-08-14T17:00:03.717000 -CVE-2024-23226,0,0,c0d0d5fec02771ea9a3a526f532b92cd110b517e8f0faaae4ea650f235ab31ac,2024-08-07T18:35:01.913000 -CVE-2024-23227,0,0,5847ae8745a820e05d15f70b2ea160bac8c8f0605239a87b3402aef66aac22a7,2024-11-07T16:35:13.793000 +CVE-2024-23226,0,1,d35555d4d9166169b2d9ebc0c0d3ddd8a6739dcc9d000507c64ae35e59ee757e,2024-12-05T16:33:06.327000 +CVE-2024-23227,0,1,eeded3365b3f5ae72b53b6766c3f1571c46876b65611fd208cdef323d44e0e7e,2024-12-05T16:31:39.383000 CVE-2024-23228,0,0,cc53be31cb9d833cc5f783d1b1a5baa2ef8daadab372d7bfd86c3142f74dcac9,2024-07-03T01:47:38.910000 CVE-2024-23229,0,0,561351da6f91af092533ed5801a4de12d08e4fb8a08cae5fec6b16d788979c5a,2024-10-30T20:35:08.097000 -CVE-2024-23230,0,0,0ce355c026a81eb330cd3a55adfdd58c7b28ad2193d6045812672f59d130ef9d,2024-10-31T15:35:27.513000 -CVE-2024-23231,0,0,0e1f04616cdf41b71be7b9218a6fca56d6aa4937cf846479ddbe6f0c5832b513,2024-10-31T18:35:07.310000 -CVE-2024-23232,0,0,9e7b49448cac16c45fbeaf042c9f71b2d8db550fb449e33aa9abdc891de85b63,2024-03-13T21:15:56.087000 -CVE-2024-23233,0,0,313670ac068b12d9fa516d4a3c082e80e45b5e5dbe4efd3c4e89ac3ce5144465,2024-03-13T21:15:56.140000 -CVE-2024-23234,0,0,cf9cee47c5ddf4443c90581bef409e0907a72ec2106ee4166332684023ebc090,2024-08-27T16:35:08.620000 -CVE-2024-23235,0,0,8475456fe966a8434d45c9ecd97011b49e7b6d9a91cff5dc02bc68aaf295e889,2024-08-01T13:47:09.287000 +CVE-2024-23230,0,1,156b934172dbb493756c9b28b3091ed6cf989cf09f6556b0519517d3a710f9a9,2024-12-05T16:29:16.003000 +CVE-2024-23231,0,1,ba1d2593aea3c4c4a174d2e33b5049749196fa54034828f6beef5b71f462e4b8,2024-12-05T16:27:10.467000 +CVE-2024-23232,0,1,2d4ff156fd4bb5acfd4c77537307a7232bbe750b532071870b7076c67ef970f3,2024-12-05T19:50:23.700000 +CVE-2024-23233,0,1,ba76592c9abd6021c9cd40cd3baae71397fb7de180a79a7079e5b607a05d8d7c,2024-12-05T19:49:55.040000 +CVE-2024-23234,0,1,2e6ac2948d5f78449bdbb22421c29ee97772b7e769451de805febffae9b54f22,2024-12-06T02:48:33.647000 +CVE-2024-23235,0,1,d147655623feed7f676315427c134a6bbfb5863ecb6102302089b527b673a106,2024-12-06T02:36:27.937000 CVE-2024-23236,0,0,35e1e8394e7b9f6ad4331abd77ccd4bc245703e2c3f094e21b2b9f6f0cc432ae,2024-07-03T01:47:39.753000 CVE-2024-23237,0,0,6dc8609157dba9ce55eaf57b67c4721681fe5ea22e8e490a9221bb71f875db28,2024-09-23T19:53:51.170000 -CVE-2024-23238,0,0,fd48b8741b126bfeb7cfbf18403f943f7768e37b33d158371b746f6d71b99a91,2024-08-05T20:35:04.390000 +CVE-2024-23238,0,1,e055da92b65437a98bc321c417e70a8f6a5157addb3c81c8dcfe9f4937312e89,2024-12-05T20:03:43.247000 CVE-2024-23239,0,0,17a811a7a40ab6626263a25969f3b0683f14fcd51c6df6a2a6c4fb1d83529ebc,2024-03-13T22:15:09.947000 CVE-2024-2324,0,0,a32ac9b03f44a6b6199f75f2e494024d5620e1a8d468eb3441202d4c5501e3ef,2024-05-02T18:00:37.360000 -CVE-2024-23240,0,0,3569e8134b2a3af2d53b5c9e82db96137af21c404d216100b766d04ae03312b4,2024-11-22T19:15:05.603000 -CVE-2024-23241,0,0,787874ad2a60e2fa7591cf9c9391870037f4ab5b89b8ef727316bb5a2a5a4b30,2024-11-18T21:35:04.697000 -CVE-2024-23242,0,0,aaecde8a798ca776b50091eab43b4c20fea81702419ce910fabce080cf53ec16,2024-11-04T22:35:02.393000 -CVE-2024-23243,0,0,b96d0be0f60c72c3c8aaa37f44bdb5828b0e3cdac64240db77de9e49c06f8cd1,2024-11-05T22:35:03.537000 -CVE-2024-23244,0,0,24e1f39ea8345f9beebd2c960d56e2266341c33ce47de81803c5b5c5ff8fbc8f,2024-08-28T16:35:08.747000 -CVE-2024-23245,0,0,101d7b866eed02e86ebd84557a1282b5cb9bc6d29a5271f7e19a7ee3c96cb84e,2024-11-04T21:35:04.100000 -CVE-2024-23246,0,0,a3f6288a4dec4e6b98e18e3dcc2273527c942df80239f6227e94a0328a431f71,2024-07-03T01:47:40.097000 -CVE-2024-23247,0,0,d5698b79b28caabaab0fed7a322a63e6d266c688aa3ae5f6b0f0f62214304bc8,2024-08-26T15:35:04.747000 -CVE-2024-23248,0,0,c6580627d980adaa3f84f2190835feaa8367986dcf4cd0997d62805a89d20fc8,2024-10-30T19:35:08.687000 -CVE-2024-23249,0,0,3e263356c0755c0a69c937889b4ad48c4f44653f9a58fba536b85c502a3137dc,2024-12-04T21:15:21.770000 +CVE-2024-23240,0,1,cfcc74bc9a2561f234f2e09cc9a15ccb46db6ecf3cf7382531a3931cd8b2b580,2024-12-06T02:23:48.297000 +CVE-2024-23241,0,1,2df8eefc5a5d3e8f7e71fdef3cf0685aae5531508958f5f579f425799516c24b,2024-12-06T02:19:38.083000 +CVE-2024-23242,0,1,741106f9dc3463bc451723e7b8cc21ef1db5886490f98395e55dc47f2247ba19,2024-12-06T02:13:50.147000 +CVE-2024-23243,0,1,16c5de8e4ab967061eb8ee2cd6d3dd7d9074d29e6b9475fb955e98d6f2c0db20,2024-12-05T17:10:47.297000 +CVE-2024-23244,0,1,5aad1663b4ed4cd78deeaed9a4afb07e9e6e364d3035e066110317350a5f9cb2,2024-12-06T02:13:06.950000 +CVE-2024-23245,0,1,4a86d676d3be6cda9e360ecc9a003c7062cb405f97d6449fe5589357ff2225f8,2024-12-06T02:08:18.640000 +CVE-2024-23246,0,1,ff2f47b01d9db6b76018b7e6f09021055c9d6e6c8c480cbe244aa09f8dc0edb3,2024-12-06T02:02:26.433000 +CVE-2024-23247,0,1,c204ca7ef7979ea0603fec0bd8eddb1c65df637a5bcdac9a9a2ba060eb81fcf4,2024-12-06T01:58:51.233000 +CVE-2024-23248,0,1,c48fd9ad2631eef3f53ac5adca0b91801108c15be181b815768304a228795f1c,2024-12-06T01:52:41.503000 +CVE-2024-23249,0,1,5da154d890c56feee3aeb01a7ee9508a41a9ca6982e5c902a0c40bac654d6a2e,2024-12-06T01:51:51.123000 CVE-2024-2325,0,0,7c23733ac07d678fef2131155333b86f0e270e103dc635d072d48231d3950c26,2024-04-10T13:23:38.787000 -CVE-2024-23250,0,0,07279c8c12ac3b5810e0a08afc9a612f0127647f21ad57d9453a83d5e0073cd2,2024-03-13T22:15:10.157000 +CVE-2024-23250,0,1,e71404135f796bc9c7f5cde9739de15e0cada9132b6e03839ee534a79eb07fbc,2024-12-06T02:30:56.107000 CVE-2024-23251,0,0,092f1229e72a5c3cf728a0733bb73dcf6be0d42bcc4cdd3b35ac4b29d4862c68,2024-07-03T01:47:41.057000 CVE-2024-23252,0,0,14d67c7764d249aa5fb6c8bb08b3f6111a58e8166149c197fa34aac49c932454,2024-03-26T19:15:48.757000 -CVE-2024-23253,0,0,c61f28471228959a59f22427de9050d3ce0815a3a80230f51f121f0b328ce908,2024-08-01T13:47:10.297000 -CVE-2024-23254,0,0,fedc1cac8d07d05508c633e323f1fba64446b27dc95e4caba65e12c2684ad1e9,2024-12-04T18:15:13.310000 -CVE-2024-23255,0,0,17327ee29217ae3e06bd260b3a5edb42cdc2a593b75fd24ed5d8f6e47504bded,2024-11-05T15:35:07.043000 -CVE-2024-23256,0,0,b3527066816f610edb9264c0189b1b467dd2e81d848ba04bd4fda6c234c09cd1,2024-11-05T20:35:20.047000 +CVE-2024-23253,0,1,6fee2e03ec17eb24d88c1bed52c44c23ae4ef97327ff874a2890eaaa17222750,2024-12-06T02:27:33.813000 +CVE-2024-23254,0,1,3ad832d7c7a0a8a8df5739c11dd6d63a4415039b0e1baa027b884d9d2dd50195,2024-12-06T02:54:01.530000 +CVE-2024-23255,0,1,7bd882417f214059f6dfc15001b2afab0607fe28723d0b0944187e5c1a7be405,2024-12-06T02:51:33.217000 +CVE-2024-23256,0,1,4ea578b20137f41639da60d4790de798cbf85fd6e17c481c4d3ab161fae0f632,2024-12-05T17:05:54.973000 CVE-2024-23257,0,0,04671ba4d7755d803b21278e549ded5212cc3a0cc19bba456587683c0a6c72bb,2024-03-13T23:15:46.707000 CVE-2024-23258,0,0,dee83e7f7f5ed1c3a1d8a3468f9f35c6db6dab8eafb2a604bfe9a51903ddba0b,2024-08-01T13:47:11.070000 CVE-2024-23259,0,0,32180f50b016e600303bef490f7c44972cd0819551854177dd2a129ee13314e5,2024-03-13T21:15:57.180000 @@ -248451,11 +248529,11 @@ CVE-2024-24899,0,0,7da6787727c1eb8f322c754abb36a426608943de4453e0883ed1839501beb CVE-2024-2490,0,0,0c96c0749a6faf0d98d3d84a20ae5fde5dbadcd841e631e3413760387edfa993,2024-05-17T02:38:15.590000 CVE-2024-24900,0,0,d5304f8431348447d6c427e55f3d4ca1cb09c058bcac6836ca3d23f9d77a4f59,2024-12-04T17:57:20.727000 CVE-2024-24901,0,0,6e4765658a1dffb5d6f63e43320ce59d096cf34cfdd351baedc9e2564301d7c8,2024-03-04T15:35:25.673000 -CVE-2024-24903,0,0,0237572b96c08ea8434f3ca675e08f334fbdd49087ac3b1a74703aee58b2da60,2024-03-01T15:23:36.177000 -CVE-2024-24904,0,0,64875559b6f44f96a3e647c76c0185b1e668763ac2a6ab0aecd2239deae19637,2024-03-01T15:23:36.177000 -CVE-2024-24905,0,0,928cdc87f03aeda4ada5fc61c95eb6721118210b408d811e61f0523598b00f6a,2024-03-01T15:23:36.177000 +CVE-2024-24903,0,1,20ace19702d61461a325ac0094b2754254411855e95bd4f83fbcfb299a572388,2024-12-05T16:45:06.087000 +CVE-2024-24904,0,1,07c1860301b288e494f409523a7fc08a6aa78b8c69ec186b5f0602d911f83372,2024-12-05T16:46:28.330000 +CVE-2024-24905,0,1,5c748715bc7d812a79cdc96366b15f8fd09b8ecf1cba47d2ede98d60e4670b0d,2024-12-05T16:47:29.837000 CVE-2024-24906,0,0,4965115ea4e70d4d95cde856e3b5d47947068d9fa0a08d4883cfb3e6b5f5bebe,2024-12-04T18:16:04.087000 -CVE-2024-24907,0,0,5368acd3d3a6f7573bba13621e4ef46b0d40312dc6f89b99d5a21e0fcfe9c7ea,2024-03-01T15:23:36.177000 +CVE-2024-24907,0,1,b21ebbce3cf6fa61a8a847e068e2a9333679d7e3a3b2ea19142d97ee306e9af9,2024-12-05T16:47:32.350000 CVE-2024-24908,0,0,5b6459a6d3b25d3a6e18a46178e2c19b8c023f1c9eb6637cd354809eebe84f03,2024-05-08T17:05:24.083000 CVE-2024-2491,0,0,34df2866b188a5f2bd5c96103e6f5baa1d2243906a6941988c94b002f28fa254,2024-04-01T01:12:59.077000 CVE-2024-24910,0,0,5fd61dd70d8ecfaf176a8f6d8c2c30bd5b15998ebd0d63a548282cf932846ba7,2024-07-03T01:48:29.673000 @@ -249377,11 +249455,11 @@ CVE-2024-26150,0,0,724a23f6f5cd2b08e078faf9766b70ef43f45650f38390687bb0597c88033 CVE-2024-26151,0,0,e1dc838a6d430f2f3bb000afc8645752ee52070eab909d9c789d043adb639eb1,2024-02-23T02:42:54.547000 CVE-2024-26152,0,0,be8646b007362130f2d7e4b19e1e011379a1ee505dd31fab682fd492bc0e9a97,2024-02-23T02:42:54.547000 CVE-2024-26158,0,0,e4eb67f7a9ef1e95f05f830527e292892249634485474776f5ca55a98fc6f945,2024-04-10T13:24:00.070000 -CVE-2024-26159,0,0,56810e72f38b92040811a5204d542af9b722ff356135b225ffab76f56a28e7fb,2024-04-11T20:15:33.460000 +CVE-2024-26159,0,1,74a66efe68adbec642f5d04cf56c7ff71c274a7e0567a329cd0963c884afdcf0,2024-12-05T03:06:07.380000 CVE-2024-2616,0,0,9b15179cd9c13063a987e4bea66929da17ee47340fd2e08c233e9c68e7f7a332,2024-11-04T17:35:14.147000 CVE-2024-26160,0,0,a5ba5256c33bdbaacb3171d5280616afee8699c566f2ab3b8302aeb6de79cfee,2024-04-11T20:15:33.553000 -CVE-2024-26161,0,0,144d4a9b4e8ed125dc2cdb23e80f565db560f7b039446d2c7eefd4f94fae90fd,2024-04-11T20:15:33.647000 -CVE-2024-26162,0,0,24caa669816ecfa4cc8d90aff433766fa488343cde50be56e3b76ed5fb36afaa,2024-04-11T20:15:33.750000 +CVE-2024-26161,0,1,89563409800fbffebcb197091c745615b33e6199d314ab3dd15f0aac42b18b88,2024-12-05T03:13:28.823000 +CVE-2024-26162,0,1,6db79e02ea9ccfbdf9b6ec43f0dee2ca0f4b40a961c561698caa8afa95c0a1fd,2024-12-05T23:02:38.947000 CVE-2024-26163,0,0,1cec6fd5081dd6336471bb2c93b29cc598ec8cf690b6a4f047866b54bc86ed44,2024-06-11T16:15:19.610000 CVE-2024-26164,0,0,97e84461485204919561d873bba734d2b5d91bb4f6ec5c1ad6eb15a94be78498,2024-04-11T20:15:33.877000 CVE-2024-26165,0,0,83eab2c0875e9b88a1f7ce329398a5e0cce759e0512193fa6f5822a067798b74,2024-06-11T16:15:19.780000 @@ -249475,13 +249553,13 @@ CVE-2024-26247,0,0,2e08eb3ba6b627c10ba27bd8963a5aabfaab07773e08696de8ef39c9e2d29 CVE-2024-26248,0,0,1d69ec410d789e5cecdce5ca5f00f4cb4dc73522c17a80577a09df4303fbce8e,2024-04-10T13:24:00.070000 CVE-2024-2625,0,0,bf9861c3991010c842a10750333614c270100ec9c0d1879521fb5a22ee29df8b,2024-08-28T15:35:22.080000 CVE-2024-26250,0,0,361a4a598e17b5e0caa4dfe07f1d82a4b2b3caf0473c9778a9a5173e920f20ed,2024-04-10T13:24:00.070000 -CVE-2024-26251,0,0,752d1c2a1c430ddddba02d64b195b606d79a2c3854c081fbabcf7b1750edf415,2024-04-10T13:24:00.070000 +CVE-2024-26251,0,1,bd1db17ac5da21ecd817685a80204e8aed337c915553f24e49042f322f98a6a5,2024-12-05T19:29:12.660000 CVE-2024-26252,0,0,a16ea7a04b440699076d4a90d57b94e69adc561ff365215a47bfe0edfb85ff13,2024-04-10T13:24:00.070000 CVE-2024-26253,0,0,d32f97c711762e973fb1b01c37de60abd45cff8ea3bfc2e555e3e6824fc4b9b7,2024-04-10T13:24:00.070000 -CVE-2024-26254,0,0,024245ede1fede2394fca1e326cc18c265676be3657652d8066482f274ba6b72,2024-04-10T13:24:00.070000 +CVE-2024-26254,0,1,d25b1273b9feb301eab47fad4ae85e4ab128d1c06978252fade60d032721b613,2024-12-05T19:14:00.320000 CVE-2024-26255,0,0,def0d1975fa503fc52bece1a738d7a3d0ac65fd2582e7e57928a6ef65a03e34e,2024-04-10T13:24:00.070000 CVE-2024-26256,0,0,3807901f6ac90b4732561ba3ffb11bfe90ae3ad76f283571e61bd6293795a413,2024-10-09T02:15:27.847000 -CVE-2024-26257,0,0,066b4f8e21f6da31e18bfde8bcbd77b29d1c931685dc4eb216f9777000563c57,2024-04-10T13:24:00.070000 +CVE-2024-26257,0,1,b8bb637c848aeb610a87bae7128adefa902fe8fdc7bf11c9377e5065cc3416fa,2024-12-05T19:11:37.323000 CVE-2024-26258,0,0,f4248d3e8e928a419f24581b3f206b118893f8adefdd6ccb3d93e9de576bbd15,2024-11-26T08:15:04.673000 CVE-2024-2626,0,0,5a6c338629bbaaf7065165299ae412c08d9197fb3cad2770c12e07d226bcbe56,2024-04-01T15:22:37.883000 CVE-2024-26260,0,0,65643e0ce4f84c48cec78b438df5085c99da999075d065c3a4c15ac8e9f87e0c,2024-06-28T02:15:03.190000 @@ -251476,10 +251554,10 @@ CVE-2024-28900,0,0,2bc55895bc4ad7b643642c3643964561a9ea84ad48c52a8b405f069c5af07 CVE-2024-28901,0,0,7ccda862f4452d0cfeec56bcbe787ffa93cef01fb8ea325187c1a29815bd0d34,2024-04-10T13:24:00.070000 CVE-2024-28902,0,0,0fd327d5acefba9381c2fd90a6cf38e9dba772caed558902c813bebf21af8c50,2024-04-10T13:24:00.070000 CVE-2024-28903,0,0,7a23f61e9bf4425d00f4cac16d4ac63d601541d85a26480444b5b0846a6b7e4c,2024-04-10T13:24:00.070000 -CVE-2024-28904,0,0,c4294abeb1eef42100fb9ffe359fe02dba65173886a6287c7d0896f8b950c7dc,2024-04-10T13:24:00.070000 -CVE-2024-28905,0,0,90637f105262afac01bc7813fdebf5d25c4995529bbfa6c8797c208c7b07c2e1,2024-04-10T13:24:00.070000 +CVE-2024-28904,0,1,9f007588993cf4a4ddcca27129a47e2feae065c5111b453c43fc38b2aff0f7f2,2024-12-05T18:54:13.320000 +CVE-2024-28905,0,1,a08eee1382a1bc3a2ad1eab03718f1c1af09a74713904c7f3a9b3b8a590e95d7,2024-12-05T18:50:21.030000 CVE-2024-28906,0,0,7e9f087e2b1c597eb97ecfefa16417a413b8fd5f4ef09891325bd5474c3498c5,2024-04-10T13:24:00.070000 -CVE-2024-28907,0,0,4e0d17e9809d82a9c74acf9bfde1a4ac05bc81f9a18f851fb81a57b1f9ce3cae,2024-04-10T13:24:00.070000 +CVE-2024-28907,0,1,6962329ba7e3ae2352f1b9ea34d824ac8e100aa431c0de37f35c4650a2e18f3d,2024-12-05T18:28:21.740000 CVE-2024-28908,0,0,c2076f893d20cb282cb51cb9ea9242eceec381055e7b1ea354b0d7e062f13bfc,2024-04-10T13:24:00.070000 CVE-2024-28909,0,0,c14527bba7dbccf93b9814ee4c9dcb9bb60b554a1598d3f10f130339383bab6c,2024-04-10T13:24:00.070000 CVE-2024-2891,0,0,515acb6bb1743aa2dbe3d9009c618681dd7bae31bb1ad9feb83ee00486d35165,2024-05-17T02:38:35.443000 @@ -253017,6 +253095,10 @@ CVE-2024-30951,0,0,5445ec99834b93a0a11084e26a91009e5199a185fb166b6a1f568b4597fbe CVE-2024-30952,0,0,edae87d09e8bb170f6c6d48863e03910235bea663bae0b6cedc1cddd197d65c4,2024-04-17T15:31:50.160000 CVE-2024-30953,0,0,6d921cd6fd90184e6ad5174bce664f22cb22e40d44f91e20fb09119d4bedb769,2024-07-03T01:54:27.430000 CVE-2024-3096,0,0,08c210d34b66fd02c4ce1db2facd39aba301685ae9b186e10dfb370afa961257,2024-06-10T18:15:36.050000 +CVE-2024-30961,1,1,c9ada12a169b61e64c40505812977a00095a0a0f400424d8bd1de2a85b0a9621,2024-12-05T23:15:05.030000 +CVE-2024-30962,1,1,b411502f8c7d9c40f2c6322021a8d7f60a27083c329137beecd348089faf4eaa,2024-12-05T23:15:05.147000 +CVE-2024-30963,1,1,32d73d73afdb1a6bc53f8ccde49d83e01efdef2d1a0d7a55d22ea356ab652a38,2024-12-05T23:15:05.267000 +CVE-2024-30964,1,1,035101400b2fb915f403bd6e8cda476e9c4528498a8879163be30a9eb5b7edba,2024-12-05T23:15:05.390000 CVE-2024-30965,0,0,50c206e7e4bef60e70ad48eac02d679512969aa3c8f6bd192f7644502caa678d,2024-09-04T16:35:08.693000 CVE-2024-3097,0,0,03b3e7564267ff07f8cace13ef2c68ecb9fd2e91e4d1ffef233c9c406915f0c8,2024-04-26T15:56:40.820000 CVE-2024-30973,0,0,bbddf1428f657ee3dd8694d858bfeebf1e082677ce9eaa5b99522934461dee34,2024-08-09T15:35:03.983000 @@ -255040,7 +255122,7 @@ CVE-2024-33666,0,0,8e982c6a0c03f8b5d1cbd58e6d45d8ee40f43b5fb9ebc6cbaefdef7cc6467 CVE-2024-33667,0,0,30bdfce3cd6522c6ca207e5f39975912239858b3253d1ad3721e006a7391fe88,2024-11-25T19:15:09.713000 CVE-2024-33668,0,0,1057e9899f3d071fbe9469ff4d64f06b263f71484eb3414fb82aad54f0a342bc,2024-07-03T01:58:34.653000 CVE-2024-33669,0,0,9f9e4923b29b77e4df7ed4bfab7ff189f9617396636ad12f3335720e7b3f148c,2024-07-03T01:58:35.420000 -CVE-2024-3367,0,0,3b87f70833bb8ccf4c6d89027b50770ba7c3694c19e37821dd6ef423c5078200,2024-08-26T10:15:05.743000 +CVE-2024-3367,0,1,6c0aec54854b096f8e878555e9125762e19df628121d5279f20fc46c0c73cc6e,2024-12-05T14:28:32.407000 CVE-2024-33670,0,0,3abc3d385958341e24c9eda52dec235106719c4d891dda10a7a17ff0ec58be16,2024-07-03T01:58:36.127000 CVE-2024-33671,0,0,da512eb4b4b39df9e16d537dd03b866e635e50cab6e0152298a79bb951dc071e,2024-08-27T16:35:13.193000 CVE-2024-33672,0,0,4f42606374298c39a17dbd38700642945b2e9bef08fd2b3fd4fad590404e973d,2024-07-03T01:58:36.807000 @@ -256265,7 +256347,7 @@ CVE-2024-35339,0,0,27659885c77262f10b2ac6a10c180eb91a4365160764e7ab72c9ce6ae36ec CVE-2024-3534,0,0,a24b539c4ddbcbbbcd76a0a70e496243d7203c000aa2dbf195c274be99bd3f1c,2024-05-17T02:39:59.703000 CVE-2024-35340,0,0,1292363a48b3318ab4eea61a21d1774d64143b2f1ea71749d49412fca7f087bd,2024-08-07T20:35:18.973000 CVE-2024-35341,0,0,2394ba36fcc9e849f9840edb2ba384b36eee4d7eebd73846ccbdccf118ee1563,2024-08-01T13:52:36.597000 -CVE-2024-35342,0,0,a4f7369f8f0a6de9d16902cacb7a44f46ba0a7d7f218612f1259029d70c7f06e,2024-05-29T13:02:09.280000 +CVE-2024-35342,0,1,a0b1a956744dcb74de6cfc69583132406bb5dd4117451b7ac5aecf9044bc1929,2024-12-05T21:15:07.970000 CVE-2024-35343,0,0,afbb68674236a89009facceb114c5d242ad657f17e86d5d8fbbfd0cec8107edb,2024-08-01T13:52:37.563000 CVE-2024-35344,0,0,347a536906c9cd275b6604bba463b1e6f3bbbbe6dff687daf180f85bf210928a,2024-08-28T20:35:11.640000 CVE-2024-35345,0,0,94f6cac212d9f349d4de9b7da46a3407365d342f37822b3360eee738ef0a1e40,2024-08-19T17:35:17.703000 @@ -258158,6 +258240,10 @@ CVE-2024-37857,0,0,bbbf66c5ae4e5b03452facf52d12302119ab17f8211a271346d66e2be4704 CVE-2024-37858,0,0,145fe3af0cfa4378739729061c766f5fc42f47de0fdaa3c5429a9c029f707705,2024-08-01T13:54:23.510000 CVE-2024-37859,0,0,f5d379e1ba1283dae4ab2dc1c57e5283f78e28f480e0128f7f21d0c8376c4bed,2024-08-01T13:54:24.283000 CVE-2024-3786,0,0,a963646959871b60ce1ae81d3ccf29669858a2babd4934482c95c06778cfb627,2024-11-06T15:35:17.487000 +CVE-2024-37860,1,1,0cdd74cec768f72e5ca0830e81521437e124bfa1d58f0ab8f2db755aeaef4612,2024-12-05T23:15:05.510000 +CVE-2024-37861,1,1,fe3f2f690a8e85b64b2406cd8a327fb379466ae3269f8785469eb4e77a9cf1de,2024-12-05T23:15:05.633000 +CVE-2024-37862,1,1,dbc2ab75c7c640e30ad941869c38137084cd16f90f7e9d9354086e72153de13e,2024-12-05T23:15:05.767000 +CVE-2024-37863,1,1,70b287ffd510c5117f2371350aa187159563653e328366092f47405a4bd13593,2024-12-05T23:15:05.903000 CVE-2024-37865,0,0,00a1e3f7fea3591aaf817972a94b29032e0211df514cba52a943a6d6522976a1,2024-10-28T21:35:08.833000 CVE-2024-37868,0,0,b200b5b69302bc86aab1201eed9ccbe3a2f0410aa787e7727268399cedaa1ded,2024-10-08T18:16:07.383000 CVE-2024-37869,0,0,dc1a2df6f9aff9d4f42328b451c0fe9131e20530cd415d66856f986d59187a1e,2024-10-08T18:15:54.250000 @@ -259110,7 +259196,9 @@ CVE-2024-38902,0,0,1c3e99761119af86bfc08c133d200d98145139b24546fb36382532918e199 CVE-2024-38903,0,0,2b94b77610c8a043c9d0ea06696528fdc7d9d24aef31329270a0121bf4f56367,2024-07-03T02:05:26.943000 CVE-2024-38909,0,0,f6a5b574aebed08039f44fd76bb05493334edfb3318746bc09e1f467a2df0529,2024-10-25T18:35:06.223000 CVE-2024-3891,0,0,f9d0b3848969a1acfea7b9a20331b02cfc9759078e69f46c5576c9e3267f4690,2024-05-02T18:00:37.360000 +CVE-2024-38910,1,1,ebc004bc739f1bcbdf6ab2ec006e9516c2efa50e09ef97ce8ed7fab5713a72eb,2024-12-05T23:15:06.020000 CVE-2024-3892,0,0,635a0a9dff99d68a800a0815fade3930f3dac436f84c87dcff7c11db25dc6686,2024-05-15T18:35:11.453000 +CVE-2024-38920,1,1,ea517e5f8ffa877f4063664386ea05631967cdab9dc731afdb18891d5be134fe,2024-12-05T23:15:06.163000 CVE-2024-3893,0,0,8eb90c61219540666d23479f74a65575eaf5c1a0dbea88b697d9ac7cb634e024,2024-07-03T02:06:50.403000 CVE-2024-3894,0,0,ca8cdba6c6957ab6848a65692183a74921d9acddfe51bc85133b173556c88ac8,2024-06-20T12:44:01.637000 CVE-2024-38944,0,0,dc817973495a511f5a7cee16ff0ad58704d237754057f4e6272671315289d41f,2024-08-01T13:55:09.433000 @@ -260138,7 +260226,7 @@ CVE-2024-40740,0,0,b418443d865eec432c82a04de65de6e9b39f235788ff127206843cf6bdb7c CVE-2024-40741,0,0,d8d483a0abb3b7648774c6f8d0ea3345aaa4bf40cdd21fdc9df2fcbe837ed8fa,2024-08-01T13:57:59.147000 CVE-2024-40742,0,0,a7b4d8a63cd84bbed8ae36225a2d630607182f2ae3b73228fc1ab3090889f783,2024-07-11T15:06:29.580000 CVE-2024-40743,0,0,1ca5c18a4f8e370309e54e9979f8748e30571bbf531892fd8ed83274cf09559a,2024-10-30T15:35:12.210000 -CVE-2024-40744,0,0,b6bbfb356b90c65e68874f82b371f58a9f3b59d86e28cbd8b1dfcf5aec40a7e5,2024-12-04T17:15:14.007000 +CVE-2024-40744,0,1,500374d1b7dcc6ceb47ed346384bf42b0fa553630fa102e80407350b833ddf52,2024-12-05T17:15:11.570000 CVE-2024-40745,0,0,278242c0b5da8ef22ffb84b75226f7e7e064ca894c41fd0b4842540dbb4b7bad,2024-12-04T17:15:14.097000 CVE-2024-40746,0,0,eead0b50026ce20d26effd54607d8bf55992b18b9630c4426d5bb7acadcc3473,2024-10-29T15:34:22.100000 CVE-2024-4075,0,0,29d19ea935c989efa2e770180ba61eb06fe49f0b181d6d812a7498d3145b983a,2024-05-17T02:40:15.170000 @@ -260146,6 +260234,7 @@ CVE-2024-40750,0,0,4e3e6171aeb80e296c4f4bceff1e57bb47723c54756e5f9524dd370144084 CVE-2024-40754,0,0,1ec64db92f9c8a84c8628e1cdeeb1b227a772e83fb8bf52c0f582741174a2abb,2024-09-10T14:35:04.833000 CVE-2024-4076,0,0,3600a7160ba6cb63d73da78d982aeb737757fd1783e0b44697873d9ae49c2d36,2024-08-01T13:59:24.073000 CVE-2024-40761,0,0,04b56637ed1b4ee2d83e39ba88cb3e446c0c66fca89659ba993cbe8999f96ded,2024-09-26T13:32:02.803000 +CVE-2024-40763,1,1,b02be1664c9e28e49a71860ca20c367c6278d495b933cf64131d9bf30765c0ae,2024-12-05T17:15:11.720000 CVE-2024-40764,0,0,1e75ed57cfb3afa3fa923571a9717a22e138728f5cce910126d5f1cc9418f1c7,2024-09-10T14:03:09.167000 CVE-2024-40766,0,0,9ffdda3005aa6c238f823c6e65a3a89594c21a379fd17878a86615d17b31de27,2024-09-16T19:48:30.827000 CVE-2024-40767,0,0,41a668ec3a3d9108df95a63cfc1397e92444c792025e20527bb6192adab7ddba,2024-10-30T15:35:12.440000 @@ -260518,7 +260607,7 @@ CVE-2024-4115,0,0,89bc89df66a101d446d6568b359dec67345256fa579984420e2e2fe7ea4994 CVE-2024-41150,0,0,f29e18c57230cbc3b76f00f0b7fe1001f55bb08bda82442884bf5072f9726b00,2024-08-27T14:35:09.013000 CVE-2024-41151,0,0,83c870b64bd13b34d92e777b5a6ddc4ae15bc7b99f3f9858a151401c3673202e,2024-11-18T17:11:17.393000 CVE-2024-41153,0,0,dafb89be97200d81ac5d60fe35f2a445ceac861b85bb58f78c85df804ae27889,2024-10-31T14:37:48.533000 -CVE-2024-41156,0,0,178f3725238ed55e1b2511f8781c2a2622ac6d889707340612f9bc5e554f517e,2024-12-04T11:30:48.937000 +CVE-2024-41156,0,1,4e48f11d1fb4cd9de12eef64bee0a3ff2f5403553caa8e40519c489b9350c166,2024-12-05T15:29:31.730000 CVE-2024-41157,0,0,7a282611d45c2fbb6f2dc936e4617dedd23e7f4d2ca4cbf354d2844aba4fb55d,2024-09-04T16:30:40.737000 CVE-2024-4116,0,0,6ee64e85b69f8f11f599040da371bf02d3a94742e1ecd0f467d9a48f26243458,2024-05-17T02:40:16.110000 CVE-2024-41160,0,0,4405f1fa554ba7d9df44bc4bbb96ea93e068b229b76d85cd7934b300d79543d0,2024-09-09T12:21:53.383000 @@ -260699,6 +260788,7 @@ CVE-2024-4157,0,0,ac5ec2e690c76b81403cfa49bc63d1a8caa2fb9d97d28a1055398849720db7 CVE-2024-41570,0,0,548cd2006d0021700d97d9ac462942b0586c18cb85e20f0c023fdc6e3f8676c8,2024-08-29T13:32:21.020000 CVE-2024-41572,0,0,e3312852513c75151c7b09071c0730654908f266b196f942a02a8abd098a0bd7,2024-09-11T14:15:13.380000 CVE-2024-41577,0,0,adebac3c48775fdcf50a36dcbad21025d92708b5c23837a85b2674eee97b1467,2024-11-05T22:35:07.160000 +CVE-2024-41579,1,1,baf0eda9edb68830b64c2b2619446783d57e64469ce246f1102eaba3c923b95d,2024-12-05T20:15:22.057000 CVE-2024-4158,0,0,9bd0a38e47c5b6d26f1e587737a0ffeb7c251278f38061995fc29ba309646aa6,2024-05-14T16:11:39.510000 CVE-2024-41583,0,0,1f005d1031fdcb8c9fbd4906210734632d6902f2542d73f974724022c9aa8ff3,2024-10-04T13:50:43.727000 CVE-2024-41584,0,0,68b94596ec41fb07148f3ccd64f3f267bab10beb49b58cefc1308a96f8b6488a,2024-10-04T13:50:43.727000 @@ -260734,7 +260824,7 @@ CVE-2024-41618,0,0,8623058b3efd2e6d61642d389eedf719180dd306bd54a3511e002fca28168 CVE-2024-4162,0,0,1a4f39929c1df6d420ff35b2d8de51a57c5e5378a57b6e7a1a35abc1b5a3dc57,2024-05-08T13:15:00.690000 CVE-2024-41622,0,0,44ca2934b754519243a779c6615220559421c07f2d4e7de3fb58db6e584b3b36,2024-08-30T14:55:54.423000 CVE-2024-41623,0,0,c5ad0592f1bc8234d1c1b4349fa5edc0884d162d738c86d78b923fc809fc8e63,2024-08-23T15:35:07.653000 -CVE-2024-41624,0,0,300a907d59c60bf938fbbe11abf1d1dd305a7cd2619bf29e5e11f38514dc3443,2024-07-29T16:21:52.517000 +CVE-2024-41624,0,1,706b738831423cf3f24e62a6a51e5fbc678dda9f5ebfe024317deefc28e65141,2024-12-05T21:15:08.143000 CVE-2024-41628,0,0,3f95419a732116ba5016aeec3d83a528b6096a3cc023e4d133c06f26311a9cae,2024-08-06T21:16:03.323000 CVE-2024-41629,0,0,6a0239ccac60b91a17f87dbf99fc66f80237b077eaa7c0f1d4a18601ffee9fab,2024-09-13T16:02:22.603000 CVE-2024-4163,0,0,69022c7df60536fa7bdfb20d2705efebe8d2d6c2c39bf59b2dcb5940921dba2c,2024-07-03T02:07:10.047000 @@ -261199,6 +261289,7 @@ CVE-2024-4217,0,0,b697d32a81a44314e31fbbbd491d72bf1d83730c215f0b4ac0b5c272bbd606 CVE-2024-4218,0,0,dff7b6ef5b1eda10e25547a7c58ff59e7141627798ff1eb390bbb04c101af4a9,2024-05-30T13:15:41.297000 CVE-2024-42188,0,0,26a3c898c2312a232bd54c8511f8d7fef66ee727dbf7a729f62cb44bd166d795,2024-11-15T13:58:08.913000 CVE-2024-4219,0,0,e67747b1814e30f9a57aa2d5fada7a64c70b8e2f4229bf1bd72194f6b14072cc,2024-06-11T17:06:50.963000 +CVE-2024-42195,1,1,24c8d833c1c5353a32957af21cf58fb5abea810bbea0a2ddb49349ee879086f7,2024-12-05T05:15:06.923000 CVE-2024-4220,0,0,046e30c2acea51afb217826bab01d9bc8062f3ae27d0f03889e044f9dcbfad10,2024-06-11T17:05:35.203000 CVE-2024-42218,0,0,331226ea49af1a2f92292f364b4fd8bc3c26a90f49d1b9421ad0db0c509189fd,2024-08-12T18:27:54.660000 CVE-2024-42219,0,0,6d72ad1f1e2233036625c33df60f051fc9699cbd96bd0caf5f28288f63cee194,2024-08-12T18:30:21.627000 @@ -261428,7 +261519,7 @@ CVE-2024-42450,0,0,981cb721b54cc6e525f5390653a82c1324af59c4dd0c689fe15788d32ac5e CVE-2024-42451,0,0,0f47ac86ae8fd799c6326176962a8fc97d59993b3a21430ffe28c0e34e783f85,2024-12-04T15:15:11.273000 CVE-2024-42452,0,0,5a10754b5cd532359fc7efdc3b77e0846e93b613cf11da58c57501b08cacf43d,2024-12-04T16:15:25.317000 CVE-2024-42453,0,0,42270438e9d30a8c5b47deb0616723f62539864451d80a1da6e6f3579b1eed88,2024-12-04T15:15:11.390000 -CVE-2024-42455,0,0,77dae4b93ac08ab16863aad4ce532757f03ea91ca2fd4c4ac7a7ec904c2ab652,2024-12-04T02:15:04.937000 +CVE-2024-42455,0,1,155c4b3351cac3c4d335398dc477f114e6788e4d7c9e497fc14b63a95dd410fe,2024-12-05T11:15:04.533000 CVE-2024-42456,0,0,315bc89e6822e1651e5351d22a0d82785a237749a87af6cad93b1019053681da,2024-12-04T17:15:14.233000 CVE-2024-42457,0,0,f4ec8ae619a41d5322cd138ac36da908ebf5fd3928b3eb0476f3217f4964bb50,2024-12-04T16:15:25.450000 CVE-2024-42458,0,0,92fe6004383d793b0d5cb11f4d02a69450774ac5606c98f7e6de587e1b590522,2024-09-05T15:51:34.307000 @@ -263408,8 +263499,10 @@ CVE-2024-45314,0,0,2f1c9dd8ac80290a1853d4f2b69fb0ae8e68e38eb15e5edeb668cb7a47ece CVE-2024-45315,0,0,a47f8116c282f3f6ec68b3e4e22ecd3455e5be0b6298182198301e89c068e15d,2024-11-01T16:35:26.853000 CVE-2024-45316,0,0,4ecfd9e7fa59bfdd4734e2d4185781d6d4be914b03dfd0489df8aa5f6a42264d,2024-10-15T12:58:51.050000 CVE-2024-45317,0,0,cf582da0518aca65335a8c43cb4d83f1a02fd5797437525cbc0cf86d6da8db4d,2024-10-15T12:58:51.050000 +CVE-2024-45318,1,1,48db59b3e31ac9e6214518af856bdc391e7c415b9f2a3ad25865b8e3376a4529,2024-12-05T17:15:11.880000 +CVE-2024-45319,1,1,fdbe96d19f82ea25ad969551404b98b5f42f8773970c2859df6da228fe112c90,2024-12-05T17:15:12.040000 CVE-2024-4532,0,0,535c0d4d9a82c0b19c9079d44a1e72c9e08eaddfd4b3d6cfcc361e767dca3488,2024-11-14T17:35:07.383000 -CVE-2024-45321,0,0,385b3d1e3bf54e8ae2af5d5796ef0b1ffaf17d58c18e0fbe7542c0dcea09b2e4,2024-09-06T22:30:19.337000 +CVE-2024-45321,0,1,7c76da4e7fbb2242661f83a4480b440b53d8e0cb0dfda635981d7f5cbb74ebaf,2024-12-05T18:47:30.633000 CVE-2024-45323,0,0,c7408403154d2d18fc914b88a9df254c03b0863b353ec16a1e5cdd4039b8f75b,2024-09-20T16:23:51.397000 CVE-2024-45327,0,0,34cd0fc64fb19ec545d442f8caf6da026f7560c6302dd0f3b1f687d00148ed60,2024-09-11T16:26:11.920000 CVE-2024-4533,0,0,aca3a412ead1ce1343d6f498450801be5e059db6302d74881039b5fe75fb6c09,2024-05-28T12:39:28.377000 @@ -263712,6 +263805,7 @@ CVE-2024-45835,0,0,d226dec65435a35ad6c6e7363ab5ec6b30349e1433bd3be2a68041ad6e2aa CVE-2024-45836,0,0,5a0939e240a8e3b241f5dc3c6e0f8a5a968ea3fe595864ad2efc4f2e304edab6,2024-10-03T00:35:53.797000 CVE-2024-45838,0,0,dfe4f9a1d2e726c4de1a4a47b1b23afb3202e549abc3544a5217222f7244203e,2024-10-17T17:15:12.220000 CVE-2024-4584,0,0,4d639afeee5354fec0a7cf3023bb849f2437d78f7cd875e4a49ac03b46b9ec82,2024-06-17T19:15:58.903000 +CVE-2024-45841,1,1,5c8218ff968668326ed1eda263a7b95b1e9890d257538d4a0c294255aa0f2c54,2024-12-05T10:31:40.227000 CVE-2024-45842,0,0,fd1e9783eb9d13b2ef83b4afe81a8e2e706a2cf2fdabb2175e37853ddcb23a30,2024-11-05T19:37:13.447000 CVE-2024-45843,0,0,d277f4e7f1b7f77ab48f44241b10d59e0715a005bfff8db99caa28f9596ebe66,2024-09-26T18:42:26.697000 CVE-2024-45844,0,0,3334bd3b9b2392aa2d0f5ee03ade6a34548c7982b5d5e379e9e9a74a74118d02,2024-10-16T16:38:14.557000 @@ -264426,6 +264520,7 @@ CVE-2024-47129,0,0,452da217b1f5cf309ec7a2dae7685dda69961ff67f6a0249b7b454ce55330 CVE-2024-4713,0,0,a3c96b0a67396332ccb3b3b7da032ec990741228737b0623d292fd0ff6dd150b,2024-06-04T19:20:46.913000 CVE-2024-47130,0,0,9e52b34ecc84aeecf5485cad45360e89ca586e91e062db722158986b68611fc1,2024-10-17T18:15:07.130000 CVE-2024-47131,0,0,aad32778ebe370f990ce9d95c37c46e0e7dce30078c011ec3ff9e6c9c8cf4413,2024-11-12T13:55:21.227000 +CVE-2024-47133,1,1,e79907905015e8baae3ca6fcc4d1ae54d7f145ee075a0f61e5c674c5d1620890,2024-12-05T10:31:40.430000 CVE-2024-47134,0,0,c469be51a68158c099c563ecb132d768058c9b0b7de566d173182963980dd322,2024-10-16T13:50:32.607000 CVE-2024-47135,0,0,59ae1232976c8e51aae73aa97b8d4fb50a4b33eb7aa7372298dfcd77c19c0bd9,2024-10-15T18:21:04.813000 CVE-2024-47136,0,0,b3835ea7cec22b9e908913d2c98cbfff753b1b672a4d126777b942724ad7f9c9,2024-10-15T18:20:40.387000 @@ -265416,7 +265511,14 @@ CVE-2024-48827,0,0,b8784c14c4c0a2af4d656264bee611472f424ecc32bdba68ae4a9cb4ecb61 CVE-2024-4883,0,0,66fd0c7113b75e4613bf51e6b10a097cc5dcf57aa3f97b3df0e5c31c4210be62,2024-09-06T22:46:17.103000 CVE-2024-48837,0,0,99b2df58d7ed3382f2283a4f496e965bf1dab9a89870208aa9cd902cd6b22410,2024-11-18T19:48:35.353000 CVE-2024-48838,0,0,b9b13e45e7344ebfd4c931bb904861604db282988dc9483dd7d29d8be8b1d771,2024-11-15T17:36:43.520000 +CVE-2024-48839,1,1,1b965784aaa3ef2585761da790f65f86d7d81babe640cc928aa640f408ab4a3d,2024-12-05T13:15:06.123000 CVE-2024-4884,0,0,a2dcec8e16e916f3e6bf44fbf27e64f395ae27ac96c65779b6d04fbf5173b4c4,2024-09-06T22:45:59.233000 +CVE-2024-48840,1,1,ff102d5096a4c13e9a32c38b525a16f113cab85fe13443812a997dfcc11f4900,2024-12-05T13:15:06.343000 +CVE-2024-48843,1,1,c40d1696d2638ee5bbedc062ea5ab03efa1d2b8cce0805ef0114efa215273ac5,2024-12-05T13:15:06.500000 +CVE-2024-48844,1,1,5ef523f25687d78615587685ba2b5e9b3c03c4d96b61d7a170c96cb49d962350,2024-12-05T13:15:06.667000 +CVE-2024-48845,1,1,a9adabe8c1d84c64215d49bf6bd399f5996da7b5bdf7d692f3c99c7e67e8074b,2024-12-05T13:15:06.820000 +CVE-2024-48846,1,1,ccc7c46d4f5e64480770367787fe85ce80d70171b9f36ac6d92b68817ba9cc26,2024-12-05T13:15:06.983000 +CVE-2024-48847,1,1,21b8361accc5c1e859a7b7eeaa84b6d272d3a8ba5bfec01e1eade8f83592c364,2024-12-05T13:15:07.150000 CVE-2024-4885,0,0,2608f2aa7fb5189467bda7bb610d4e03f1b43256b775a84e60ba9a3b8ac9b260,2024-09-06T22:44:27.840000 CVE-2024-4886,0,0,d27ca09c7d3a0108a7cfa4692eb479eab6127452085468fbf17d7a45144cc1ee,2024-06-11T17:14:56.323000 CVE-2024-48860,0,0,fce4ab90de3f31aa417781e2a22f57a29767d4462689a48ef32fb1b2a5d6d0ef,2024-11-22T16:15:28.337000 @@ -265550,6 +265652,7 @@ CVE-2024-49038,0,0,c1a6574e4f2173ba91eba71f5cd01b7f54d3209b6836e71217b68b1ec62e5 CVE-2024-49039,0,0,35081b6450a24914db672b1bfea30c0edc233e94d1f078f8c664cf196464b147,2024-11-14T15:20:51.670000 CVE-2024-4904,0,0,e08155723dc24ff1bcb5adf9d2f839d33f4e022ac557667a35564764380e5202,2024-06-04T19:20:52.380000 CVE-2024-49040,0,0,7a758192e076767fe257f5372e318acec3bbf74a999fea4db7595a5b865f2211,2024-11-16T00:05:03.997000 +CVE-2024-49041,1,1,b377514156d4f11b17678f5c01dd62d5c9eca94312d34377ce4f237cce042b2e,2024-12-06T02:15:18.263000 CVE-2024-49042,0,0,8550e6f45d8ccfb522aabce24120e04e03609dbaf334f8e26399de3cabfb4b51,2024-11-13T17:01:16.850000 CVE-2024-49043,0,0,7687f02e8c033046e84a25a54a1ddfa232890a08944ecd76f708f2aed0f5dc24,2024-11-15T16:05:30.773000 CVE-2024-49044,0,0,72a996260f2d806849b6d579b9c2faecd87e951fcd8c9f3c8ee413b3e3fad6e8,2024-11-16T00:03:54.977000 @@ -265606,7 +265709,7 @@ CVE-2024-49229,0,0,1e1752f517578bdb8e0d9073393d2366d6debf6a5e79cdf2932fb5c5b39d7 CVE-2024-4923,0,0,c83198e21d781e3384db11f118092c5fbfa4a06f25d53a21adb6fe23f4380f17,2024-06-04T19:20:53.833000 CVE-2024-49230,0,0,89342cb8496066491f5b3d74f112ed9eac62497b67d283852db13e34d1cb2199,2024-10-21T16:37:15.807000 CVE-2024-49231,0,0,f1bca784a02483c4e1958c6dd7981ec9ffd6a01b629138db999d0ecc3e3b5b78,2024-10-21T16:37:46.010000 -CVE-2024-49232,0,1,f08cb28a9b9b624763a18f7c1f6bafc819f3314b215730b341be8823361e436d,2024-12-05T00:15:19.063000 +CVE-2024-49232,0,0,f08cb28a9b9b624763a18f7c1f6bafc819f3314b215730b341be8823361e436d,2024-12-05T00:15:19.063000 CVE-2024-49233,0,0,d15701a736a720d91ce7a393cddc119d365e279a269d1078a3d62a0f44c1eecb,2024-10-21T17:17:17.680000 CVE-2024-49234,0,0,00d6361d85da44a4fa5e98b0b1923a417577ef114f956e9a3a98833720c5555c,2024-10-21T17:16:51.053000 CVE-2024-49235,0,0,54c32a03ade0dd3e15984c664def74e67e407cbb4f583de789197d4f671ee3f5,2024-10-18T12:52:33.507000 @@ -266142,7 +266245,7 @@ CVE-2024-50007,0,0,7edc39280f2c55ae3a135d85744113964fda385bed3151a64f3cda99bad61 CVE-2024-50008,0,0,d07bcd9faf620fa1d2b00e1abacbb020e19ff03639eb09bc46a3261d7f2689db,2024-11-08T16:15:40.927000 CVE-2024-50009,0,0,508fd3a1d0553adac6c1304c65a71463225696beb8afe05961de7f3a1742e1d3,2024-11-01T15:32:35.593000 CVE-2024-5001,0,0,d13fccabd833b06301db98a96a793d9305ac650b09885bcad3ab7a5e90e7be86,2024-07-23T20:32:50.207000 -CVE-2024-50010,0,0,c7c326993e0f8a44136ab9729441bf878ff23f23475fe9413e020b1b3089b4fb,2024-11-08T16:15:41.030000 +CVE-2024-50010,0,1,b085f088736717c4a52295da3764b25155284f5d2ef05137e7e3ac450027a4aa,2024-12-05T14:15:21.263000 CVE-2024-50011,0,0,bba0dff209e225565c8e6c463c706dc41e86bea877759fee9b6a14a8cb31506e,2024-11-01T15:31:48.550000 CVE-2024-50012,0,0,720906ca032af3e282e18ee2724ddf6160968047b17036f88d8c9d5270ace680,2024-11-08T16:15:41.333000 CVE-2024-50013,0,0,eefeead007890563f349e532e89dba096326c5095afb27c53d3f32df4440455c,2024-10-25T19:49:36.863000 @@ -266830,7 +266933,7 @@ CVE-2024-5092,0,0,00bc3fe74171cc3f61d986dd5d1b43711757ac5d30e24bab5f84b663495133 CVE-2024-5093,0,0,13d2e709dd3e7be8048d02a6012bbed004823bd119b45510128e77bb922bb163,2024-06-04T19:20:58.343000 CVE-2024-5094,0,0,a6da916325cb7c5c0cbf108ef5f048d7004d52e417cf8850e363484a9b36d59d,2024-06-04T19:20:58.470000 CVE-2024-50942,0,0,74bb27dcec6f641721fef2704da713b75046095ccb8aeb2b392b8ef1abb8cd71,2024-12-04T17:15:15.020000 -CVE-2024-50947,0,0,bb7a32bbd57daee54c6e07b3a08f6779dbf89c7475587c03e22d927cc073a5ba,2024-12-04T21:15:24.570000 +CVE-2024-50947,0,1,b5c008650b1de4762f100f17a965e455e14b58a340b5da1077acb62ce0721971,2024-12-05T20:15:22.180000 CVE-2024-50948,0,0,19553633ff2f5850d7dead94d9c3065a6ce96b4feb94d2c3e1c2bd5e7799176c,2024-12-04T22:15:22.627000 CVE-2024-5095,0,0,1588c0abfc34bbd50f97e7721e8e7ba42bb279c7cb42725ee04b715e36b1b7b7,2024-06-04T19:20:58.577000 CVE-2024-50955,0,0,8157390cc8753ab3c3dc03f615378f98ac2c1983a215bd6243bc7dc27b80318c,2024-11-15T13:58:08.913000 @@ -266918,7 +267021,7 @@ CVE-2024-51093,0,0,0a822b4a1682e56f2eda76ec69439d08f6dec6cb34fd3d39887c26822f96e CVE-2024-51094,0,0,6e1bb443fcc9dcc5d5db36766451d0d2ba593ec78aa445a2bc9aaa283a01b5d7,2024-11-19T17:35:14.493000 CVE-2024-5110,0,0,97ec9134be0ff29c231012cbb3632c9becbf0944f1a706861520a2aec58057e2,2024-05-20T13:00:04.957000 CVE-2024-5111,0,0,1e1510502a884c6f23b18cee848205aa75aeed3171cb87569d39e4078bf9232b,2024-06-04T19:20:59.907000 -CVE-2024-51114,0,0,ad61961ba7b7da73674bcdd21affb7c799d69973bcec89fc9b90bbc5a98641f7,2024-12-03T20:15:15.360000 +CVE-2024-51114,0,1,bb120dee5f82301bedd52f6a870fc78612d9b471bba9079cbb07365933b729b3,2024-12-05T20:15:22.340000 CVE-2024-51115,0,0,141fdcdabaf7c1ec8339c92338cf4045ebea4dbb9cb424f39276d597a3da7892,2024-11-06T18:17:17.287000 CVE-2024-51116,0,0,628a52b9257b50cdd3ccc07e8442fee438bd4b142b1a9d47d166ffcd98ae2965,2024-11-06T18:17:17.287000 CVE-2024-5112,0,0,689c76c95598a2f86ee6cadbc1c25854cf35ada5e2d2725de4638c44d7f73797,2024-06-04T19:21:00.007000 @@ -266954,7 +267057,7 @@ CVE-2024-5120,0,0,512e5b032e12a79292f06756f99bf223a47a4b934de5206e20b5529b01ef61 CVE-2024-51208,0,0,351057211d85406971a8a4342c798325b6fcc3c070b739d535371d009d3edffc,2024-11-23T01:02:45.400000 CVE-2024-51209,0,0,5193df27fee0b78bbdc7c2b1f184598c324815ff66602ff4d95528a6d5d80cc4,2024-11-20T15:15:08.830000 CVE-2024-5121,0,0,98477bc3a7c67683bd43da705ad15db6f590ce85a12aaf89110d94461e6c3bdb,2024-06-04T19:21:00.860000 -CVE-2024-51210,0,0,a1a8cdd7a20c73dee9fe8524fd0985abea927718fff82c9cbc1e49e58f6f3532,2024-12-04T21:15:24.697000 +CVE-2024-51210,0,1,1dfb5793bbd38593e70df49e07cd7ee951e3036bdad9fedc179912099b41ccff,2024-12-05T18:15:22.090000 CVE-2024-51211,0,0,581556a1bd92632bbd04cf9aebe233d1f5e96f417c538ff40e3ed80078a79ca9,2024-11-12T13:56:54.483000 CVE-2024-51213,0,0,a598a44042c959028b27d1b964937a81a14ecccc57789a4658084176eb433102,2024-11-12T18:35:33.433000 CVE-2024-5122,0,0,b102c5894de9c993bdf361c85aa63dd17cb454ea5ed33d3ad3120a6c50356b5e,2024-06-04T19:21:00.963000 @@ -267011,7 +267114,7 @@ CVE-2024-51366,0,0,8cb37b642efd94f1ef2cb009c97c3b6b6785b34318fa56f7821210d8849df CVE-2024-51367,0,0,321834f3c68e231d48212ed0455e22a6133cdcee14f287745838cf2ad31fdf76,2024-11-27T17:15:13.207000 CVE-2024-5137,0,0,1c94e90fa849c62df03c5c4f490c71de8dac579e548f5eda16234216f611cd2a,2024-06-04T19:21:01.370000 CVE-2024-51377,0,0,cf00c0a6e7d0ac48895095961c732d7f23ec2a7e49679df67603156d82aefffb,2024-11-14T23:23:52.997000 -CVE-2024-51378,0,0,f275e65f6aec7ab6257af04eb76a4910058d9fa5bf005cebd27a62dee359a4ad,2024-12-04T16:15:26.087000 +CVE-2024-51378,0,1,c112e67f93aea3688dd7d3a538393e08bb33f1f3860c14181073b3142dcbcfb3,2024-12-05T02:00:01.677000 CVE-2024-51379,0,0,2ac9e22a4ada4c046a62bb7cfce4898a690b6639726f7e96ec64275e3571bb6f,2024-11-06T18:17:17.287000 CVE-2024-5138,0,0,47c03094386326d2315f3415dc7d3ef94b00cbe65c94e42ace003fc1a8714791,2024-09-06T20:35:18.950000 CVE-2024-51380,0,0,f14cbfd3bfbc558498abdac43f5bd2dd3434adc287319fdcc829b18876bf6370,2024-11-06T18:17:17.287000 @@ -267096,7 +267199,19 @@ CVE-2024-51529,0,0,4cdd480ac021e0810a5ec103f351b7d12468311fbc3059650aaa3d8118f05 CVE-2024-5153,0,0,5f2ff3d02c80ca958142f9e7cc43ade832c59a768b74da69d608dbd2c4a4a2d6,2024-07-24T17:56:55.923000 CVE-2024-51530,0,0,b223f2f9d54a795ec6226988140b76c544409eb01507942db54f2fb02451e725,2024-11-07T19:56:10.187000 CVE-2024-5154,0,0,2c602e8d6f655148c2efcba24fc906682fadb9d86fedb847d157c6b41556db54,2024-09-25T06:15:04.890000 +CVE-2024-51541,1,1,4d7e220ccaed92340514fdadc1d4509ae05015c3a2fb08b2b372f9c6fb562303,2024-12-05T13:15:07.303000 +CVE-2024-51542,1,1,3a86cebe794829a888805fcff7dd299ac56baa4f65a1059cd4abfc8e5d54382e,2024-12-05T13:15:07.453000 +CVE-2024-51543,1,1,31855ec512304ac40b7081c8d146fec6274b250fd7853a5071f481b0e627a2e1,2024-12-05T13:15:07.613000 +CVE-2024-51544,1,1,800dcfba9be25ac35b9c60bfb8b5ca4b0eef454d084deea8bd0a445345349f50,2024-12-05T13:15:07.767000 +CVE-2024-51545,1,1,ad61a5c309f7685e5e13a529103746f0ba1252aa48d6a041f539e4e5a3e0108f,2024-12-05T13:15:07.920000 +CVE-2024-51546,1,1,3ee395df7497f2656844a3748f571139d2e89951060678720b287f1497219cc0,2024-12-05T13:15:08.077000 +CVE-2024-51548,1,1,78c14d6c9e8db32afb8416a519930b6327a65a9c3f60f8dd8daf54b72d4e89a5,2024-12-05T13:15:08.227000 +CVE-2024-51549,1,1,b9314ef63bada1d736d3c48d50e70e0eb88e856b1b96d6dec41e94cdc335f0b7,2024-12-05T13:15:08.397000 CVE-2024-5155,0,0,bda9a47dace36470fd3600985ed47f5579d8b3230222d03e314a73ac1655d764,2024-07-03T02:08:34.117000 +CVE-2024-51550,1,1,176098051c12dd67981e00778768a4c37f7e52cda613cadc228384d2760e8de7,2024-12-05T13:15:08.543000 +CVE-2024-51551,1,1,e794ca676cf170c5957ccc6a5ca638c6b259b45d5bd8cf18b8096c905b8f992c,2024-12-05T13:15:08.700000 +CVE-2024-51554,1,1,e9fb221975555782a9801afe3f17359e21dd898d0d336db6ec8aaa57973208ef,2024-12-05T13:15:08.843000 +CVE-2024-51555,1,1,99f3766367088db62189826e330890a6e516ab6fc9db9ae95c8546fee242c133,2024-12-05T15:15:10.500000 CVE-2024-51556,0,0,f5668cd2ca5d6b59fa9a6b6e22c410252394192d16a453d42f116d9537ac8cad,2024-11-22T12:15:19.437000 CVE-2024-51557,0,0,74a03cd5399390ac4d2657bbafb433e9e98d03e5bbcfda661e7117caa589d23f,2024-11-08T15:19:48.557000 CVE-2024-51558,0,0,2dfd63c6f81616b9f511907006d1b4102170a3055ea8ffb534e5fe91e1d672ad,2024-11-08T15:19:32.597000 @@ -267553,14 +267668,16 @@ CVE-2024-5224,0,0,db9f297ce85558665780a2b5ea4fe3a1e31ac4d111566a8ba052aeb7472c35 CVE-2024-5225,0,0,908db7200208aad82f301f521b9dc90a90551560079e967278f95345fdc58383,2024-09-23T19:46:53.890000 CVE-2024-5226,0,0,343bea1ef6104d1a60d532c3087e707033a7d2cea2eb006f3e8cf7d609df1199,2024-08-08T13:04:18.753000 CVE-2024-52268,0,0,ea9ce8fc39b5cc2a56555dd9c667efdad9c8d1fb9ef5135ccde9e9b88f547032,2024-11-19T15:57:03.780000 -CVE-2024-52269,0,0,736992060686cdac7cfdb7e712e6595573a8e750ab86b85b7f8d98313a79a0b4,2024-12-04T12:15:19.500000 +CVE-2024-52269,0,1,2a6d999749710e834a3340fe04afb9397a017b1939bc932dd8aa7ae4b73a3365,2024-12-05T11:15:06.340000 CVE-2024-5227,0,0,782d407fd59442ae1cd49577c63d7b8236dddc237a48b5fa6a3df2e3ceec540d,2024-05-24T01:15:30.977000 +CVE-2024-52270,1,1,0d3742dfdf3da7fd4556c4303dcd89de79c9f1685c22f2c22e7b43275bf86096,2024-12-05T13:15:09.133000 +CVE-2024-52271,1,1,3d64b35776fbab082c9019635c9c580396635a1e19f39d8818d4d849eef1fc1b,2024-12-05T17:15:12.927000 CVE-2024-52272,0,0,a3fecbc65aea2d9b1b61c930c3641fe1f1a21d26fb4a22b2f3c8f590e7642708,2024-12-04T11:30:50.170000 CVE-2024-52273,0,0,b7b3a2f5cbdd924580d00aadbad6b7f335f6885215a6863c2e9e57dfb72a2500,2024-12-04T11:30:50.593000 CVE-2024-52274,0,0,ecb13f813ac787f1c31aa47c0141b458f6c53ba8bd458f3c4ba6754a9ae6907f,2024-12-04T11:30:50.713000 CVE-2024-52275,0,0,de23971a6cc4bd67116b75ca69f0f05e1dfdda58aa0b336c64f30eb1995963ee,2024-12-04T11:30:50.827000 -CVE-2024-52276,0,0,54746b97ddb09890491662c4bcbf843a83df86e03b0c283af9b1c46eabcb7a4d,2024-12-04T11:30:50.947000 -CVE-2024-52277,0,0,fc2174c3dc3f35a5b0a85a074a2c2acfc285045ebf03ef343ee0d7694eb36e3c,2024-12-04T13:15:06.080000 +CVE-2024-52276,0,1,e16f115cde71b2ca789b3c74199933d4033527b98400138724fbaa81a6d6ae41,2024-12-05T11:15:07.360000 +CVE-2024-52277,0,1,929c11025f847c96a6c3e978ca84c7f9bf3faf4b7272c7dc198086d208a234df,2024-12-05T14:15:21.547000 CVE-2024-52278,0,0,f6727d2bf49859f0724c1a39e0d775cbd477e6bb49e30b91be3cb4bcf4a7b7c5,2024-12-04T12:15:19.763000 CVE-2024-5228,0,0,d7fb18ef663e7fbb963ee04e575f2bc258b900955c0912600676521519fad837,2024-05-24T01:15:30.977000 CVE-2024-52283,0,0,f59df4d918f6034e17961b306063745063af3cc2eb28f2a813fc1b7331b63f1f,2024-11-28T10:15:08.543000 @@ -267596,7 +267713,7 @@ CVE-2024-52318,0,0,2bba437e59239c6e36ab9227be3e173d0f3c7cc38d614e024ac840e507a6b CVE-2024-5232,0,0,8d68905f3b69b3dadb32694d2c73f30dc32ad3c794d56bacf5b1c8bfed3d3bb6,2024-06-04T19:21:02.890000 CVE-2024-52323,0,0,4140a8efee2487f8a0ab9781f1095192b3a647c23a2a9eaba3cf214b9a3b68db,2024-11-27T15:15:26.377000 CVE-2024-5233,0,0,d230ff373762a089849cb791769c151d4d1eb1a364270894bffa0dbac945e679,2024-06-04T19:21:02.993000 -CVE-2024-52336,0,0,9862ee2f08b867c4aec9679fde3c34020806d6ea0e1bbe82d4d6575bb6602628,2024-12-02T14:15:06.410000 +CVE-2024-52336,0,1,dd607d54a19f06d9586ad47f8dcb31a3a661a8cc06227fd4e6ebe7bf5d6da0a8,2024-12-05T14:15:21.663000 CVE-2024-52337,0,0,9656de207aa30a2d131aa04cba5e006cf8cd5efaccbbfa03406364f930f0e487,2024-12-02T08:15:07.793000 CVE-2024-52338,0,0,9bcca0f5584def2789a1613da17d1dfa11f003cf9877e634fced8f070cd4a571,2024-11-29T15:15:17.550000 CVE-2024-52339,0,0,a92fd5f858dc2ec0979f9ef9252c34f43da704c1fe29995d6e8479e981a2460e,2024-11-19T21:57:32.967000 @@ -267812,6 +267929,7 @@ CVE-2024-52553,0,0,11348c28b862f60d8b3c8dc11ab0fb5f1e53e1358b82b1f8a97199c0de1f5 CVE-2024-52554,0,0,6589eaee43c4794afc2869f1e1fb69f264d40d3a38b215d2e67a517b5a3abbef,2024-11-15T13:58:08.913000 CVE-2024-52555,0,0,c97d8ff69d857d692c46704b7ff49ed428a5a26328d189c8729b526799d5895f,2024-11-18T17:11:56.587000 CVE-2024-5256,0,0,c0c79be075ef53b66bd4c726b840e366d70c6f0c56013178c0440e2e2bf91c1e,2024-09-24T18:41:40.007000 +CVE-2024-52564,1,1,18983955880ef907ed28cbb37a105d98746b8b276ab26ada4169cdb5d146ec41,2024-12-05T10:31:40.663000 CVE-2024-52565,0,0,fac10903d391ff827ff014e5a95deca40d1f2e18da523c49b30be0512dcf1829,2024-11-20T14:33:29.197000 CVE-2024-52566,0,0,d10b255a94ff44786570176fc140bc95e575e386efb795bde0c1402a587d6201,2024-11-20T14:33:20.813000 CVE-2024-52567,0,0,9cf3af2e46b3841bed2eadd127e126772d6c66c831ace68475e4f96d1a032f91,2024-11-20T14:33:09.433000 @@ -267847,7 +267965,7 @@ CVE-2024-5265,0,0,23ae6b699421b146407b64fc352f84f4385a86a37bc2f3798f85fec07534db CVE-2024-5266,0,0,0ac195748009e62b525761c49acf97f593b0c2f3ac01d138f9c93c4ef03661dd,2024-07-23T20:17:55.073000 CVE-2024-5267,0,0,46668d154f6ef78d29586983d5d2edaa995ecd77518ea035f59ce7176b7147a1,2024-09-24T18:56:10.507000 CVE-2024-52675,0,0,dc005f40e646c27e5740398c3f6fdf61120f8160379ed2d6a5fe11413db7e190,2024-11-19T21:57:32.967000 -CVE-2024-52676,0,0,bf39e8e658884f429bc2e34b87b8a78f2d37595d5dc8e2078826848968f3d39e,2024-12-04T17:15:15.207000 +CVE-2024-52676,0,1,07a21a59fffbd57b0e87dc5ceee7a6305cf9629856619ba6c0919fe0dc4de1ce,2024-12-05T20:15:22.530000 CVE-2024-52677,0,0,a5c88ce47454194627be2f8f1fe3df00ebe0da52945fee61c5f68cd7449a9b4e,2024-11-26T19:15:30.253000 CVE-2024-5268,0,0,a6d8167214bc75f9071a59fc8bc107cab067c253ba36f8c70c02e602f94a1506,2024-09-24T18:47:03.597000 CVE-2024-5269,0,0,fcc703e959dc9fcd54d2dba10777aa46d0a7036a8f955bfd8c508426ccf0b225,2024-09-24T17:50:07.957000 @@ -267892,6 +268010,7 @@ CVE-2024-52789,0,0,f640d56967c5320ac75d58f4ec0e813038d23df15a507a7fb489e9968905a CVE-2024-5279,0,0,2c6d1e53ece85fba55c2b83835d7abf75ca4da167ddbecc0aa984e59d469dd0e,2024-06-04T19:21:04.240000 CVE-2024-52793,0,0,0bf635877e4ed12608107333336dcfd2b6a54401c02c3262c9d2babe5054c5c5,2024-11-22T16:15:34.103000 CVE-2024-52796,0,0,c4bd427fdb738f1679f0a9210a59387be5f22896c83df074062019be41d6dd7e,2024-11-20T17:15:20.953000 +CVE-2024-52798,1,1,9088a4c7a7b8e73efebc0a989d530a18f116b7d5ff94b262738b79815c076449,2024-12-05T23:15:06.310000 CVE-2024-5280,0,0,86594c27d113c80fe7aa0a775d64720f8f3d823c49f62206ae5f1ae12a324b16,2024-08-01T13:59:43.187000 CVE-2024-52800,0,0,33614182cc9b4d3349a9904c03846eec72212dbb8490ca45f9ad64e956176494,2024-11-29T19:15:08.713000 CVE-2024-52801,0,0,d525f21f1148c8de036d0ddf88b67ee0013549964accf061ff9bd87a44f68775,2024-11-29T19:15:08.890000 @@ -267938,7 +268057,7 @@ CVE-2024-5294,0,0,717ff7ad64d7503e40c366bff13431a98da71a0fd2586ca956ddf2437b8cbb CVE-2024-52940,0,0,4899ba7a4b0253bf6736cdb115d3b83a6d38ef8f644ea7c3b0ceff9826e8352a,2024-11-18T17:11:17.393000 CVE-2024-52941,0,0,994a90a347299304b8eae5625a81e79879ba1642baaa7bb0fd2515230fec7b46,2024-11-18T17:11:17.393000 CVE-2024-52942,0,0,2d71991d3f620c8d414abd7959e93219f8ba421f1204035494c4ef43cfc04a08,2024-11-18T17:11:17.393000 -CVE-2024-52943,0,0,1b61c110823c3190af49de4fecc893fde6501d47c2afacf8e23cc10dc5b35773,2024-11-18T17:11:17.393000 +CVE-2024-52943,0,1,d5c6bc47533ab9a97b195406cb86e7bb8f9eda768e925a1c87ce5dedad6dec58,2024-12-05T21:15:08.420000 CVE-2024-52944,0,0,891b166dc630c154b3b088f9607ee62ecd73eada6f254a4630122c61f4fa3591,2024-11-19T16:35:19.310000 CVE-2024-52945,0,0,63027697b61e71930738cff69e21a659b1ff06f97d852d7c9fcc49bfd776881d,2024-11-19T16:35:20.020000 CVE-2024-52946,0,0,ef4806982226269ca873cfccc34dff633254ace5ad4fa6e29d31cbf5dd0c16de,2024-11-18T17:11:17.393000 @@ -268026,7 +268145,7 @@ CVE-2024-53109,0,0,7f26b5fbd302d9428fb778898098f50613f01301f474333bf4c2e409087dd CVE-2024-5311,0,0,4e4e9b4edb642fa4d04760ded51b93254fd12f5bde190a96e2c1818c58cf4797,2024-06-03T14:46:24.250000 CVE-2024-53110,0,0,4fb57ef18c905c99d2ef421edab043e7e478bc8dbb022435b6245e56d9a936cd,2024-12-02T14:15:11.803000 CVE-2024-53111,0,0,ff35a79dfa18e9a3c4b3d829b0c454b489b08308fddaa4f3b24236629109a596,2024-12-02T14:15:11.903000 -CVE-2024-53112,0,0,493e428622d78ea7d1db31e2e4c853a634f05b801abdf51906d6cfb64c66e04d,2024-12-02T14:15:11.997000 +CVE-2024-53112,0,1,1f52fe6b05ca9a744cc5559de0f46a923bb8636dcf8a82d706d9e59da13f9b98,2024-12-05T12:15:19.190000 CVE-2024-53113,0,0,23898fdc6e9baeb57bc1e1a8ad0c7b5eeec55fa8aa89c67420cf40f70626cbbf,2024-12-02T14:15:12.097000 CVE-2024-53114,0,0,ddbfe6b02798114c2beb1a23a1afd80c6c7ee628dfd08f03d1e8a97ebd3e0615,2024-12-02T14:15:12.197000 CVE-2024-53115,0,0,0d48a8162cdf298c9e7d3f2ab0b4a676a02670bb4fddc2176cb34be1974bc124,2024-12-02T14:15:12.287000 @@ -268042,22 +268161,22 @@ CVE-2024-53123,0,0,dcef2903ddd7f9038bf183b6ef6585245f13744aad480c16672e1f79f35f6 CVE-2024-53124,0,0,ce00db9f52d4602938a9498c77e180ac9ff339a933c4e30878280323c81f97d8,2024-12-02T14:15:13.220000 CVE-2024-53125,0,0,43afd00df3c663365d0f10b7914fbddd39434ca1bab6ae886e0992d3c66d10ae,2024-12-04T14:15:20.460000 CVE-2024-53126,0,0,ee300ce2fe08b359d05ec932ced473611e48ef0673b121a0bb43a8289dc7be68,2024-12-04T15:15:12.540000 -CVE-2024-53127,0,0,cc2218603ef0bc951c96f8c863300e009964e509ba993c0fda1d1902ac487bc5,2024-12-04T15:15:12.637000 +CVE-2024-53127,0,1,f1b9f1d8c1d68aed066842d4cffa4d82c55f1372474f930f1a334cf72f112ad1,2024-12-05T12:15:19.320000 CVE-2024-53128,0,0,facd6aef343d89909f023b720f1ee7bd7fdedbfb65ba1abf3ccc85681e46bde6,2024-12-04T15:15:12.737000 CVE-2024-53129,0,0,b7bae6cbd65f11e8c206b53746cdbef6ecefb987252adf776a59e1954349c15d,2024-12-04T15:15:12.837000 CVE-2024-5313,0,0,f1cdfb8a50e98ae6ac3af0ea1d50716e060963965a73a7d8f531b777ae15b8ad,2024-08-14T13:40:02.907000 -CVE-2024-53130,0,0,41d509684d5ea9873593fcada6424a1ec3f1ed5cb5b1895e3afe4cb3cddd2a04,2024-12-04T15:15:12.927000 -CVE-2024-53131,0,0,73e6a4ab7278e1057f313ad27e10ce3868722f6881e4ec2fb1873c27491acd38,2024-12-04T15:15:13.090000 +CVE-2024-53130,0,1,42806abad4cd4ff7932dabe2248dda3ff55867fc0004cd8ff2d3579a21ab719d,2024-12-05T12:15:19.417000 +CVE-2024-53131,0,1,8f5779c74360dd8e72efd93891c126ebc7d89bd62a2c6d1c93cd6744d08872e7,2024-12-05T12:15:19.513000 CVE-2024-53132,0,0,e51b7b1476e2f729ab964a586e98986e4e6f1ab8c35a4b562721ba867b26dbf7,2024-12-04T15:15:13.193000 CVE-2024-53133,0,0,16c36f403f66be61d12f083aa24406f9744b56d22276089bffff2d5e219071d4,2024-12-04T15:15:13.310000 CVE-2024-53134,0,0,e48c62226358a312dc8eba1377e6bff671f99204fb8c37c363bbe85d6aac2667,2024-12-04T15:15:13.503000 CVE-2024-53135,0,0,31f82adbb18f449866f3e3497120af16bb1647e33bef34a597bbd9d2215f06ee,2024-12-04T15:15:13.630000 -CVE-2024-53136,0,0,f6e4837c48b458b0a293bff28b13ab0029c74e2a4fcd90a96cea4266a1b4eefa,2024-12-04T15:15:13.737000 +CVE-2024-53136,0,1,0055b191ea27f10c195b10bf6f40befcb26d75b86329ef5d09422a600fbf7655,2024-12-05T12:15:19.617000 CVE-2024-53137,0,0,c197a7e4675d1f451c839a6de66e0b5bd59f7f8a79fef07e23e4b3e48a847694,2024-12-04T15:15:13.843000 CVE-2024-53138,0,0,de139392b28bd8c9d32d2e1c4772dd0f6a1b16aaacc94b87a9d05e711c747d66,2024-12-04T15:15:13.983000 CVE-2024-53139,0,0,bf979a7146d5ba9a5d2de25db6fbab96172e8502b1c148b2beb6afc201708ae3,2024-12-04T15:15:15.643000 CVE-2024-5314,0,0,a7cdac28c15b59d972bbd1ad7f63aae58232f4c63fcf8544d4cfc91c709ee3db,2024-05-24T13:03:05.093000 -CVE-2024-53140,0,0,816d7ea16582c6c4bde331607e12b601f27c6f94d9cdbd334614166721bb1015,2024-12-04T15:15:16.803000 +CVE-2024-53140,0,1,1e305e6de8211be0acb862b44bf00edd966f43bd03f0e8788aef5f08b97bf852,2024-12-05T12:15:19.703000 CVE-2024-5315,0,0,8579169b825e98cf3238daa1adb0a4d2ea9e4baf40a7a9906b16d52fd8bd309a,2024-05-24T13:03:05.093000 CVE-2024-5317,0,0,ca9413f34c0b442e0ebe516eaf4713c47241a346ee54ab90be673b58c28dbb75,2024-06-11T17:22:08.007000 CVE-2024-5318,0,0,837e96b053ddf8bba826c345247317ae9421322227a87d1660e3de27e2bfd29a,2024-10-03T07:15:31.463000 @@ -268106,14 +268225,20 @@ CVE-2024-5343,0,0,fedc1366914170279f2e5d2ad585273a49bb658750b62f8b5bda5b06ac846b CVE-2024-53432,0,0,91200366caef4fd477ae549a4b97936ab0103419821400acdfe9619ad1d645ce,2024-12-04T16:15:26.240000 CVE-2024-53438,0,0,269e7677ace7d9295c53368d7a770c8536638e497558c04303dcd88d3a89eb20,2024-11-27T17:15:14.647000 CVE-2024-5344,0,0,b9eb66177d3d824bf1f1529dfc9f0ece4e45e95565139113aee3e384e4e64696,2024-07-17T03:07:04.743000 +CVE-2024-53442,1,1,49e8e8bcc8b7bcaa280093d521e6aff7558296bfd4e322e6b9c1f1a52f419341,2024-12-05T20:15:22.693000 CVE-2024-5345,0,0,e63bd8698ebea410f9684596571cb5f236dcece9e087d3c47739e1f377731d0e,2024-05-31T13:01:46.727000 +CVE-2024-53457,1,1,259bd6c076001b05a53a6db7730fb132a1ffa6bcde3e25274effca4e2dc119cf,2024-12-05T22:15:20.247000 CVE-2024-53459,0,0,bcee038fd506b2d042b2e2518da0df51a6c3759ec3722aac04f828072f98c4d4,2024-12-02T18:15:11.123000 CVE-2024-5346,0,0,da43d69a3160345da9f992308a5772b156b46661e78425f332f67d306a3affb7,2024-06-24T20:00:59.240000 CVE-2024-5347,0,0,16093735dbce016cf2430c73a4d8045f77e47434e1c219ace83416138a28cb5d,2024-05-31T13:01:46.727000 +CVE-2024-53470,1,1,dd20b2b11b8d7d06417674d3fbe9abd018dd69f2cfc472db4c40920988f45a16,2024-12-05T16:15:25.743000 +CVE-2024-53471,1,1,66cc0d978b899152ad34f9e5009670c46bda848efae84b041697b92c01e3a521,2024-12-05T16:15:25.867000 +CVE-2024-53472,1,1,72dbc0cce14855ba1d3569457dbee3a8b2bcc3ee364096a0891b3e57adbf038f,2024-12-05T16:15:25.977000 CVE-2024-53477,0,0,753aaf8c684bb995d983939a69c12192942ed2e573e55f2d4f5233aa6560b86c,2024-12-02T21:15:11.217000 CVE-2024-5348,0,0,bc3d8d1f3668d1fc879553d2a82a62e6b9980757b64bfd9f1d5fdacf853f73c6,2024-06-03T14:46:24.250000 CVE-2024-53484,0,0,c9442618db175b392539d76a1a9674a888dcbfcc13582e8461a2dd3982136eb4,2024-12-03T16:15:23.980000 CVE-2024-5349,0,0,095035450c60a13c08898917421d5656b2399179b1253e40806dcf47c3a4d9f7,2024-07-03T15:44:23.807000 +CVE-2024-53490,1,1,c2f3aa4cff7ef0e114b620eaf49a4030edbb963b6051b20627f7157e432c7834,2024-12-05T17:15:14.180000 CVE-2024-5350,0,0,8440f1aab6c7debe55a047353772f60d1de30f1b1b7f7fc13c3946381d3b4f12,2024-05-28T12:39:42.673000 CVE-2024-53502,0,0,796f631a4221f653674d6eeb03fdca50c0572d23f83adde1a69eeb9e0fddaea6,2024-12-04T18:15:15.623000 CVE-2024-53504,0,0,0cf1059548643389b1e33bad68f218b18235298c923b702dcc5a0c676fd86048,2024-12-02T17:15:13.047000 @@ -268122,6 +268247,7 @@ CVE-2024-53506,0,0,9dfa3208f902ab3513f3502d8928ce98e8eedec2f27ad06842644780d149d CVE-2024-53507,0,0,12d141a23906013906618b23cee234cf31c91fd8e1e8d9da3760596286952af5,2024-12-02T17:15:13.707000 CVE-2024-5351,0,0,5b3be503117b69cfbfdb88b1fae31317d85f3a58c24bc4f082dcbe98687cb2c4,2024-06-04T19:21:05.570000 CVE-2024-5352,0,0,da1c4d8b4e23dadce106da9517801ea125925e8071854aa14e0650ba3020a2bf,2024-06-21T18:15:11.303000 +CVE-2024-53523,1,1,f6c4b1b131340f304393c7e2660d3f777adfa845ef58c906f19150ea50850fd3,2024-12-05T21:15:08.573000 CVE-2024-5353,0,0,525ae1f28e269a2f910a2998894d881f94e776efad76469271fac08c213e4cb6,2024-06-04T19:21:05.680000 CVE-2024-5354,0,0,2705d9995a32176e712249b570d9e2fb33b0b6cf2235d27d22b60367c7562ece,2024-06-04T19:21:05.783000 CVE-2024-5355,0,0,5f2e376ce579cedaa86f2a16497e6e751e8e7c9f0422d5f739a3fa31c20b6848,2024-06-04T19:21:05.883000 @@ -268133,6 +268259,7 @@ CVE-2024-53564,0,0,ee44fd6febf6e3201f87a735b43a7379c65a5b9126e3a8a7c6cc777fa4406 CVE-2024-53566,0,0,dbff5ecbfdcc9c433f6a2fc9ea0927173d5445ca6c33bb6be0347daffda46700,2024-12-02T18:15:11.500000 CVE-2024-5357,0,0,3e42587e7af2230be214dc062d75c1c832a73aeee43ae2fc11277198b34ad5c7,2024-06-07T20:15:12.387000 CVE-2024-5358,0,0,fdd72871ebf6d62b075a63baf142931fcf44d230f54a18747bfadc4ddcff1dbe,2024-06-04T19:21:06.077000 +CVE-2024-53589,1,1,e6ea74d6ba980667ff85c0da57e23b7f53228d6ee63da09da103e2ca365fa6b1,2024-12-05T20:15:22.813000 CVE-2024-5359,0,0,0dc709734361df5232c8a75ae2b832e7f1398579fd9d2edbd5174e887cf59eee,2024-06-04T19:21:06.183000 CVE-2024-53597,0,0,6fb1877a0982ea160cbc42724beb034aa3214028a5ebc23f5e6957510a045bcf,2024-11-27T21:15:08.170000 CVE-2024-53599,0,0,fd3383bf56de062fbdbeb229ef5252493e3482e4bcfabf0584010575f7387ef2,2024-11-25T21:15:21.993000 @@ -268162,6 +268289,8 @@ CVE-2024-5368,0,0,769eef522c880c8dc2093ffee3167938a54b59c296f29ac57c1d46dc08bc9b CVE-2024-5369,0,0,29d3079c2fa6a7da6972686f223f9055b777de966536d115ae3b502886660c79,2024-06-07T20:15:12.487000 CVE-2024-5370,0,0,8d5901c25d38686248547e2a8832556411ad40480084c4770850db2b44d5a57a,2024-06-04T19:21:06.980000 CVE-2024-53701,0,0,f4abe9649c710b202319e22139a56475c551199e0e3e57f7ccc2eaf6ea401cc5,2024-11-29T06:15:07.327000 +CVE-2024-53702,1,1,fefd61abb610cbd4ae8298ddd1a5340c18b419e8dd9d9d4a1829bc4f85421878,2024-12-05T16:15:26.077000 +CVE-2024-53703,1,1,4f1bfbed1af3a8041d3d4bf384b68ecfd69c613611ec744a286862822291b830,2024-12-05T15:15:11.270000 CVE-2024-53707,0,0,a9246f735bee9bc7750700a9c6002bb8b6dde861692868616037fa1dcb717775,2024-12-02T14:15:13.323000 CVE-2024-53708,0,0,efaeb83838813199845e63e7481a204f70f52ca3d8667f17b131ad7d329a0921,2024-12-02T14:15:13.457000 CVE-2024-53709,0,0,b365e38c63651e90ce91d3f404bbdba8b1cb0d65ff4d68d2e2fbafcce3c07dbd,2024-12-02T14:15:13.600000 @@ -268261,10 +268390,13 @@ CVE-2024-5383,0,0,d150bf26fb35d2a14ee1eb4bf942c0bdbcc9199cee0de8b154db204bf6e235 CVE-2024-5384,0,0,73e6d40ec5d3477f7ae6e5e9fbabb11a01cb879f05dde3e0d9f2c2760497516c,2024-06-04T19:21:07.913000 CVE-2024-53843,0,0,fb790ea92e56bce04d8543f109eb747d943f316d3eeab0b48f576ddbb2ed9eb5,2024-11-26T00:15:07.430000 CVE-2024-53844,0,0,f54d4575fccfa45cb1306e55e04ed154008d30b320d65227acd00b96c54e3472,2024-11-26T19:15:31.463000 +CVE-2024-53846,1,1,a5b8aa7fe2c15a05ed4f764c6d1a2042b295fa8b210c72b3998a3b145d612c10,2024-12-05T17:15:14.477000 CVE-2024-53848,0,0,4943d65b2b1e25705325ac81d74abb04005ec4fd6d8cb031814f1f81e80b88e2,2024-11-29T19:15:09.290000 CVE-2024-53849,0,0,7af089348f539339d95898472d9d3628c7f064721068fcc5bf049d36df5b9760,2024-11-27T00:15:18.223000 CVE-2024-5385,0,0,5113296fe5b95e2ca5ffa573f35631b642d4f934e6e56cfebf21d51c8e50ce86,2024-05-28T12:39:28.377000 CVE-2024-53855,0,0,3b7a475c32d1d09fe2eb4189fd1d6fb7d653d88d8eb34139f0255f4c5d06f551,2024-11-27T19:15:33.563000 +CVE-2024-53856,1,1,a4a1d6455d97029b8f32805a97026c4d88358e012fade5b10ecf069f47016ce7,2024-12-05T16:15:26.237000 +CVE-2024-53857,1,1,b80cf581021cd381dfed14a9d1f5f1a16615422e22ab4b7a68cfbb037d84903b,2024-12-05T16:15:26.393000 CVE-2024-53858,0,0,6c64b7a629ccdbeeaa44425cb24892d67f2dbeb5f6725b97741be6047ebd2567,2024-11-27T22:15:05.520000 CVE-2024-53859,0,0,4facd2b494aef0ff73beaf08d6d1ca6f6f9ab5c48842cb7bed7f8b39e94a454f,2024-11-27T22:15:05.673000 CVE-2024-53860,0,0,f686ec46a02a9bc4a804217b41a7af4658fb7390d2c722028f65e08a7a2b5414,2024-11-27T22:15:05.833000 @@ -268310,7 +268442,7 @@ CVE-2024-53979,0,0,daaf571bfcfd25ad5803f97558dcc6ea565a6375b17d8bed4a6f9cee29769 CVE-2024-5398,0,0,1fca9edd99ff7753e0d36d6f4d73a5a23ccf8ab9dd992541f79488471e393289,2024-06-11T10:15:13.690000 CVE-2024-53980,0,0,f2c4b71c263d54957f07bea69df75ebb3d992381d97f959d8cfdaa259a929ae9,2024-11-29T19:15:09.993000 CVE-2024-53981,0,0,4ba898eb1befa3f2561edd750eac82eeb420da27aa2d03f7cf36b5b838c9b47f,2024-12-02T16:15:14.457000 -CVE-2024-53982,1,1,11be013e43e9cfcb4b54a9aaffaa7cdc9393b7f2f61364636d8c0f43d29d6534,2024-12-04T23:15:05.943000 +CVE-2024-53982,0,0,11be013e43e9cfcb4b54a9aaffaa7cdc9393b7f2f61364636d8c0f43d29d6534,2024-12-04T23:15:05.943000 CVE-2024-53983,0,0,53274ba64b5204fbd988c3ba5170f84dc187572b2bad72061a88e06a87cfa81a,2024-11-29T19:15:10.137000 CVE-2024-53984,0,0,892c82f8a41d78ebdbb6204162b35fdbbfd980dac8482c839614b9f0b40eeb3b,2024-12-02T16:15:14.603000 CVE-2024-53985,0,0,b2dd022282a98e85588906fb6b8a5b377ec403f760a946a9025c43dfda60aaa6,2024-12-02T22:15:11.197000 @@ -268324,9 +268456,11 @@ CVE-2024-53992,0,0,968e2d279d6edfc36860c960df4396bf9d9df657b6a78a28aa81a3adc4be5 CVE-2024-53999,0,0,80e3192c64b986a2c82f7cb85ff5081bb2235e4dec0ec9c5a1f5324ae09e812c,2024-12-03T16:15:24.250000 CVE-2024-5400,0,0,094967d50b5003fa8a1a95a7cd40ccdb2300c03695bb818acf6e11d6054c6ffe,2024-05-28T12:39:28.377000 