diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23456.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23456.json index d9019e019d8..3d9417b0555 100644 --- a/CVE-2023/CVE-2023-234xx/CVE-2023-23456.json +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23456.json @@ -2,7 +2,7 @@ "id": "CVE-2023-23456", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2023-01-12T19:15:24.693", - "lastModified": "2024-11-21T07:46:14.223", + "lastModified": "2024-12-12T01:15:48.337", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -176,6 +176,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00013.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/", "source": "af854a3a-2127-422b-91ae-364da2661108" diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2399.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2399.json index 7ceceb1238e..85a7b15be4d 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2399.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2399.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2399", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.100", - "lastModified": "2024-11-21T07:58:32.500", + "lastModified": "2024-12-12T01:20:24.127", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -69,6 +89,10 @@ "Exploit", "Third Party Advisory" ] + }, + { + "url": "https://wpscan.com/vulnerability/deca3cd3-f7cf-469f-9f7e-3612f7ae514d/", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2527.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2527.json index 71b42bfd59f..9c0d21830b0 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2527.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2527.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2527", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.270", - "lastModified": "2024-11-21T07:58:46.827", + "lastModified": "2024-12-12T01:20:30.213", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ] }, @@ -81,6 +101,10 @@ "Exploit", "Third Party Advisory" ] + }, + { + "url": "https://wpscan.com/vulnerability/8051142a-4e55-4dc2-9cb1-1b724c67574f/", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2654.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2654.json index 8ebb65bfdbe..58b443809dc 100644 --- a/CVE-2023/CVE-2023-26xx/CVE-2023-2654.json +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2654.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2654", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.380", - "lastModified": "2024-11-21T07:59:00.813", + "lastModified": "2024-12-12T01:20:35.933", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2751.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2751.json index 9a8f489fa87..928e0d98339 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2751.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2751.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2751", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.600", - "lastModified": "2024-11-21T07:59:13.363", + "lastModified": "2024-12-12T01:20:40.913", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29348.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29348.json index 4a120523bc3..ef3ed2ca849 100644 --- a/CVE-2023/CVE-2023-293xx/CVE-2023-29348.json +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29348.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29348", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:11.830", - "lastModified": "2024-11-21T07:56:54.360", + "lastModified": "2024-12-12T01:19:43.200", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,27 +19,27 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Secondary", + "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "nvd@nist.gov", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", diff --git a/CVE-2023/CVE-2023-313xx/CVE-2023-31348.json b/CVE-2023/CVE-2023-313xx/CVE-2023-31348.json index 24d6f1c3978..75700c2a6d3 100644 --- a/CVE-2023/CVE-2023-313xx/CVE-2023-31348.json +++ b/CVE-2023/CVE-2023-313xx/CVE-2023-31348.json @@ -2,13 +2,13 @@ "id": "CVE-2023-31348", "sourceIdentifier": "psirt@amd.com", "published": "2024-08-13T17:15:21.307", - "lastModified": "2024-12-03T18:46:38.467", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-12T01:21:40.110", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A DLL hijacking vulnerability in AMD ?Prof could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution." + "value": "A DLL hijacking vulnerability in AMD \u03bcProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-313xx/CVE-2023-31349.json b/CVE-2023/CVE-2023-313xx/CVE-2023-31349.json index 3de0c6ca52b..e19f9fa00de 100644 --- a/CVE-2023/CVE-2023-313xx/CVE-2023-31349.json +++ b/CVE-2023/CVE-2023-313xx/CVE-2023-31349.json @@ -2,13 +2,13 @@ "id": "CVE-2023-31349", "sourceIdentifier": "psirt@amd.com", "published": "2024-08-13T17:15:21.500", - "lastModified": "2024-12-03T18:37:37.340", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-12T01:21:40.263", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Incorrect default permissions in the AMD ?Prof installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution." + "value": "Incorrect default permissions in the AMD \u03bcProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-313xx/CVE-2023-31366.json b/CVE-2023/CVE-2023-313xx/CVE-2023-31366.json index 8d5b79c78d5..d48fc99bf05 100644 --- a/CVE-2023/CVE-2023-313xx/CVE-2023-31366.json +++ b/CVE-2023/CVE-2023-313xx/CVE-2023-31366.json @@ -2,13 +2,13 @@ "id": "CVE-2023-31366", "sourceIdentifier": "psirt@amd.com", "published": "2024-08-13T17:15:21.913", - "lastModified": "2024-12-03T18:30:25.240", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-12T01:21:40.487", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Improper input validation in AMD ?Prof could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service." + "value": "Improper input validation in AMD \u03bcProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34158.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34158.json index 01858f0bb2b..ce6087136be 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34158.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34158.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34158", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:12.090", - "lastModified": "2024-11-21T08:06:40.440", + "lastModified": "2024-12-12T01:23:28.070", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-290" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34159.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34159.json index cf223ec2f64..4fab9302f75 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34159.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34159.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34159", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:12.130", - "lastModified": "2024-11-21T08:06:40.560", + "lastModified": "2024-12-12T01:23:28.263", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34160.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34160.json index a2f6188ec74..c69f805fa46 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34160.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34160.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34160", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:12.170", - "lastModified": "2024-11-21T08:06:40.673", + "lastModified": "2024-12-12T01:23:28.410", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-290" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34161.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34161.json index 7810f82fb9c..890ea9a3b4e 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34161.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34161.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34161", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:12.207", - "lastModified": "2024-11-21T08:06:40.790", + "lastModified": "2024-12-12T01:23:28.553", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-863" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34162.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34162.json index 373efda6c7c..6b8753d408a 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34162.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34162.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34162", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:12.247", - "lastModified": "2024-11-21T08:06:40.903", + "lastModified": "2024-12-12T01:23:28.713", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34163.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34163.json index 336f042fd60..8e382607b45 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34163.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34163.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34163", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:12.287", - "lastModified": "2024-11-21T08:06:41.020", + "lastModified": "2024-12-12T01:23:28.870", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34166.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34166.json index 8886d4f184e..c89a97a65df 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34166.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34166.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34166", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:12.327", - "lastModified": "2024-11-21T08:06:41.390", + "lastModified": "2024-12-12T01:23:29.110", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-400" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34167.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34167.json index 91abdfb8af6..87c119833ca 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34167.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34167.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34167", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:12.367", - "lastModified": "2024-11-21T08:06:41.503", + "lastModified": "2024-12-12T01:23:29.260", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-290" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34602.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34602.json index 5d6d6e42bed..5c1e3b67f36 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34602.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34602.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34602", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-19T06:15:09.047", - "lastModified": "2024-11-21T08:07:25.600", + "lastModified": "2024-12-12T01:23:46.137", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34603.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34603.json index e78bbb5285e..2252107f955 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34603.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34603.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34603", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-19T06:15:09.180", - "lastModified": "2024-11-21T08:07:25.750", + "lastModified": "2024-12-12T01:23:46.330", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34641.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34641.json index 2879499b575..072b7ac0aee 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34641.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34641.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34641", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-19T05:15:09.630", - "lastModified": "2024-11-21T08:07:28.630", + "lastModified": "2024-12-12T01:23:47.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34642.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34642.json index ee235b4c65a..c929d99beda 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34642.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34642.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34642", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-19T05:15:09.670", - "lastModified": "2024-11-21T08:07:28.783", + "lastModified": "2024-12-12T01:23:47.700", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34657.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34657.json index 02851ac37ee..1242ab694ae 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34657.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34657.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34657", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-19T04:15:10.873", - "lastModified": "2024-11-21T08:07:30.343", + "lastModified": "2024-12-12T01:23:48.450", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35840.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35840.json index 153311e17f0..2dc59a790fc 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35840.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35840.json @@ -2,7 +2,7 @@ "id": "CVE-2023-35840", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-19T01:15:08.710", - "lastModified": "2024-11-21T08:08:47.940", + "lastModified": "2024-12-12T01:24:18.620", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-22" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35843.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35843.json index 0b7045ae6e3..ab3dbe15018 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35843.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35843.json @@ -2,7 +2,7 @@ "id": "CVE-2023-35843", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-19T18:15:09.830", - "lastModified": "2024-11-21T08:08:48.230", + "lastModified": "2024-12-12T01:24:18.863", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-22" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35844.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35844.json index cce0b35a73d..be3f53bf27d 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35844.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35844.json @@ -2,7 +2,7 @@ "id": "CVE-2023-35844", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-19T02:15:08.903", - "lastModified": "2024-11-21T08:08:48.380", + "lastModified": "2024-12-12T01:24:19.030", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-22" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35846.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35846.json index f538b11e246..4ed381a8b92 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35846.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35846.json @@ -2,7 +2,7 @@ "id": "CVE-2023-35846", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-19T03:15:09.227", - "lastModified": "2024-11-21T08:08:48.680", + "lastModified": "2024-12-12T01:24:19.260", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36409.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36409.json index 38bbda9b8ab..8204c1f9c18 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36409.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36409.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36409", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-07T00:15:07.943", - "lastModified": "2024-11-21T08:09:42.093", + "lastModified": "2024-12-12T01:24:39.813", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -98,10 +98,6 @@ "Vendor Advisory" ] }, - { - "url": "https://security.gentoo.org/glsa/202402-05", - "source": "secure@microsoft.com" - }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36409", "source": "af854a3a-2127-422b-91ae-364da2661108", diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36431.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36431.json index e3cb232b1af..7806f541b15 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36431.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36431.json @@ -2,13 +2,13 @@ "id": "CVE-2023-36431", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:12.497", - "lastModified": "2024-11-21T08:09:44.097", + "lastModified": "2024-12-12T01:24:41.270", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Microsoft Message Queuing Denial of Service Vulnerability" + "value": "Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability" }, { "lang": "es", @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36559.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36559.json index 2fa9f10537e..1a4504dbc7e 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36559.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36559.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36559", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-13T21:15:51.583", - "lastModified": "2024-11-21T08:09:55.990", + "lastModified": "2024-12-12T01:24:47.080", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", @@ -78,10 +78,6 @@ "Vendor Advisory" ] }, - { - "url": "https://security.gentoo.org/glsa/202402-05", - "source": "secure@microsoft.com" - }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36559", "source": "af854a3a-2127-422b-91ae-364da2661108", diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36576.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36576.json index ac0e1b78f60..7e1d246b780 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36576.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36576.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36576", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:13.823", - "lastModified": "2024-11-21T08:09:58.470", + "lastModified": "2024-12-12T01:24:49.650", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", @@ -125,10 +125,6 @@ } ], "references": [ - { - "url": "http://packetstormsecurity.com/files/175659/Windows-Kernel-Containerized-Registry-Escape.html", - "source": "secure@microsoft.com" - }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36576", "source": "secure@microsoft.com", diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36579.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36579.json index 18910a5da6b..91a2343d21e 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36579.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36579.json @@ -2,13 +2,13 @@ "id": "CVE-2023-36579", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:14.027", - "lastModified": "2024-11-21T08:09:58.940", + "lastModified": "2024-12-12T01:24:50.247", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Microsoft Message Queuing Denial of Service Vulnerability" + "value": "Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability" }, { "lang": "es", @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36581.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36581.json index a01b86d72d0..f1bd2059cfc 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36581.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36581.json @@ -2,13 +2,13 @@ "id": "CVE-2023-36581", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:14.090", - "lastModified": "2024-11-21T08:09:59.090", + "lastModified": "2024-12-12T01:24:50.473", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Microsoft Message Queuing Denial of Service Vulnerability" + "value": "Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability" }, { "lang": "es", @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36606.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36606.json index 850b61dc125..b0d846b74bb 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36606.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36606.json @@ -2,13 +2,13 @@ "id": "CVE-2023-36606", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:15.110", - "lastModified": "2024-11-21T08:10:03.227", + "lastModified": "2024-12-12T01:24:53.040", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Microsoft Message Queuing Denial of Service Vulnerability" + "value": "Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability" }, { "lang": "es", @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43962.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43962.json index 4dcdd233b75..6a09d20597c 100644 --- a/CVE-2023/CVE-2023-439xx/CVE-2023-43962.json +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43962.json @@ -2,20 +2,63 @@ "id": "CVE-2023-43962", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T17:15:06.057", - "lastModified": "2024-12-09T17:15:06.057", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:30:29.560", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Scripting en Xunrui CMS Public Edition v.4.6.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n de nombre del proyecto en la pesta\u00f1a de configuraci\u00f3n del proyecto." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Cosemz/CVE/blob/main/xunruicms/XunRuiCms%20Stored%20XSS%20%28Authenticated%29.md", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Cosemz/CVE/blob/main/xunruicms/XunRuiCms%20Stored%20XSS%20%28Authenticated%29.md", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11872.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11872.json new file mode 100644 index 00000000000..051a01246ff --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11872.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11872", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-12-12T01:40:20.537", + "lastModified": "2024-12-12T01:40:20.537", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "references": [ + { + "url": "https://trello.com/c/tcS6Jcfy/578-epic-games-launcher-1720", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1646/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11947.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11947.json new file mode 100644 index 00000000000..94c5f1092ee --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11947.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-11947", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-12-12T01:40:21.487", + "lastModified": "2024-12-12T01:40:21.487", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the Core Service, which listens on TCP port 8017 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24029." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1670/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11948.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11948.json new file mode 100644 index 00000000000..e4dea730fbc --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11948.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-11948", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-12-12T01:40:21.610", + "lastModified": "2024-12-12T01:40:21.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik Web UI. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-24041." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1671/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11949.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11949.json new file mode 100644 index 00000000000..79e7c42d14d --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11949.