Skip to content

Commit

Permalink
Auto-Update: 2024-08-21T22:00:17.601688+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Aug 21, 2024
1 parent acc9a32 commit 534fdfb
Show file tree
Hide file tree
Showing 48 changed files with 1,789 additions and 177 deletions.
39 changes: 37 additions & 2 deletions CVE-2023/CVE-2023-299xx/CVE-2023-29929.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"id": "CVE-2023-29929",
"sourceIdentifier": "[email protected]",
"published": "2024-08-21T18:15:09.173",
"lastModified": "2024-08-21T18:15:09.173",
"lastModified": "2024-08-21T21:35:00.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
Expand All @@ -11,7 +11,42 @@
"value": "Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "http://kemptechnologies.com",
Expand Down
39 changes: 37 additions & 2 deletions CVE-2023/CVE-2023-401xx/CVE-2023-40107.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"id": "CVE-2023-40107",
"sourceIdentifier": "[email protected]",
"published": "2024-02-15T23:15:08.197",
"lastModified": "2024-02-16T13:37:55.033",
"lastModified": "2024-08-21T21:35:01.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
Expand All @@ -15,7 +15,42 @@
"value": "En ARTPWriter de ARTPWriter.cpp, existe un posible use after free debido a datos no inicializados. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/av/+/acb81624b4f50fed52cb1b3829809ee2f7377093",
Expand Down
39 changes: 37 additions & 2 deletions CVE-2023/CVE-2023-440xx/CVE-2023-44039.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"id": "CVE-2023-44039",
"sourceIdentifier": "[email protected]",
"published": "2024-04-03T16:15:07.093",
"lastModified": "2024-04-03T17:24:18.150",
"lastModified": "2024-08-21T21:35:02.723",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
Expand All @@ -15,7 +15,42 @@
"value": "En VeridiumID anterior a 3.5.0, la API WebAuthn permite que un atacante interno no autenticado (que puede pasar verificaciones de inscripci\u00f3n y puede registrar una clave FIDO) registre su autenticador FIDO en la cuenta de una v\u00edctima y, en consecuencia, se haga cargo de la cuenta."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement",
Expand Down
39 changes: 37 additions & 2 deletions CVE-2023/CVE-2023-528xx/CVE-2023-52892.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"id": "CVE-2023-52892",
"sourceIdentifier": "[email protected]",
"published": "2024-06-27T22:15:10.277",
"lastModified": "2024-06-28T10:27:00.920",
"lastModified": "2024-08-21T20:35:00.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
Expand All @@ -15,7 +15,42 @@
"value": "En phpseclib anterior a 1.0.22, 2.x anterior a 2.0.46 y 3.x anterior a 3.0.33, se permite incorrectamente que algunos caracteres en los campos Nombre alternativo del sujeto en los certificados TLS tengan un significado especial en expresiones regulares (como + comod\u00edn), lo que genera confusi\u00f3n de nombres en la verificaci\u00f3n del host de certificados X.509."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-436"
}
]
}
],
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627",
Expand Down
39 changes: 37 additions & 2 deletions CVE-2024/CVE-2024-00xx/CVE-2024-0023.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"id": "CVE-2024-0023",
"sourceIdentifier": "[email protected]",
"published": "2024-02-16T20:15:47.767",
"lastModified": "2024-02-16T21:39:50.223",
"lastModified": "2024-08-21T20:35:01.700",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
Expand All @@ -15,7 +15,42 @@
"value": "En ConvertRGBToPlanarYUV de Codec2BufferUtils.cpp, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/av/+/30b1b34cfd5abfcfee759e7d13167d368ac6c268",
Expand Down
39 changes: 37 additions & 2 deletions CVE-2024/CVE-2024-00xx/CVE-2024-0036.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"id": "CVE-2024-0036",
"sourceIdentifier": "[email protected]",
"published": "2024-02-16T02:15:51.047",
"lastModified": "2024-02-16T13:37:51.433",
"lastModified": "2024-08-21T21:35:03.820",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
Expand All @@ -15,7 +15,42 @@
"value": "En startNextMatchingActivity de ActivityTaskManagerService.java, existe una forma posible de evitar las restricciones para iniciar actividades desde segundo plano debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/3eaaa9687e90c65f51762deb343f18bef95d4e8e",
Expand Down
56 changes: 56 additions & 0 deletions CVE-2024/CVE-2024-204xx/CVE-2024-20417.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"id": "CVE-2024-20417",
"sourceIdentifier": "[email protected]",
"published": "2024-08-21T20:15:08.533",
"lastModified": "2024-08-21T20:15:08.533",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks.\r\n\r\nThese vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the attacker to view or modify data on the affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rest-5bPKrNtZ",
"source": "[email protected]"
}
]
}
Loading

0 comments on commit 534fdfb

Please sign in to comment.