From 882887b2edbe0caacd3aef60795dda30acd03692 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 10 Dec 2024 15:06:06 +0000 Subject: [PATCH] Auto-Update: 2024-12-10T15:02:43.461611+00:00 --- CVE-2020/CVE-2020-283xx/CVE-2020-28398.json | 100 ++++++++ CVE-2020/CVE-2020-284xx/CVE-2020-28400.json | 48 +++- CVE-2023/CVE-2023-307xx/CVE-2023-30757.json | 8 +- CVE-2023/CVE-2023-403xx/CVE-2023-40396.json | 118 +++++++++- CVE-2023/CVE-2023-462xx/CVE-2023-46280.json | 4 +- CVE-2023/CVE-2023-490xx/CVE-2023-49069.json | 4 +- CVE-2024/CVE-2024-118xx/CVE-2024-11868.json | 60 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21128.json | 45 +++- CVE-2024/CVE-2024-278xx/CVE-2024-27826.json | 237 ++++++++++++++++--- CVE-2024/CVE-2024-278xx/CVE-2024-27862.json | 73 +++++- CVE-2024/CVE-2024-278xx/CVE-2024-27867.json | 208 ++++++++++++++++- CVE-2024/CVE-2024-278xx/CVE-2024-27886.json | 73 +++++- CVE-2024/CVE-2024-278xx/CVE-2024-27888.json | 73 +++++- CVE-2024/CVE-2024-407xx/CVE-2024-40777.json | 185 +++++++++++++-- CVE-2024/CVE-2024-407xx/CVE-2024-40781.json | 127 ++++++++-- CVE-2024/CVE-2024-407xx/CVE-2024-40782.json | 243 ++++++++++++++++--- CVE-2024/CVE-2024-407xx/CVE-2024-40783.json | 127 ++++++++-- CVE-2024/CVE-2024-407xx/CVE-2024-40784.json | 246 +++++++++++++++++--- CVE-2024/CVE-2024-408xx/CVE-2024-40800.json | 137 +++++++++-- CVE-2024/CVE-2024-408xx/CVE-2024-40802.json | 127 ++++++++-- CVE-2024/CVE-2024-408xx/CVE-2024-40805.json | 157 +++++++++++-- CVE-2024/CVE-2024-408xx/CVE-2024-40811.json | 73 +++++- CVE-2024/CVE-2024-408xx/CVE-2024-40814.json | 73 +++++- CVE-2024/CVE-2024-408xx/CVE-2024-40821.json | 127 ++++++++-- CVE-2024/CVE-2024-419xx/CVE-2024-41981.json | 8 +- CVE-2024/CVE-2024-454xx/CVE-2024-45463.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45464.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45465.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45466.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45467.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45468.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45469.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45470.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45471.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45472.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45473.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45474.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45475.json | 10 +- CVE-2024/CVE-2024-454xx/CVE-2024-45476.json | 12 +- CVE-2024/CVE-2024-470xx/CVE-2024-47046.json | 8 +- CVE-2024/CVE-2024-471xx/CVE-2024-47117.json | 56 +++++ CVE-2024/CVE-2024-497xx/CVE-2024-49704.json | 100 ++++++++ CVE-2024/CVE-2024-498xx/CVE-2024-49849.json | 100 ++++++++ CVE-2024/CVE-2024-520xx/CVE-2024-52051.json | 100 ++++++++ CVE-2024/CVE-2024-525xx/CVE-2024-52565.json | 10 +- CVE-2024/CVE-2024-525xx/CVE-2024-52566.json | 10 +- CVE-2024/CVE-2024-525xx/CVE-2024-52567.json | 10 +- CVE-2024/CVE-2024-525xx/CVE-2024-52568.json | 10 +- CVE-2024/CVE-2024-525xx/CVE-2024-52569.json | 10 +- CVE-2024/CVE-2024-525xx/CVE-2024-52570.json | 10 +- CVE-2024/CVE-2024-525xx/CVE-2024-52571.json | 10 +- CVE-2024/CVE-2024-525xx/CVE-2024-52572.json | 10 +- CVE-2024/CVE-2024-525xx/CVE-2024-52573.json | 10 +- CVE-2024/CVE-2024-525xx/CVE-2024-52574.json | 10 +- CVE-2024/CVE-2024-530xx/CVE-2024-53041.json | 104 +++++++++ CVE-2024/CVE-2024-532xx/CVE-2024-53242.json | 104 +++++++++ CVE-2024/CVE-2024-538xx/CVE-2024-53832.json | 100 ++++++++ CVE-2024/CVE-2024-540xx/CVE-2024-54005.json | 100 ++++++++ CVE-2024/CVE-2024-540xx/CVE-2024-54091.json | 100 ++++++++ CVE-2024/CVE-2024-540xx/CVE-2024-54093.json | 100 ++++++++ CVE-2024/CVE-2024-540xx/CVE-2024-54094.json | 100 ++++++++ CVE-2024/CVE-2024-540xx/CVE-2024-54095.json | 100 ++++++++ CVE-2024/CVE-2024-555xx/CVE-2024-55586.json | 29 +++ CVE-2024/CVE-2024-56xx/CVE-2024-5660.json | 33 +++ README.md | 61 +++-- _state.csv | 124 +++++----- 66 files changed, 3936 insertions(+), 406 deletions(-) create mode 100644 CVE-2020/CVE-2020-283xx/CVE-2020-28398.json create mode 100644 CVE-2024/CVE-2024-118xx/CVE-2024-11868.json create mode 100644 CVE-2024/CVE-2024-471xx/CVE-2024-47117.json create mode 100644 CVE-2024/CVE-2024-497xx/CVE-2024-49704.json create mode 100644 CVE-2024/CVE-2024-498xx/CVE-2024-49849.json create mode 100644 CVE-2024/CVE-2024-520xx/CVE-2024-52051.json create mode 100644 CVE-2024/CVE-2024-530xx/CVE-2024-53041.json create mode 100644 CVE-2024/CVE-2024-532xx/CVE-2024-53242.json create mode 100644 CVE-2024/CVE-2024-538xx/CVE-2024-53832.json create mode 100644 CVE-2024/CVE-2024-540xx/CVE-2024-54005.json create mode 100644 CVE-2024/CVE-2024-540xx/CVE-2024-54091.json create mode 100644 CVE-2024/CVE-2024-540xx/CVE-2024-54093.json create mode 100644 CVE-2024/CVE-2024-540xx/CVE-2024-54094.json create mode 100644 CVE-2024/CVE-2024-540xx/CVE-2024-54095.json create mode 100644 CVE-2024/CVE-2024-555xx/CVE-2024-55586.json create mode 100644 CVE-2024/CVE-2024-56xx/CVE-2024-5660.json diff --git a/CVE-2020/CVE-2020-283xx/CVE-2020-28398.json b/CVE-2020/CVE-2020-283xx/CVE-2020-28398.json new file mode 100644 index 00000000000..b364b88a129 --- /dev/null +++ b/CVE-2020/CVE-2020-283xx/CVE-2020-28398.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2020-28398", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-10T14:15:18.320", + "lastModified": "2024-12-10T14:15:18.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to \r\ncross-site request forgery (CSRF).\r\n\r\nThis could allow an attacker to read or modify the device configuration\r\nby tricking an authenticated legitimate user into accessing a malicious link." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-384652.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-284xx/CVE-2020-28400.json b/CVE-2020/CVE-2020-284xx/CVE-2020-28400.json index ab3c2dda21e..cee44b81ce8 100644 --- a/CVE-2020/CVE-2020-284xx/CVE-2020-28400.json +++ b/CVE-2020/CVE-2020-284xx/CVE-2020-28400.json @@ -2,13 +2,13 @@ "id": "CVE-2020-28400", "sourceIdentifier": "productcert@siemens.com", "published": "2021-07-13T11:15:08.960", - "lastModified": "2024-11-21T05:22:43.413", + "lastModified": "2024-12-10T14:15:19.373", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device." + "value": "Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device." }, { "lang": "es", @@ -16,6 +16,50 @@ } ], "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], "cvssMetricV31": [ { "source": "productcert@siemens.com", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30757.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30757.json index fd3f745b31e..c6c67523b75 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30757.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30757.json @@ -2,13 +2,13 @@ "id": "CVE-2023-30757", "sourceIdentifier": "productcert@siemens.com", "published": "2023-06-13T09:15:17.323", - "lastModified": "2024-11-21T08:00:50.620", + "lastModified": "2024-12-10T14:30:34.017", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.\r\n\r\nThis could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password." + "value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.\r\n\r\nThis could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password." } ], "metrics": { @@ -120,6 +120,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-042050.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf", "source": "productcert@siemens.com", diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40396.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40396.json index 7b8b2d05b51..1559a79eb64 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40396.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40396.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40396", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T21:15:11.453", - "lastModified": "2024-11-21T08:19:21.937", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:46:06.510", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -39,38 +59,116 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.0", + "matchCriteriaId": "B511B802-B0A2-412D-ADA4-8B783BDF1880" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.0", + "matchCriteriaId": "E22CC7F9-F302-40B1-9B02-00FBC9805199" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.0", + "matchCriteriaId": "93620AD0-115A-4F86-B533-76A190AF41A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0", + "matchCriteriaId": "5A079CEF-8220-487C-B114-30BCC45647D6" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213936", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213937", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213938", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213940", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213936", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213937", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213938", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213940", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json index bb6d922b400..3877780e912 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46280", "sourceIdentifier": "productcert@siemens.com", "published": "2024-05-14T16:15:40.800", - "lastModified": "2024-11-21T08:28:13.140", + "lastModified": "2024-12-10T14:30:35.147", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel." + "value": "A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49069.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49069.json index 685b92f3e36..7ec55dac155 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49069.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49069.json @@ -2,13 +2,13 @@ "id": "CVE-2023-49069", "sourceIdentifier": "productcert@siemens.com", "published": "2024-09-10T10:15:08.947", - "lastModified": "2024-11-12T13:15:06.193", + "lastModified": "2024-12-10T14:30:36.767", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.16 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.32 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames." + "value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.16 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.32 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11868.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11868.json new file mode 100644 index 00000000000..51a9effbb59 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11868.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11868", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-10T13:15:15.973", + "lastModified": "2024-12-10T13:15:15.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3200780/learnpress", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7bd43980-9193-4a63-adba-720dd1b11699?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21128.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21128.json index ba324943242..d0d5cadaba6 100644 --- a/CVE-2024/CVE-2024-211xx/CVE-2024-21128.json +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21128.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21128", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-07-16T23:15:12.553", - "lastModified": "2024-11-21T08:53:50.230", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:43:26.337", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,51 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:application_object_library:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2.6", + "versionEndIncluding": "12.2.13", + "matchCriteriaId": "56C8DE0E-7CDB-4D45-AA5F-0B06FA8EA9F8" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.oracle.com/security-alerts/cpujul2024.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27826.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27826.json index 52f8700d2b7..311afb4bf2d 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27826.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27826.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27826", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:10.240", - "lastModified": "2024-11-21T09:05:10.963", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:43:46.787", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,118 +81,265 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.5", + "matchCriteriaId": "E7F2E11C-4A7D-4E71-BFAA-396B0549F649" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.5", + "matchCriteriaId": "E9C4B45E-AF58-4D7C-B73A-618B06AED56E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.6", + "matchCriteriaId": "EA924D87-8FAE-4E34-83F7-A5E25C7450E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.8", + "matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.5", + "matchCriteriaId": "6AB18623-7D06-4946-99FC-808A4A913ED9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.5", + "matchCriteriaId": "003383BF-F06C-4300-908D-D1C8498C6BCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3", + "matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.5", + "matchCriteriaId": "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/20", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/23", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214101", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214102", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214104", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214106", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214118", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214123", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214101", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214102", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214104", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214106", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/20", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/23", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214101", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214102", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214104", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214106", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214118", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214123", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214101", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214102", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214104", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214106", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27862.