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-11949", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-12-12T01:40:21.700", + "lastModified": "2024-12-12T01:40:21.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the Store Service, which listens on TCP port 8018 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24331." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1672/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11950.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11950.json new file mode 100644 index 00000000000..8c064dd60db --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11950.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-11950", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-12-12T01:40:21.820", + "lastModified": "2024-12-12T01:40:21.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\n\nThe specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1640/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12381.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12381.json new file mode 100644 index 00000000000..8d4a91256e4 --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12381.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-12381", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2024-12-12T01:40:28.630", + "lastModified": "2024-12-12T01:40:28.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "chrome-cve-admin@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "references": [ + { + "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/381696874", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12382.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12382.json new file mode 100644 index 00000000000..c833ff50765 --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12382.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-12382", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2024-12-12T01:40:28.737", + "lastModified": "2024-12-12T01:40:28.737", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "chrome-cve-admin@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/379516109", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12479.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12479.json new file mode 100644 index 00000000000..fa392182982 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12479.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12479", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T01:40:28.927", + "lastModified": "2024-12-12T01:40:28.927", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classified as critical. This issue affects the function searchTopicByKeyword of the file wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\TopicDao.java. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hadagaga/vuln/blob/master/wetech-cms/sql-1/SQL_injection_vulnerability.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287861", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287861", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.458849", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12480.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12480.json new file mode 100644 index 00000000000..5f2b656ab3b --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12480.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12480", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T01:40:29.110", + "lastModified": "2024-12-12T01:40:29.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\TopicDao.java. The manipulation of the argument con leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hadagaga/vuln/blob/master/wetech-cms/sql-2/SQL_injection_vulnerability.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287862", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287862", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.458851", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12481.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12481.json new file mode 100644 index 00000000000..9a52ba2946d --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12481.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12481", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T01:40:29.260", + "lastModified": "2024-12-12T01:40:29.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been declared as critical. Affected by this vulnerability is the function findUser of the file wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\UserDao.java. The manipulation of the argument searchValue/gId/rId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hadagaga/vuln/blob/master/wetech-cms/sql-3/SQL_injection_vulnerability.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287863", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287863", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.458852", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12482.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12482.json new file mode 100644 index 00000000000..9a4e7c59265 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12482.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12482", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T01:40:29.433", + "lastModified": "2024-12-12T01:40:29.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\\wetech-basic-common\\src\\main\\java\\tech\\wetech\\basic\\util\\BackupFileUtil.java of the component Database Backup Handler. The manipulation of the argument name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + }, + { + "lang": "en", + "value": "CWE-24" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hadagaga/vuln/blob/master/wetech-cms/Catalog_penetration/Catalog_penetration.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287864", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287864", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.458853", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12483.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12483.json new file mode 100644 index 00000000000..47c184bad73 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12483.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12483", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T01:40:29.600", + "lastModified": "2024-12-12T01:40:29.600", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 3.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "baseScore": 2.6, + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 4.9, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + }, + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/IDOR-UsernameEnumeration.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287865", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287865", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.458895", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12484.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12484.json new file mode 100644 index 00000000000..ab4efdaeed3 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12484.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12484", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T01:40:29.763", + "lastModified": "2024-12-12T01:40:29.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. This vulnerability affects unknown code of the file /signuppost.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/LiChaser/CVE/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287866", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287866", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.459076", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12485.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12485.json new file mode 100644 index 00000000000..539f1bfe442 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12485.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12485", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T01:40:29.920", + "lastModified": "2024-12-12T01:40:29.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_department_php.docx", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287867", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287867", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.459077", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12486.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12486.json new file mode 100644 index 00000000000..878b9b5bf1a --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12486.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12486", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T01:40:30.120", + "lastModified": "2024-12-12T01:40:30.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/rank_update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_rank_update_php.docx", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287868", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287868", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.459081", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12487.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12487.json new file mode 100644 index 00000000000..05ec30d1756 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12487.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12487", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T01:40:30.270", + "lastModified": "2024-12-12T01:40:30.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_room_update_php.docx", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287869", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287869", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.459083", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12488.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12488.json new file mode 100644 index 00000000000..97cb3fb7d62 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12488.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12488", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T01:40:30.413", + "lastModified": "2024-12-12T01:40:30.413", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/subject_update.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287870", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287870", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.459097", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12489.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12489.json new file mode 100644 index 00000000000..f386732dd09 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12489.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12489", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T01:40:30.560", + "lastModified": "2024-12-12T01:40:30.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_term_php%20.docx", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287871", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287871", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.459113", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12490.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12490.json new file mode 100644 index 00000000000..a2e32b93a32 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12490.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12490", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T02:15:21.530", + "lastModified": "2024-12-12T02:15:21.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /pages/teacher_save.php. The manipulation of the argument salut leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_teacher_save_php.docx", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287872", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287872", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.459116", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12492.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12492.json new file mode 100644 index 00000000000..f9057556392 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12492.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12492", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T02:15:22.167", + "lastModified": "2024-12-12T02:15:22.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Farmacia 1.0. It has been rated as critical. This issue affects some unknown processing of the file /visualizar-usuario.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/A1ph4D3v1l/cve/blob/main/sql-x.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287873", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287873", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.459115", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12497.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12497.json new file mode 100644 index 00000000000..ea72c876642 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12497.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12497", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T02:15:22.367", + "lastModified": "2024-12-12T02:15:22.367", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected is an unknown function of the file /admin/check_admin_login.php. The manipulation of the argument admin_user_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://1000projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Ta0k1a/CVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287874", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287874", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.459239", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12503.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12503.json new file mode 100644 index 00000000000..5b26c9b31e5 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12503.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12503", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T02:15:22.530", + "lastModified": "2024-12-12T02:15:22.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Jack-Black-13/blob/blob/main/classCMS_v4.8_model_xss.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.287875", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287875", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.461085", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12536.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12536.json new file mode 100644 index 00000000000..5e0ee6b80c6 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12536.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12536", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-12T02:15:22.713", + "lastModified": "2024-12-12T02:15:22.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/client_data.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.287912", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.287912", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.461130", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28140.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28140.json index df05deacdb8..46781233b8a 100644 --- a/CVE-2024/CVE-2024-281xx/CVE-2024-28140.json +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28140.json @@ -2,7 +2,7 @@ "id": "CVE-2024-28140", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2024-12-11T16:15:10.050", - "lastModified": "2024-12-11T16:15:10.050", + "lastModified": "2024-12-12T01:47:46.317", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user.\u00a0This can be confirmed by running \"ps aux\" as the root user and observing the output." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ { "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", diff --git a/CVE-2024/CVE-2024-373xx/CVE-2024-37377.json b/CVE-2024/CVE-2024-373xx/CVE-2024-37377.json new file mode 100644 index 00000000000..e76867bf9ac --- /dev/null +++ b/CVE-2024/CVE-2024-373xx/CVE-2024-37377.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-37377", + "sourceIdentifier": "support@hackerone.com", + "published": "2024-12-12T01:55:19.320", + "lastModified": "2024-12-12T01:55:19.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-374xx/CVE-2024-37401.json b/CVE-2024/CVE-2024-374xx/CVE-2024-37401.json new file mode 100644 index 00000000000..3447007de8c --- /dev/null +++ b/CVE-2024/CVE-2024-374xx/CVE-2024-37401.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-37401", + "sourceIdentifier": "support@hackerone.com", + "published": "2024-12-12T01:55:20.820", + "lastModified": "2024-12-12T01:55:20.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-375xx/CVE-2024-37574.json b/CVE-2024/CVE-2024-375xx/CVE-2024-37574.json index e22fdb28ae3..9d605d1f56f 100644 --- a/CVE-2024/CVE-2024-375xx/CVE-2024-37574.json +++ b/CVE-2024/CVE-2024-375xx/CVE-2024-37574.json @@ -2,7 +2,7 @@ "id": "CVE-2024-37574", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-04T16:15:24.877", - "lastModified": "2024-12-04T16:15:24.877", + "lastModified": "2024-12-12T01:55:28.117", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "La aplicaci\u00f3n GriceMobile com.grice.call 4.5.2 para Android permite que cualquier aplicaci\u00f3n instalada (sin permisos) realice llamadas telef\u00f3nicas sin interacci\u00f3n del usuario enviando una intenci\u00f3n manipulada a trav\u00e9s de com.iui.mobile.presentation.MobileActivity." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], "references": [ { "url": "https://github.com/actuator/com.grice.call", diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38921.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38921.json index 9a2ca88c5a2..21cd63639de 100644 --- a/CVE-2024/CVE-2024-389xx/CVE-2024-38921.json +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38921.json @@ -2,16 +2,55 @@ "id": "CVE-2024-38921", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:19.600", - "lastModified": "2024-12-06T22:15:19.600", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:56:42.000", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_rand ` ." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que las versiones Open Robotics Robotic Operating System 2 (ROS2) y Nav2 humble contienen un proceso de use-after-free mediante nav2_amcl. Esta vulnerabilidad se activa al enviar de forma remota una solicitud para cambiar el valor de dynamic-parameter`/amcl z_rand ` ." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4397", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/GoesM/ROS-CVE-CNVDs", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38922.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38922.json index ca8096575a3..0799f39626b 100644 --- a/CVE-2024/CVE-2024-389xx/CVE-2024-38922.json +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38922.json @@ -2,16 +2,55 @@ "id": "CVE-2024-38922", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:19.720", - "lastModified": "2024-12-06T22:15:19.720", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:56:42.217", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Open Robotics Robotic Operating System 2 (ROS2) y Nav2 humble conten\u00edan un desbordamiento de pila en el proceso nav2_amcl. Esta vulnerabilidad se activa al enviar un mensaje manipulado espec\u00edficamente al componente /initialpose." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -28,6 +67,14 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4301", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/open-navigation/navigation2/issues/4307", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4294", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38923.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38923.json index ef642b31c5c..83fb049f605 100644 --- a/CVE-2024/CVE-2024-389xx/CVE-2024-38923.json +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38923.json @@ -2,16 +2,55 @@ "id": "CVE-2024-38923", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:19.847", - "lastModified": "2024-12-06T22:15:19.847", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:56:42.413", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl odom_frame_id` ." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que las versiones Open Robotics Robotic Operating System 2 (ROS2) y Nav2 humble contienen un error de use-after-free a trav\u00e9s del proceso nav2_amcl. Esta vulnerabilidad se activa al enviar de forma remota una solicitud para cambiar el valor de dynamic-parameter`/amcl odom_frame_id` ." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4397", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4379", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38924.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38924.json index 164281ecb27..6f099cbc189 100644 --- a/CVE-2024/CVE-2024-389xx/CVE-2024-38924.json +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38924.json @@ -2,16 +2,55 @@ "id": "CVE-2024-38924", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:19.963", - "lastModified": "2024-12-06T22:15:19.963", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:56:42.623", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` ." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que las versiones Open Robotics Robotic Operating System 2 (ROS2) y Nav2 humble contienen un proceso de use-after-free mediante nav2_amcl. Esta vulnerabilidad se activa al enviar de forma remota una solicitud para cambiar el valor de dynamic-parameter`/amcl laser_model_type` ." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4397", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4379", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38925.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38925.json index 42d3fa0b67b..c16cb3938d3 100644 --- a/CVE-2024/CVE-2024-389xx/CVE-2024-38925.json +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38925.json @@ -2,16 +2,55 @@ "id": "CVE-2024-38925", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:20.093", - "lastModified": "2024-12-06T22:15:20.093", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:56:42.833", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` ." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que las versiones Open Robotics Robotic Operating System 2 (ROS2) y Nav2 humble contienen un proceso de use-after-free mediante nav2_amcl. Esta vulnerabilidad se activa al enviar de forma remota una solicitud para cambiar el valor de dynamic-parameter`/amcl z_max` ." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4397", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4379", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38926.