CVE-2024-54000,0,0,79bf0fc3308433671fec9e277259b5b3b941c6e3097b99968c0a0fe0b45a16f5,2024-12-03T16:15:24.380000 +CVE-2024-54001,1,1,045e80f770794ebace72678238e7eba8e7d1da90cac59175504e695765cee940,2024-12-05T16:15:26.650000 CVE-2024-54002,0,0,5b9cdb59ff01c2fea869162b60f55e20fa576bcef3f36d1de9c6feeadd4e5a60,2024-12-04T16:15:26.537000 CVE-2024-54003,0,0,2506866a989efaeab3da1a8a5555a804f26e4215f0a647f04a179f236368dfb1,2024-11-27T20:15:26.133000 CVE-2024-54004,0,0,4b55764e78df7d1fab73ac81a29fd36001f40116e182b6aab547372d06b234b5,2024-11-27T19:15:33.723000 +CVE-2024-54014,1,1,8002712c59b55cdc4ba12bd2610f9a3a2dc8fe432f13e521dbed979748bedc1d,2024-12-05T03:15:14.530000 CVE-2024-5402,0,0,a5e55a0c84701c59a5f5d7ada1c30ecac8bd71919dc47c454e4a5ba90cd9220e,2024-07-19T18:03:55.583000 CVE-2024-5403,0,0,2e916307137919215633d6a47f3e654241b49fba1a899d76e9efd2abd496b6ad,2024-05-28T12:39:28.377000 CVE-2024-5404,0,0,9555ba3a9174cf37744b3f17110afa21577889d292df132a8c1f8da3c56bf2a0,2024-06-03T14:46:24.250000 @@ -268340,11 +268474,17 @@ CVE-2024-5411,0,0,6f38aadf376ed626f84103b80eadf7d4a3da9be020ddcb9fa408be6d4c8307 CVE-2024-5412,0,0,5e7f5482cbb5bbe521f2cd5ff48f80c18806840859b33baffa51a21bf41b87d8,2024-09-06T18:07:43.940000 CVE-2024-54123,0,0,adb9d810678343393bca99901a3c1b47719ef78df3ca8f4e2f7e11c7b4e0333a,2024-11-29T19:15:10.287000 CVE-2024-54124,0,0,d93261f0be0c719ea94f116c38fdd88edcab344178e1fea1cd1f60fbeb46997e,2024-11-29T19:15:10.443000 +CVE-2024-54126,1,1,3941fb8e728e330fd976c4332894869311a751e23bfc8b1148739b238362642b,2024-12-05T13:15:09.290000 +CVE-2024-54127,1,1,1f3632bd83d703d51e83762dbd50d31335fa604dbc681ed9fb25e0202002c249,2024-12-05T13:15:09.440000 +CVE-2024-54128,1,1,9c47e6623bd03f7dd6d453264e3dfee091432a93a8cf8f374106e07fde4d7cbd,2024-12-05T19:15:08.857000 +CVE-2024-54129,1,1,3106f05d6b9cff7de79d19a67d0ea1f2d0ae89e91a7c5154db6a3d130c7cc624,2024-12-05T16:15:26.873000 CVE-2024-5413,0,0,b448c8c4fee794a9903e33e6c17f07ddeb3dd7c0bc677024b75809ef047d2c8a,2024-05-28T14:59:09.827000 +CVE-2024-54130,1,1,d743b97b688f1889df506833c19b059d59c521aa9cf19eb794486082f55f5a26,2024-12-05T16:15:27.020000 CVE-2024-54131,0,0,4b4918afa2a4261da20afce1984c24b92c3cd8c05c3ee6659db317d6cf1d35a8,2024-12-03T21:15:08.127000 CVE-2024-54132,0,0,173178d6ece3c7447fdd5c5581bec00491b47d845f420e9310f497032a9cb26a,2024-12-04T16:15:26.730000 CVE-2024-54134,0,0,01f811a321fb67f4c86b325bd0e972a7966de74270807e150473381d1bf3fa29,2024-12-04T16:15:26.883000 CVE-2024-5414,0,0,08acc305e6c9bea4a9589fa3dba157ea62649fb0f8c0ee74aad6ddc09386f1c2,2024-05-28T14:59:09.827000 +CVE-2024-54140,1,1,8089c07e8d24ae695a65dc50ad4895d2855db2c27552ab3d877fefc4a4616391,2024-12-05T22:15:20.400000 CVE-2024-5415,0,0,d8ba178a70f3cfb2a3911a07d12ef045cc2ca261b5b8d85db5edc9c9636eef1e,2024-05-28T14:59:09.827000 CVE-2024-54153,0,0,fe748b404c05f0f3b478581c42b273c9674060ff9a7f772d2c51f053c33a523f,2024-12-04T12:15:19.853000 CVE-2024-54154,0,0,90e5f722e743af34caa289867c96183a78347ae32cd2d8a629d65a02c19e6b39,2024-12-04T12:15:20.047000 @@ -268360,7 +268500,7 @@ CVE-2024-5419,0,0,0d1c725f53c48278ea7823202c4adf24cf8a04c4aff5d8363f101c1d9f2798 CVE-2024-5420,0,0,3867de6c80eaebb04ae4def03e9baadba6a4785f9b7d05c922afac144ffa3470,2024-06-10T18:15:38.367000 CVE-2024-5421,0,0,687f3a5898a97c7e4a575e3431d3fe4a696cee8599b8881eabbed4fc7122e815,2024-06-10T18:15:38.447000 CVE-2024-5422,0,0,a7ac042f03539b57f700d43aa5929a4431fad7f2a64327cabdefb452ddb8c884,2024-06-10T18:15:38.520000 -CVE-2024-54221,1,1,67f24a2c1c99aa5b1aefa0f79f727acf712a4c44842d0ce36de64cdf74b4fc29,2024-12-05T00:15:19.200000 +CVE-2024-54221,0,1,2d54c3720cb1b4520ade85573de8a9c71ac793b9986236bbad8e6d309beb5464,2024-12-05T00:15:19.200000 CVE-2024-5423,0,0,c0eb8661372608209ca31873262040c83e56e01f96081eb3f127055f8501110c,2024-08-29T15:41:13.247000 CVE-2024-5424,0,0,dd542e2b4b449f200a4b1a82e6055968c0edff7c6325ff444ef99264bbf9b209,2024-06-28T10:27:00.920000 CVE-2024-5425,0,0,7d8dd52f9b5040e861c03af02095bfdd1ee95b73febed41b79937ba528037fac,2024-10-29T19:49:44.357000 @@ -268403,8 +268543,9 @@ CVE-2024-5466,0,0,7210eb30821301ab6ac0b6aaa79a17e39c84346dbb1ec0b37d3f9aca66c7a3 CVE-2024-54661,0,0,a7869024e775d27a777a789534fe9533b55cb90ea0d22f9015f9f2a6b4b8ae94,2024-12-04T15:15:17.580000 CVE-2024-54664,0,0,79dc396dc6c5b3917fb202a8de4cee0534c56602cdfe210a713783011dd6c02d,2024-12-04T15:15:18.093000 CVE-2024-5467,0,0,d5f2177f9d3ea444dfbcd8018e7c02f38607b067be38c512aaf8da3b2751677c,2024-08-27T14:35:48.977000 -CVE-2024-54674,0,0,56f9d85353667186a6a0ffb946b91460250a5804fcd9070b9bb3a6467c00ad32,2024-12-04T21:15:25.130000 -CVE-2024-54675,0,0,5589ec032bc34e220c2f359592bccdcbcd7a67a0bb3e53baa6e086289bb87428,2024-12-04T21:15:25.263000 +CVE-2024-54674,0,1,545e92efc26fab029b2ecd902e6764f6f53f740b5b32d49c4c8440f2592a5a00,2024-12-05T19:15:08.947000 +CVE-2024-54675,0,1,14b4e742326580d47a2a009f3e3f65a46d84415cc785ea77b3a28630132c9018,2024-12-05T19:15:09.100000 +CVE-2024-54679,1,1,c0d8b8ded57fd65796fafaf2e701f7a321e0bd0f3755c2d5be3b8cc0ee5e19c2,2024-12-05T19:15:09.263000 CVE-2024-5468,0,0,a9b6881473aab66cd93b6151044b19528c011d8001f0e2556b425e826958e7fb,2024-06-13T18:36:09.010000 CVE-2024-5469,0,0,2b1f02bc4b651b767de9138333ca1493d00343771be32540c7c4d36f10b2a10e,2024-08-30T14:15:16.703000 CVE-2024-5470,0,0,6ad8fffdbc9fc3c2ca94bc381d3be223e310676e26148212c497e243b6c17473,2024-07-12T16:52:52.883000 @@ -269025,6 +269166,7 @@ CVE-2024-6151,0,0,12ec1aee3f7de6ecf0a62e21606cbd6e357a6a7e92793df8af534b3f4e67d7 CVE-2024-6152,0,0,c1506a96f086f74002edf68148148e3e99d50eb834b579ad16316f4c018a0385,2024-07-29T14:12:08.783000 CVE-2024-6153,0,0,b02d5a7d2cf437976ce0fc2bf9815bd6144fa47956956037cde293abd053addb,2024-09-25T14:44:14.567000 CVE-2024-6154,0,0,dc8e40c1ebb3902f0ae8583b2bff8d4b47a9e71d6b236591b7095fe43b4769aa,2024-09-25T14:40:26.970000 +CVE-2024-6156,1,1,b3c61225272b6573b97b1775a885139d39cb09c39e62722a3e664ced6f9f0584,2024-12-06T00:15:04.380000 CVE-2024-6157,0,0,ba718bca331edf44e8731f065ed2c561d20fff24c3c6339fba42788f35999054,2024-10-15T12:58:51.050000 CVE-2024-6158,0,0,a61a49c74eea3cf7b2f2776e552d3388d81c1dff0a3ef5d79b498d50b6e785a3,2024-08-13T15:35:29.740000 CVE-2024-6160,0,0,ef1a3b3e7f3366ded429b369db1d335204ba1e5aa345b7b6a0087f8051f2471a,2024-06-24T12:57:36.513000 @@ -269073,7 +269215,7 @@ CVE-2024-6205,0,0,f32ee6375b433f4c8b075d7f2127800e855cae97c6ef2c703b09eff01b8083 CVE-2024-6206,0,0,6f603126f815a80c6debdb2c8fc884bf16912b4470febb5eed843e2704856d15,2024-08-08T14:35:13.290000 CVE-2024-6207,0,0,b52c7642eebbcc95d2e1891b72bbf3cc2d7047022bdfa87d5a74cc0a9d9e7679,2024-10-21T13:20:45.617000 CVE-2024-6208,0,0,b702d385d6dc69624ae253d69a727703b76fa8f218fc0fa3e0a52d494810eb10,2024-08-01T12:42:36.933000 -CVE-2024-6209,0,0,dde817e69ddab612402867a39af366fc36713e43c4758f0a34432256fd885f93,2024-07-08T15:35:25.837000 +CVE-2024-6209,0,1,23ededbf3b633fa9ca75082bdde887de96d7de12e80d95ced35f5b18c94901b4,2024-12-05T13:15:09.583000 CVE-2024-6210,0,0,d08d160d43811c5bb8dcf64fef0c280a0a7b1e98d094babc485e09ce9fa86125,2024-07-11T13:05:54.930000 CVE-2024-6212,0,0,34100fe8f5d25d02ced89b925f9fc5057176ae86a6f223c0ad2c25b7a8b4f213,2024-08-30T13:54:53.043000 CVE-2024-6213,0,0,b88bd076337ef2a1e33e32994c835aeb58f4bcee4d9f1f644c98407fae8b17dd,2024-08-23T02:14:56.413000 @@ -269082,6 +269224,7 @@ CVE-2024-6215,0,0,d01466c5e4679da2e3cdde9d249cad88f46489a58c2f36859f7f149e67c896 CVE-2024-6216,0,0,fe1f34e9619d7bae700607092872e4843797973f7a0c9714b25790af3f1b2538,2024-08-23T02:22:23.120000 CVE-2024-6217,0,0,f28648e0277ddbd712b9473f83f11301c76893b98cd82a40d2daa67293b40bfa,2024-08-23T02:22:56.160000 CVE-2024-6218,0,0,68b875a1a263799f2f3717a6585787b268a1f6dea7053cae20430ca2c3ccf3fc,2024-08-23T16:39:49.487000 +CVE-2024-6219,1,1,8d051f4124859b4dcd2bb7c6cb7fdfd170fbd27e27d11ec2b6f9bed7b954241d,2024-12-06T00:15:04.530000 CVE-2024-6220,0,0,e02b2d21f9831e678f98a588025ea8ceab0b9f96191557805441514ff6bc987f,2024-08-01T22:15:41.733000 CVE-2024-6221,0,0,61f042058b385b7bc60c2d633e822b23c6dcddf14b1004ade2fb997e73ad48f8,2024-08-20T19:37:23.077000 CVE-2024-6222,0,0,7da69ce6fbc5989cf8dc00c0967cc47c0670f03447330ea36d4de40ed4ce08ae,2024-07-12T17:05:39.070000 @@ -269157,7 +269300,7 @@ CVE-2024-6294,0,0,6861b07c812d83f91d71f7debd7bceef842b75d3674ed4d3d3bc8c78f80cf6 CVE-2024-6295,0,0,6974dd8bca7a8733ffaa8a25fda92f05fa5401f414b83da9f4dfc077af03c181,2024-06-25T12:24:17.873000 CVE-2024-6296,0,0,ad497f6e9d6235263dfb693fc3f010ae379c7d179705971402644dde3597c48a,2024-06-28T10:27:00.920000 CVE-2024-6297,0,0,a3f380718b9bb20e05727d0bba354cb709c1e8dac0c3e7d233a3418fd6553992,2024-06-25T12:24:17.873000 -CVE-2024-6298,0,0,0564e4dbae222a072a34ea639ec0741c70bbb18f77d457629ad6e21b9d2f5dae,2024-07-08T15:35:16.450000 +CVE-2024-6298,0,1,0144420f368604f188e0a5e444c2e84e007298947133b769ac11377734904fab,2024-12-05T13:15:09.803000 CVE-2024-6299,0,0,deeff7f90f7c50b2cb74685e026c9066c7461552c971e4e3f4294408fff2b930,2024-09-20T19:24:13.170000 CVE-2024-6300,0,0,ccfac221fbcf48a8bed666f615ef474dc36eed87bb7279797cea0ae40b6c056b,2024-09-20T19:28:01.410000 CVE-2024-6301,0,0,973a71ee19fd63fb93e61abfd4c939b8c74c19b664d2bbf57f242fc70acf502c,2024-09-20T18:58:43.323000 @@ -269349,6 +269492,8 @@ CVE-2024-6510,0,0,5e8ec1aef4696d364d1cf0507192e6236a7f19c30decdfeea7966d96cda0fe CVE-2024-6511,0,0,053f3089b06a0cd915df79eb3301836b5db5c9fe4d3ed571ee6923d36f4d1832,2024-07-05T12:55:51.367000 CVE-2024-6512,0,0,906938fa7a056c51f95f91dd79dd34ac36ca181a28b11365ac04b0f9d5c62236,2024-10-01T16:36:43.733000 CVE-2024-6513,0,0,bb977a38eaef5aa918756b3907c97d9805111d3bc118dcf2b0096d1bbd202aea,2024-07-04T16:15:03.103000 +CVE-2024-6515,1,1,a065beca0363e13faf2bbb4c18efc2260f32cd3fef62184f52bb40a78e6fcfa5,2024-12-05T13:15:10.010000 +CVE-2024-6516,1,1,304dd5ff61ba599a7edcc819c6955b1ee8a7159296036e0092ca8795a3513a8d,2024-12-05T13:15:10.197000 CVE-2024-6517,0,0,f170167d48def43eb19df077ff3ef68c655e06896ed245e4dd4a412fc6b98463,2024-10-02T17:15:56.760000 