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27862.json index a48da3d6702..4d4519d2771 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27862.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27862.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27862", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:10.363", - "lastModified": "2024-11-21T09:05:17.990", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T15:00:16.310", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,22 +81,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.6", + "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27867.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27867.json index 683e86712c3..23ec3620c33 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27867.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27867.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27867", "sourceIdentifier": "product-security@apple.com", "published": "2024-06-26T04:15:11.637", - "lastModified": "2024-11-21T09:05:18.380", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:42:58.173", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -39,30 +59,202 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:airpods_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6a326", + "matchCriteriaId": "2A87F132-2A98-4D2C-9BCA-DB587B3B2C96" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:apple:airpods:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5F13161-719D-469B-A017-9396B15971E0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:powerbeats_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6f8", + "matchCriteriaId": "EED4674B-0B3F-4E16-90DE-2BC029AF60B4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:apple:powerbeats:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CE6ED8C-5BE1-456B-A386-BFF568FBF037" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:airpods_pro_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6f8", + "matchCriteriaId": "16AC6E75-FC54-45E2-AC05-FB88AEBF2347" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:apple:airpods_pro:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02C88A81-3A63-4699-8E3B-71489CF1A4DC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:beats_fit_pro_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6f8", + "matchCriteriaId": "69E2AADE-64CC-49A4-96D5-4D0FE9ECEE99" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:apple:beats_fit_pro:-:*:*:*:*:*:*:*", + "matchCriteriaId": "78910A1E-38F8-4F1F-B4DA-833AA955BDCA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:airpods_max_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6f8", + "matchCriteriaId": "4914AF84-2A0E-49CA-AE74-95D4AEAD10C1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:apple:airpods_max:-:*:*:*:*:*:*:*", + "matchCriteriaId": "321BA2ED-E56E-4B86-B81E-2259D733575B" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/2", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214111", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214111", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214111", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214111", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27886.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27886.json index 5fc2c44f815..75b2480db28 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27886.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27886.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27886", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:11.067", - "lastModified": "2024-11-21T09:05:21.163", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:54:49.967", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,22 +81,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214084", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27888.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27888.json index c108eac792c..86d35a049c4 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27888.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27888.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27888", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:11.183", - "lastModified": "2024-11-21T09:05:21.577", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:51:04.667", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,22 +81,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.4", + "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214084", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214084", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT214084", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40777.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40777.json index 2cd90c2fce5..6bf72d71951 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40777.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40777.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40777", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:11.457", - "lastModified": "2024-11-21T09:31:35.983", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:46:05.797", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -39,86 +59,207 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.6", + "matchCriteriaId": "A8A1B228-89B1-470E-9B6E-8553E561E062" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.6", + "matchCriteriaId": "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.6", + "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.6", + "matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3", + "matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.6", + "matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/16", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/22", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/23", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214117", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214122", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214123", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214124", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/16", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/21", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/22", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/23", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214117", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214122", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214123", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214124", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40781.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40781.json index c6d733862cc..b1ceb8d292a 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40781.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40781.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40781", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:11.727", - "lastModified": "2024-11-21T09:31:36.727", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:44:30.447", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,54 +81,123 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.6", + "matchCriteriaId": "EA924D87-8FAE-4E34-83F7-A5E25C7450E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.8", + "matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.6", + "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/20", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214118", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/20", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214118", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40782.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40782.json index 2440ea5ddbe..6123398c5ec 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40782.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40782.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40782", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:11.790", - "lastModified": "2024-11-21T09:31:36.917", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:40:38.913", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,118 +81,271 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.6", + "matchCriteriaId": "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.9", + "matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.6", + "matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.9", + "matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.6", + "matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.6", + "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.6", + "matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3", + "matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.6", + "matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/15", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/16", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/17", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/22", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/23", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214116", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214117", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214121", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214122", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214123", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214124", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/15", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/16", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/17", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/21", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/22", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/23", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214116", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214117", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214121", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214122", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214123", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214124", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40783.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40783.json index 1ecc7cc6cf5..98f060e559a 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40783.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40783.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40783", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:11.853", - "lastModified": "2024-11-21T09:31:37.117", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:36:32.047", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,54 +81,123 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.6", + "matchCriteriaId": "EA924D87-8FAE-4E34-83F7-A5E25C7450E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.8", + "matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.6", + "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/20", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214118", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/20", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214118", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40784.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40784.json index e9631eb0ea3..81b95de3cae 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40784.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40784.