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38926.json index e9ca763c019..a8e5b0379a2 100644 --- a/CVE-2024/CVE-2024-389xx/CVE-2024-38926.json +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38926.json @@ -2,16 +2,55 @@ "id": "CVE-2024-38926", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:20.200", - "lastModified": "2024-12-06T22:15:20.200", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:56:43.440", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que las versiones Open Robotics Robotic Operating System 2 (ROS2) y Nav2 humble contienen un proceso de use-after-free mediante nav2_amcl. Esta vulnerabilidad se activa al enviar de forma remota una solicitud para cambiar el valor del par\u00e1metro din\u00e1mico `/amcl z_short`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4397", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4379", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38927.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38927.json index 7bf4cf551e2..4c79209e567 100644 --- a/CVE-2024/CVE-2024-389xx/CVE-2024-38927.json +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38927.json @@ -2,16 +2,55 @@ "id": "CVE-2024-38927", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:20.317", - "lastModified": "2024-12-06T22:15:20.317", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:56:43.677", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que las versiones Open Robotics Robotic Operating System 2 (ROS2) y Nav2 humble contienen un proceso de use-after-free mediante nav2_amcl. Esta vulnerabilidad se activa al enviar de forma remota una solicitud para cambiar el valor del par\u00e1metro din\u00e1mico `/amcl do_beamskip`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4397", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4379", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41146.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41146.json new file mode 100644 index 00000000000..30db83c34b0 --- /dev/null +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41146.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-41146", + "sourceIdentifier": "disclosures@gallagher.com", + "published": "2024-12-12T02:15:22.880", + "lastModified": "2024-12-12T02:15:22.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. \n\nThis issue affects:\u00a0Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)),\u00a0all versions of 8.80 and prior." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosures@gallagher.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "disclosures@gallagher.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-694" + } + ] + } + ], + "references": [ + { + "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-41146", + "source": "disclosures@gallagher.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41644.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41644.json index 6f2da0f24b2..1a59ae20840 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41644.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41644.json @@ -2,16 +2,55 @@ "id": "CVE-2024-41644", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:20.450", - "lastModified": "2024-12-06T22:15:20.450", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:59:13.833", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component." + }, + { + "lang": "es", + "value": "La vulnerabilidad de permisos inseguros en Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente dyn_param_handler_." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4521", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4496", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41645.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41645.json index 12d20f89145..a0cee064297 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41645.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41645.json @@ -2,16 +2,55 @@ "id": "CVE-2024-41645", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:20.563", - "lastModified": "2024-12-06T22:15:20.563", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:59:14.067", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl." + }, + { + "lang": "es", + "value": "Vulnerabilidad de permisos inseguros en Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en nav2__amcl." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4521", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4497", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41646.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41646.json index 04e77f8acd3..46cacce748e 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41646.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41646.json @@ -2,16 +2,55 @@ "id": "CVE-2024-41646", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:20.683", - "lastModified": "2024-12-06T22:15:20.683", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:59:14.273", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller." + }, + { + "lang": "es", + "value": "Vulnerabilidad de permisos inseguros en Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para nav2_dwb_controller." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4463", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4437", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41648.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41648.json index aefb756fd03..f5a3289cdef 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41648.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41648.json @@ -2,16 +2,55 @@ "id": "CVE-2024-41648", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:20.920", - "lastModified": "2024-12-06T22:15:20.920", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:59:14.617", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller." + }, + { + "lang": "es", + "value": "Vulnerabilidad de permisos inseguros en Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para nav2_regulated_pure_pursuit_controller." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4463", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4438", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41649.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41649.json index 62226dec99a..399a0582bf8 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41649.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41649.json @@ -2,16 +2,55 @@ "id": "CVE-2024-41649", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:21.037", - "lastModified": "2024-12-06T22:15:21.037", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:59:14.847", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_." + }, + { + "lang": "es", + "value": "Vulnerabilidad de permisos inseguros en Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado espec\u00edficamente para executor_thread_." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4385", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/open-navigation/navigation2/issues/4323", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41650.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41650.json index e0e490737b8..79ac30e9baf 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41650.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41650.json @@ -2,16 +2,55 @@ "id": "CVE-2024-41650", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:21.163", - "lastModified": "2024-12-06T22:15:21.163", - "vulnStatus": "Received", + "lastModified": "2024-12-12T01:59:15.050", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d." + }, + { + "lang": "es", + "value": "Vulnerabilidad de permisos inseguros en Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en nav2_costmap_2d." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4495", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4489", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42407.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42407.json new file mode 100644 index 00000000000..78244481d94 --- /dev/null +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42407.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42407", + "sourceIdentifier": "disclosures@gallagher.com", + "published": "2024-12-12T02:15:23.017", + "lastModified": "2024-12-12T02:15:23.017", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. \n\nThis issue affects: Command Centre Server 9.10 prior to 9.10.2149 (MR4), 9.00 prior to 9.00.2374 (MR5), 8.90 prior to 8.90.2356 (MR6),\u00a0all versions of 8.80 and prior." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosures@gallagher.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "disclosures@gallagher.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-42407", + "source": "disclosures@gallagher.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42448.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42448.json new file mode 100644 index 00000000000..d4b6f8b884e --- /dev/null +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42448.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-42448", + "sourceIdentifier": "support@hackerone.com", + "published": "2024-12-12T01:59:47.493", + "lastModified": "2024-12-12T01:59:47.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.veeam.com/kb4679", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43594.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43594.json new file mode 100644 index 00000000000..b11b15d7b73 --- /dev/null +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43594.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-43594", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:00:54.287", + "lastModified": "2024-12-12T02:00:54.287", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "System Center Operations Manager Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43594", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43600.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43600.json new file mode 100644 index 00000000000..3147983b9ff --- /dev/null +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43600.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-43600", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:00:55.070", + "lastModified": "2024-12-12T02:00:55.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Office Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43600", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44200.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44200.json new file mode 100644 index 00000000000..2c7a487c4ae --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44200.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-44200", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:23.230", + "lastModified": "2024-12-12T02:15:23.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to read sensitive location information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121563", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44201.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44201.json new file mode 100644 index 00000000000..6a354aa96f3 --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44201.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-44201", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:23.313", + "lastModified": "2024-12-12T02:15:23.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, macOS Ventura 13.7.2, iOS 18.1 and iPadOS 18.1, macOS Sonoma 14.7.2. Processing a malicious crafted file may lead to a denial-of-service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121563", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44212.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44212.json new file mode 100644 index 00000000000..4d93c354573 --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44212.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-44212", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:23.393", + "lastModified": "2024-12-12T02:15:23.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121563", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121565", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121566", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121569", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121571", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44220.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44220.json new file mode 100644 index 00000000000..b3b0d521db1 --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44220.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-44220", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:23.500", + "lastModified": "2024-12-12T02:15:23.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44224.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44224.json new file mode 100644 index 00000000000..3cadf046de9 --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44224.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-44224", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:23.687", + "lastModified": "2024-12-12T02:15:23.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44225.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44225.json new file mode 100644 index 00000000000..fbf218bc95c --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44225.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2024-44225", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:23.780", + "lastModified": "2024-12-12T02:15:23.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to gain elevated privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44241.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44241.json new file mode 100644 index 00000000000..193e518b6c5 --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44241.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-44241", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:23.860", + "lastModified": "2024-12-12T02:15:23.860", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121563", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44242.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44242.json new file mode 100644 index 00000000000..ddd5d90f833 --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44242.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-44242", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:23.950", + "lastModified": "2024-12-12T02:15:23.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121563", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44243.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44243.json new file mode 100644 index 00000000000..3277c2d57d1 --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44243.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-44243", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:24.037", + "lastModified": "2024-12-12T02:15:24.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44245.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44245.json new file mode 100644 index 00000000000..65d2b5c17c0 --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44245.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-44245", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:24.113", + "lastModified": "2024-12-12T02:15:24.113", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, visionOS 2.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2. An app may be able to cause unexpected system termination or corrupt kernel memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121845", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44246.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44246.json new file mode 100644 index 00000000000..47fb33af2ab --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44246.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-44246", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:24.200", + "lastModified": "2024-12-12T02:15:24.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121846", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44248.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44248.json new file mode 100644 index 00000000000..a57a3536135 --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44248.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-44248", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:24.280", + "lastModified": "2024-12-12T02:15:24.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A user with screen sharing access may be able to view another user's screen." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44290.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44290.json new file mode 100644 index 00000000000..76302641476 --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44290.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-44290", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:24.357", + "lastModified": "2024-12-12T02:15:24.357", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1. An app may be able to determine a user\u2019s current location." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121563", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121565", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44291.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44291.json new file mode 100644 index 00000000000..64d0c01befc --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44291.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-44291", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:24.433", + "lastModified": "2024-12-12T02:15:24.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44299.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44299.json new file mode 100644 index 00000000000..45038356caa --- /dev/null +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44299.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-44299", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:24.513", + "lastModified": "2024-12-12T02:15:24.513", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121563", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-443xx/CVE-2024-44300.json b/CVE-2024/CVE-2024-443xx/CVE-2024-44300.json new file mode 100644 index 00000000000..14983a3ddf1 --- /dev/null +++ b/CVE-2024/CVE-2024-443xx/CVE-2024-44300.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-44300", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:24.590", + "lastModified": "2024-12-12T02:15:24.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access protected user data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-448xx/CVE-2024-44852.json b/CVE-2024/CVE-2024-448xx/CVE-2024-44852.json index ee6019c644f..bcce8eb2c5c 100644 --- a/CVE-2024/CVE-2024-448xx/CVE-2024-44852.json +++ b/CVE-2024/CVE-2024-448xx/CVE-2024-44852.json @@ -2,16 +2,55 @@ "id": "CVE-2024-44852", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:21.277", - "lastModified": "2024-12-06T22:15:21.277", - "vulnStatus": "Received", + "lastModified": "2024-12-12T02:01:44.580", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan()." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble conten\u00eda una violaci\u00f3n de segmentaci\u00f3n a trav\u00e9s del componente theta_star::ThetaStar::isUnsafeToPlan()." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-763" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4463", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/open-navigation/navigation2/issues/4464", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-448xx/CVE-2024-44853.json b/CVE-2024/CVE-2024-448xx/CVE-2024-44853.json index a302e736be9..0cc43b36110 100644 --- a/CVE-2024/CVE-2024-448xx/CVE-2024-44853.json +++ b/CVE-2024/CVE-2024-448xx/CVE-2024-44853.json @@ -2,16 +2,55 @@ "id": "CVE-2024-44853", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:21.390", - "lastModified": "2024-12-06T22:15:21.390", - "vulnStatus": "Received", + "lastModified": "2024-12-12T02:01:44.780", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl()." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble conten\u00eda una desreferencia de puntero NULL a trav\u00e9s del componente calculateControl()." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4548", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4547", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-448xx/CVE-2024-44854.json b/CVE-2024/CVE-2024-448xx/CVE-2024-44854.json index 9e06b6b5e58..572313e06a6 100644 --- a/CVE-2024/CVE-2024-448xx/CVE-2024-44854.json +++ b/CVE-2024/CVE-2024-448xx/CVE-2024-44854.json @@ -2,16 +2,55 @@ "id": "CVE-2024-44854", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:21.500", - "lastModified": "2024-12-06T22:15:21.500", - "vulnStatus": "Received", + "lastModified": "2024-12-12T02:01:44.980", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan()." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble conten\u00eda una desreferencia de puntero NULL a trav\u00e9s del componente smoothPlan()." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4544", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4538", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-448xx/CVE-2024-44855.json b/CVE-2024/CVE-2024-448xx/CVE-2024-44855.json index 771d30c3798..0b9e33ccbe4 100644 --- a/CVE-2024/CVE-2024-448xx/CVE-2024-44855.json +++ b/CVE-2024/CVE-2024-448xx/CVE-2024-44855.json @@ -2,16 +2,55 @@ "id": "CVE-2024-44855", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:21.630", - "lastModified": "2024-12-06T22:15:21.630", - "vulnStatus": "Received", + "lastModified": "2024-12-12T02:01:45.177", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner()." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble conten\u00eda una desreferencia de puntero NULL a trav\u00e9s del componente nav2_navfn_planner()." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4463", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/open-navigation/navigation2/issues/4466", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-448xx/CVE-2024-44856.json b/CVE-2024/CVE-2024-448xx/CVE-2024-44856.json index bfc58dd0df3..b5fe5197f35 100644 --- a/CVE-2024/CVE-2024-448xx/CVE-2024-44856.json +++ b/CVE-2024/CVE-2024-448xx/CVE-2024-44856.json @@ -2,16 +2,55 @@ "id": "CVE-2024-44856", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T22:15:21.753", - "lastModified": "2024-12-06T22:15:21.753", - "vulnStatus": "Received", + "lastModified": "2024-12-12T02:01:45.373", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner()." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble conten\u00eda una desreferencia de puntero NULL a trav\u00e9s del componente nav2_smac_planner()." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GoesM/ROS-CVE-CNVDs", @@ -24,6 +63,10 @@ { "url": "https://github.com/ros-navigation/navigation2/pull/4463", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ros-navigation/navigation2/issues/4468", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45337.