CVE-2024-6518,0,0,7382529f36b9b37e0acec24889e25676a677588945f854438be53c4cb8bd58b0,2024-08-27T13:15:20.033000 CVE-2024-6519,0,0,abf9f0a3aa081ff5a2a08978dcc7886639047fab432ae7dabef37ac5254be60f,2024-10-21T17:09:45.417000 @@ -269584,6 +269729,7 @@ CVE-2024-6780,0,0,1eae51b7c5e34681d53ddb7bafc670b27cd3eb74ad781e859c5982fedfd463 CVE-2024-6781,0,0,678fc4d6db3dccbbb40576923dc15e296dd0a3cca23bbb526dd93d0dbc8a0cec,2024-08-19T17:15:34.797000 CVE-2024-6782,0,0,623508ea52e56d6a6e227168366ca2cd7770a1a0850e95e080f5f12fc915b728,2024-08-06T16:30:24.547000 CVE-2024-6783,0,0,6f1f4a0fa578d50da4a4853fdfd24c63ba19a8604300ab142edf0f6cb8d9a812,2024-08-30T15:15:18.623000 +CVE-2024-6784,1,1,aa9b545040a4712dc1aab9b47a9ac8bbaac57f5576e6bce287456819138a98e4,2024-12-05T13:15:10.360000 CVE-2024-6785,0,0,ef25cfd9dd9fb398c181c2e2c1a44a7dbc0dc59353d1fa28c2cc7cafe3b60589,2024-09-27T18:59:25.253000 CVE-2024-6786,0,0,98f21ab09b2a01cca281fda0397f483af3ef0c01a5476e213ec4980c9cfa3d20,2024-09-30T18:31:50.473000 CVE-2024-6787,0,0,f69f9a07cfd39832fdc2962e9d288436b728db50eb29cb7ded1838c3808a88b2,2024-09-30T18:02:51.080000 @@ -270183,7 +270329,7 @@ CVE-2024-7481,0,0,029caf1b5321966d6fff7b258f5edb21656af3703408123f2c0a2bb28c2a7f CVE-2024-7484,0,0,922e65f90a754867bdae2807b60c4750519990bf6adcc62fb148334df21e54c7,2024-08-06T16:30:24.547000 CVE-2024-7485,0,0,0b34fc91c3d825ea4087a792a0e5c6d839cf66a581a05d0c60df64b0af48f97e,2024-08-06T16:30:24.547000 CVE-2024-7486,0,0,e2579b82a31704160b51da6f8b3285ef5bff1d765f5e0369c7378c4f856658fb,2024-08-08T13:04:18.753000 -CVE-2024-7488,0,0,7e5f9a7e62d9e8f949ee2539cfdd5d11c8ab7d10e6be27f01d35262f676351b4,2024-12-04T15:15:18.310000 +CVE-2024-7488,0,1,cfab9fa1ac0966ee6e07ff9b972bfbce38573aa452b07bf9ee793e7c215e51fe,2024-12-05T08:15:14.123000 CVE-2024-7489,0,0,a911c458f8c85ecb33feabe2fee5828bb307bd0fdaa5447d2dc32acdf03946c2,2024-10-16T07:15:16.160000 CVE-2024-7490,0,0,2dbd6717a12bca522d1065ac017f63874351831b0b05b9f6e750116d667cf962,2024-08-12T15:22:20.267000 CVE-2024-7491,0,0,d689a374fb3537e15633f4540eb868e4dc80670c3ee0d8274c63d44d12227824,2024-09-26T13:32:02.803000 @@ -270846,8 +270992,8 @@ CVE-2024-8295,0,0,907331a3a97a6618443e3aff92f4e758c3135b25ca0d9fb01d74d067e9cd67 CVE-2024-8296,0,0,e31c225486c181d770097ee2f86386b9a5d776a033c8c4a5860d3ba550c9de51,2024-08-30T15:36:36.383000 CVE-2024-8297,0,0,cc2df51be4ac5261775d9a448c17018496059825966f6585d5dfd052f6e898fe,2024-08-30T15:28:50.863000 CVE-2024-8298,0,0,b6e0265f7e06064f96a4b1454f4843c935b76c78438dc3aea3b160aebd5f455b,2024-09-06T14:53:06.890000 -CVE-2024-8299,0,0,0ebc4c84c2f9f187895411e245258e4b680d8d1b6d85f2d327359613e239beed,2024-11-28T23:15:03.843000 -CVE-2024-8300,0,0,0fc4b3fc09462727e7482ad5c41d1ba892f5634ab128d960340350ccc4380eb0,2024-11-28T23:15:04.743000 +CVE-2024-8299,0,1,13450fb8b7bf21177043dd4086ac6103c9116ad9fb2c3b7e88b2bf4ad0fad980,2024-12-06T06:15:22.917000 +CVE-2024-8300,0,1,f759b4fc115786982e95e48aa22c16344b7d64cb3df0305ef0d630a56766a5b3,2024-12-06T06:15:23.070000 CVE-2024-8301,0,0,517ca402c22af2219c7d5e72c26f25471bc06be609f1fc004544a29726452fb8,2024-08-30T15:24:09.830000 CVE-2024-8302,0,0,e8302268b823029df660336594addee00302ff9a5d73561baeea3f2fb742c200,2024-09-19T21:55:54.683000 CVE-2024-8303,0,0,7d291660edacb98ef58ef33c4f7785c68c1ad74e546b2f9d99bc765dad9ef6ed,2024-08-30T13:00:05.390000 @@ -271907,7 +272053,7 @@ CVE-2024-9671,0,0,07505dc2e62c688e3c2f28b8f629bcf6a677a0c568456141408a4c666f175e CVE-2024-9674,0,0,99b8206db3c3741ff50725aa3969c36280edf4a37082b6473da1336e00a39d59,2024-10-22T14:02:50.473000 CVE-2024-9675,0,0,042e11d1d5f68028611f5290da802c68ab7c3807ddde6d9febec582272624fe6,2024-12-04T17:13:58.780000 CVE-2024-9676,0,0,f87bebf8f4fe552507220e4e3a39d7cfe81d27fa23e0e0624f2c2714aabd7dd0,2024-11-26T09:15:06.820000 -CVE-2024-9677,0,0,944e049c847e061867c66e6b586a0cd99260b04bc2e2059d736567bf47cae00c,2024-10-23T15:12:34.673000 +CVE-2024-9677,0,1,cfbe7ebac9e19e0614aa19077e218b18010f160d6643d0eae35a63f64f2da91a,2024-12-05T22:11:15.217000 CVE-2024-9680,0,0,b270ebb58405bce82b545a9823e949fa4790116b7a4834e574606834227d9216,2024-11-26T19:53:56.537000 CVE-2024-9681,0,0,8b924b450d4a6dbb27601fbb04f08d88c9285a0a1a67208f21518dfaaa0a72ba,2024-11-25T19:52:56.417000 CVE-2024-9682,0,0,2122d85927443e1998d90f1dfaf0e30f87a59df9f9140f4f34d3cb7460150d67,2024-11-19T15:47:07.517000 @@ -271923,6 +272069,8 @@ CVE-2024-9696,0,0,d30db32e6e91542491621f64f323265f1c350c675c770ec19d03f3299ae1a7 CVE-2024-9700,0,0,44ec8c5b1c72b9ea93133516d058ebd0146b084de37af1e6b9ed3d48584cc0ad,2024-11-25T19:57:41.387000 CVE-2024-9703,0,0,dd5db55cccdddcc3b58f6b494a8ef777447f72688cd0a2c60dac8e42fee7b6a9,2024-10-22T15:25:27.887000 CVE-2024-9704,0,0,92369527b8063da99abdde67a70ddbdd6e4fcd2e3488ceb190263ec6140f02ae,2024-11-25T19:19:22.113000 +CVE-2024-9705,1,1,20d5c40b0db6f650cc1e84a3ab162e467658c92bcc6c4d267388a3c02e17df75,2024-12-06T09:15:08.577000 +CVE-2024-9706,1,1,27f8f1d452f3c9a999af573ce441010b7e7c0c2bbf768382d5e022ef26f0dfa3,2024-12-06T09:15:08.727000 CVE-2024-9707,0,0,c90f2d8626169c06a9c1994156c8d1b566f9edce507a1b3435b11fb610b79fc5,2024-11-25T18:50:39.867000 CVE-2024-9708,0,0,fb28899552a0c0ade25a514ca2898578f5022c4291bacf5908d8bff46bbb03b1,2024-11-25T19:59:31.110000 CVE-2024-9710,0,0,126960c7f1cfd4e8c0223664f79eaa5f17ef8dbaf20fff748e956f3eb8545d99,2024-11-22T21:15:24.043000 @@ -271974,14 +272122,15 @@ CVE-2024-9756,0,0,9148e76585a16c910e97a54325b51f8747273a547943c29c001cb0cc296240 CVE-2024-9757,0,0,34122ba71eb2981a92b4c13928c0a3327909071af6c2b1956bc8ab93f391c8ec,2024-11-26T20:53:19.560000 CVE-2024-9758,0,0,ec8d0a77bd28e88fbf6c54993123b2135cbce2cd133a87e8acbf579d9bc463d3,2024-11-26T20:41:51.187000 CVE-2024-9759,0,0,10fefaf19e1f85c2845b971df45d1db31a4a6e054105f6c73e98e35c6908849c,2024-11-26T20:57:23.673000 -CVE-2024-9760,0,0,aa01c828c1d3b49b761ec3f545ef583aa282f8735c2dc21b19b0e05a61a2ca4b,2024-11-22T21:15:30.040000 -CVE-2024-9761,0,0,d2512f64c45793f73d1e20c8ddda7ef83f5025df5cbdd0602f8eaedc25a949ca,2024-11-22T21:15:30.160000 -CVE-2024-9762,0,0,137ce8e38ce809e5b89f7e56334ef2f813429eef86208bf3924e76e0dd499450,2024-11-22T21:15:30.277000 -CVE-2024-9763,0,0,773a0cffd511db6422d452dc98b5722990978885d04c21ac7b68dcdff9ecc30f,2024-11-22T21:15:30.390000 +CVE-2024-9760,0,1,15b8e9a7dda30ccb4b636bf4fea8d6d3ebd6877f13a5deadb059cd09356e095e,2024-12-05T17:33:21.817000 +CVE-2024-9761,0,1,4cea4cceb696706748c677fcebd6dc677d746574e2eeb445247e180077a0c7d6,2024-12-05T17:30:40.620000 +CVE-2024-9762,0,1,74f9dcee23e153b2157c8091731b6c04a6e24fdf787f5aad11f696d82ebb857e,2024-12-05T17:26:42.427000 +CVE-2024-9763,0,1,71d3fd732946412c30f5c3381bf1be4619c7047bec215632c78a01819269c04b,2024-12-05T17:20:19.707000 CVE-2024-9764,0,0,4be58d530095ebbcafcf00aa99a1173dba0d7e35762e0c5d28cb5cc2f8777b1d,2024-11-26T20:58:05.673000 CVE-2024-9766,0,0,aa66736d1aeec3fffcc76a5f37d23ae872ad3f7840ea99138bc3fe34e230cd86,2024-11-26T15:10:00.193000 CVE-2024-9767,0,0,3d175e3ba02a23000ec8b1bdae9aa7548e49e410977d95948238e9a5d9107530,2024-11-26T20:57:03.197000 CVE-2024-9768,0,0,904cffc60d5e826fadde1f9279bf1637d0038b817b76c6a013f678cc172cfc96,2024-11-26T17:14:14.327000 +CVE-2024-9769,1,1,1b9c5b106a2e02b629c4e417000822a8007ac17bf944641f694ba2f35f85c8a9,2024-12-06T04:15:05.200000 CVE-2024-9772,0,0,043bc7caa6859562432d521f3501fd215394ad297fe3470375010095d76d8604,2024-11-25T20:03:01.613000 CVE-2024-9775,0,0,2266a7b7c620bc11662bc20c96e5d18079c0f9f6e1ea844a74a70c443b303718,2024-11-26T01:45:57.317000 CVE-2024-9776,0,0,9273f765f44bf9e907460b214d240344a8be5b3a239edcb0f9ffb7d3f96c7d26,2024-11-25T18:45:54.377000 @@ -272046,7 +272195,7 @@ CVE-2024-9848,0,0,b402d34d635014e43cf3d9b875728458bb9e45308a715285ac01e2036b42d2 CVE-2024-9849,0,0,6c0c40572fde6b055e3b5122b180f47cd1f495a97e16300c65ccc1fcd53e1c97,2024-11-18T17:11:17.393000 CVE-2024-9850,0,0,46bbff5163fdac19fcbf989e651f2e3fe0bb525dd3025c7ac1b112b522023f60,2024-11-18T17:11:17.393000 CVE-2024-9851,0,0,20b72c3a696c703ed11010a5779f9d3a14c460b74c18901665286cfdb1b1ce2c,2024-11-22T16:30:18.880000 -CVE-2024-9852,0,0,35e1be225efb1226b6fd1cb144366c35c220e85cca93cc7590206a4f0e19a48d,2024-11-28T23:15:04.890000 +CVE-2024-9852,0,1,849e41b2bed90ecacf7954d75b35193566f6c1ca4fb88992579ac84971a8bc8b,2024-12-06T06:15:23.200000 CVE-2024-9853,0,0,b003ea260222d309866f9bc6bcac4c0549c1930cf36d8d49eac92c8d99d9053c,2024-10-28T13:58:09.230000 CVE-2024-9855,0,0,f4067d5f9739a4a46f27ed071acd023bca1d9a27db9968d98f329af2e8d70e8b,2024-10-15T12:58:51.050000 CVE-2024-9856,0,0,531963d8959dcaa0b68edaa5a63ce972541a941d9ad2303b1c288946d989ee89,2024-10-15T12:58:51.050000 @@ -272058,9 +272207,11 @@ CVE-2024-9862,0,0,a125c015e3b00c8735ed8c9687686a16a9d40d9b6f2ce90b19ff292bf536d9 CVE-2024-9863,0,0,5a2779f928f03a35905e31f60158c72d5505c6aaa35173f98063e46d2c1389f4,2024-10-18T12:53:04.627000 CVE-2024-9864,0,0,ecd679b570a8abacc1db8d694db02ae1ea10c97942981b05302fe359da1cbf9c,2024-10-25T12:56:07.750000 CVE-2024-9865,0,0,767ca346f0a1ff11496989a87fd401620d0792dff4b8ce54d6dd2bc8cbb6f984,2024-10-25T12:56:07.750000 +CVE-2024-9866,1,1,e5ed4d7fb7390c435090eca6437fb822882c7175a1b050a9e619084dc8aecb49,2024-12-06T09:15:08.877000 CVE-2024-9867,0,0,e67b1f8bf4d2b38a2b9f15fec521fb884d23cbbf85b48f78911bb6397a2ae366,2024-11-08T16:00:04.640000 CVE-2024-9868,0,0,b2463439f3611d00d054cbd441340ef04f6dbee60e35877cb3af971fb7fd3668,2024-11-04T13:44:51.370000 CVE-2024-9869,0,0,2195387ef9aab560e210893ad1e9f3295c5808c9d50c0ada4fa1d17778d3d1ae,2024-10-11T15:15:06.500000 +CVE-2024-9872,1,1,90695c8593c7631e6f71483e9c44d5c58c622e9ed1760df9b1f0a1f33f92245f,2024-12-06T09:15:09.040000 CVE-2024-9873,0,0,54e1b937a83aa8c512a9ce3ab381594073150b73716fb01cf60c5f6e4db0c415,2024-10-16T16:38:14.557000 CVE-2024-9874,0,0,f2eeefaff6dc1bf48f3ae121c662c9abde2013a6363dc8cd7ad5cb2521077502,2024-11-12T13:56:24.513000 CVE-2024-9878,0,0,34a522bfd6522a898b0c35e6aaad7d9eea3a547bd3dbf1793fc567099f36e907,2024-11-08T15:25:45.930000