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40784", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:11.923", - "lastModified": "2024-11-21T09:31:37.307", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:35:11.197", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -39,118 +59,284 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.9", + "matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.6", + "matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.9", + "matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.6", + "matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.8", + "matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.6", + "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.6", + "matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3", + "matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.6", + "matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/16", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/17", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/22", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/23", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214116", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214117", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214122", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214123", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214124", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/16", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/17", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/21", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/22", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/23", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214116", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214117", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214122", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214123", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214124", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40800.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40800.json index b8543021853..9ad1d6e02b2 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40800.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40800.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40800", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:12.743", - "lastModified": "2024-11-21T09:31:39.523", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:26:15.710", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,62 +81,137 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.6", + "matchCriteriaId": "EA924D87-8FAE-4E34-83F7-A5E25C7450E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.8", + "matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.6", + "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/20", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214118", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2010", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/20", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214118", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2010", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40802.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40802.json index 37b47348acb..eae85836646 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40802.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40802.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40802", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:12.810", - "lastModified": "2024-11-21T09:31:39.770", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:57:57.143", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,54 +81,123 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.6", + "matchCriteriaId": "EA924D87-8FAE-4E34-83F7-A5E25C7450E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.8", + "matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.6", + "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/20", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214118", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/20", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214118", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40805.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40805.json index 91477b173df..2bbccfa23b4 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40805.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40805.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40805", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:13.017", - "lastModified": "2024-11-21T09:31:40.193", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:57:17.887", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,70 +81,161 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.6", + "matchCriteriaId": "A8A1B228-89B1-470E-9B6E-8553E561E062" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.6", + "matchCriteriaId": "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.6", + "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.6", + "matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.6", + "matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/16", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/21", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/22", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214117", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214122", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214124", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/16", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/21", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/22", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214117", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214122", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214124", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40811.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40811.json index fc3cd1166e0..947b45f9f57 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40811.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40811.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40811", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:13.273", - "lastModified": "2024-11-21T09:31:40.960", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:53:16.287", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,22 +81,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.6", + "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40814.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40814.json index a3c1e6a1490..6027117f3b2 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40814.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40814.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40814", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:13.460", - "lastModified": "2024-11-21T09:31:41.507", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:49:34.477", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,22 +81,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.6", + "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40821.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40821.json index a682b2a8f1d..bd7b8f87af2 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40821.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40821.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40821", "sourceIdentifier": "product-security@apple.com", "published": "2024-07-29T23:15:13.770", - "lastModified": "2024-11-21T09:31:42.290", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-10T14:47:42.573", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,54 +81,123 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.6", + "matchCriteriaId": "EA924D87-8FAE-4E34-83F7-A5E25C7450E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.8", + "matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.6", + "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/20", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214118", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/19", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/20", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://support.apple.com/en-us/HT214118", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214119", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214120", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41981.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41981.json index 88d11101eab..aff384f7d08 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41981.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41981.json @@ -2,13 +2,13 @@ "id": "CVE-2024-41981", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:11.813", - "lastModified": "2024-10-10T12:56:30.817", + "lastModified": "2024-12-10T14:30:39.670", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -99,6 +99,10 @@ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-852501.html", "source": "productcert@siemens.com" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-881356.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45463.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45463.json index 9a585ae3b4f..a2e9c8758b1 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45463.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45463.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45463", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:12.080", - "lastModified": "2024-10-15T17:35:51.263", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:40.500", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -147,6 +147,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45464.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45464.json index 2d5ad2406d3..9791f868a91 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45464.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45464.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45464", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:12.370", - "lastModified": "2024-10-15T17:35:33.887", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:41.117", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -147,6 +147,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45465.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45465.json index be02e8e2dae..dd9cf0b3f9b 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45465.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45465.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45465", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:12.640", - "lastModified": "2024-10-15T17:35:22.230", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:41.517", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -147,6 +147,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45466.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45466.json index 961eb3c673b..0b1f6338687 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45466.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45466.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45466", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:12.903", - "lastModified": "2024-10-15T17:35:06.890", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:41.893", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -147,6 +147,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45467.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45467.json index b8281698695..bd7275e83f0 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45467.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45467.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45467", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:13.180", - "lastModified": "2024-10-15T17:34:51.353", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:42.243", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -157,6 +157,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45468.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45468.json index f6fcd30699b..72a3e8335f7 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45468.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45468.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45468", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:13.443", - "lastModified": "2024-10-15T17:34:32.503", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:42.633", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -157,6 +157,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45469.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45469.json index 1966505035a..f92e3670b18 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45469.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45469.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45469", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:13.757", - "lastModified": "2024-10-15T17:34:18.037", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:42.847", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -147,6 +147,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45470.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45470.json index 6237d473b2f..da4e7d88c4f 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45470.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45470.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45470", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:13.973", - "lastModified": "2024-10-15T17:18:52.227", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:42.990", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -147,6 +147,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45471.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45471.json index 559edd396af..6ede9c558ec 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45471.