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45337.json new file mode 100644 index 00000000000..523f7502453 --- /dev/null +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45337.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-45337", + "sourceIdentifier": "security@golang.org", + "published": "2024-12-12T02:02:07.970", + "lastModified": "2024-12-12T02:15:24.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", + "source": "security@golang.org" + }, + { + "url": "https://go.dev/cl/635315", + "source": "security@golang.org" + }, + { + "url": "https://go.dev/issue/70779", + "source": "security@golang.org" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", + "source": "security@golang.org" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2024-3321", + "source": "security@golang.org" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/12/11/2", + "source": "af854a3a-2127-422b-91ae-364da2661108" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45404.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45404.json new file mode 100644 index 00000000000..0e1a47bb1b5 --- /dev/null +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45404.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45404", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:02:09.530", + "lastModified": "2024-12-12T02:02:09.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the account. This is because the otpLogin mutation does not implement One Time Password rate limiting. As of time of publication, it is unknown whether a patch is available." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-hg56-r6hh-56j7", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-464xx/CVE-2024-46455.json b/CVE-2024/CVE-2024-464xx/CVE-2024-46455.json index db9fb861391..06e35286003 100644 --- a/CVE-2024/CVE-2024-464xx/CVE-2024-46455.json +++ b/CVE-2024/CVE-2024-464xx/CVE-2024-46455.json @@ -2,16 +2,55 @@ "id": "CVE-2024-46455", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T21:15:08.367", - "lastModified": "2024-12-09T21:15:08.367", + "lastModified": "2024-12-12T02:02:38.990", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser." + }, + { + "lang": "es", + "value": "Las versiones v.0.14.2 y anteriores no estructuradas son vulnerables a XML External Entity (XXE) a trav\u00e9s de XMLParser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://binarysouljour.me/cve-2024-46455", diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47537.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47537.json new file mode 100644 index 00000000000..5bf9f78dfa5 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47537.json @@ -0,0 +1,90 @@ +{ + "id": "CVE-2024-47537", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:27.877", + "lastModified": "2024-12-12T02:03:27.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + }, + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47538.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47538.json new file mode 100644 index 00000000000..11013d0a029 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47538.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47538", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:28.070", + "lastModified": "2024-12-12T02:03:28.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0022.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47539.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47539.json new file mode 100644 index 00000000000..b5121795d87 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47539.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47539", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:28.203", + "lastModified": "2024-12-12T02:03:28.203", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47540.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47540.json new file mode 100644 index 00000000000..558d458c0e0 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47540.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47540", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:28.343", + "lastModified": "2024-12-12T02:03:28.343", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-457" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47541.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47541.json new file mode 100644 index 00000000000..3d4722ab029 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47541.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47541", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:28.477", + "lastModified": "2024-12-12T02:03:28.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket \"}\" appears before an opening curly bracket \"{\" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0023.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-228_GStreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47542.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47542.json new file mode 100644 index 00000000000..41dd814ddec --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47542.json @@ -0,0 +1,90 @@ +{ + "id": "CVE-2024-47542", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:28.630", + "lastModified": "2024-12-12T02:03:28.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0008.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-235_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47543.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47543.json new file mode 100644 index 00000000000..0d0d94d5579 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47543.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47543", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:28.807", + "lastModified": "2024-12-12T02:03:28.807", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0009.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-236_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47544.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47544.json new file mode 100644 index 00000000000..f90e97d5c05 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47544.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47544", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:28.950", + "lastModified": "2024-12-12T02:03:28.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0011.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-238_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47545.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47545.json new file mode 100644 index 00000000000..d673f1363ae --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47545.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47545", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:29.083", + "lastModified": "2024-12-12T02:03:29.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0010.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-242_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47546.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47546.json new file mode 100644 index 00000000000..32b64d1aefe --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47546.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47546", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:29.210", + "lastModified": "2024-12-12T02:03:29.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0013.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-243_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47596.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47596.json new file mode 100644 index 00000000000..dd8f230148c --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47596.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47596", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:31.010", + "lastModified": "2024-12-12T02:03:31.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0015.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47597.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47597.json new file mode 100644 index 00000000000..afe3f12e4f6 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47597.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47597", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:31.137", + "lastModified": "2024-12-12T02:03:31.137", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0012.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-245_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47598.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47598.json new file mode 100644 index 00000000000..a44262b8e5c --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47598.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47598", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:31.283", + "lastModified": "2024-12-12T02:03:31.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn\u2019t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0006.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-246_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47599.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47599.json new file mode 100644 index 00000000000..875668bb3b2 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47599.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47599", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:31.440", + "lastModified": "2024-12-12T02:03:31.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0016.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-247_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47600.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47600.json new file mode 100644 index 00000000000..c7258a77c99 --- /dev/null +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47600.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47600", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:31.577", + "lastModified": "2024-12-12T02:03:31.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47601.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47601.json new file mode 100644 index 00000000000..42bd3b32ddf --- /dev/null +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47601.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47601", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:31.727", + "lastModified": "2024-12-12T02:03:31.727", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0020.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-249_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47602.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47602.json new file mode 100644 index 00000000000..fa97e30fc1f --- /dev/null +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47602.json @@ -0,0 +1,90 @@ +{ + "id": "CVE-2024-47602", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:31.893", + "lastModified": "2024-12-12T02:03:31.893", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0019.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47603.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47603.json new file mode 100644 index 00000000000..19afe759728 --- /dev/null +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47603.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47603", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:32.033", + "lastModified": "2024-12-12T02:03:32.033", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0021.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-251_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47606.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47606.json new file mode 100644 index 00000000000..2463f7a6b37 --- /dev/null +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47606.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47606", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:32.220", + "lastModified": "2024-12-12T02:03:32.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47607.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47607.json new file mode 100644 index 00000000000..d2141b364b7 --- /dev/null +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47607.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47607", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:32.363", + "lastModified": "2024-12-12T02:03:32.363", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0024.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47613.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47613.json new file mode 100644 index 00000000000..b0b7dd2d256 --- /dev/null +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47613.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47613", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:32.740", + "lastModified": "2024-12-12T02:03:32.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47615.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47615.json new file mode 100644 index 00000000000..5005dbee9da --- /dev/null +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47615.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47615", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:32.940", + "lastModified": "2024-12-12T02:03:32.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-477xx/CVE-2024-47774.json b/CVE-2024/CVE-2024-477xx/CVE-2024-47774.json new file mode 100644 index 00000000000..01ce97cd6ec --- /dev/null +++ b/CVE-2024/CVE-2024-477xx/CVE-2024-47774.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47774", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:40.297", + "lastModified": "2024-12-12T02:03:40.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/github/securitylab-vulnerabilities/issues/1826", + "source": "security-advisories@github.com" + }, + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-262_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-477xx/CVE-2024-47775.json b/CVE-2024/CVE-2024-477xx/CVE-2024-47775.json new file mode 100644 index 00000000000..7ea04fb14a8 --- /dev/null +++ b/CVE-2024/CVE-2024-477xx/CVE-2024-47775.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47775", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:40.430", + "lastModified": "2024-12-12T02:03:40.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-261_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-477xx/CVE-2024-47776.json b/CVE-2024/CVE-2024-477xx/CVE-2024-47776.json new file mode 100644 index 00000000000..3c6b67d1813 --- /dev/null +++ b/CVE-2024/CVE-2024-477xx/CVE-2024-47776.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47776", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:40.557", + "lastModified": "2024-12-12T02:03:40.557", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-260_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-477xx/CVE-2024-47777.json b/CVE-2024/CVE-2024-477xx/CVE-2024-47777.json new file mode 100644 index 00000000000..e0255dc4482 --- /dev/null +++ b/CVE-2024/CVE-2024-477xx/CVE-2024-47777.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47777", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:40.700", + "lastModified": "2024-12-12T02:03:40.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-259_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-477xx/CVE-2024-47778.json b/CVE-2024/CVE-2024-477xx/CVE-2024-47778.json new file mode 100644 index 00000000000..52bd33ef731 --- /dev/null +++ b/CVE-2024/CVE-2024-477xx/CVE-2024-47778.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47778", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:40.840", + "lastModified": "2024-12-12T02:03:40.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-258_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47834.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47834.json new file mode 100644 index 00000000000..5c975500da5 --- /dev/null +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47834.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47834", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:43.017", + "lastModified": "2024-12-12T02:03:43.017", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0030.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-280_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47835.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47835.json new file mode 100644 index 00000000000..446cff93e55 --- /dev/null +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47835.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-47835", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:03:43.163", + "lastModified": "2024-12-12T02:03:43.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://gstreamer.freedesktop.org/security/sa-2024-0029.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-484xx/CVE-2024-48453.json b/CVE-2024/CVE-2024-484xx/CVE-2024-48453.json index 7d0daa2d366..a3c4105a1b7 100644 --- a/CVE-2024/CVE-2024-484xx/CVE-2024-48453.json +++ b/CVE-2024/CVE-2024-484xx/CVE-2024-48453.json @@ -2,7 +2,7 @@ "id": "CVE-2024-48453", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-04T18:15:14.523", - "lastModified": "2024-12-04T18:15:14.523", + "lastModified": "2024-12-12T02:04:03.420", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Un problema en INOVANCE AM401_CPU1608TPTN permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n ExecuteUserProgramUpgrade" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], "references": [ { "url": "https://github.com/N0zoM1z0/CVEs/blob/main/CVE-2024-48453.md", diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48912.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48912.json index 4af891f29e4..3ae7f0b072a 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48912.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48912.json @@ -2,13 +2,13 @@ "id": "CVE-2024-48912", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-11T17:15:17.043", - "lastModified": "2024-12-11T17:15:17.043", + "lastModified": "2024-12-12T02:04:18.923", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue." + "value": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue." } ], "metrics": { @@ -60,7 +60,7 @@ "weaknesses": [ { "source": "security-advisories@github.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49057.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49057.json new file mode 100644 index 00000000000..95ba58faf0c --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49057.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49057", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:29.907", + "lastModified": "2024-12-12T02:04:29.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Defender for Endpoint on Android Spoofing Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49057", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49059.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49059.json new file mode 100644 index 00000000000..e47b311449f --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49059.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49059", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:30.040", + "lastModified": "2024-12-12T02:04:30.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Office Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49059", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49062.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49062.json new file mode 100644 index 00000000000..08f055d7a55 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49062.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49062", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:30.273", + "lastModified": "2024-12-12T02:04:30.273", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SharePoint Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49062", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49063.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49063.json new file mode 100644 index 00000000000..562658f2528 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49063.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49063", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:30.397", + "lastModified": "2024-12-12T02:04:30.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft/Muzic Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49063", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49064.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49064.json new file mode 100644 index 00000000000..dd0c367f1a5 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49064.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49064", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:30.567", + "lastModified": "2024-12-12T02:04:30.567", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SharePoint Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49064", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49065.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49065.json new file mode 100644 index 00000000000..5c495901bd5 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49065.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49065", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:30.697", + "lastModified": "2024-12-12T02:04:30.697", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Office Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49065", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49068.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49068.json new file mode 100644 index 00000000000..7c08cdc9607 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49068.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49068", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:30.833", + "lastModified": "2024-12-12T02:04:30.833", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SharePoint Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49068", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49069.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49069.json new file mode 100644 index 00000000000..88b21d8ae0e --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49069.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49069", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:30.967", + "lastModified": "2024-12-12T02:04:30.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Excel Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49069", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49070.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49070.json new file mode 100644 index 00000000000..5eafa318359 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49070.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49070", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:31.113", + "lastModified": "2024-12-12T02:04:31.113", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SharePoint Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49070", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49072.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49072.json new file mode 100644 index 00000000000..99c9d70f126 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49072.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49072", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:31.257", + "lastModified": "2024-12-12T02:04:31.257", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Task Scheduler Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49072", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49073.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49073.json new file mode 100644 index 00000000000..1b67ea86fb5 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49073.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49073", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:31.410", + "lastModified": "2024-12-12T02:04:31.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Mobile Broadband Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49073", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49074.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49074.json new file mode 100644 index 00000000000..dbf37cc3d73 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49074.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49074", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:31.557", + "lastModified": "2024-12-12T02:04:31.557", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49074", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49075.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49075.json new file mode 100644 index 00000000000..adf2ddbaa33 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49075.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49075", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:31.700", + "lastModified": "2024-12-12T02:04:31.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Services\u00a0Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49075", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49076.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49076.json new file mode 100644 index 00000000000..03fddb3ba77 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49076.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49076", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:31.837", + "lastModified": "2024-12-12T02:04:31.837", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49076", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49077.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49077.json new file mode 100644 index 00000000000..b9a90fef0c5 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49077.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49077", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:31.990", + "lastModified": "2024-12-12T02:04:31.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Mobile Broadband Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49077", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49078.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49078.json new file mode 100644 index 00000000000..4b53a561a08 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49078.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49078", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:32.137", + "lastModified": "2024-12-12T02:04:32.137", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Mobile Broadband Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49078", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49079.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49079.json new file mode 100644 index 00000000000..611005fa984 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49079.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49079", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:32.270", + "lastModified": "2024-12-12T02:04:32.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Input Method Editor (IME) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49079", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49080.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49080.json new file mode 100644 index 00000000000..eeb8ffec6e7 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49080.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49080", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:32.427", + "lastModified": "2024-12-12T02:04:32.427", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows IP Routing Management Snapin Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49080", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49081.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49081.json new file mode 100644 index 00000000000..c120eb9112d --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49081.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49081", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:32.587", + "lastModified": "2024-12-12T02:04:32.587", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49081", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49082.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49082.json new file mode 100644 index 00000000000..b0b9c63bbad --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49082.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49082", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:32.733", + "lastModified": "2024-12-12T02:04:32.733", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows File Explorer Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49082", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49083.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49083.json new file mode 100644 index 00000000000..d982554eb5c --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49083.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49083", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:32.890", + "lastModified": "2024-12-12T02:04:32.890", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Mobile Broadband Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49083", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49084.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49084.json new file mode 100644 index 00000000000..a624f37bc0c --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49084.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49084", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:33.077", + "lastModified": "2024-12-12T02:04:33.077", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49084", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49085.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49085.json new file mode 100644 index 00000000000..a8a51eaced8 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49085.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49085", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:33.310", + "lastModified": "2024-12-12T02:04:33.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + }, + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49085", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49086.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49086.json new file mode 100644 index 00000000000..b9c6ae8e854 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49086.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49086", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:33.460", + "lastModified": "2024-12-12T02:04:33.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49086", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49087.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49087.json new file mode 100644 index 00000000000..68f7b9fce72 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49087.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49087", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:33.660", + "lastModified": "2024-12-12T02:04:33.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Mobile Broadband Driver Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49087", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49088.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49088.json new file mode 100644 index 00000000000..833205f0eca --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49088.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49088", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:33.827", + "lastModified": "2024-12-12T02:04:33.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-126" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49088", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49089.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49089.json new file mode 100644 index 00000000000..5730a2aa7ca --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49089.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49089", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:34.010", + "lastModified": "2024-12-12T02:04:34.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + }, + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49089", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49090.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49090.json new file mode 100644 index 00000000000..7f66cd250e1 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49090.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49090", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:34.190", + "lastModified": "2024-12-12T02:04:34.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-822" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49090", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49091.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49091.json new file mode 100644 index 00000000000..10b74461ac3 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49091.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49091", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:34.370", + "lastModified": "2024-12-12T02:04:34.370", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Domain Name Service Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-591" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49091", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49092.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49092.json new file mode 100644 index 00000000000..802c53e70aa --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49092.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49092", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:34.573", + "lastModified": "2024-12-12T02:04:34.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Mobile Broadband Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49092", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49093.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49093.json new file mode 100644 index 00000000000..ff4bac4b1ae --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49093.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49093", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:34.747", + "lastModified": "2024-12-12T02:04:34.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-681" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49093", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49094.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49094.json new file mode 100644 index 00000000000..0ca9397800e --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49094.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49094", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:34.920", + "lastModified": "2024-12-12T02:04:34.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49094", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49095.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49095.json new file mode 100644 index 00000000000..aae70a276e8 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49095.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49095", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:35.080", + "lastModified": "2024-12-12T02:04:35.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + }, + { + "lang": "en", + "value": "CWE-591" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49095", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49096.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49096.json new file mode 100644 index 00000000000..3cf4f62144c --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49096.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49096", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:35.230", + "lastModified": "2024-12-12T02:04:35.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49096", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49097.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49097.json new file mode 100644 index 00000000000..4115d814954 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49097.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49097", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:35.387", + "lastModified": "2024-12-12T02:04:35.387", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + }, + { + "lang": "en", + "value": "CWE-591" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49097", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49098.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49098.json new file mode 100644 index 00000000000..fd1b4f05a40 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49098.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49098", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:35.533", + "lastModified": "2024-12-12T02:04:35.533", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.7, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49098", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49099.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49099.json new file mode 100644 index 00000000000..dd3906d24f7 --- /dev/null +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49099.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49099", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:35.677", + "lastModified": "2024-12-12T02:04:35.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.7, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49099", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49101.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49101.json new file mode 100644 index 00000000000..1ffb0cd75a5 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49101.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49101", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:35.823", + "lastModified": "2024-12-12T02:04:35.823", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49101", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49102.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49102.json new file mode 100644 index 00000000000..d53a4891212 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49102.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49102", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:35.970", + "lastModified": "2024-12-12T02:04:35.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49102", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49103.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49103.json new file mode 100644 index 00000000000..ae1b8ca1187 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49103.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49103", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:36.123", + "lastModified": "2024-12-12T02:04:36.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.7, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49103", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49104.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49104.json new file mode 100644 index 00000000000..83549d16c33 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49104.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49104", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:36.267", + "lastModified": "2024-12-12T02:04:36.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49104", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49105.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49105.json new file mode 100644 index 00000000000..71b33afe9b1 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49105.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49105", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:36.417", + "lastModified": "2024-12-12T02:04:36.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Remote Desktop Client Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49105", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49106.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49106.json new file mode 100644 index 00000000000..e444e88d408 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49106.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49106", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:36.573", + "lastModified": "2024-12-12T02:04:36.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Services Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + }, + { + "lang": "en", + "value": "CWE-591" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49106", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49107.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49107.json new file mode 100644 index 00000000000..85890febc7b --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49107.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49107", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:36.713", + "lastModified": "2024-12-12T02:04:36.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "WmsRepair Service Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49107", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49108.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49108.json new file mode 100644 index 00000000000..f1f996ee6a0 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49108.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49108", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:36.877", + "lastModified": "2024-12-12T02:04:36.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Services Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + }, + { + "lang": "en", + "value": "CWE-591" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49108", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49109.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49109.json new file mode 100644 index 00000000000..b1fad8ecd22 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49109.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49109", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:37.023", + "lastModified": "2024-12-12T02:04:37.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49109", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49110.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49110.json new file mode 100644 index 00000000000..dda203b56c5 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49110.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49110", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:37.170", + "lastModified": "2024-12-12T02:04:37.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Mobile Broadband Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49110", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49111.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49111.json new file mode 100644 index 00000000000..8b11481ba2e --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49111.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49111", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:37.307", + "lastModified": "2024-12-12T02:04:37.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49111", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49112.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49112.json new file mode 100644 index 00000000000..2b8dca4b6cd --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49112.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49112", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:37.453", + "lastModified": "2024-12-12T02:04:37.453", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49113.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49113.json new file mode 100644 index 00000000000..82a896b2586 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49113.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49113", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:37.610", + "lastModified": "2024-12-12T02:04:37.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49114.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49114.json new file mode 100644 index 00000000000..0480439082a --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49114.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49114", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:37.757", + "lastModified": "2024-12-12T02:04:37.757", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-820" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49114", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49115.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49115.json new file mode 100644 index 00000000000..7ea6ee86300 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49115.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49115", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:37.900", + "lastModified": "2024-12-12T02:04:37.900", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Services Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + }, + { + "lang": "en", + "value": "CWE-591" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49115", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49116.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49116.json new file mode 100644 index 00000000000..f4bb88049af --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49116.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49116", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:38.050", + "lastModified": "2024-12-12T02:04:38.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Services Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49116", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49117.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49117.json new file mode 100644 index 00000000000..990aa74871e --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49117.