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45471.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45471", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:14.293", - "lastModified": "2024-10-15T17:18:37.377", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:43.137", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -147,6 +147,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45472.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45472.json index b4e42d23be9..ddfad7cf0cd 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45472.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45472.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45472", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:14.557", - "lastModified": "2024-10-15T17:15:34.937", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:43.263", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." }, { "lang": "es", @@ -157,6 +157,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45473.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45473.json index fc8788be87e..ce9be19acfe 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45473.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45473.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45473", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:14.860", - "lastModified": "2024-10-15T17:31:56.830", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:43.400", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." }, { "lang": "es", @@ -157,6 +157,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45474.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45474.json index cd2d3c8bd8b..a8962d5cce3 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45474.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45474.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45474", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:15.090", - "lastModified": "2024-10-15T17:31:54.730", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:43.543", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." }, { "lang": "es", @@ -157,6 +157,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45475.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45475.json index 1b1e6acf3dd..83165b465dd 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45475.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45475.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45475", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:15.457", - "lastModified": "2024-10-15T17:31:52.313", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:43.673", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." }, { "lang": "es", @@ -157,6 +157,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45476.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45476.json index 0dc5aa79766..acc87313c95 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45476.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45476.json @@ -2,13 +2,13 @@ "id": "CVE-2024-45476", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:15.830", - "lastModified": "2024-10-15T17:31:50.310", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:43.853", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." }, { "lang": "es", @@ -106,7 +106,7 @@ "weaknesses": [ { "source": "productcert@siemens.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -147,6 +147,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47046.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47046.json index 28785d47c67..ef702a84aa4 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47046.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47046.json @@ -2,13 +2,13 @@ "id": "CVE-2024-47046", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:16.757", - "lastModified": "2024-10-10T12:56:30.817", + "lastModified": "2024-12-10T14:30:44.280", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -99,6 +99,10 @@ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-852501.html", "source": "productcert@siemens.com" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-881356.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47117.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47117.json new file mode 100644 index 00000000000..d3702a5b215 --- /dev/null +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47117.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-47117", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-12-10T14:30:44.400", + "lastModified": "2024-12-10T14:30:44.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7178269", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49704.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49704.json new file mode 100644 index 00000000000..66fafa55ef3 --- /dev/null +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49704.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-49704", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-10T14:30:44.573", + "lastModified": "2024-12-10T14:30:44.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected components." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-701627.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49849.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49849.json new file mode 100644 index 00000000000..b668effd710 --- /dev/null +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49849.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-49849", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-10T14:30:44.780", + "lastModified": "2024-12-10T14:30:44.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). Affected products do not properly sanitize user-controllable input when parsing log files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-800126.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52051.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52051.json new file mode 100644 index 00000000000..01988f44b0e --- /dev/null +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52051.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-52051", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-10T14:30:44.957", + "lastModified": "2024-12-10T14:30:44.957", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52565.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52565.json index 73def676a5c..1b9b3cdb0c0 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52565.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52565.json @@ -2,13 +2,13 @@ "id": "CVE-2024-52565", "sourceIdentifier": "productcert@siemens.com", "published": "2024-11-18T16:15:27.020", - "lastModified": "2024-11-20T14:33:29.197", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:45.133", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231)" }, { "lang": "es", @@ -121,6 +121,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "source": "productcert@siemens.com", diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52566.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52566.json index f6d192a0759..cee89c76c56 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52566.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52566.json @@ -2,13 +2,13 @@ "id": "CVE-2024-52566", "sourceIdentifier": "productcert@siemens.com", "published": "2024-11-18T16:15:27.287", - "lastModified": "2024-11-20T14:33:20.813", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:45.280", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)" }, { "lang": "es", @@ -121,6 +121,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "source": "productcert@siemens.com", diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52567.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52567.json index edd7f49695c..228276282d9 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52567.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52567.json @@ -2,13 +2,13 @@ "id": "CVE-2024-52567", "sourceIdentifier": "productcert@siemens.com", "published": "2024-11-18T16:15:27.537", - "lastModified": "2024-11-20T14:33:09.433", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:45.413", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)" }, { "lang": "es", @@ -121,6 +121,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "source": "productcert@siemens.com", diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52568.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52568.json index 4e5e57123d4..76f42993047 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52568.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52568.json @@ -2,13 +2,13 @@ "id": "CVE-2024-52568", "sourceIdentifier": "productcert@siemens.com", "published": "2024-11-18T16:15:27.773", - "lastModified": "2024-11-20T14:32:58.637", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:45.557", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.\r\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.\r\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)" }, { "lang": "es", @@ -121,6 +121,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "source": "productcert@siemens.com", diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52569.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52569.json index 43068b6540a..7854534a405 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52569.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52569.json @@ -2,13 +2,13 @@ "id": "CVE-2024-52569", "sourceIdentifier": "productcert@siemens.com", "published": "2024-11-18T16:15:28.063", - "lastModified": "2024-11-20T14:32:48.897", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:45.690", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)" }, { "lang": "es", @@ -121,6 +121,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "source": "productcert@siemens.com", diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52570.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52570.json index d1c9b9eaefb..8fb8ea6e9d0 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52570.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52570.json @@ -2,13 +2,13 @@ "id": "CVE-2024-52570", "sourceIdentifier": "productcert@siemens.com", "published": "2024-11-18T16:15:28.300", - "lastModified": "2024-11-20T14:32:38.000", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:45.837", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)" }, { "lang": "es", @@ -121,6 +121,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "source": "productcert@siemens.com", diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52571.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52571.json index 3e7f6bc7516..9aa0917d6af 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52571.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52571.json @@ -2,13 +2,13 @@ "id": "CVE-2024-52571", "sourceIdentifier": "productcert@siemens.com", "published": "2024-11-18T16:15:28.533", - "lastModified": "2024-11-20T14:32:29.867", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:45.963", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485)" }, { "lang": "es", @@ -121,6 +121,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "source": "productcert@siemens.com", diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52572.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52572.json index faadf006576..2733c56cdbe 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52572.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52572.json @@ -2,13 +2,13 @@ "id": "CVE-2024-52572", "sourceIdentifier": "productcert@siemens.com", "published": "2024-11-18T16:15:28.767", - "lastModified": "2024-11-20T14:32:21.533", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:46.097", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)" }, { "lang": "es", @@ -151,6 +151,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "source": "productcert@siemens.com", diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52573.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52573.json index 03b42e186c5..7b1d962e38a 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52573.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52573.json @@ -2,13 +2,13 @@ "id": "CVE-2024-52573", "sourceIdentifier": "productcert@siemens.com", "published": "2024-11-18T16:15:29.110", - "lastModified": "2024-11-20T14:32:11.853", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:46.227", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)" }, { "lang": "es", @@ -121,6 +121,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "source": "productcert@siemens.com", diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52574.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52574.json index 8708d11c9ae..5c24769ea67 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52574.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52574.json @@ -2,13 +2,13 @@ "id": "CVE-2024-52574", "sourceIdentifier": "productcert@siemens.com", "published": "2024-11-18T16:15:29.400", - "lastModified": "2024-11-20T14:31:47.103", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-10T14:30:46.367", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)" }, { "lang": "es", @@ -121,6 +121,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "source": "productcert@siemens.com", diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53041.