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49117", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:38.190", + "lastModified": "2024-12-12T02:04:38.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Hyper-V Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-393" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49117", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49118.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49118.json new file mode 100644 index 00000000000..557f2487afb --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49118.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49118", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:38.333", + "lastModified": "2024-12-12T02:04:38.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49118", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49119.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49119.json new file mode 100644 index 00000000000..5b972691c44 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49119.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49119", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:38.490", + "lastModified": "2024-12-12T02:04:38.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Services Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49119", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49120.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49120.json new file mode 100644 index 00000000000..c3f5e9461ea --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49120.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49120", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:38.643", + "lastModified": "2024-12-12T02:04:38.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Services Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-453" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49120", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49121.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49121.json new file mode 100644 index 00000000000..a7b92a59492 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49121.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49121", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:38.790", + "lastModified": "2024-12-12T02:04:38.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49121", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49122.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49122.json new file mode 100644 index 00000000000..8dc0238d59b --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49122.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49122", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:38.950", + "lastModified": "2024-12-12T02:04:38.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49122", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49123.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49123.json new file mode 100644 index 00000000000..8b97f20f793 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49123.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49123", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:39.090", + "lastModified": "2024-12-12T02:04:39.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Services Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-591" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49123", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49124.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49124.json new file mode 100644 index 00000000000..b2aca190621 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49124.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49124", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:39.233", + "lastModified": "2024-12-12T02:04:39.233", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49124", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49125.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49125.json new file mode 100644 index 00000000000..48291bd4ab9 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49125.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49125", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:39.380", + "lastModified": "2024-12-12T02:04:39.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49125", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49126.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49126.json new file mode 100644 index 00000000000..386722ed3de --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49126.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49126", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:39.540", + "lastModified": "2024-12-12T02:04:39.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + }, + { + "lang": "en", + "value": "CWE-591" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49126", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49127.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49127.json new file mode 100644 index 00000000000..73feaed6b65 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49127.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49127", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:39.720", + "lastModified": "2024-12-12T02:04:39.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49127", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49128.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49128.json new file mode 100644 index 00000000000..a1c9e066086 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49128.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49128", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:39.870", + "lastModified": "2024-12-12T02:04:39.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Services Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + }, + { + "lang": "en", + "value": "CWE-591" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49128", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49129.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49129.json new file mode 100644 index 00000000000..fae05c37fa5 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49129.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49129", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:40.023", + "lastModified": "2024-12-12T02:04:40.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49129", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49132.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49132.json new file mode 100644 index 00000000000..02c3633eafb --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49132.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49132", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:40.163", + "lastModified": "2024-12-12T02:04:40.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Services Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + }, + { + "lang": "en", + "value": "CWE-591" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49132", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49138.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49138.json new file mode 100644 index 00000000000..87f2843079a --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49138.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49138", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:40.307", + "lastModified": "2024-12-12T02:04:40.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49142.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49142.json new file mode 100644 index 00000000000..e7cec986ae1 --- /dev/null +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49142.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49142", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-12-12T02:04:40.460", + "lastModified": "2024-12-12T02:04:40.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Access Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49142", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50339.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50339.json new file mode 100644 index 00000000000..d820691430d --- /dev/null +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50339.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-50339", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:06:19.147", + "lastModified": "2024-12-12T02:06:19.147", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.17", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-v977-g4r9-6r72", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50585.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50585.json index 63ba848014a..522642a6a0f 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50585.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50585.json @@ -2,7 +2,7 @@ "id": "CVE-2024-50585", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2024-12-11T15:15:14.920", - "lastModified": "2024-12-11T15:15:14.920", + "lastModified": "2024-12-12T02:06:30.727", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the \"Numerix License Server Administration System Login\" (nlslogin.jsp) page.\u00a0The vulnerability can be triggered by sending a specially crafted HTTP POST request.\u00a0\n\n\n\nThe vendor was unresponsive during multiple attempts to contact them via various channels, hence there is no solution available. In case you are using this software, be sure to restrict access and monitor logs. Try to reach out to your contact person for this vendor and request a patch." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50625.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50625.json index d0af2b2be9d..1c7be353c0f 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50625.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50625.json @@ -2,16 +2,55 @@ "id": "CVE-2024-50625", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T22:15:22.610", - "lastModified": "2024-12-09T22:15:22.610", + "lastModified": "2024-12-12T02:06:32.647", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling privilege escalation when combined with other vulnerabilities." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Digi ConnectPort LTS anterior a la versi\u00f3n 1.4.12. Una vulnerabilidad en el manejo de carga de archivos de una aplicaci\u00f3n web permite la manipulaci\u00f3n de rutas de archivos mediante solicitudes POST. Esto puede provocar cargas de archivos arbitrarias dentro de directorios espec\u00edficos, lo que potencialmente permite la escalada de privilegios cuando se combina con otras vulnerabilidades." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf", diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50626.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50626.json index 69242813fd9..0bb97e35830 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50626.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50626.json @@ -2,16 +2,55 @@ "id": "CVE-2024-50626", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T22:15:22.733", - "lastModified": "2024-12-09T22:15:22.733", + "lastModified": "2024-12-12T02:06:32.817", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Digi ConnectPort LTS anterior a la versi\u00f3n 1.4.12. Existe una vulnerabilidad de Directory Traversal en WebFS. Esto permite que un atacante en la red de \u00e1rea local manipule las URL para incluir secuencias de recorrido, lo que puede provocar un acceso no autorizado a los datos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf", diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50921.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50921.json index 60c9dc6d70c..f9c50f7e16f 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50921.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50921.json @@ -2,16 +2,55 @@ "id": "CVE-2024-50921", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T19:15:30.380", - "lastModified": "2024-12-10T19:15:30.380", + "lastModified": "2024-12-12T02:06:39.000", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller." + }, + { + "lang": "es", + "value": "Los permisos inseguros en Silicon Labs (SiLabs) Z-Wave Series 700 y 800 v7.21.1 permiten a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante el env\u00edo repetido de paquetes manipulados al controlador." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/CNK2100/2024-CVE/blob/main/README.md", diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50924.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50924.json index 91e906549bb..3c42b9b5422 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50924.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50924.json @@ -2,16 +2,55 @@ "id": "CVE-2024-50924", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T19:15:30.463", - "lastModified": "2024-12-10T19:15:30.463", + "lastModified": "2024-12-12T02:06:39.167", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller." + }, + { + "lang": "es", + "value": "Los permisos inseguros en Silicon Labs (SiLabs) Z-Wave Series 700 y 800 v7.21.1 permiten a los atacantes interrumpir las comunicaciones entre el controlador y el dispositivo en s\u00ed mediante el env\u00edo repetido de paquetes manipulados al controlador." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/CNK2100/2024-CVE/blob/main/README.md", diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50928.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50928.json index c37666f667e..47789f14755 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50928.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50928.json @@ -2,16 +2,55 @@ "id": "CVE-2024-50928", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T19:15:30.550", - "lastModified": "2024-12-10T19:15:30.550", + "lastModified": "2024-12-12T02:06:39.320", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller." + }, + { + "lang": "es", + "value": "Los permisos inseguros en Silicon Labs (SiLabs) Z-Wave Series 700 y 800 v7.21.1 permiten a los atacantes cambiar el intervalo de activaci\u00f3n de los dispositivos finales en la memoria del controlador, interrumpiendo las comunicaciones del dispositivo con el controlador." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/CNK2100/2024-CVE/blob/main/README.md", diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50930.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50930.json index 20ba8f28066..0911b1866ce 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50930.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50930.json @@ -2,16 +2,55 @@ "id": "CVE-2024-50930", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T19:15:30.727", - "lastModified": "2024-12-10T19:15:30.727", + "lastModified": "2024-12-12T02:06:39.577", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code." + }, + { + "lang": "es", + "value": "Un problema en Silicon Labs Z-Wave Series 500 v6.84.0 permite a los atacantes ejecutar c\u00f3digo arbitrario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/CNK2100/2024-CVE/blob/main/README.md", diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53272.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53272.json new file mode 100644 index 00000000000..937e3489b02 --- /dev/null +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53272.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-53272", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:15:28.670", + "lastModified": "2024-12-12T02:15:28.670", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `login` and `social media` function in `RegisterLoginReset.vue` contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim\u2019s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HabitRPG/habitica/commit/946ade5da1f52a804ef2ba76d49416c43e8166bf", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-109_GHSL-2024-111_habitica/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53273.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53273.json new file mode 100644 index 00000000000..5d0b76c6fca --- /dev/null +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53273.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-53273", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:15:28.813", + "lastModified": "2024-12-12T02:15:28.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim\u2019s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HabitRPG/habitica/commit/946ade5da1f52a804ef2ba76d49416c43e8166bf", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-109_GHSL-2024-111_habitica/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53274.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53274.json new file mode 100644 index 00000000000..00b35b02a80 --- /dev/null +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53274.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-53274", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:15:28.940", + "lastModified": "2024-12-12T02:15:28.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability. Arbitrary javascript can be executed by the attacker in the context of the victim\u2019s session. Version 5.28.5 contains a patch." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.0, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HabitRPG/habitica/commit/946ade5da1f52a804ef2ba76d49416c43e8166bf", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-109_GHSL-2024-111_habitica/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-534xx/CVE-2024-53441.json b/CVE-2024/CVE-2024-534xx/CVE-2024-53441.json index a4c86f7e1d5..ba2c9c5259f 100644 --- a/CVE-2024/CVE-2024-534xx/CVE-2024-53441.json +++ b/CVE-2024/CVE-2024-534xx/CVE-2024-53441.json @@ -2,16 +2,55 @@ "id": "CVE-2024-53441", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T20:15:20.800", - "lastModified": "2024-12-09T20:15:20.800", + "lastModified": "2024-12-12T02:07:57.850", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack." + }, + { + "lang": "es", + "value": "Un problema en la funci\u00f3n decryptCookie de index.js de cookie-encrypter v1.0.1 permite a los atacantes ejecutar un ataque de inversi\u00f3n de bits." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/mathysEthical/f45f1503f87381090e38a33c50eec971", diff --git a/CVE-2024/CVE-2024-534xx/CVE-2024-53473.json b/CVE-2024/CVE-2024-534xx/CVE-2024-53473.json index de848cc31c6..7c95b7cfcde 100644 --- a/CVE-2024/CVE-2024-534xx/CVE-2024-53473.json +++ b/CVE-2024/CVE-2024-534xx/CVE-2024-53473.json @@ -2,16 +2,55 @@ "id": "CVE-2024-53473", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-07T23:15:34.137", - "lastModified": "2024-12-07T23:15:34.137", - "vulnStatus": "Received", + "lastModified": "2024-12-12T02:07:58.713", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "WeGIA 3.2.0 before 3998672 does not verify permission to change a password." + }, + { + "lang": "es", + "value": "WeGIA 3.2.0 anterior a 3998672 no verifica el permiso para cambiar una contrase\u00f1a." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/nilsonLazarin/WeGIA/commit/3998672f1b86db58eab2808a640903d73b37bd2d", diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53845.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53845.json new file mode 100644 index 00000000000..c92f0c58141 --- /dev/null +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53845.json @@ -0,0 +1,114 @@ +{ + "id": "CVE-2024-53845", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:15:29.087", + "lastModified": "2024-12-12T02:15:29.087", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant throughout the product's lifetime. In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. To address the aforementioned issues, the application generates a random IV when activating the AES key starting in versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. This IV is then transmitted along with the provision data to the provision device. The provision device has also been equipped with a parser for the AES IV. The upgrade is applicable for all applications and users of ESPTouch v2 component from ESP-IDF. As it is implemented in the ESP Wi-Fi stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "UNREPORTED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + }, + { + "lang": "en", + "value": "CWE-909" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/EspressifApp/EsptouchForAndroid/tree/master/esptouch-v2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/EspressifApp/EsptouchForIOS/tree/master/EspTouchDemo/ESPTouchV2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/espressif/esp-idf/commit/4f85a2726e04b737c8646d865b44ddd837b703db", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/espressif/esp-idf/commit/8fb28dcedcc49916a5206456a3a61022d4302cd8", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/espressif/esp-idf/commit/d47ed7d6f814e21c5bc8997ab0bc68e2360e5cb2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/espressif/esp-idf/commit/de69895f38d563e22228f5ba23fffa02feabc3a9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/espressif/esp-idf/commit/fd224e83bbf133833638b277c767be7f7cdd97c7", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/espressif/esp-idf/security/advisories/GHSA-wm57-466g-mhrr", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/espressif/esp-idf/tree/master/components/esp_wifi", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54465.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54465.json new file mode 100644 index 00000000000..04488b6a17d --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54465.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-54465", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:29.243", + "lastModified": "2024-12-12T02:15:29.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54466.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54466.json new file mode 100644 index 00000000000..4ca2fbb1f6a --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54466.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-54466", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:29.330", + "lastModified": "2024-12-12T02:15:29.330", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An encrypted volume may be accessed by a different user without prompting for the password." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54471.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54471.json new file mode 100644 index 00000000000..214f56cd4ec --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54471.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-54471", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:29.420", + "lastModified": "2024-12-12T02:15:29.420", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121568", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121570", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54474.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54474.json new file mode 100644 index 00000000000..2633359f099 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54474.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-54474", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:29.500", + "lastModified": "2024-12-12T02:15:29.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54476.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54476.json new file mode 100644 index 00000000000..e01d04f6ea6 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54476.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-54476", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:29.583", + "lastModified": "2024-12-12T02:15:29.583", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54477.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54477.json new file mode 100644 index 00000000000..5dc8ab39cc5 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54477.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-54477", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:29.663", + "lastModified": "2024-12-12T02:15:29.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54479.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54479.json new file mode 100644 index 00000000000..19c1baf2e0e --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54479.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2024-54479", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:29.750", + "lastModified": "2024-12-12T02:15:29.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121845", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121846", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54484.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54484.json new file mode 100644 index 00000000000..566a50b57eb --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54484.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-54484", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:29.843", + "lastModified": "2024-12-12T02:15:29.843", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54485.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54485.json new file mode 100644 index 00000000000..3c78f412ce1 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54485.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-54485", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:29.923", + "lastModified": "2024-12-12T02:15:29.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.3, iOS 18.2 and iPadOS 18.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54486.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54486.json new file mode 100644 index 00000000000..6fd1a4a4681 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54486.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-54486", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:30.010", + "lastModified": "2024-12-12T02:15:30.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted font may result in the disclosure of process memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121845", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54489.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54489.json new file mode 100644 index 00000000000..0c393f3d3c7 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54489.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-54489", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:30.097", + "lastModified": "2024-12-12T02:15:30.097", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Running a mount command may unexpectedly execute arbitrary code." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54490.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54490.json new file mode 100644 index 00000000000..6fa8be46d13 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54490.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-54490", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:30.183", + "lastModified": "2024-12-12T02:15:30.183", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54491.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54491.json new file mode 100644 index 00000000000..4fdde9da90a --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54491.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-54491", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:30.270", + "lastModified": "2024-12-12T02:15:30.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was resolved by sanitizing logging This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54492.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54492.json new file mode 100644 index 00000000000..03cc6b092e0 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54492.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-54492", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:30.350", + "lastModified": "2024-12-12T02:15:30.350", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121845", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54493.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54493.json new file mode 100644 index 00000000000..f2e92640a3b --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54493.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-54493", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:30.433", + "lastModified": "2024-12-12T02:15:30.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicators for microphone access may be attributed incorrectly." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54494.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54494.json new file mode 100644 index 00000000000..3f1a10464d8 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54494.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-54494", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:30.513", + "lastModified": "2024-12-12T02:15:30.513", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be written to." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121845", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54495.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54495.json new file mode 100644 index 00000000000..4fbc3c435be --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54495.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-54495", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:30.600", + "lastModified": "2024-12-12T02:15:30.600", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to modify protected parts of the file system." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54498.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54498.json new file mode 100644 index 00000000000..068d183fda5 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54498.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-54498", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:30.683", + "lastModified": "2024-12-12T02:15:30.683", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54500.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54500.json new file mode 100644 index 00000000000..8456d5a3775 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54500.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-54500", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:30.777", + "lastModified": "2024-12-12T02:15:30.777", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted image may result in disclosure of process memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121845", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54501.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54501.json new file mode 100644 index 00000000000..6f7892db412 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54501.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-54501", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:30.863", + "lastModified": "2024-12-12T02:15:30.863", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted file may lead to a denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121845", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54502.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54502.json new file mode 100644 index 00000000000..91fde311830 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54502.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-54502", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:30.957", + "lastModified": "2024-12-12T02:15:30.957", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121845", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121846", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54503.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54503.json new file mode 100644 index 00000000000..44eaafda265 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54503.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-54503", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:31.057", + "lastModified": "2024-12-12T02:15:31.057", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54504.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54504.json new file mode 100644 index 00000000000..611c3ae100d --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54504.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-54504", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:31.140", + "lastModified": "2024-12-12T02:15:31.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54505.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54505.json new file mode 100644 index 00000000000..06272282110 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54505.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2024-54505", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:31.227", + "lastModified": "2024-12-12T02:15:31.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121845", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121846", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54506.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54506.json new file mode 100644 index 00000000000..eae988b5f95 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54506.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-54506", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:31.310", + "lastModified": "2024-12-12T02:15:31.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.2. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54508.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54508.json new file mode 100644 index 00000000000..925c1625afc --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54508.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-54508", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:31.393", + "lastModified": "2024-12-12T02:15:31.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121845", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121846", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54510.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54510.json new file mode 100644 index 00000000000..0d59daa1abf --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54510.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2024-54510", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:31.480", + "lastModified": "2024-12-12T02:15:31.480", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A race condition was addressed with improved locking. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to leak sensitive kernel state." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121838", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54513.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54513.json new file mode 100644 index 00000000000..f665ea4c0c0 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54513.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-54513", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:31.557", + "lastModified": "2024-12-12T02:15:31.557", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121845", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54514.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54514.json new file mode 100644 index 00000000000..e0031b97c53 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54514.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-54514", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:31.643", + "lastModified": "2024-12-12T02:15:31.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54515.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54515.json new file mode 100644 index 00000000000..3c8c12c44cf --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54515.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-54515", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:31.723", + "lastModified": "2024-12-12T02:15:31.723", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54524.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54524.json new file mode 100644 index 00000000000..7b7b29b3f96 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54524.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-54524", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:31.803", + "lastModified": "2024-12-12T02:15:31.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to access arbitrary files." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54526.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54526.json new file mode 100644 index 00000000000..bf33b7c4a7f --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54526.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-54526", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:31.887", + "lastModified": "2024-12-12T02:15:31.887", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to access private information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54527.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54527.json new file mode 100644 index 00000000000..f1648a42096 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54527.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-54527", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:31.973", + "lastModified": "2024-12-12T02:15:31.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access sensitive user data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54528.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54528.json new file mode 100644 index 00000000000..25f82b8b8db --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54528.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-54528", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:32.063", + "lastModified": "2024-12-12T02:15:32.063", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to overwrite arbitrary files." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54529.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54529.json new file mode 100644 index 00000000000..a068966f999 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54529.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-54529", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:32.140", + "lastModified": "2024-12-12T02:15:32.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121840", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121842", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54531.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54531.json new file mode 100644 index 00000000000..51a96fc5d50 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54531.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-54531", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:32.220", + "lastModified": "2024-12-12T02:15:32.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. An app may be able to bypass kASLR." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54534.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54534.json new file mode 100644 index 00000000000..cfd63572b12 --- /dev/null +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54534.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-54534", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-12-12T02:15:32.297", + "lastModified": "2024-12-12T02:15:32.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/121837", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121839", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121845", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/121846", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-547xx/CVE-2024-54749.json b/CVE-2024/CVE-2024-547xx/CVE-2024-54749.json index 2d4ab45b02f..ecef46cebe7 100644 --- a/CVE-2024/CVE-2024-547xx/CVE-2024-54749.json +++ b/CVE-2024/CVE-2024-547xx/CVE-2024-54749.json @@ -2,8 +2,8 @@ "id": "CVE-2024-54749", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T17:15:12.983", - "lastModified": "2024-12-07T23:15:34.810", - "vulnStatus": "Received", + "lastModified": "2024-12-12T02:08:18.910", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", @@ -16,9 +16,48 @@ { "lang": "en", "value": "Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a firmware image; however, the device cannot be deployed without setting a new password during installation." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Ubiquiti U7-Pro 7.0.35 contiene una vulnerabilidad de contrase\u00f1a codificada en /etc/shadow, que permite a los atacantes iniciar sesi\u00f3n como superusuario. NOTA: el proveedor lo niega porque la observaci\u00f3n solo estableci\u00f3 que hay una contrase\u00f1a en una imagen de firmware; sin embargo, el dispositivo no se puede implementar sin configurar una nueva contrase\u00f1a durante la instalaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://colorful-meadow-5b9.notion.site/U7-Pro_HardCode_vuln-14bc216a1c30802e9c4cd03753e880cc?pvs=4", diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55586.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55586.json index 6c529120fb1..88e200f2a85 100644 --- a/CVE-2024/CVE-2024-555xx/CVE-2024-55586.json +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55586.json @@ -2,13 +2,20 @@ "id": "CVE-2024-55586", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T14:30:47.813", - "lastModified": "2024-12-11T16:15:17.473", + "lastModified": "2024-12-12T02:08:22.247", "vulnStatus": "Received", - "cveTags": [], + "cveTags": [ + { + "sourceIdentifier": "cve@mitre.org", + "tags": [ + "disputed" + ] + } + ], "descriptions": [ { "lang": "en", - "value": "Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method." + "value": "Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55587.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55587.json new file mode 100644 index 00000000000..d1ff80de79a --- /dev/null +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55587.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-55587", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-12T02:08:22.413", + "lastModified": "2024-12-12T02:08:22.413", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/smartfile/python-libarchive/blob/c7677411bfc4ab5701d343bc6ebd9e35c990e80e/libarchive/zip.py#L107", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/smartfile/python-libarchive/issues/42", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/smartfile/python-libarchive/pull/41", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-556xx/CVE-2024-55652.json b/CVE-2024/CVE-2024-556xx/CVE-2024-55652.json new file mode 100644 index 00000000000..164d81df451 --- /dev/null +++ b/CVE-2024/CVE-2024-556xx/CVE-2024-55652.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-55652", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:15:32.377", + "lastModified": "2024-12-12T02:15:32.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the contents of the template document is able to execute arbitrary code on the system. By default, only users with the `admin` role are able to create or update templates. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 patches the issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1336" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pwndoc/pwndoc/commit/1d4219c596f4f518798492e48386a20c6e9a2fe6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-jw5r-6927-hwpc", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-556xx/CVE-2024-55657.json b/CVE-2024/CVE-2024-556xx/CVE-2024-55657.json new file mode 100644 index 00000000000..05a346dfd58 --- /dev/null +++ b/CVE-2024/CVE-2024-556xx/CVE-2024-55657.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-55657", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:15:32.507", + "lastModified": "2024-12-12T02:15:32.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/siyuan-note/siyuan/commit/e70ed57f6e4852e2bd702671aeb8eb3a47a36d71", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-xx68-37v4-4596", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-556xx/CVE-2024-55658.json b/CVE-2024/CVE-2024-556xx/CVE-2024-55658.json new file mode 100644 index 00000000000..70f9224e20d --- /dev/null +++ b/CVE-2024/CVE-2024-556xx/CVE-2024-55658.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-55658", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:15:32.633", + "lastModified": "2024-12-12T02:15:32.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Version 3.1.16 contains a patch for the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/siyuan-note/siyuan/commit/e70ed57f6e4852e2bd702671aeb8eb3a47a36d71", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-25w9-wqfq-gwqx", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-556xx/CVE-2024-55659.json b/CVE-2024/CVE-2024-556xx/CVE-2024-55659.json new file mode 100644 index 00000000000..a37a532fc0b --- /dev/null +++ b/CVE-2024/CVE-2024-556xx/CVE-2024-55659.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-55659", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:15:32.760", + "lastModified": "2024-12-12T02:15:32.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + }, + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/siyuan-note/siyuan/commit/e70ed57f6e4852e2bd702671aeb8eb3a47a36d71", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-fqj6-whhx-47p7", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-556xx/CVE-2024-55660.json b/CVE-2024/CVE-2024-556xx/CVE-2024-55660.json new file mode 100644 index 00000000000..d225a39e911 --- /dev/null +++ b/CVE-2024/CVE-2024-556xx/CVE-2024-55660.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-55660", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-12T02:15:32.883", + "lastModified": "2024-12-12T02:15:32.