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53041.json new file mode 100644 index 00000000000..119bd879d7d --- /dev/null +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53041.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-53041", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-10T14:30:46.507", + "lastModified": "2024-12-10T14:30:46.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000)" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", + "source": "productcert@siemens.com" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53242.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53242.json new file mode 100644 index 00000000000..6d2b3385bbc --- /dev/null +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53242.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-53242", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-10T14:30:46.700", + "lastModified": "2024-12-10T14:30:46.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25206)" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", + "source": "productcert@siemens.com" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53832.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53832.json new file mode 100644 index 00000000000..16106ec6b03 --- /dev/null +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53832.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-53832", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-10T14:30:46.853", + "lastModified": "2024-12-10T14:30:46.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-128393.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-540xx/CVE-2024-54005.json b/CVE-2024/CVE-2024-540xx/CVE-2024-54005.json new file mode 100644 index 00000000000..ed3080df612 --- /dev/null +++ b/CVE-2024/CVE-2024-540xx/CVE-2024-54005.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-54005", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-10T14:30:47.037", + "lastModified": "2024-12-10T14:30:47.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly handles XML External Entity (XXE) entries when communicating with an external application. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by injecting malicious data into the communication channel between the two systems." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-701627.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-540xx/CVE-2024-54091.json b/CVE-2024/CVE-2024-540xx/CVE-2024-54091.json new file mode 100644 index 00000000000..6c1aba3c271 --- /dev/null +++ b/CVE-2024/CVE-2024-540xx/CVE-2024-54091.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-54091", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-10T14:30:47.193", + "lastModified": "2024-12-10T14:30:47.193", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173), Parasolid V37.1 (All versions < V37.1.109). The affected applications contain an out of bounds write vulnerability when parsing specially crafted PAR files.\r\nThis could allow an attacker to execute code in the context of the current process." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-979056.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-540xx/CVE-2024-54093.json b/CVE-2024/CVE-2024-540xx/CVE-2024-54093.json new file mode 100644 index 00000000000..7dee1920cc0 --- /dev/null +++ b/CVE-2024/CVE-2024-540xx/CVE-2024-54093.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-54093", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-10T14:30:47.350", + "lastModified": "2024-12-10T14:30:47.350", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-540xx/CVE-2024-54094.json b/CVE-2024/CVE-2024-540xx/CVE-2024-54094.json new file mode 100644 index 00000000000..8efd7979bd3 --- /dev/null +++ b/CVE-2024/CVE-2024-540xx/CVE-2024-54094.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-54094", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-10T14:30:47.507", + "lastModified": "2024-12-10T14:30:47.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-540xx/CVE-2024-54095.json b/CVE-2024/CVE-2024-540xx/CVE-2024-54095.json new file mode 100644 index 00000000000..70e9124c5aa --- /dev/null +++ b/CVE-2024/CVE-2024-540xx/CVE-2024-54095.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-54095", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-10T14:30:47.660", + "lastModified": "2024-12-10T14:30:47.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55586.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55586.json new file mode 100644 index 00000000000..2ec0d65e0c1 --- /dev/null +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55586.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-55586", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-10T14:30:47.813", + "lastModified": "2024-12-10T14:30:47.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/CSIRTTrizna/CVE-2024-55586", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/nette/database/releases", + "source": "cve@mitre.org" + }, + { + "url": "https://www.csirt.sk/nette-framework-vulnerability-permits-sql-injection.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-56xx/CVE-2024-5660.json b/CVE-2024/CVE-2024-56xx/CVE-2024-5660.json new file mode 100644 index 00000000000..f93b8b061f0 --- /dev/null +++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5660.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-5660", + "sourceIdentifier": "arm-security@arm.com", + "published": "2024-12-10T14:30:47.963", + "lastModified": "2024-12-10T14:30:47.963", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on A77, A78, A78C, A78AE, A710, V1, V2, V3, V3AE, X1, X1C, X2, X3, X4, N2, X925 & Travis\u00a0may permit bypass of Stage-2 translation and/or GPT protection" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "arm-security@arm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660", + "source": "arm-security@arm.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 859748aed4b..efa1b395ff5 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-10T13:00:47.647129+00:00 +2024-12-10T15:02:43.461611+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-10T11:15:07.690000+00:00 +2024-12-10T15:00:16.310000+00:00 ``` ### Last Data Feed Release @@ -33,25 +33,60 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -272923 +272939 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` - -- [CVE-2024-10959](CVE-2024/CVE-2024-109xx/CVE-2024-10959.json) (`2024-12-10T11:15:05.913`) -- [CVE-2024-11106](CVE-2024/CVE-2024-111xx/CVE-2024-11106.json) (`2024-12-10T11:15:07.030`) -- [CVE-2024-11928](CVE-2024/CVE-2024-119xx/CVE-2024-11928.json) (`2024-12-10T11:15:07.220`) -- [CVE-2024-47484](CVE-2024/CVE-2024-474xx/CVE-2024-47484.json) (`2024-12-10T11:15:07.400`) -- [CVE-2024-47977](CVE-2024/CVE-2024-479xx/CVE-2024-47977.json) (`2024-12-10T11:15:07.550`) -- [CVE-2024-52538](CVE-2024/CVE-2024-525xx/CVE-2024-52538.json) (`2024-12-10T11:15:07.690`) +Recently added CVEs: `16` + +- [CVE-2020-28398](CVE-2020/CVE-2020-283xx/CVE-2020-28398.json) (`2024-12-10T14:15:18.320`) +- [CVE-2024-11868](CVE-2024/CVE-2024-118xx/CVE-2024-11868.json) (`2024-12-10T13:15:15.973`) +- [CVE-2024-47117](CVE-2024/CVE-2024-471xx/CVE-2024-47117.json) (`2024-12-10T14:30:44.400`) +- [CVE-2024-49704](CVE-2024/CVE-2024-497xx/CVE-2024-49704.json) (`2024-12-10T14:30:44.573`) +- [CVE-2024-49849](CVE-2024/CVE-2024-498xx/CVE-2024-49849.json) (`2024-12-10T14:30:44.780`) +- [CVE-2024-52051](CVE-2024/CVE-2024-520xx/CVE-2024-52051.json) (`2024-12-10T14:30:44.957`) +- [CVE-2024-53041](CVE-2024/CVE-2024-530xx/CVE-2024-53041.json) (`2024-12-10T14:30:46.507`) +- [CVE-2024-53242](CVE-2024/CVE-2024-532xx/CVE-2024-53242.json) (`2024-12-10T14:30:46.700`) +- [CVE-2024-53832](CVE-2024/CVE-2024-538xx/CVE-2024-53832.json) (`2024-12-10T14:30:46.853`) +- [CVE-2024-54005](CVE-2024/CVE-2024-540xx/CVE-2024-54005.json) (`2024-12-10T14:30:47.037`) +- [CVE-2024-54091](CVE-2024/CVE-2024-540xx/CVE-2024-54091.json) (`2024-12-10T14:30:47.193`) +- [CVE-2024-54093](CVE-2024/CVE-2024-540xx/CVE-2024-54093.json) (`2024-12-10T14:30:47.350`) +- [CVE-2024-54094](CVE-2024/CVE-2024-540xx/CVE-2024-54094.json) (`2024-12-10T14:30:47.507`) +- [CVE-2024-54095](CVE-2024/CVE-2024-540xx/CVE-2024-54095.json) (`2024-12-10T14:30:47.660`) +- [CVE-2024-55586](CVE-2024/CVE-2024-555xx/CVE-2024-55586.json) (`2024-12-10T14:30:47.813`) +- [CVE-2024-5660](CVE-2024/CVE-2024-56xx/CVE-2024-5660.json) (`2024-12-10T14:30:47.963`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` - +Recently modified CVEs: `48` + +- [CVE-2024-45463](CVE-2024/CVE-2024-454xx/CVE-2024-45463.json) (`2024-12-10T14:30:40.500`) +- [CVE-2024-45464](CVE-2024/CVE-2024-454xx/CVE-2024-45464.json) (`2024-12-10T14:30:41.117`) +- [CVE-2024-45465](CVE-2024/CVE-2024-454xx/CVE-2024-45465.json) (`2024-12-10T14:30:41.517`) +- [CVE-2024-45466](CVE-2024/CVE-2024-454xx/CVE-2024-45466.json) (`2024-12-10T14:30:41.893`) +- [CVE-2024-45467](CVE-2024/CVE-2024-454xx/CVE-2024-45467.json) (`2024-12-10T14:30:42.243`) +- [CVE-2024-45468](CVE-2024/CVE-2024-454xx/CVE-2024-45468.json) (`2024-12-10T14:30:42.633`) +- [CVE-2024-45469](CVE-2024/CVE-2024-454xx/CVE-2024-45469.json) (`2024-12-10T14:30:42.847`) +- [CVE-2024-45470](CVE-2024/CVE-2024-454xx/CVE-2024-45470.json) (`2024-12-10T14:30:42.990`) +- [CVE-2024-45471](CVE-2024/CVE-2024-454xx/CVE-2024-45471.json) (`2024-12-10T14:30:43.137`) +- [CVE-2024-45472](CVE-2024/CVE-2024-454xx/CVE-2024-45472.json) (`2024-12-10T14:30:43.263`) +- [CVE-2024-45473](CVE-2024/CVE-2024-454xx/CVE-2024-45473.json) (`2024-12-10T14:30:43.400`) +- [CVE-2024-45474](CVE-2024/CVE-2024-454xx/CVE-2024-45474.json) (`2024-12-10T14:30:43.543`) +- [CVE-2024-45475](CVE-2024/CVE-2024-454xx/CVE-2024-45475.json) (`2024-12-10T14:30:43.673`) +- [CVE-2024-45476](CVE-2024/CVE-2024-454xx/CVE-2024-45476.json) (`2024-12-10T14:30:43.853`) +- [CVE-2024-47046](CVE-2024/CVE-2024-470xx/CVE-2024-47046.json) (`2024-12-10T14:30:44.280`) +- [CVE-2024-52565](CVE-2024/CVE-2024-525xx/CVE-2024-52565.json) (`2024-12-10T14:30:45.133`) +- [CVE-2024-52566](CVE-2024/CVE-2024-525xx/CVE-2024-52566.json) (`2024-12-10T14:30:45.280`) +- [CVE-2024-52567](CVE-2024/CVE-2024-525xx/CVE-2024-52567.json) (`2024-12-10T14:30:45.413`) +- [CVE-2024-52568](CVE-2024/CVE-2024-525xx/CVE-2024-52568.json) (`2024-12-10T14:30:45.557`) +- [CVE-2024-52569](CVE-2024/CVE-2024-525xx/CVE-2024-52569.json) (`2024-12-10T14:30:45.690`) +- [CVE-2024-52570](CVE-2024/CVE-2024-525xx/CVE-2024-52570.json) (`2024-12-10T14:30:45.837`) +- [CVE-2024-52571](CVE-2024/CVE-2024-525xx/CVE-2024-52571.json) (`2024-12-10T14:30:45.963`) +- [CVE-2024-52572](CVE-2024/CVE-2024-525xx/CVE-2024-52572.json) (`2024-12-10T14:30:46.097`) +- [CVE-2024-52573](CVE-2024/CVE-2024-525xx/CVE-2024-52573.json) (`2024-12-10T14:30:46.227`) +- [CVE-2024-52574](CVE-2024/CVE-2024-525xx/CVE-2024-52574.json) (`2024-12-10T14:30:46.367`) ## Download and Usage diff --git a/_state.csv b/_state.csv index c77971656a7..6e84d866ba1 100644 --- a/_state.csv +++ b/_state.csv @@ -157020,8 +157020,9 @@ CVE-2020-28394,0,0,a5392ef4bfd1b444d949fd2d46a2b00e900d3b6576570d08fa6d169f7fde1 CVE-2020-28395,0,0,d78e70709b2f9f49d07d1c45d57c4007f2ca6782f3cc890a0d95b852ff79c35a,2024-11-21T05:22:42.987000 CVE-2020-28396,0,0,d465f4b428198b5b89457d982fcee4cc6e7c41ad9e4f7ae5abd54d9db2c39d91,2024-11-21T05:22:43.117000 CVE-2020-28397,0,0,b075fbf093f72d16b08d4a7dc598caaa144ada868e250e1c47b616f82ba08349,2024-11-21T05:22:43.247000 +CVE-2020-28398,1,1,cbd9a625fba8337c757e54df5a0aa370576e7254f00131a7797d1a0b5e5ff478,2024-12-10T14:15:18.320000 CVE-2020-2840,0,0,e44d7e29182007864686e5a5a81b6524b99a34280f1364e95eb6b5f7ceb4d8c8,2024-11-21T05:26:25.210000 -CVE-2020-28400,0,0,2519c1086d68c65556ea47b1fff9887cf04020b1b5d1a14d216b27dfb3ace637,2024-11-21T05:22:43.413000 +CVE-2020-28400,0,1,b26095477782dbcc54f47367a9635ef38410783f06916e98cb256a358abe0f13,2024-12-10T14:15:19.373000 CVE-2020-28401,0,0,1b2504dfa7b563c907a092d9885ec26281e2377c6ab77d160067be8250513372,2024-11-21T05:22:43.843000 CVE-2020-28402,0,0,2e6ca6bb4b292d6bcc4a92467321b457f0da4553e21753626765215dac0055ef,2024-11-21T05:22:44.010000 CVE-2020-28403,0,0,ef2cebf37607c95c1b53a6c5a0745bed7e831c109e77019861ffb143abb122ee,2024-11-21T05:22:44.167000 @@ -223749,7 +223750,7 @@ CVE-2023-30753,0,0,287aa954aa1d02e9974a79a01d6b75193f12567dada34c8bf70f711cf4a07 CVE-2023-30754,0,0,bf437989369da8a16a4c63935b7ceab2adb4e56f7f7f3238dffa9dacc75e52cb,2024-11-21T08:00:50.327000 CVE-2023-30755,0,0,0da84c32e644b9ff47f71b6aa8c8a3157711a8ff8b1f941b968146b0ed950f89,2024-09-10T12:09:50.377000 CVE-2023-30756,0,0,d3b979c5f0f9ea4ec3f2980feed339808bc75a3762f808c9e1822bd9b96ed90f,2024-09-10T12:09:50.377000 -CVE-2023-30757,0,0,9e7219b1228a41ea9cb880f38484efdfacf76a968326b5c0eb6268074666e371,2024-11-21T08:00:50.620000 +CVE-2023-30757,0,1,7a3139987a120b8bfbcf14769e62683750650826dc18d636318bfee1f5035a8c,2024-12-10T14:30:34.017000 CVE-2023-30758,0,0,69789da5f8f59db8a057dbcc738c84dadc223d98fbb066bd2249c87113264f6b,2024-11-21T08:00:50.750000 CVE-2023-30759,0,0,b613e052d7927c2b0a8fc61d0dbca17743c1f2bbebb807e29e8240e8fc65e385,2024-11-21T08:00:50.870000 CVE-2023-3076,0,0,d008cda2cdfac6bbdcbeeb6338eac7a719e6e3a4220fd820508d02a6856e7e80,2024-11-21T08:16:23.437000 @@ -231112,7 +231113,7 @@ CVE-2023-40392,0,0,880ee247aadeb018af145e0df44b4edfe7b5b13e8560f4782c834128453ad CVE-2023-40393,0,0,93f2bfd7cf2bad3350557754d5ab0450f55f19a0d214691c250663e386c78db0,2024-11-21T08:19:21.550000 CVE-2023-40394,0,0,b41a708a5e65b971e3b57eb10533045232cabfd1cbd332daf6894e7e27501f44,2024-11-21T08:19:21.670000 CVE-2023-40395,0,0,aeff2f6db145db6dac11e01042c4c90d44e1604b76bcc9f38b1bf83233133982,2024-11-21T08:19:21.787000 -CVE-2023-40396,0,0,ce340387644dcde684d3d4f754cf1b16971390e51d55f800c394e4933097419b,2024-11-21T08:19:21.937000 +CVE-2023-40396,0,1,efc46849d26e6e261d17138b95722884121ac1fdff6308495b60ad47cec580b8,2024-12-10T14:46:06.510000 CVE-2023-40397,0,0,3c87aa0d926da24e7f784bcbfc50f85168b3141c21f32a13f0e0e4a7593a1434,2024-11-21T08:19:22.123000 CVE-2023-40398,0,0,b336923cf7b29c25f06a85d0354d8ff336c2a72437ac50edfa49b08b0b536f18,2024-11-21T08:19:22.260000 CVE-2023-40399,0,0,ed260e3a9a40ec807a59118509c0a714c4dade87088611351a04c295fa406397,2024-11-21T08:19:22.400000 @@ -235249,7 +235250,7 @@ CVE-2023-46277,0,0,e192ca50b4060017d85c73fc1706fd083f6c682d8478108f323ab6790e526 CVE-2023-46278,0,0,46ac4ffdac079997c9016c6dbfffc7ffe6e42561a011802cecf40b1219ef36f9,2024-11-21T08:28:12.860000 CVE-2023-46279,0,0,3e7e36fd0e3ce2dbbcf5fcd2f863e6ff5e488def87e09e4ef2f6410e3e056628,2024-11-21T08:28:12.997000 CVE-2023-4628,0,0,c16a568e52b7f0c21793f5350ec12a7810b0c802c34a54836fb4944dcdc7dd35,2024-11-21T08:35:34.417000 -CVE-2023-46280,0,0,c33921ba97cded84ffb099fb655fe092f491c4eab3f452ea58d3de83658e6053,2024-11-21T08:28:13.140000 +CVE-2023-46280,0,1,bff165be69921e3630d0b45d862a2229e3ea0f0a60e54f9f7e07c513d439c5af,2024-12-10T14:30:35.147000 CVE-2023-46281,0,0,06b7c611b32187d54370d76820e0490543e0a2ebd3d02644d9fb30f17c97bbc1,2024-11-21T08:28:13.317000 CVE-2023-46282,0,0,53cfedd9ad579d9844b0595a7f2a9e1581d48c7c434ad7370ebf56c371690309,2024-11-21T08:28:13.473000 CVE-2023-46283,0,0,81326b84f1af6d35b258acd2ae6858e958c94e1b20e368bfd6c50944f2502106,2024-11-21T08:28:13.617000 @@ -237304,7 +237305,7 @@ CVE-2023-49060,0,0,4c0d752f52234ac5b2c5afa73fa3bd5f4d490c81b175ad6b9dd8f7509e06e CVE-2023-49061,0,0,7af406d30b2caa1b6fd7c257680f774d6fb0a30f02df3c6d99ace0a0c64683ce,2024-11-21T08:32:45.193000 CVE-2023-49062,0,0,3f72bcc43e8d39618a32732cc6fdb32aa26187117eb8dbf2cde612d2322c6a42,2024-11-21T08:32:45.310000 CVE-2023-49068,0,0,f934d451589c0486639c7452250c50f87bff70e169120c3b6e2d48b968d911f7,2024-11-21T08:32:45.430000 -CVE-2023-49069,0,0,0a2b95b4d76283cf56eaef257dc294f9fa829f479163e04b8acc760beca3f6a6,2024-11-12T13:15:06.193000 +CVE-2023-49069,0,1,e77673261bbd774d10e127672f71f84c304f9e77431045eed106775d130e9272,2024-12-10T14:30:36.767000 CVE-2023-4907,0,0,90be30672dd3ea93872990567976373933c812f92a368cb35abe26c70cc23ea6,2024-11-21T08:36:14.203000 CVE-2023-49070,0,0,9c3d4a270f963f36dd20306a853b062b27d681d986a9a2c3bace9e52f7eaf712,2024-11-21T08:32:45.697000 CVE-2023-49073,0,0,a59c7f971c52a4d5004cf2ba397f8b1bff7a40aa00abdd575b19a18ae50de0c5,2024-11-21T08:32:45.843000 @@ -243617,7 +243618,7 @@ CVE-2024-1095,0,0,c3b9382662b402032abf8ceff61647f8e00b16f3ebb8e17edcc93fa481ed10 CVE-2024-10952,0,0,edff8b29d26accda4a8e33f169e18ac16231b4d8b9445539c32344bf5f44c6f1,2024-12-04T03:15:04.593000 CVE-2024-10953,0,0,94ed881c1741c9a6db86af195e84904697442fcf31d986afec17a96f3fc5a311,2024-11-12T13:56:54.483000 CVE-2024-10958,0,0,7c409c4cc8cfbaa81f14834944556f1c1cdcb42e660d253085e85bddecc5debc,2024-11-14T14:57:23.103000 -CVE-2024-10959,1,1,8ebefd2e50b377b7cbc5ee79496660a7a2e41b87835807bbfa3cf939f1624b04,2024-12-10T11:15:05.913000 +CVE-2024-10959,0,0,8ebefd2e50b377b7cbc5ee79496660a7a2e41b87835807bbfa3cf939f1624b04,2024-12-10T11:15:05.913000 CVE-2024-1096,0,0,361a397f658718594f88eb8768eb59d67142285dd6bbccd93ad2ca45f5461047,2024-11-21T08:49:47.217000 CVE-2024-10961,0,0,4a5dff05569e8c840a1fbc59c3367b15e681c98f036051571da83eeda89d3631,2024-12-06T01:15:16.933000 CVE-2024-10962,0,0,01c3565bb569e73f17c44eff56e212818b4d6f0ce2501db43a4a28cdf597d31c,2024-11-15T13:58:08.913000 @@ -243736,7 +243737,7 @@ CVE-2024-11101,0,0,dd5f01c6c10626fada5843d26d25ecc9c303026b11e1f85af9563bdd8086a CVE-2024-11102,0,0,ec70fa86628f0582db7e97e83cef58a9123c92079aa9ea3641e1de155f8fc492,2024-11-18T20:00:09.120000 CVE-2024-11103,0,0,525c56d7b3f8fec3123e98bad3867c199a9a90e84f6b6962f9d506a460e4664c,2024-11-28T10:15:06.197000 CVE-2024-11104,0,0,b75d8ded53ff668230e72c743fffcbea02289181c30609ae66856a5e9653031c,2024-11-22T06:15:19.093000 -CVE-2024-11106,1,1,cb51760d779e6bcda9dbc9fa918b08dd376ad7e4ab8eca700349d476fc379343,2024-12-10T11:15:07.030000 +CVE-2024-11106,0,0,cb51760d779e6bcda9dbc9fa918b08dd376ad7e4ab8eca700349d476fc379343,2024-12-10T11:15:07.030000 CVE-2024-11107,0,0,c5956665d8c7ce6fcd0a182467a15d9156b0276ffd181b7a1b3ebd79cb232eaf,2024-12-10T06:15:20.883000 CVE-2024-1111,0,0,1e2a4c53f023bbf8c3b556fe6d8a896ca169d10bbf6dcef8f8f730e5e086694a,2024-11-21T08:49:49.257000 CVE-2024-11110,0,0,d490bd60a369a1b46dbdb1050197f0676234294cb261b9f35d39066213c16bbc,2024-11-13T17:01:16.850000 @@ -244238,6 +244239,7 @@ CVE-2024-1186,0,0,2e273a7149091b295fd44850226681809150a1697d95b70cddb9945c7f5d2c CVE-2024-11860,0,0,3a70209f793392595a3a51a4d60b0579da591107f99f2af8b8ca46fce7a60e47,2024-12-04T21:08:39.133000 CVE-2024-11862,0,0,7712aab25e9f815f730578195e7a4831741702c7ef40dfbc871d5c94d52129b1,2024-11-27T15:15:25.393000 CVE-2024-11866,0,0,f98849df3d1b11c4a74b976ef8b2271c79a4b31b45f414582e51d5b7f2d3bff7,2024-12-03T09:15:05.487000 +CVE-2024-11868,1,1,6562d73f3ac693485a95f5a10095f9315239583a70a12d5f33afc1f56bd78bd9,2024-12-10T13:15:15.973000 CVE-2024-1187,0,0,34bfab1d2868a509e17e58177c8ef1072428b9ace11ecd550f1c0daa57f2d37c,2024-11-21T08:49:59.543000 CVE-2024-1188,0,0,a65e9144328c7bf88ed9510065b2567c80bec907fa15019254b44a904bcf4c98,2024-11-21T08:49:59.690000 CVE-2024-11880,0,0,bc08b419001e69ecc8df6960919cacc77cc712a48473883e8526af3cf15bbb8b,2024-12-04T09:15:04.470000 @@ -244251,7 +244253,7 @@ CVE-2024-1191,0,0,6f7a8128ca74425a818c30dd0345aad863d38fbb6a993214ffab466088e492 CVE-2024-11918,0,0,f7031582b21494aaa2ccab4dd4ab92d52bf9f67c1445d9fb72b363b717cfc06b,2024-11-28T06:15:08.347000 CVE-2024-1192,0,0,feeadd7788bda0ae41e0b060ef10672169205cb5b73feeee0610abe95f0f97d2,2024-11-21T08:50:00.287000 CVE-2024-11925,0,0,77043a2dc07077ec38aa584033543217cc9fb39ce00751159aa83ba0aa54cc6b,2024-11-28T07:15:05.267000 -CVE-2024-11928,1,1,daaaeba3053bb3add1176d5e56bad95b3561d2e8a29b59c7061398cadf85d29b,2024-12-10T11:15:07.220000 +CVE-2024-11928,0,0,daaaeba3053bb3add1176d5e56bad95b3561d2e8a29b59c7061398cadf85d29b,2024-12-10T11:15:07.220000 CVE-2024-1193,0,0,dfff57fc9ce7a1dbebe4335de503e2f3e62619c8f53eebdea960e5ff40a71456,2024-11-21T08:50:00.427000 CVE-2024-11933,0,0,ff719b80c8b04b1955877df42e564ce90eac2c09e4f59c20e785f18a1e8804d6,2024-12-03T16:04:10.350000 CVE-2024-11935,0,0,f2a8d43d6f9999d38415d9b41f66ab77f7c4f7c94de5d0bc77beeed93d88f487,2024-12-04T13:15:05.910000 @@ -246096,7 +246098,7 @@ CVE-2024-21123,0,0,dc0174ae4c90456c439e839553b2498d14c4f888bd590edaa8a8f7e67b3b0 CVE-2024-21125,0,0,00117d0141d6804dde4b4597f14611c8e7044a0c5819feb38f51feecde07623b,2024-11-21T08:53:49.880000 CVE-2024-21126,0,0,2e7907c63d6168d1c610803a0745eb9c11b0e8c0ad2ad693cbf9f27610e2768e,2024-11-21T08:53:50 CVE-2024-21127,0,0,82211d53a8f04d5c481c561182096b582b45b38ffbe51d2d51ade2c558d5da56,2024-11-21T08:53:50.107000 -CVE-2024-21128,0,0,8aa99a7fa902c649591c9411f609ecd826b2827461800d5fd2af64552a0b8279,2024-11-21T08:53:50.230000 +CVE-2024-21128,0,1,5afd183275b05006de5f597ebbf957c1781b10bb9cae433596a21e2e51a87fc1,2024-12-10T14:43:26.337000 CVE-2024-21129,0,0,2c8e0b13d98477ae37358534ebfbe5e2257d99408b758e7e4434d44c0dbb5bfb,2024-11-21T08:53:50.347000 CVE-2024-2113,0,0,74934c55d707759b1d94ccef22382592d0461296223855372e0edb6efe4e722b,2024-11-21T09:09:03.530000 CVE-2024-21130,0,0,d7e5f2ba7a349a01871ed99811d8326f2c33202d853400289e668060d42f27d9,2024-11-21T08:53:50.470000 @@ -251125,7 +251127,7 @@ CVE-2024-27822,0,0,f8be55eb8bf86503cf81512385aa89b340f124c8a3f8c20fd852538813632 CVE-2024-27823,0,0,78c75b2c22fe34bed862cefb90eaed8a187e580151d9a70d547054d573dd3f8b,2024-11-21T09:05:10.170000 CVE-2024-27824,0,0,2cc12ddd99599dd006872c0cf7b8d5ab63b8531da94587db60786c0ccab83ed8,2024-12-09T19:47:18.810000 CVE-2024-27825,0,0,29e89e5710bfb54d1d04d8a9fd3541852d70f76dfc5302ffc30489c883b11ff7,2024-12-09T20:14:22.540000 -CVE-2024-27826,0,0,5882c0e4f7af646b59dd0679d1e85226a1795cc2356f5321755f7bb42e7f3c28,2024-11-21T09:05:10.963000 +CVE-2024-27826,0,1,45957ce20f2a01ddd88e91e0a33bb37bd420691b90dfe10df96403e6970a5865,2024-12-10T14:43:46.787000 CVE-2024-27827,0,0,bed63d634ffd1cbf24affc77bf979fa261e9adc7f3f174cc4bfced523c12d6a5,2024-12-09T19:37:57.937000 CVE-2024-27828,0,0,290c13ac106a10f3e41ecd8a81554d379261693867413fea9d302c84a5fa930e,2024-11-21T09:05:11.540000 CVE-2024-27829,0,0,9c466917970a7e1175bb391cf0ecae12e38a57520d20433719ce119d71b32455,2024-12-09T19:45:04.940000 @@ -251161,9 +251163,9 @@ CVE-2024-27858,0,0,aa4ac34917fc25a3b363315db7cb3fffd219145d245e40c2d78d17a7bcb48 CVE-2024-2786,0,0,610b8d9425d279ad1dc89b2b20968cbade000e4dda0124ac96ac2900c12ae5c9,2024-11-21T09:10:30.913000 CVE-2024-27860,0,0,573c398bb03b5382369ac69cc1d55fcdcd51ef33a018d7ec6bcd579bee759306,2024-09-23T19:10:07.350000 CVE-2024-27861,0,0,44687bbf9414155e406d842a229f671ff45e5709268fc42f7e0846677b06e6c3,2024-10-10T13:13:53.450000 -CVE-2024-27862,0,0,55e48c52565bf0ea261408b4f581d6d2157fdb24f12acc7cdceaa8c2b2c166cb,2024-11-21T09:05:17.990000 +CVE-2024-27862,0,1,1879dd3c7b86226e41db14689055cbd9455607ed315179a7b729f6913bf91dce,2024-12-10T15:00:16.310000 CVE-2024-27863,0,0,bc20f934200c90ab71177ba452dea8ed95327208c78d45ff56560458c5cbbb31,2024-11-21T09:05:18.200000 -CVE-2024-27867,0,0,926bb3d6cf7e6cb83e1fa7fe5ad8d1663d664cfdc30447ef591a7dc92e8c5757,2024-11-21T09:05:18.380000 +CVE-2024-27867,0,1,9d8a031b2bac38a4828644f9e0ea14edefe724dd0e937c81c7aeb7d5722cc9e9,2024-12-10T14:42:58.173000 CVE-2024-27869,0,0,6e32a9ffdaa128992a9fa73116ac1928876fc9fe0764d0f9da711d653ce9c617,2024-09-20T12:31:20.110000 CVE-2024-2787,0,0,0c477846917fd22b31e9c1d06001e4f39c193fa1a28a292429193d6118b3549f,2024-11-21T09:10:31.060000 CVE-2024-27871,0,0,970b05cbe9294bb0a3bb5c093d25c78edda1afa20430c21070839e14a02f2ee6,2024-11-21T09:05:18.840000 @@ -251182,9 +251184,9 @@ CVE-2024-27882,0,0,de1636067606d8abea05b2d623862645d7430157a629cccf883a6c28832f5 CVE-2024-27883,0,0,0d199213fd35f1e0f86a8cb34ff1863e819c339379b2bbf9841fef5f4ff3746f,2024-11-21T09:05:20.710000 CVE-2024-27884,0,0,1c4fd438b4c1f81ae2dc47cb12eb9a0af1b36d21af3f71cda60b10dda4ed8165,2024-11-21T09:05:20.853000 CVE-2024-27885,0,0,87f86d4faf4b2ee786765b1cbcfff093ef8ca9ea1a1718a912755ea3d0fa013b,2024-11-21T09:05:21.020000 -CVE-2024-27886,0,0,bdd4e22e3c47648225895d5c9fc907f91a9ac9a48836dda9645190935dc8391c,2024-11-21T09:05:21.163000 +CVE-2024-27886,0,1,3c715f8c52f1864ddda85ca53b2b16f09102ef3c94476f9d4abb350858861418,2024-12-10T14:54:49.967000 CVE-2024-27887,0,0,27c7d91a187938663d4a01d4c87033037d24e5ace0c9df0921f49ee73def6186,2024-11-21T09:05:21.357000 -CVE-2024-27888,0,0,633b1fd9b17029c1bb97812a74a21435207d5c19ad7127db495ab2f4e807807d,2024-11-21T09:05:21.577000 +CVE-2024-27888,0,1,cd0431e20853cd52fac0840f748f121c2c1ffdab2233c1cee21b2fe50a5a00fd,2024-12-10T14:51:04.667000 CVE-2024-27889,0,0,9baa87884a3e66fc5756c9ced2a8ef947001f8941593056f52c6dadb55724bf9,2024-11-21T09:05:21.780000 CVE-2024-2789,0,0,ea7cc59fd040ec8486f5414eb2adec79c9e64461c463ff35ba3f144bf7febd94,2024-11-21T09:10:31.330000 CVE-2024-27894,0,0,a529ce9447bf5cccdc79592c335a904880367559eca12c605a0c1c557584b199,2024-11-21T09:05:21.910000 @@ -260568,15 +260570,15 @@ CVE-2024-40770,0,0,868a7712172f9193db04503bf4681e6456ac2c380ba489a77f29f0b183bde CVE-2024-40774,0,0,acf9484778c188d9655881f6296c67ea4d7b41e7dc81159e8bc4a6eb0bc45b07,2024-11-21T09:31:35.363000 CVE-2024-40775,0,0,5a1c8ebb97a8c67c049206c150e713e1edac12079e5342341c02eb94b0a883fc,2024-11-21T09:31:35.600000 CVE-2024-40776,0,0,691f82117c272b7fd0cd01aff97f784b0cb450c83a62bf9d7355e7e0bac6f051,2024-11-21T09:31:35.730000 -CVE-2024-40777,0,0,85d31483994c1ef5f01cd95b205486112d896e80bb63022d1675afe89cd1a29e,2024-11-21T09:31:35.983000 +CVE-2024-40777,0,1,28ca9a7c241b3719fd673041c2bef99084a53ce2f03522e1b3740d4e69dc5d50,2024-12-10T14:46:05.797000 CVE-2024-40778,0,0,9f33a78120305618c4af695048e22760029d8fa22ae1c9b06ffb0fc260e027df,2024-11-21T09:31:36.180000 CVE-2024-40779,0,0,24f2c0026ed1b89a4192667befdfd5f2fa6437bd8b0b42b11ebaa2de52d85f2b,2024-11-21T09:31:36.320000 CVE-2024-4078,0,0,876c2d85ad15b40998fa1a091e99c40bdf3265b4dfc0dc2a74b816b191e7aeb1,2024-11-21T09:42:09.057000 CVE-2024-40780,0,0,79bbd0100ae5fa04270605f8c0a68d5757f3644ba25f4a2aceaba1392b1c61b5,2024-11-21T09:31:36.483000 -CVE-2024-40781,0,0,70c95f11861ecfdff1f9d50709bfc9a11c5a1333291b73c1ba14b39d5f7baba7,2024-11-21T09:31:36.727000 -CVE-2024-40782,0,0,85cd239e2d83b29d1ff3014e88510c957e8e2bcb53771a9b59fa89a00e75fb16,2024-11-21T09:31:36.917000 -CVE-2024-40783,0,0,a1f5d8ff70a42927e67e5d6d78e0602310fac7dc0724bb74ade0c1d131149023,2024-11-21T09:31:37.117000 -CVE-2024-40784,0,0,b71f234a171b5ebfe51d35766be14f80d45dfa01999ca331c65e8589adb62a0a,2024-11-21T09:31:37.307000 +CVE-2024-40781,0,1,3363c39d91a7831bcb7aad563596ee907481d83bc7f28181f8d88d8b37be4d26,2024-12-10T14:44:30.447000 +CVE-2024-40782,0,1,1681e3f74f0e893eb28a0176ca8743b201333cb23d7238959dbfcc2f2ea45bb3,2024-12-10T14:40:38.913000 +CVE-2024-40783,0,1,b214e53e5695093f1a97e3bda561eeb0d78bba15f089cc9486490e141f4469d2,2024-12-10T14:36:32.047000 +CVE-2024-40784,0,1,0614a9b6a289caa463057f8e765d30b829571138689ec9219bfeb4ece615b1b8,2024-12-10T14:35:11.197000 CVE-2024-40785,0,0,e7608cb4e789b0d57c87d46824a61398005e9bfcbb488fcf872b55b20c6fce13,2024-11-21T09:31:37.503000 CVE-2024-40786,0,0,be7513464307331b0f21d95b97bef5d1d4b3b9ee1591c2069c1d9ce282f49c20,2024-11-21T09:31:37.657000 CVE-2024-40787,0,0,8aaa2fb548d87487ae48d48ddcc78e474fa9a3d00ea0d3c48c5c8d8f40bc1fb2,2024-11-21T09:31:37.787000 @@ -260594,27 +260596,27 @@ CVE-2024-40797,0,0,f14a11d4a728c8a86d4bd1d32ea1c5f8ae14477eadc574999e9cef2e732ad CVE-2024-40798,0,0,2c5137a9186f5986d04c634015580da436877522b408214b3bc1e1d5405696be,2024-11-21T09:31:39.157000 CVE-2024-40799,0,0,a4df85e7704d4f140c3e000f12ab966153dd840f0d66cd762134297f5c5e0db9,2024-11-21T09:31:39.297000 CVE-2024-4080,0,0,d41249f04cf97bb237511db103188ee9975762edb7d49fc806aa36b0693fa467,2024-11-21T09:42:09.330000 -CVE-2024-40800,0,0,9e3adee2b284d0cd32bdac81e350f2705fbf09db5a5a7949b684422a42668e89,2024-11-21T09:31:39.523000 +CVE-2024-40800,0,1,b33e87d64e49134b44ed04be86797376921feed7b52a5f305540d69cf37d7a03,2024-12-10T14:26:15.710000 CVE-2024-40801,0,0,2b8c684a418f10f47d5b29fe2c29a6e969ddbdf6c48e8dfab48caa92f171cb41,2024-09-24T15:43:37.490000 -CVE-2024-40802,0,0,2ac84603b6defeda17d32dc4fae63b484bf573bb4dcef5f94052616e4bafff52,2024-11-21T09:31:39.770000 +CVE-2024-40802,0,1,563df9962a4864aa00b79cf61749de092984de9364c8f35a30e6b2bf2671981d,2024-12-10T14:57:57.143000 CVE-2024-40803,0,0,7a79592f91c7f2e3cdc2d5ec518a069335aa6fa008f6b29e7d16e0e25c2c4197,2024-11-21T09:31:39.960000 CVE-2024-40804,0,0,7d7a8fea2356cdd68fe943122361e329e5dedaafdc6a8e5af8d36b46c78f89a4,2024-11-21T09:31:40.083000 -CVE-2024-40805,0,0,2f46f069262bab9b22da5de58d331ed805300880385e964fb2cf1a166ecd0465,2024-11-21T09:31:40.193000 +CVE-2024-40805,0,1,13645725b1681fde7570b84efb1d6f8401eafd2a444e37e0fd8a3aa6c36514be,2024-12-10T14:57:17.887000 CVE-2024-40806,0,0,06a52f7e92cfc73c5aa3085661b3b838fa52ff3bc438b157f87d61486bbe86a1,2024-11-21T09:31:40.377000 CVE-2024-40807,0,0,aa52f240186fdc6e240bd4413bcab727fd8fcb753a192ab9dff172120f0f1672,2024-11-21T09:31:40.537000 CVE-2024-40809,0,0,e0ef73c9c3b8e6c198213d06d60b6635119e1372038dc2c5ad4de92adc24988d,2024-11-21T09:31:40.667000 CVE-2024-4081,0,0,a8cb52f748212831eb0f908c5358c01ba2440972e066efb74e3fc0403bf48916,2024-11-21T09:42:09.460000 CVE-2024-40810,0,0,0bdfce63164940e1cd12fb4417c4e2985d9d847d45267827b3342731bbd0c955,2024-10-29T21:35:09.467000 -CVE-2024-40811,0,0,49f58654f059951501ae9772f298ae6d4930c6e1d11ab24d6e2aea78b2ada932,2024-11-21T09:31:40.960000 +CVE-2024-40811,0,1,e5e268291e19acf6f9af493524ffb184ab47831415c1a6be0a43a99a58f9f3ff,2024-12-10T14:53:16.287000 CVE-2024-40812,0,0,4db8acce8a2970669bbc65deebee01d7a15fad29796b40ae5a2044599b05c2f7,2024-11-21T09:31:41.143000 CVE-2024-40813,0,0,45e9aae059d0233b7079e495d48b4acd4e744784498779eb74606b0d89c22634,2024-11-21T09:31:41.303000 -CVE-2024-40814,0,0,21069318fb223e8a9c48ac0c2e4b9ccb1af8b0a0e291c8973a6b57cc607f21f5,2024-11-21T09:31:41.507000 +CVE-2024-40814,0,1,57e725873392d3680f23714697504ec25c26f21a4b8f7f0f7705b5b733c10b5d,2024-12-10T14:49:34.477000 CVE-2024-40815,0,0,0f1adcd1d2d10d9e07ecdf7b1b63fc2dc496053c65837cf0f3413f168ebf29ea,2024-11-21T09:31:41.690000 CVE-2024-40816,0,0,bf41694c0849ddd8d44a836dd7dd0e12b9ef749afe75121f65ad453324956992,2024-11-21T09:31:41.843000 CVE-2024-40817,0,0,5ea3e07efbab71e2d2607aeb6d91a11704b1fec81e28eafbfefcc5c61086892a,2024-11-21T09:31:41.983000 CVE-2024-40818,0,0,498715ba251ac4a77d46f20c1f4583b3b89075e295b6483ab0f6ec91516f140d,2024-11-21T09:31:42.140000 CVE-2024-4082,0,0,884f744d4b6d6c38211069fff9472a771275afdc68ad46774024765c6d13755a,2024-11-21T09:42:09.593000 -CVE-2024-40821,0,0,1a488ba42d505840765a8651c6a354ec9ba3a862cdce16e7032a94e29d903c39,2024-11-21T09:31:42.290000 +CVE-2024-40821,0,1,a3b876952ec8ce255096f7c26040316035df8c47e37e23640e020f9cd5f7797f,2024-12-10T14:47:42.573000 CVE-2024-40822,0,0,f2e42c11a9194a009cec70add00bceafd93485fa2ccc44b94afc5a8685e89cd1,2024-11-21T09:31:42.490000 CVE-2024-40823,0,0,ea5834191915fbf77537780befd2f8170562cc3e8f14a6bae616ecfbb3aa16eb,2024-11-21T09:31:42.633000 CVE-2024-40824,0,0,f06a65634df701916688a4cb6ccf61904c2867fc9a521a8cf66bf5eb3a0571a0,2024-11-21T09:31:42.770000 @@ -261437,7 +261439,7 @@ CVE-2024-41976,0,0,42caf5a007bee351e12b4a06ba3af81131c9ae6b389ae9fe7288af1ace49f CVE-2024-41977,0,0,d60c39a443c53177c83036712d2b2e0d10f24cd83e8f9256a5a4af7c2ffe4cf0,2024-08-23T18:39:13.990000 CVE-2024-41978,0,0,a9db5f0ef1cf6f05f507a3d6b9c1eb78d64604fbf035ed5751c84ec7b7102df9,2024-08-23T18:34:36.283000 CVE-2024-4198,0,0,ad8b63492508ea78a0b02d111682b485f5ca74ae0f1c300e2494392f9d51f1f9,2024-11-21T09:42:22.450000 -CVE-2024-41981,0,0,9155a8e7f8ebee0f0fb1558160fa9dc835c479f1e80d727e164d1c9e37993736,2024-10-10T12:56:30.817000 +CVE-2024-41981,0,1,595e887d6ea0c63397a9eccc9815f07337ad0496936250e7e5a33d36fd0a71a4,2024-12-10T14:30:39.670000 CVE-2024-41987,0,0,60c106b47b761c2f190d94257b37a69d919ff7f89dae3c97c2987f690f8d24fd,2024-10-04T13:50:43.727000 CVE-2024-41988,0,0,6d2370eba472daacc149b3a07abe0a2bb04e0e3eba237b664cdb1309b28bc00f,2024-10-04T13:50:43.727000 CVE-2024-41989,0,0,e7df0286b5daeeda8268119adc22bceddab20fce25179a1516bbedb5a121beb7,2024-08-08T20:35:11.140000 @@ -263934,21 +263936,21 @@ CVE-2024-4546,0,0,b7cdc4b543e15e201ed44f8fc6e4cf20dc32164dd66216ed33114a60691625 CVE-2024-45460,0,0,001c0d271f13fdcf16be449aeee5552f7fdd01ce5de21517068cf8da4d5ecf67,2024-09-27T14:51:08.120000 CVE-2024-45461,0,0,84f3694fbb53484ea1b2f0e2bd825429789554960bc7428029266b0247d5f511,2024-11-21T09:37:48.267000 CVE-2024-45462,0,0,5481d86379eb32e5cf042e4db1e116735f20241b10741a0b8240f20e66c496cf,2024-11-21T09:37:48.420000 -CVE-2024-45463,0,0,f88dfab0dee6ff12a04814247df3d8cdc794fe217c656c636c89d5ff0e9d9647,2024-10-15T17:35:51.263000 -CVE-2024-45464,0,0,a244ab76a1481844432b630fd38b1ce025eff493e01ea3c4b133b4682c9ee963,2024-10-15T17:35:33.887000 -CVE-2024-45465,0,0,8a23350a741004390b2a998b67c04375e155859e037fac3791ea5fb96445eb4c,2024-10-15T17:35:22.230000 -CVE-2024-45466,0,0,4a9ecbb453211d5c6933013580a72a252fb5e90a728a8084c9b5fc46c0194802,2024-10-15T17:35:06.890000 -CVE-2024-45467,0,0,2af9ce4220635e15f968f806d9430168e712d6f139910e592f1cd7ced606dba3,2024-10-15T17:34:51.353000 -CVE-2024-45468,0,0,8b6cc1d9a3f4897089ed0609529f0f4fef52d8e553a7fb28e2f9f8dcf8ad077f,2024-10-15T17:34:32.503000 -CVE-2024-45469,0,0,7e9fb23e34073be61b5ce3d21efb8b6fa9e06bb80a2904b4f0de68bbf7bf0b4a,2024-10-15T17:34:18.037000 +CVE-2024-45463,0,1,d38fed6e54dbce5e6709708021ad95c43a414d68d02bbec9b1cf9943f8b040a5,2024-12-10T14:30:40.500000 +CVE-2024-45464,0,1,4513fdc8e179736f0b1bc0763e1a273c7388bcb70a81c92b520cf65db74c6590,2024-12-10T14:30:41.117000 +CVE-2024-45465,0,1,6135802bc5ef6d924ba321022fdbfde87c90d246701e11519d982827b77e8ae5,2024-12-10T14:30:41.517000 +CVE-2024-45466,0,1,4e53d3f76f99f33b36a8a61e373ad6110fbffeab9f7984b3af9578a705db3f9d,2024-12-10T14:30:41.893000 +CVE-2024-45467,0,1,036f4b00dddaf7495f845ff5d55493c58199249e0220ecd99d47da57b587495e,2024-12-10T14:30:42.243000 +CVE-2024-45468,0,1,6013cad63529efe366a03007776db329d6aed074775024fa5a55ec7322eb100c,2024-12-10T14:30:42.633000 +CVE-2024-45469,0,1,656bb42013fb088290c0af17f77aafe6c30a5c41435f0f4d3bfee14789d94021,2024-12-10T14:30:42.847000 CVE-2024-4547,0,0,e23ce5da78464c86a441e1808ff2ade62b176e4884e1390cb77e42d774dc4b51,2024-11-21T09:43:04.813000 -CVE-2024-45470,0,0,fc76e3a2f23a88a0f3e677501bcc4d77ed4ba80942713f7e6fbad05ca49c09f6,2024-10-15T17:18:52.227000 -CVE-2024-45471,0,0,44b7e6fb0cbd03032f14772ed09e2cb62c21f2eb290232e5cddd1e8856867479,2024-10-15T17:18:37.377000 -CVE-2024-45472,0,0,47ad09e76e12e5b909209f00f426ee0907628811e7f499ff7c1d18c3089dfa93,2024-10-15T17:15:34.937000 -CVE-2024-45473,0,0,75f3a7abd2313e82402d6a1e4e972a8bdb8a9febf9d4b5640ab8caef910c4cce,2024-10-15T17:31:56.830000 -CVE-2024-45474,0,0,ca40fc1c5ed7a68065630c2ba92f7af82986de7729ee4810695e839ca6701868,2024-10-15T17:31:54.730000 -CVE-2024-45475,0,0,73d77aaec32f027e165f4adf44070c2716a5b588dea6248fec10d3032d42a348,2024-10-15T17:31:52.313000 -CVE-2024-45476,0,0,0e2992ff1de64d5c7b36049b624fb7475a24ceb44569f2fd8eb147a672ddfa70,2024-10-15T17:31:50.310000 +CVE-2024-45470,0,1,6e746ef9f4624d1dd9828c4595b99ec1ae90de70766f1bc542a20bafcdaca68a,2024-12-10T14:30:42.990000 +CVE-2024-45471,0,1,c276977ef9e32e8dab7614c2bb2841752749cf302e8547cfab5a191904641f87,2024-12-10T14:30:43.137000 +CVE-2024-45472,0,1,81688a9ee970dc2034c3fbf2d6584fe291f2d9482da1d55c772e475c87552f19,2024-12-10T14:30:43.263000 +CVE-2024-45473,0,1,8c8c37d1e5cb936fc204de0a8a68f21a22fae1c2c18ee129e5950084a6ba3891,2024-12-10T14:30:43.400000 +CVE-2024-45474,0,1,8ec981c40c0865bd337e77c549e84217aecc724f40a2f4b66e26d178f60662ac,2024-12-10T14:30:43.543000 +CVE-2024-45475,0,1,68995e1629edebb8d3330a3b1d200226acbfabb2fa93e2ed19b4655f8a034f82,2024-12-10T14:30:43.673000 +CVE-2024-45476,0,1,5bd5dfc300a851ce550a6a7da70752b4d8e0106d29959b2ae06cd7e6a0e95953,2024-12-10T14:30:43.853000 CVE-2024-45477,0,0,da1780e6b64087f6d28ed8678f277554fcda2d35c2ea3e486b463eb0dcb01b5f,2024-11-21T09:37:50.293000 CVE-2024-4548,0,0,c7401b17e35ff1b34998f05de06d9924efc8296217fd62d20718b595e94aba23,2024-11-21T09:43:04.937000 CVE-2024-45488,0,0,ddcd8f59134f72a3b8f90701a24a7b63e03f1137fb0934f505028ece59a798e5,2024-08-30T19:35:06.870000 @@ -264822,7 +264824,7 @@ CVE-2024-47041,0,0,e951234436617afb0ea00c852a4b7fa67f944147a2a27719759ecff9c5d4d CVE-2024-47043,0,0,16003fbb50bd8180b78bb61a6ac620b79eafb4fbf16d6ca5aba9fd22bd118b54,2024-12-06T18:15:24.853000 CVE-2024-47044,0,0,f5082c6425317782526cc321eb402e63d4e994b10a2cbcc319dbb6c80851bcb7,2024-10-17T02:15:02.840000 CVE-2024-47045,0,0,0657652e435463f24842c95bfd3794a2b4734328367fc4112685852a971c284b,2024-09-26T15:35:29.950000 -CVE-2024-47046,0,0,baed6297563bc1a48ca01b1be8f27998c6d3fdfc18236f8a521778308792164a,2024-10-10T12:56:30.817000 +CVE-2024-47046,0,1,438bbbfb4564d762294987a696cb45c6577d9b59cf09833dfd022e224f8c8234,2024-12-10T14:30:44.280000 CVE-2024-47047,0,0,f47c9375ff4e3500f3e47f366e397f42b48ae882b1f697904f00fc82abd32028,2024-09-27T17:03:35.507000 CVE-2024-47048,0,0,425cce79ac1ff694ab4c7cef97a6df0f5610cb2bf223796f917dc53ac24edec5,2024-09-26T17:12:07.440000 CVE-2024-47049,0,0,9435c3feeabad953f768be0dab3a8c5de1fda327c2cd4383c7019bbd8d92ff47,2024-09-27T17:09:46.980000 @@ -264868,6 +264870,7 @@ CVE-2024-4710,0,0,9c507813f9fc80a7b0290c71ebb56c5cafbe3613f57bf93e1120a9c56f5290 CVE-2024-47107,0,0,7b3fd642f04bb4907359468180c5e80a149cba368c15d7fcad27657fede29875,2024-12-07T15:15:04.123000 CVE-2024-4711,0,0,e4ef71037ebae75f1c7783581ae71eaf15c6142551362f95bff0adb8f63f9b15,2024-11-21T09:43:25.710000 CVE-2024-47115,0,0,b16da535b3da0b89524d7833c7b765d32fe2f7dd304b564264470c1871bdf405,2024-12-07T13:19:14.783000 +CVE-2024-47117,1,1,9a433d1ba1da14ac03eff92d4b9d962f2572bcd84811d0eba8292b9cf923d82f,2024-12-10T14:30:44.400000 CVE-2024-4712,0,0,1fed59bb7e8ad0e60ff127714cca3b30ddf28383821e6801d32e14d7ddccef6e,2024-11-21T09:43:25.850000 CVE-2024-47121,0,0,346648e20973f21c82fabd4a08a632a55356bf3264a158afc57ac406e96c43c4,2024-11-01T20:39:20.677000 CVE-2024-47122,0,0,7ba55296c1246880ecd41488ae0cfca0580aa596752d1a2853d946be717d540c,2024-10-17T18:15:05.480000 @@ -265151,7 +265154,7 @@ CVE-2024-47476,0,0,7fbeddc8b679c54b9a8d16b073a75eec4d455c0be7f1e02e1d7d8aa5633f3 CVE-2024-4748,0,0,0e1bf604cc16c6bb1a8683ee11cfaa8201b2be0b492e06be1984933dd6cedb52,2024-11-21T09:43:30.787000 CVE-2024-47481,0,0,71ea09e89917de5bc1b44200d74f1ffc8698bb7da082bd763134d649f33a6380,2024-10-31T00:01:40.487000 CVE-2024-47483,0,0,f01599a6880bac8eacea8814fc1f580c96bada992530caa76be5bdf38bc089f7,2024-10-31T00:01:05.127000 -CVE-2024-47484,1,1,8ee7130718e177a4b7bdc694cc88ec0ea7625e9dd9b72cb36833b54e909b7241,2024-12-10T11:15:07.400000 +CVE-2024-47484,0,0,8ee7130718e177a4b7bdc694cc88ec0ea7625e9dd9b72cb36833b54e909b7241,2024-12-10T11:15:07.400000 CVE-2024-47485,0,0,f3e17ff20ae3263d9853078761f1fcc280526d84c6f26f0f79a89c8c8da75f6d,2024-10-22T16:23:22.890000 CVE-2024-47486,0,0,73b6ec5c93b8df7e12b45674095673d040f8ca89712ac88fe6ad816e1b46356f,2024-11-21T15:15:31.407000 CVE-2024-47487,0,0,285367b03b1e1af1cf720c4c097845509c3c98a24864a9cd28d57659dbb3da2b,2024-10-22T16:10:08.027000 @@ -265543,7 +265546,7 @@ CVE-2024-47973,0,0,4c755251fddad4f39a2e7e0c2967304daa922575998c42fd2fc2365294c3e CVE-2024-47974,0,0,5b42e76afcab24c20bdceb8d619dc3b1d3700c61728605186411865d26bbe7c7,2024-10-31T13:35:11.790000 CVE-2024-47975,0,0,919a5c25fcfdd1004bec82ba910db5fe6300dd9cdcfe2f11fc4b0bb574f4091b,2024-10-11T20:15:05.143000 CVE-2024-47976,0,0,b7d584a3048cada45c1f6e92a2751d3e6ae6406892198b5d0fe37bebaa37f847,2024-10-17T22:15:03.210000 -CVE-2024-47977,1,1,167a11103556db461bec5fe97a2696b0312627da6143ca80c941f2b6fa16eb0b,2024-12-10T11:15:07.550000 +CVE-2024-47977,0,0,167a11103556db461bec5fe97a2696b0312627da6143ca80c941f2b6fa16eb0b,2024-12-10T11:15:07.550000 CVE-2024-4798,0,0,67d409a675b221a14312164f5cc62c5f24d760e91c26863f4b27a369f421db4d,2024-11-21T09:43:38.167000 CVE-2024-4799,0,0,bcde09b7182d8e0e6116d4d77d66aa7fc678a4d38a1639ef2abc6c729d992c49,2024-11-21T09:43:38.320000 CVE-2024-4800,0,0,d6e648ed7e57041fcab1c34d0d022e8b177d9063790ccf92ab37010db4d3952a,2024-11-21T09:43:38.470000 @@ -266425,6 +266428,7 @@ CVE-2024-4970,0,0,ceae782189e36ea72b2794d871ba0e98c5d8d6d33670b120902bfb4e771c4a CVE-2024-49701,0,0,faa8cd67d7f87e8b700116e3ea01c26a0bace35a674e83df64e802c479757838,2024-10-25T12:56:36.827000 CVE-2024-49702,0,0,95504b65313eac7b0c032b66b56870b8b510aa5556c8e61dadfd6a9c41944713,2024-11-08T14:32:56.010000 CVE-2024-49703,0,0,773f468dd20b89d6b077ffb05058547737a4c510a41e2a52930200811683b9b8,2024-10-25T12:56:07.750000 +CVE-2024-49704,1,1,792d72be95c2e939aedb97abbd86d02c29dc7b2f79685bd8e5c6b05c8813f351,2024-12-10T14:30:44.573000 CVE-2024-4971,0,0,af7888c7a6b95d3e4defe90dd125614ce096832a5ff7e0a45c6fa9aa4416b987,2024-11-21T09:43:58.747000 CVE-2024-4972,0,0,6d57573ddd08bf2299e1f6597809329f00babdc0f3ad1d5869880ad1a42cee17,2024-11-21T09:43:58.863000 CVE-2024-4973,0,0,19ccbb7e67bd4c75d6b883a0abe41227afb09f5e151258438b28388488924a3a,2024-11-21T09:43:59.010000 @@ -266466,6 +266470,7 @@ CVE-2024-49805,0,0,7ffe3272417593fded7c1532e656178bffa9488f6e3f217560f596f3472e4 CVE-2024-49806,0,0,482936de6637cf76dde54f51f1f52b121a6d4662a65fe5c43e3cc1abbc23e574,2024-11-29T17:15:08.627000 CVE-2024-4983,0,0,eefedacb8523e31a6a187e2c5f1e853f41a668185e6ca18f1a2fa72cc91a9950,2024-11-21T09:44:00.070000 CVE-2024-4984,0,0,40ebe34593a184b2b9329b2374e9578e3a0bebaa278e1231c45c34e446e4dc36,2024-11-21T09:44:00.193000 +CVE-2024-49849,1,1,a734f63b3c346e9305019614e5c9962cd96fa0fef40997474f61ddb0c157cb37,2024-12-10T14:30:44.780000 CVE-2024-4985,0,0,24ca642ab1af582069f35187f63584eb56ac0072c100febf0fdf2dec3b3c9587,2024-11-21T09:44:00.330000 CVE-2024-49850,0,0,b081475e1ca3af47ff915ab2d360bfee7d39229960d37f8c28496a17f22b8519,2024-10-22T16:12:14.193000 CVE-2024-49851,0,0,70ac144994c89b2c32ac4cbb91bfa1b666a409fb43980ab032860a5d662dee07,2024-11-08T16:15:28.700000 @@ -268054,6 +268059,7 @@ CVE-2024-52034,0,0,8072163119d29e3d7cc1af6d3ff22d184e9e2263ebc70094a6b8e6922599c CVE-2024-5204,0,0,861a03c6b8b38defa5d93991a4825262ae7b814b89fc2ffc1e32a59f04171e4e,2024-11-21T09:47:10.927000 CVE-2024-52043,0,0,e434d805f99fdc6c5e33568cd1a8288e62a5c6170cf35ff5cddabfded34908c6,2024-11-08T20:39:36.233000 CVE-2024-5205,0,0,23f687d8508f2ecb4f71db4183b652438c4bb3a68c03d14351c40e82c1576079,2024-11-21T09:47:11.033000 +CVE-2024-52051,1,1,8acceaf16f5843c2c444c19f98f27ef39bd722f58189359ba741e64a89cd171f,2024-12-10T14:30:44.957000 CVE-2024-52052,0,0,5eeeac48f24ac467a2621d7950234ff504286fc9da5b2ff1ce8d348695057bf0,2024-11-21T23:15:04.520000 CVE-2024-52053,0,0,634822104ec4d4af8aa9cf0854397b2e2ea6f5f55e9fc999886a29a44842f7b3,2024-11-21T23:15:05.387000 CVE-2024-52054,0,0,9a2d2ec3a40a48770d9647f97127693cc6b0ef5932cb18c296471a466b60d1e3,2024-11-21T23:15:05.627000 @@ -268337,7 +268343,7 @@ CVE-2024-52530,0,0,78f036a07a80d7c50933eab4b5ec3e54640dd9a8e9ce77e883bfb2118e573 CVE-2024-52531,0,0,8eedc16d1aadf080c6f2b302997fd47ee6a376af2a4466e43fcf9633d24182c6,2024-11-12T19:35:15.807000 CVE-2024-52532,0,0,54c3190a0eeff653a8f66dda7fd5b580cc7aa4648618e83320436fca355bcda1,2024-11-12T19:35:16.970000 CVE-2024-52533,0,0,1eb71d89b0eb5dd4c4750374cbcae2f7fe6179355aa90c3882a1d10864ff06bd,2024-12-06T14:15:21.400000 -CVE-2024-52538,1,1,835fe849e7f7ee42eebe03855b29cf6227ad70f158455508984b13f2a2b9a4c9,2024-12-10T11:15:07.690000 +CVE-2024-52538,0,0,835fe849e7f7ee42eebe03855b29cf6227ad70f158455508984b13f2a2b9a4c9,2024-12-10T11:15:07.690000 CVE-2024-5254,0,0,b08a56d01443c9abf44ee33ecfae9cdfa73a8d20318044fcd2f5caa1e9d31f2e,2024-11-21T09:47:17.063000 CVE-2024-52544,0,0,c58d604e70e1d52d10e6c46ba91f7cf731eb4ad32c0c46522333c5ba2eb214aa,2024-12-03T21:15:07.390000 CVE-2024-52545,0,0,387ccc5d59fa5b7f0e29a5a9d3b818216a2c3bea1d9e491918de17e5ca055044,2024-12-03T21:15:07.490000 @@ -268355,17 +268361,17 @@ CVE-2024-52555,0,0,a3eb976a723323be3c4248982b8a2d466355a617b040f2b336f011db865bd CVE-2024-52558,0,0,2ada9f104f39fa7ff47b30d6f6d3023c890bde815409d4072ab82d26ecc71fbe,2024-12-06T18:15:26.007000 CVE-2024-5256,0,0,351ec0133ebd6057956e3a32f156ca3c6d3a5e82f4f6d83d2ed56c2cf43e8b33,2024-11-21T09:47:17.300000 CVE-2024-52564,0,0,18983955880ef907ed28cbb37a105d98746b8b276ab26ada4169cdb5d146ec41,2024-12-05T10:31:40.663000 -CVE-2024-52565,0,0,e105d8f0f4fcaa170be6e4bc2a2f6eba5233d20168bd1930ff490fdb790077ce,2024-11-20T14:33:29.197000 -CVE-2024-52566,0,0,60da29360aaa2a633d809f2307498fba5e8ec5a0e484530c65723c667ba11290,2024-11-20T14:33:20.813000 -CVE-2024-52567,0,0,0321c73fe4896b85cc6966919df22941ec17497e28690b7a84b51d490b05a1fd,2024-11-20T14:33:09.433000 -CVE-2024-52568,0,0,d934b56a4c26cf7433a66c01f2652254b241957ba81d4f014571136cc3571e5f,2024-11-20T14:32:58.637000 -CVE-2024-52569,0,0,6f2023c3a3ff0ebaf6f35d4d1228985d2f722643c0b5f2cf82e7e25b8eacd047,2024-11-20T14:32:48.897000 +CVE-2024-52565,0,1,b362c6e2c4d31b534af407257d8d3dfb1aa1554df898d59efa213d390e3fbbfe,2024-12-10T14:30:45.133000 +CVE-2024-52566,0,1,17a84dc89ac3069d1f90787751ac58c5e2d97a5fd675d81c8b31ce27686cc0e2,2024-12-10T14:30:45.280000 +CVE-2024-52567,0,1,fd381a3dddcbb62af32a2c67729f90a249582197f978211c7c707dbf4d33f8c9,2024-12-10T14:30:45.413000 +CVE-2024-52568,0,1,fa1d7e5ab1453e8ce8fc6d74525cf759077c7cc45629bb0b94ce8e3e62e0c0b6,2024-12-10T14:30:45.557000 +CVE-2024-52569,0,1,4af82bc06f36fc89e632168ae15bbf2618bb6f0ed67e0b15f79e688eddd354f5,2024-12-10T14:30:45.690000 CVE-2024-5257,0,0,63de8a02d92c9a92c70690e872ab84c98567821d29f750ce183ace844e1595c7,2024-11-21T09:47:17.443000 -CVE-2024-52570,0,0,badbb1b232b83200d851615982bad6a0cbea41630c5f59a4db2c3c745cc8a70e,2024-11-20T14:32:38 -CVE-2024-52571,0,0,cb315cdebcae0e2f7b4c5f0cd27f2f07005dd21f043ac6a8f42d4c2c11c2a48a,2024-11-20T14:32:29.867000 -CVE-2024-52572,0,0,1fc13bf695c73d465f2b170a8225cd285ea92aee203d63aca5489e743aa3778b,2024-11-20T14:32:21.533000 -CVE-2024-52573,0,0,d380f6a6b67b3921345f7d3b8e3ff1292dd054be5da0ae9b96416799b725ea17,2024-11-20T14:32:11.853000 -CVE-2024-52574,0,0,28c9b00282c0ed3a6c917452581f709fd398e2641ebee7032726eb96b6a237e0,2024-11-20T14:31:47.103000 +CVE-2024-52570,0,1,feaa72db88252679f24425259a3a3e7391aee4d1ebf6c82602d1e496104872bb,2024-12-10T14:30:45.837000 +CVE-2024-52571,0,1,26f20aea2cfcbc51472f8703de0c2a514740f60db1ffb8e995268a2d369c16e6,2024-12-10T14:30:45.963000 +CVE-2024-52572,0,1,6376707757e7137e4ed57cb6aa915c75f77a0c9d8f5dcf819a13dd807d60e570,2024-12-10T14:30:46.097000 +CVE-2024-52573,0,1,8593682362497edb492d6ca4681e1b8433e1243c696d93c347c6182b3d337087,2024-12-10T14:30:46.227000 +CVE-2024-52574,0,1,4bf672ed2c2d31209cd79a7c8d6ac1ad4988a3958f507bd33b02c669bbaec7c0,2024-12-10T14:30:46.367000 CVE-2024-5258,0,0,0178fadd7e63b0945aad72105eff12425398bd2f163394358706186fe3bbed1b,2024-11-21T09:47:17.587000 CVE-2024-52581,0,0,332a882ee82bfce0a525dfee25d6489cb10f5c4433be26d4715ac553f5613d09,2024-11-25T14:15:07.077000 CVE-2024-52582,0,0,1997f5832ca34e16f43886daed3491b2edf8ddc5e50506be9eb3832bdfaca64a,2024-11-19T21:57:32.967000 @@ -268508,6 +268514,7 @@ CVE-2024-5301,0,0,9944435231e4232deb9644b6756c62dd37aded32278d6910acfd86a9fca6bb CVE-2024-5302,0,0,82745a56882a5e93127da6843cc252c1f39f5e3b6031b0cf4b30203e7450051c,2024-11-21T09:47:23.453000 CVE-2024-5303,0,0,3ed489db17064b2aff86e9a31b51d53d757813a529fdb6ed7379a772174cd7ec,2024-11-21T09:47:23.590000 CVE-2024-5304,0,0,220f673e6cb9d2e204d0cc75d5c684adf0f056bcbae146fb7d849c2cb8da986e,2024-11-21T09:47:23.727000 +CVE-2024-53041,1,1,1e0345d38b63f2a99c664fa5a3cbe81b1e56217ccfdfa008d8ceb0e237b3260e,2024-12-10T14:30:46.507000 CVE-2024-53042,0,0,d7e0d4c1a2c730be549db3ae70702c5a27a3ad932f1d5de3c69038d87b197c91,2024-11-27T21:09:40.700000 CVE-2024-53043,0,0,61d4dd773e5eb447c74c7628c721835a8781adc0a67474dfa9134aae604c242f,2024-11-22T22:22:03.963000 CVE-2024-53044,0,0,13db87ec8352bc7d7a9e5edecc2ddf5bacb85c33a4ca911a96d3b6b927e39574,2024-11-27T16:40:06.963000 @@ -268625,6 +268632,7 @@ CVE-2024-5318,0,0,d3e6ab64f214a31e8be6483f947f606302a807960eeb0dcd1e3ac0fbb29dc9 CVE-2024-5321,0,0,0f218b8b6fcc3fc0b4ccef7040ede5ee801dc8e00258e6450bd3f123b6e73ca4,2024-11-21T09:47:25.283000 CVE-2024-5322,0,0,6e9032fa3deabc9be71dae1989b7f0a781e1608a9b8c8f048902e90e4caef6d4,2024-11-21T09:47:25.413000 CVE-2024-5324,0,0,616d1ba80af339308061f2c79fb4da68886ab2b91b97eb35403d14df6efb4acc,2024-11-21T09:47:25.537000 +CVE-2024-53242,1,1,7b1d80eef3802b30008ebb8ee3eee2f52064342e6dc78ef74b31a36b1537b142,2024-12-10T14:30:46.700000 CVE-2024-5325,0,0,6fb157711d80f391f873772a3be62fe029a107c4c82e0f59ae798d9b15b764bd,2024-11-21T09:47:25.650000 CVE-2024-53253,0,0,e465b741e355f1ce9ba45867c01a177432bba9be4e62dbf601e6676bd13fe6f1,2024-11-22T20:15:09.210000 CVE-2024-53254,0,0,ee53e9b703f27318442647deb86c75e2def0aedf5170eb37f9fbf3bd5e2537ab,2024-11-27T18:15:18.060000 @@ -268877,6 +268885,7 @@ CVE-2024-53824,0,0,cacff643e180235d604123615cc52f6b2ea1485fb2d03e2dfc7beecfeccda CVE-2024-53825,0,0,a935473ac9480ea7a4ce7e03aa3b09420e04eb2d14d6df25b05c05b7ca30b9d4,2024-12-06T14:15:24.937000 CVE-2024-53826,0,0,cbecbe1de7867711d8448c76cc0dadee1ddb6170f57b29bb3357f66e68cba06a,2024-12-06T14:15:25.077000 CVE-2024-5383,0,0,093acdd4201567d005275d52c1174349cc9fb95effb23b8b65de339d75e5f1d2,2024-11-21T09:47:32.963000 +CVE-2024-53832,1,1,d5319c051d93938c512d53d904b1dbef4fa88b0e7db94b21b8cca1375be3ac12,2024-12-10T14:30:46.853000 CVE-2024-5384,0,0,8d376a2ca7902f4602c393c8e22120c83f3a08831ccd742c2d440f44affa2cad,2024-11-21T09:47:33.103000 CVE-2024-53843,0,0,c44c99ef4402ecef78ac8c1b113f8d73cb64b635f31482723ce78cbb921e8259,2024-11-26T00:15:07.430000 CVE-2024-53844,0,0,b0e1409716740a79089a588f0454ff38097ac555d54020c4c21a59c02d9d74a3,2024-11-26T19:15:31.463000 @@ -268957,6 +268966,7 @@ CVE-2024-54001,0,0,045e80f770794ebace72678238e7eba8e7d1da90cac59175504e695765cee CVE-2024-54002,0,0,7c5a00df1d470c32b9eac42d93309bb19614d9762fa0f049a771979bb98949b7,2024-12-04T16:15:26.537000 CVE-2024-54003,0,0,b632b439005206974a2b4ec6ab08a78e134e0c09d892996aec7289d7221f0377,2024-11-27T20:15:26.133000 CVE-2024-54004,0,0,5d94a9bc2fe383b10883d5f21fb711b04368ee28bef8377081c80a039d1c1dee,2024-11-27T19:15:33.723000 +CVE-2024-54005,1,1,78bbd546deba4e2b14f99ce80711c725e32521468135821d5bfe1062b9007f78,2024-12-10T14:30:47.037000 CVE-2024-54014,0,0,9895136be901bda6024d3c86fc774e344b5ffa93f0cfe6e13e8990c6229717ed,2024-12-05T03:15:14.530000 CVE-2024-5402,0,0,ff0d9bb22ac0a71984c61b65bae28749f481f4dd7d54b4eb8642f168357fe194,2024-11-21T09:47:34.947000 CVE-2024-5403,0,0,f4e58d907f2a672c85e38960e3074ec1cb3261646ec2ccae3d1a32d0c95159be,2024-11-21T09:47:35.097000 @@ -268966,6 +268976,10 @@ CVE-2024-5406,0,0,5db0f501f7c712d4bcce798425460b3472165eeef82fd225689429d234120e CVE-2024-5407,0,0,e082637321598f3dc8c3c9e1760b81a1e1197c4d13cd58fed3245c37f0bb71c9,2024-11-21T09:47:35.567000 CVE-2024-5408,0,0,0b23a712a85d13fef48f02294d854672174790bd624dfee1416450ccef66434a,2024-11-21T09:47:35.690000 CVE-2024-5409,0,0,f7df79bf8c405f523130badde3800a80499e2a2f05cefac143617aad785ef5de,2024-11-21T09:47:35.810000 +CVE-2024-54091,1,1,d3d3ef567bc07203eacd243364831a07a307a7b442281f775f6be9f7c62bf73c,2024-12-10T14:30:47.193000 +CVE-2024-54093,1,1,c9952f718b9dee5ade98198ba738919650786fa00e81e0f00fb78cc1b9473a29,2024-12-10T14:30:47.350000 +CVE-2024-54094,1,1,694ba54d9708cc1a645dcf1348a2fcb0fdf3ec8538eee26d6c1d91de386dfffb,2024-12-10T14:30:47.507000 +CVE-2024-54095,1,1,0fd9f2382bb077e34770785fba7450b0fb33d7127731375f559f57743667fedd,2024-12-10T14:30:47.660000 CVE-2024-5410,0,0,cce7b181ee3076dc24a31460b418b1921efa7dac4bb8604c266edd1c195e07b4,2024-11-21T09:47:35.930000 CVE-2024-5411,0,0,e795bc7b322ce716766b807c3b3b3802815a82a4cbe62ad72330624f242dbba1,2024-11-21T09:47:36.060000 CVE-2024-5412,0,0,30cdd8d4ddc0c145e9e904e4cec9f4dfba9de81bde8e7e7c7fe70aa069b0dcac,2024-09-06T18:07:43.940000 @@ -269204,6 +269218,7 @@ CVE-2024-55579,0,0,d4dcd9ce953cd587b5da850c1ce43b8deb42005ab9d3feceb72cd5f732550 CVE-2024-5558,0,0,b9640ac59698561d1e2153bd708b9d8ca2d328fcb61a159842590b547b4c1a0f,2024-11-21T09:47:55.700000 CVE-2024-55580,0,0,23d1d0ce78dee9055e27646456d6f5dae42c71f66b9dcde2db05efdab828343a,2024-12-09T03:15:05.400000 CVE-2024-55582,0,0,3c23376685adf2edae29527c3668429e6b653ce512d692f8394663104b24d5b7,2024-12-09T03:15:05.550000 +CVE-2024-55586,1,1,860678fa3c0144fa42a7d6126c9d280c8ece9bce59d81dfc5db5a9d68f6ae04f,2024-12-10T14:30:47.813000 CVE-2024-5559,0,0,da875044adc3709281edfed6e696b593f02a48923f7270d2350dbdeb9c3f0186,2024-11-21T09:47:55.840000 CVE-2024-5560,0,0,5aa7f1759c9eb53992bc8fa45515cc25adc477b89cd6554f8c0736d42239dd24,2024-11-21T09:47:55.983000 CVE-2024-55601,0,0,89175adefd85ee52b8d0660bf5cffaad0818c3ee1a9c4ccd9c1b1dad82da5932,2024-12-09T22:15:23.100000 @@ -269297,6 +269312,7 @@ CVE-2024-5656,0,0,ba99339cfecc1c5fdb0f6d1bb26f06bfe70b58ff628ceb5bd66c459a2628a6 CVE-2024-5657,0,0,322b989a97af9a632a310787c45ccef95cbff8f0006f11abe6348fcd1668034b,2024-11-21T09:48:06.280000 CVE-2024-5658,0,0,7e7462fc3515e519516e2f809c98e13e2106352e6aac99c565fb770e189dd063,2024-11-21T09:48:06.413000 CVE-2024-5659,0,0,83e7687f93b86419198f1683634dd14733df87a0c466715b2e7e79370f69ac01,2024-11-21T09:48:06.543000 +CVE-2024-5660,1,1,eb5bbf2beb23a9bfa3f917607093cf8898bbcbcedddc583c8ef9cea625cd7c43,2024-12-10T14:30:47.963000 CVE-2024-5661,0,0,7d090de96660a134ff2e3cb7262fde0b3d927ce5a88611486b37761a6a2d78a0,2024-11-21T09:48:06.673000 CVE-2024-5662,0,0,a32230f368c985ce000177685318420ae12365dafb7b142a133da07f0e3fd986,2024-11-21T09:48:06.860000 CVE-2024-5663,0,0,3d93cfa6260123c05a0fe5dd837778ab353045f85b9b96941dd647b061b7390d,2024-11-21T09:48:06.970000