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1336" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/siyuan-note/siyuan/commit/e70ed57f6e4852e2bd702671aeb8eb3a47a36d71", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4pjc-pwgq-q9jp", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-558xx/CVE-2024-55884.json b/CVE-2024/CVE-2024-558xx/CVE-2024-55884.json new file mode 100644 index 00000000000..141de4039c5 --- /dev/null +++ b/CVE-2024/CVE-2024-558xx/CVE-2024-55884.json @@ -0,0 +1,52 @@ +{ + "id": "CVE-2024-55884", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-12T02:08:23.127", + "lastModified": "2024-12-12T02:08:23.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://github.com/mullvad/mullvadvpn-app/commit/ef6c862071b26023802b00d6e1dc6ca53d1ab3e6", + "source": "cve@mitre.org" + }, + { + "url": "https://news.ycombinator.com/item?id=42390768", + "source": "cve@mitre.org" + }, + { + "url": "https://x41-dsec.de/news/2024/12/11/mullvad/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b14c2aef4b1..bf5ea46ff26 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-12T00:55:30.233111+00:00 +2024-12-12T03:00:47.263002+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-12T00:48:05.837000+00:00 +2024-12-12T02:15:32.883000+00:00 ``` ### Last Data Feed Release @@ -27,50 +27,75 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-12-11T01:00:04.368695+00:00 +2024-12-12T01:00:04.344327+00:00 ``` ### Total Number of included CVEs ```plain -273189 +273384 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` - +Recently added CVEs: `195` + +- [CVE-2024-54501](CVE-2024/CVE-2024-545xx/CVE-2024-54501.json) (`2024-12-12T02:15:30.863`) +- [CVE-2024-54502](CVE-2024/CVE-2024-545xx/CVE-2024-54502.json) (`2024-12-12T02:15:30.957`) +- [CVE-2024-54503](CVE-2024/CVE-2024-545xx/CVE-2024-54503.json) (`2024-12-12T02:15:31.057`) +- [CVE-2024-54504](CVE-2024/CVE-2024-545xx/CVE-2024-54504.json) (`2024-12-12T02:15:31.140`) +- [CVE-2024-54505](CVE-2024/CVE-2024-545xx/CVE-2024-54505.json) (`2024-12-12T02:15:31.227`) +- [CVE-2024-54506](CVE-2024/CVE-2024-545xx/CVE-2024-54506.json) (`2024-12-12T02:15:31.310`) +- [CVE-2024-54508](CVE-2024/CVE-2024-545xx/CVE-2024-54508.json) (`2024-12-12T02:15:31.393`) +- [CVE-2024-54510](CVE-2024/CVE-2024-545xx/CVE-2024-54510.json) (`2024-12-12T02:15:31.480`) +- [CVE-2024-54513](CVE-2024/CVE-2024-545xx/CVE-2024-54513.json) (`2024-12-12T02:15:31.557`) +- [CVE-2024-54514](CVE-2024/CVE-2024-545xx/CVE-2024-54514.json) (`2024-12-12T02:15:31.643`) +- [CVE-2024-54515](CVE-2024/CVE-2024-545xx/CVE-2024-54515.json) (`2024-12-12T02:15:31.723`) +- [CVE-2024-54524](CVE-2024/CVE-2024-545xx/CVE-2024-54524.json) (`2024-12-12T02:15:31.803`) +- [CVE-2024-54526](CVE-2024/CVE-2024-545xx/CVE-2024-54526.json) (`2024-12-12T02:15:31.887`) +- [CVE-2024-54527](CVE-2024/CVE-2024-545xx/CVE-2024-54527.json) (`2024-12-12T02:15:31.973`) +- [CVE-2024-54528](CVE-2024/CVE-2024-545xx/CVE-2024-54528.json) (`2024-12-12T02:15:32.063`) +- [CVE-2024-54529](CVE-2024/CVE-2024-545xx/CVE-2024-54529.json) (`2024-12-12T02:15:32.140`) +- [CVE-2024-54531](CVE-2024/CVE-2024-545xx/CVE-2024-54531.json) (`2024-12-12T02:15:32.220`) +- [CVE-2024-54534](CVE-2024/CVE-2024-545xx/CVE-2024-54534.json) (`2024-12-12T02:15:32.297`) +- [CVE-2024-55587](CVE-2024/CVE-2024-555xx/CVE-2024-55587.json) (`2024-12-12T02:08:22.413`) +- [CVE-2024-55652](CVE-2024/CVE-2024-556xx/CVE-2024-55652.json) (`2024-12-12T02:15:32.377`) +- [CVE-2024-55657](CVE-2024/CVE-2024-556xx/CVE-2024-55657.json) (`2024-12-12T02:15:32.507`) +- [CVE-2024-55658](CVE-2024/CVE-2024-556xx/CVE-2024-55658.json) (`2024-12-12T02:15:32.633`) +- [CVE-2024-55659](CVE-2024/CVE-2024-556xx/CVE-2024-55659.json) (`2024-12-12T02:15:32.760`) +- [CVE-2024-55660](CVE-2024/CVE-2024-556xx/CVE-2024-55660.json) (`2024-12-12T02:15:32.883`) +- [CVE-2024-55884](CVE-2024/CVE-2024-558xx/CVE-2024-55884.json) (`2024-12-12T02:08:23.127`) ### CVEs modified in the last Commit -Recently modified CVEs: `48` - -- [CVE-2021-33144](CVE-2021/CVE-2021-331xx/CVE-2021-33144.json) (`2024-12-12T00:40:31.070`) -- [CVE-2021-33148](CVE-2021/CVE-2021-331xx/CVE-2021-33148.json) (`2024-12-12T00:40:31.263`) -- [CVE-2021-33151](CVE-2021/CVE-2021-331xx/CVE-2021-33151.json) (`2024-12-12T00:40:31.397`) -- [CVE-2021-33152](CVE-2021/CVE-2021-331xx/CVE-2021-33152.json) (`2024-12-12T00:40:31.433`) -- [CVE-2021-33153](CVE-2021/CVE-2021-331xx/CVE-2021-33153.json) (`2024-12-12T00:40:31.477`) -- [CVE-2021-33154](CVE-2021/CVE-2021-331xx/CVE-2021-33154.json) (`2024-12-12T00:40:31.520`) -- [CVE-2021-33156](CVE-2021/CVE-2021-331xx/CVE-2021-33156.json) (`2024-12-12T00:40:31.597`) -- [CVE-2021-33160](CVE-2021/CVE-2021-331xx/CVE-2021-33160.json) (`2024-12-12T00:40:31.770`) -- [CVE-2021-33163](CVE-2021/CVE-2021-331xx/CVE-2021-33163.json) (`2024-12-12T00:40:31.917`) -- [CVE-2021-33165](CVE-2021/CVE-2021-331xx/CVE-2021-33165.json) (`2024-12-12T00:40:32.010`) -- [CVE-2021-33167](CVE-2021/CVE-2021-331xx/CVE-2021-33167.json) (`2024-12-12T00:40:32.090`) -- [CVE-2021-37405](CVE-2021/CVE-2021-374xx/CVE-2021-37405.json) (`2024-12-12T00:42:55.260`) -- [CVE-2021-3885](CVE-2021/CVE-2021-38xx/CVE-2021-3885.json) (`2024-12-12T00:45:16.100`) -- [CVE-2021-41851](CVE-2021/CVE-2021-418xx/CVE-2021-41851.json) (`2024-12-12T00:46:32.390`) -- [CVE-2021-41852](CVE-2021/CVE-2021-418xx/CVE-2021-41852.json) (`2024-12-12T00:46:32.440`) -- [CVE-2021-41853](CVE-2021/CVE-2021-418xx/CVE-2021-41853.json) (`2024-12-12T00:46:32.490`) -- [CVE-2021-41854](CVE-2021/CVE-2021-418xx/CVE-2021-41854.json) (`2024-12-12T00:46:32.533`) -- [CVE-2021-41855](CVE-2021/CVE-2021-418xx/CVE-2021-41855.json) (`2024-12-12T00:46:32.573`) -- [CVE-2021-41856](CVE-2021/CVE-2021-418xx/CVE-2021-41856.json) (`2024-12-12T00:46:32.617`) -- [CVE-2021-41857](CVE-2021/CVE-2021-418xx/CVE-2021-41857.json) (`2024-12-12T00:46:32.663`) -- [CVE-2021-41858](CVE-2021/CVE-2021-418xx/CVE-2021-41858.json) (`2024-12-12T00:46:32.707`) -- [CVE-2021-41859](CVE-2021/CVE-2021-418xx/CVE-2021-41859.json) (`2024-12-12T00:46:32.750`) -- [CVE-2021-41860](CVE-2021/CVE-2021-418xx/CVE-2021-41860.json) (`2024-12-12T00:46:32.800`) -- [CVE-2021-43351](CVE-2021/CVE-2021-433xx/CVE-2021-43351.json) (`2024-12-12T00:47:22.733`) -- [CVE-2021-44457](CVE-2021/CVE-2021-444xx/CVE-2021-44457.json) (`2024-12-12T00:48:05.837`) +Recently modified CVEs: `68` + +- [CVE-2024-41644](CVE-2024/CVE-2024-416xx/CVE-2024-41644.json) (`2024-12-12T01:59:13.833`) +- [CVE-2024-41645](CVE-2024/CVE-2024-416xx/CVE-2024-41645.json) (`2024-12-12T01:59:14.067`) +- [CVE-2024-41646](CVE-2024/CVE-2024-416xx/CVE-2024-41646.json) (`2024-12-12T01:59:14.273`) +- [CVE-2024-41648](CVE-2024/CVE-2024-416xx/CVE-2024-41648.json) (`2024-12-12T01:59:14.617`) +- [CVE-2024-41649](CVE-2024/CVE-2024-416xx/CVE-2024-41649.json) (`2024-12-12T01:59:14.847`) +- [CVE-2024-41650](CVE-2024/CVE-2024-416xx/CVE-2024-41650.json) (`2024-12-12T01:59:15.050`) +- [CVE-2024-44852](CVE-2024/CVE-2024-448xx/CVE-2024-44852.json) (`2024-12-12T02:01:44.580`) +- [CVE-2024-44853](CVE-2024/CVE-2024-448xx/CVE-2024-44853.json) (`2024-12-12T02:01:44.780`) +- [CVE-2024-44854](CVE-2024/CVE-2024-448xx/CVE-2024-44854.json) (`2024-12-12T02:01:44.980`) +- [CVE-2024-44855](CVE-2024/CVE-2024-448xx/CVE-2024-44855.json) (`2024-12-12T02:01:45.177`) +- [CVE-2024-44856](CVE-2024/CVE-2024-448xx/CVE-2024-44856.json) (`2024-12-12T02:01:45.373`) +- [CVE-2024-46455](CVE-2024/CVE-2024-464xx/CVE-2024-46455.json) (`2024-12-12T02:02:38.990`) +- [CVE-2024-48453](CVE-2024/CVE-2024-484xx/CVE-2024-48453.json) (`2024-12-12T02:04:03.420`) +- [CVE-2024-48912](CVE-2024/CVE-2024-489xx/CVE-2024-48912.json) (`2024-12-12T02:04:18.923`) +- [CVE-2024-50585](CVE-2024/CVE-2024-505xx/CVE-2024-50585.json) (`2024-12-12T02:06:30.727`) +- [CVE-2024-50625](CVE-2024/CVE-2024-506xx/CVE-2024-50625.json) (`2024-12-12T02:06:32.647`) +- [CVE-2024-50626](CVE-2024/CVE-2024-506xx/CVE-2024-50626.json) (`2024-12-12T02:06:32.817`) +- [CVE-2024-50921](CVE-2024/CVE-2024-509xx/CVE-2024-50921.json) (`2024-12-12T02:06:39.000`) +- [CVE-2024-50924](CVE-2024/CVE-2024-509xx/CVE-2024-50924.json) (`2024-12-12T02:06:39.167`) +- [CVE-2024-50928](CVE-2024/CVE-2024-509xx/CVE-2024-50928.json) (`2024-12-12T02:06:39.320`) +- [CVE-2024-50930](CVE-2024/CVE-2024-509xx/CVE-2024-50930.json) (`2024-12-12T02:06:39.577`) +- [CVE-2024-53441](CVE-2024/CVE-2024-534xx/CVE-2024-53441.json) (`2024-12-12T02:07:57.850`) +- [CVE-2024-53473](CVE-2024/CVE-2024-534xx/CVE-2024-53473.json) (`2024-12-12T02:07:58.713`) +- [CVE-2024-54749](CVE-2024/CVE-2024-547xx/CVE-2024-54749.json) (`2024-12-12T02:08:18.910`) +- [CVE-2024-55586](CVE-2024/CVE-2024-555xx/CVE-2024-55586.json) (`2024-12-12T02:08:22.247`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 0e3262d462b..99c41bd87c2 100644 --- a/_state.csv +++ b/_state.csv @@ -147272,8 +147272,8 @@ CVE-2020-12144,0,0,647742316ddad87a7bbb122d5fd02e8004b06e6fcb578e990306875b06f14 CVE-2020-12145,0,0,d48748fc9ed916a2971f314199dad32f90e9d9f211fec44fa586372ff7ac8ba1,2024-11-21T04:59:21.287000 CVE-2020-12146,0,0,08c6fcb83d2005ed9e25f5db2d0c958694e5985c7d7795d20263e30c772de8ae,2024-11-21T04:59:21.400000 CVE-2020-12147,0,0,61a6c5f79ebc1432daf157bb780221cef3df318b1f6e3020853665ea02ff6e98,2024-11-21T04:59:21.503000 -CVE-2020-12148,0,1,cf0ecf532e63d3b408ea45d224f07c10912576ca72f528ec63c172e61fd71152,2024-12-12T00:15:08.490000 -CVE-2020-12149,0,1,c024da8696ff1c4c3c0ddf76e460106358120b8c1ca20948316003de4820afaa,2024-12-12T00:15:09.417000 +CVE-2020-12148,0,0,cf0ecf532e63d3b408ea45d224f07c10912576ca72f528ec63c172e61fd71152,2024-12-12T00:15:08.490000 +CVE-2020-12149,0,0,c024da8696ff1c4c3c0ddf76e460106358120b8c1ca20948316003de4820afaa,2024-12-12T00:15:09.417000 CVE-2020-1215,0,0,00b3af4853130f7c9ddca56da937bb95ed2094a485859352048c3a3bf84ceba7,2024-11-21T05:09:59.913000 CVE-2020-1216,0,0,ff21c7035de4ec8d48d539a60a0363afa1bc715cfd45ba1e3743341684a6d78d,2024-11-21T05:10:00.057000 CVE-2020-1217,0,0,04491f4382f9d7cd9307009469eecd3c398709ed63d22fa18265214759df807a,2024-11-21T05:10:00.193000 @@ -176904,7 +176904,7 @@ CVE-2021-33068,0,0,c4fc01f1c57d03d2bdba1518c77b4a9700fa553f224ba0ae20a81ba9593ee CVE-2021-33069,0,0,41af97503063ee4fb7410ed4c349b6c4bed28e229e242604ad9b286b3c28b33c,2024-11-21T06:08:13.977000 CVE-2021-33070,0,0,b05967e611e4c24693ea9cdc493af8f2468fdd6331aab32cb0caec3ce2c12832,2023-11-07T03:35:48.187000 CVE-2021-33071,0,0,15602ef565d622027b321ad1ccca6259c48c426da877257621d751beefd0293a,2024-11-21T06:08:14.110000 -CVE-2021-33072,0,1,833cacde07204f89f12c7a4fb55027d6f3c20c463a3de91eeb85c1cbf4ddfb2f,2024-12-12T00:40:27.423000 +CVE-2021-33072,0,0,833cacde07204f89f12c7a4fb55027d6f3c20c463a3de91eeb85c1cbf4ddfb2f,2024-12-12T00:40:27.423000 CVE-2021-33073,0,0,7a5eacc207b92571ad8e50e2fcc658cb948a92bd8982f2dca5fd50b85b086ac5,2024-11-21T06:08:14.270000 CVE-2021-33074,0,0,8774c7d6b61718ac4855c2e48e3c748e8adc6e2539de0466c9ddb153dd7ef27d,2024-11-21T06:08:14.370000 CVE-2021-33075,0,0,69d4a455a27087b962957467a00fbc414b216bd3ca65577cb90c6b6168b4cb2e,2024-11-21T06:08:14.477000 @@ -176917,8 +176917,8 @@ CVE-2021-33080,0,0,57ecd13bed1c2684836f31e4925d4a9205e90ea1a41a1ac6e6a4532997cb3 CVE-2021-33081,0,0,14a6abcdd84834c6f7cc8c0fa6ceb28cf138654af9812ba85d8689be8ae13db2,2024-11-21T06:08:15.230000 CVE-2021-33082,0,0,3f7344be48024e98d990c4b5d0181f420cdc1c989ba750ad53dbf7c8c99edaef,2024-11-21T06:08:15.373000 CVE-2021-33083,0,0,3c021684173a1e17341e8cd21f3f27912030997449feec87cbe93ae3e6ca567b,2024-11-21T06:08:15.493000 -CVE-2021-33084,0,1,c2181606b44f5eee817294dc44a09b9f3ae15e6bb0a8df4f58343533ac07d2ab,2024-12-12T00:40:28.363000 -CVE-2021-33085,0,1,94c214d337bd3d053321fc903c4598ff95865eb886d963fe60429d639f9c4355,2024-12-12T00:40:28.413000 +CVE-2021-33084,0,0,c2181606b44f5eee817294dc44a09b9f3ae15e6bb0a8df4f58343533ac07d2ab,2024-12-12T00:40:28.363000 +CVE-2021-33085,0,0,94c214d337bd3d053321fc903c4598ff95865eb886d963fe60429d639f9c4355,2024-12-12T00:40:28.413000 CVE-2021-33086,0,0,59ea0cbfce012205ca9810c02f116a7402a4e447c1e55b95ddfeb0c444958cf4,2024-11-21T06:08:15.697000 CVE-2021-33087,0,0,903d40f14b051647aaeb632121980a244005e09e115953136b2e6722641c77de,2024-11-21T06:08:15.900000 CVE-2021-33088,0,0,31925ca3163080f7115a036d09a87ac360cec29c8d43193b9ae30461d6e92807,2024-11-21T06:08:16.003000 @@ -176933,81 +176933,81 @@ CVE-2021-33095,0,0,f5c0ba20ce27cc93ea30d8c751a9de24d86a58e10be44c2b83b63f20d839e CVE-2021-33096,0,0,eb91cd6c0eec22113ee9fbb4b8e74c042cdbe69e3c3de5fe5f7d1fe6dacfbf44,2024-11-21T06:08:16.867000 CVE-2021-33097,0,0,a6f85df4b6c8fc783b81fd1bea6cc864037291243c7aadc180a3c3b2010d003b,2024-11-21T06:08:17.003000 CVE-2021-33098,0,0,7fedeb6f2afb7ca2e87a59ee8d8dda7e4a0ab27bfaf5b9c2e8c019d27071a904,2024-11-21T06:08:17.120000 -CVE-2021-33099,0,1,b9614fad6ee0284d5dc650cf21454146638f9173c1b831f8197348d6a3d0c476,2024-12-12T00:40:29.050000 +CVE-2021-33099,0,0,b9614fad6ee0284d5dc650cf21454146638f9173c1b831f8197348d6a3d0c476,2024-12-12T00:40:29.050000 CVE-2021-3310,0,0,02be5dd32216b5c8c12738bb08ef66e645ec1a3a7d6db80703a603a0495cb3ca,2024-11-21T06:21:15.400000 -CVE-2021-33100,0,1,404a91ac684571a3528f7faa5b2a6dc246800b94d4609b8c53f4c8ea87e4cd13,2024-12-12T00:40:29.093000 +CVE-2021-33100,0,0,404a91ac684571a3528f7faa5b2a6dc246800b94d4609b8c53f4c8ea87e4cd13,2024-12-12T00:40:29.093000 CVE-2021-33101,0,0,6034461c5398f6c60cecc54b65b04d4d25cc00a522ff89a1708552795e3a5e93,2024-11-21T06:08:17.347000 -CVE-2021-33102,0,1,4e88173732d3d3972e8f431ced638555d34459729c58e438c8550686090186ef,2024-12-12T00:40:29.180000 +CVE-2021-33102,0,0,4e88173732d3d3972e8f431ced638555d34459729c58e438c8550686090186ef,2024-12-12T00:40:29.180000 CVE-2021-33103,0,0,e39b3ff5d0b8347a3831d7e580eea1203538dfd1473a6fc8f4cc69be319e70fb,2024-11-21T06:08:17.503000 CVE-2021-33104,0,0,a265a3ee1bc858a54951c0c2bf4eb229ff64bc16ac966c0b8941f0b776592ba8,2024-11-21T06:08:17.880000 CVE-2021-33105,0,0,e9b2df814eaca3c8604a88eca08dc68bc332f32bd9b20e7c4815b7abc9591218,2024-11-21T06:08:18 CVE-2021-33106,0,0,269dcfc49b89ad1295d4b9020fede70e2759d072d293a9856b15213b8b95e571,2024-11-21T06:08:18.120000 CVE-2021-33107,0,0,305859621fa6312a13f88407cd00b71550dfc440ebbe84da78e0b56809091c17,2024-11-21T06:08:18.233000 CVE-2021-33108,0,0,61b629f11845d76da48d12da4d7b749386f8abe9d370f74914e8b8080db6c34c,2024-11-21T06:08:18.730000 -CVE-2021-33109,0,1,adedf9ff3320a264dfe46c84d06e11dc285b7f4649ca9d296993777a859369e3,2024-12-12T00:40:29.483000 +CVE-2021-33109,0,0,adedf9ff3320a264dfe46c84d06e11dc285b7f4649ca9d296993777a859369e3,2024-12-12T00:40:29.483000 CVE-2021-3311,0,0,ccd6e9b3c1cb66d91ecf89bdf17585c17929eccb6264ab97d0c02f9952a77c26,2024-11-21T06:21:15.570000 CVE-2021-33110,0,0,ffcc9dcbedf61517fe5885953392667952af30172d277a7608cf757cae16c87c,2024-11-21T06:08:18.880000 -CVE-2021-33111,0,1,20b6fb4e916241e6228b576c1228b262138f4e8dcd3e647eab5c21a045ba8a7e,2024-12-12T00:40:29.577000 -CVE-2021-33112,0,1,0fcfe825c3a94182f332f674fe68c54c6d8950407142fee9a8dba04c826de8f3,2024-12-12T00:40:29.623000 +CVE-2021-33111,0,0,20b6fb4e916241e6228b576c1228b262138f4e8dcd3e647eab5c21a045ba8a7e,2024-12-12T00:40:29.577000 +CVE-2021-33112,0,0,0fcfe825c3a94182f332f674fe68c54c6d8950407142fee9a8dba04c826de8f3,2024-12-12T00:40:29.623000 CVE-2021-33113,0,0,50874b6d3e5029bfbf009ea89495f63e400c14fb41eb48878583a1887ca3324d,2024-11-21T06:08:19.080000 CVE-2021-33114,0,0,2ee7d352a31e171d155b0db8e6b1dff9d74c9ed41977006d9b4c9f6a0776099b,2024-11-21T06:08:19.207000 CVE-2021-33115,0,0,63dc35571426ea04f1f1583ba5f1696ef799a2e44474ccef3f379a7fb8c131b1,2024-11-21T06:08:19.330000 -CVE-2021-33116,0,1,a862123bda18ae2253bb0b8d9661b6dc6d94808c09b0bd93c9b071d219579042,2024-12-12T00:40:29.797000 +CVE-2021-33116,0,0,a862123bda18ae2253bb0b8d9661b6dc6d94808c09b0bd93c9b071d219579042,2024-12-12T00:40:29.797000 CVE-2021-33117,0,0,086746573aafc606068121b597dcfbf2851574b99eb528a77c93cf0cc7af9832,2024-11-21T06:08:19.503000 CVE-2021-33118,0,0,8dcd8e6bed5ac6d4dbaf27e2770e0ebb3bd02debb83764973d9116b1ce41a168,2024-11-21T06:08:19.643000 CVE-2021-33119,0,0,4422347446be8ede8a60f0c644c3189d4b4d43f8fcb0ae70d130e38a3ba850cb,2024-11-21T06:08:19.783000 CVE-2021-3312,0,0,f1c8ef9b0ffbfec698dc8eb521c3634b531eefc1864ba5d98b13360ba6aadf6b,2024-11-21T06:21:15.743000 CVE-2021-33120,0,0,53b65b8898cd614b05c1ca11cea308d2666d9e6e97d60f4512cd910063361d1b,2024-11-21T06:08:19.900000 -CVE-2021-33121,0,1,deb4c88037da02b20601d381faacc273d8b087575c2d879323e61ac2eae5d75e,2024-12-12T00:40:30.010000 +CVE-2021-33121,0,0,deb4c88037da02b20601d381faacc273d8b087575c2d879323e61ac2eae5d75e,2024-12-12T00:40:30.010000 CVE-2021-33122,0,0,346e56bcd2fa52fe75bf4977dadd23f029d4fa873e9400b91d03d24533c9d6d3,2024-11-21T06:08:20.100000 CVE-2021-33123,0,0,f28a2566004330ba939c0143c87c0eec819a5186c36d0720000680c5fc31ac21,2024-11-21T06:08:20.487000 CVE-2021-33124,0,0,aa20054f05010150676eac49b0c1ff0c3a8a00c7528c6cc4fc8d81e63a25452b,2024-11-21T06:08:22.013000 -CVE-2021-33125,0,1,f04e71679aa277ffd7fe19d37edb19a7c6be01e6b9b2440f4584021cab136b98,2024-12-12T00:40:30.187000 +CVE-2021-33125,0,0,f04e71679aa277ffd7fe19d37edb19a7c6be01e6b9b2440f4584021cab136b98,2024-12-12T00:40:30.187000 CVE-2021-33126,0,0,8118a7ca0b408483851519c62ef5766ca9c872b2328a5e9bd3e33f4f3a8fe650,2024-11-21T06:08:23.633000 -CVE-2021-33127,0,1,c41f295a7562b1db6989e8f568ce412d755c5a03bf03ee04b882fd7e9b1919df,2024-12-12T00:40:30.280000 +CVE-2021-33127,0,0,c41f295a7562b1db6989e8f568ce412d755c5a03bf03ee04b882fd7e9b1919df,2024-12-12T00:40:30.280000 CVE-2021-33128,0,0,54e91cd2933e700c7c5786519f1d35117565db7bddad1a8ffa6cd722d73fc9ee,2024-11-21T06:08:23.810000 CVE-2021-33129,0,0,81707727ad100a5351ebb8022729db66755431fae8f4743ba302d7f7f7a8c622,2024-11-21T06:08:23.927000 CVE-2021-3313,0,0,97d1dedda96c5c2bef1088d3336bbef6e8f2da272c254bb7b9a5dc6ff0001b41,2024-11-21T06:21:16.067000 CVE-2021-33130,0,0,71bf3fdb571a7299824ec494751b9b32027946fc04000d2f63cc9899fdf065b4,2024-11-21T06:08:24.033000 -CVE-2021-33131,0,1,6cd304b2c286862de8a9c5fd312c8e06de74f5567ad6aded5cdbb1377b933d35,2024-12-12T00:40:30.450000 -CVE-2021-33132,0,1,3e514c477fc63d6fe091956f41d3bbda11a3873823aaadc11a53eef103ebde0f,2024-12-12T00:40:30.493000 -CVE-2021-33133,0,1,b5d99e12369fb18f9a56b88d2c20ddbd77f41725eac0acdc71e7b6d5d23caa98,2024-12-12T00:40:30.537000 -CVE-2021-33134,0,1,ae2345582279da20cd0986a28253639d75ce445db823c9f0d06a826df686880f,2024-12-12T00:40:30.580000 +CVE-2021-33131,0,0,6cd304b2c286862de8a9c5fd312c8e06de74f5567ad6aded5cdbb1377b933d35,2024-12-12T00:40:30.450000 +CVE-2021-33132,0,0,3e514c477fc63d6fe091956f41d3bbda11a3873823aaadc11a53eef103ebde0f,2024-12-12T00:40:30.493000 +CVE-2021-33133,0,0,b5d99e12369fb18f9a56b88d2c20ddbd77f41725eac0acdc71e7b6d5d23caa98,2024-12-12T00:40:30.537000 +CVE-2021-33134,0,0,ae2345582279da20cd0986a28253639d75ce445db823c9f0d06a826df686880f,2024-12-12T00:40:30.580000 CVE-2021-33135,0,0,87fc6722c1ab2e2e9ebbbf1143ce5884f196d0dc4915060390451b264289b857,2024-11-21T06:08:24.300000 -CVE-2021-33136,0,1,4bb5e26419f287cee6bc938a6ae8f64bde24a559c74d6654b4b05ddfe08ded82,2024-12-12T00:40:30.667000 +CVE-2021-33136,0,0,4bb5e26419f287cee6bc938a6ae8f64bde24a559c74d6654b4b05ddfe08ded82,2024-12-12T00:40:30.667000 CVE-2021-33137,0,0,4b875561d3c6f02dbf99201a8b1c98b0ffa200d23521c6999589e4081b990adf,2024-11-21T06:08:24.450000 -CVE-2021-33138,0,1,8344de3643cbafebbeebe047374b7cf4387c8a85ecc8dee6cdb12c54103d64f7,2024-12-12T00:40:30.757000 +CVE-2021-33138,0,0,8344de3643cbafebbeebe047374b7cf4387c8a85ecc8dee6cdb12c54103d64f7,2024-12-12T00:40:30.757000 CVE-2021-33139,0,0,b322fe75d324c8ecd77ada43debc8bb457eb8f361d853236f1f497d538f882fc,2024-11-21T06:08:24.607000 CVE-2021-3314,0,0,6a3d8aa71e0e9e1cd9ab9738a0e3560017a731456e04519a9aec54a931048463,2024-11-21T06:21:16.247000 -CVE-2021-33140,0,1,da12f25842bb38605887cda6a67163b7b0eb4dce4a5432fb4176ebb809eea479,2024-12-12T00:40:30.857000 +CVE-2021-33140,0,0,da12f25842bb38605887cda6a67163b7b0eb4dce4a5432fb4176ebb809eea479,2024-12-12T00:40:30.857000 CVE-2021-33141,0,0,020ac1f0766d100797cb40d6b1c8d68160bc01661f31ad52898b01b5d47f9138,2024-11-21T06:08:24.773000 CVE-2021-33142,0,0,5187f9940fdf90296777098290ef869aedc51179f2c9458499bb9da6cc4de789,2024-11-21T06:08:24.900000 -CVE-2021-33143,0,1,bf802259642d2d44100eccca38aed912f7f9a5390cc3c0e81c08b6342cb78269,2024-12-12T00:40:31.017000 -CVE-2021-33144,0,1,aaf789627084c1cbb7381c8059bf780d1de80f9697e5bc278ceaef07fe23dfed,2024-12-12T00:40:31.070000 +CVE-2021-33143,0,0,bf802259642d2d44100eccca38aed912f7f9a5390cc3c0e81c08b6342cb78269,2024-12-12T00:40:31.017000 +CVE-2021-33144,0,0,aaf789627084c1cbb7381c8059bf780d1de80f9697e5bc278ceaef07fe23dfed,2024-12-12T00:40:31.070000 CVE-2021-33145,0,0,f30703e460cecd2a7fd096a4e5d6cd2ea906e7c796d66cc196833f63d15223ab,2024-11-21T06:08:25.090000 CVE-2021-33146,0,0,ac08e7a29557d165880aac6473f049324da08e6527fcc7ee6e52e5b0da06b871,2024-11-21T06:08:25.220000 CVE-2021-33147,0,0,3b377e7eac4449580720fa280f4835939c76a33724238ff36d0e0e24ec370c3d,2024-11-21T06:08:25.353000 -CVE-2021-33148,0,1,2f50006cb0ff3c622ae0a9632bbf10dc36ff69777e43cb51651b6560b390709a,2024-12-12T00:40:31.263000 +CVE-2021-33148,0,0,2f50006cb0ff3c622ae0a9632bbf10dc36ff69777e43cb51651b6560b390709a,2024-12-12T00:40:31.263000 CVE-2021-33149,0,0,49d3f40e578dfca0d90cf8b3c649f24b12fadff6818b3092e742cc3fb7310f37,2024-11-21T06:08:25.510000 CVE-2021-3315,0,0,909ede1a8c43cdb0f23ac03e06a76c19cf8dd22ff2d31e55e5f70a708763ebd9,2024-11-21T06:21:16.420000 CVE-2021-33150,0,0,2cf2135f7a96a5d4e2a7a72ce42be0733920ef7cc95d8facd28f49cee487ca44,2024-11-21T06:08:25.633000 -CVE-2021-33151,0,1,28abe79ade9082e7d82d14013c350de9c5a0202b1a6f75a3ee18dda1844084b6,2024-12-12T00:40:31.397000 -CVE-2021-33152,0,1,67e58635a57837b49cde563625bd9f7cc3e9142bf3f8b1b74c462c2ec7a64f08,2024-12-12T00:40:31.433000 -CVE-2021-33153,0,1,94d556c45061a77c9848b751d664e31e77cb92d3ad0a710afa89ac8f213ee8f9,2024-12-12T00:40:31.477000 -CVE-2021-33154,0,1,199848332c95cefead85d7e2f4a77481b42d4c80661608c19e5533d820471e0e,2024-12-12T00:40:31.520000 +CVE-2021-33151,0,0,28abe79ade9082e7d82d14013c350de9c5a0202b1a6f75a3ee18dda1844084b6,2024-12-12T00:40:31.397000 +CVE-2021-33152,0,0,67e58635a57837b49cde563625bd9f7cc3e9142bf3f8b1b74c462c2ec7a64f08,2024-12-12T00:40:31.433000 +CVE-2021-33153,0,0,94d556c45061a77c9848b751d664e31e77cb92d3ad0a710afa89ac8f213ee8f9,2024-12-12T00:40:31.477000 +CVE-2021-33154,0,0,199848332c95cefead85d7e2f4a77481b42d4c80661608c19e5533d820471e0e,2024-12-12T00:40:31.520000 CVE-2021-33155,0,0,b7cfe5cbe10bf4e27d0722114fe890825c53daea086b17a508616ff5fe3bd4fa,2024-11-21T06:08:26.010000 -CVE-2021-33156,0,1,d9d81ae8e2ec4c34dff373442fd49efb5e51d4676815213ad124e75b5fde8027,2024-12-12T00:40:31.597000 +CVE-2021-33156,0,0,d9d81ae8e2ec4c34dff373442fd49efb5e51d4676815213ad124e75b5fde8027,2024-12-12T00:40:31.597000 CVE-2021-33157,0,0,bd8d8145a108b2bebd763d1cfd1bb5592f5f30060dc6137d8c0761abc98284c3,2024-11-21T06:08:26.190000 CVE-2021-33158,0,0,4085ff3eae8493e2435a4680ef84c2ea3e03255a1b6dc0b6b7c2aa8105c72cf7,2024-11-21T06:08:26.310000 CVE-2021-33159,0,0,a01b5bafb19b0f135d240ee9c27efeb8ad34f5e0434e3d254cf4ebaaeb587085,2024-11-21T06:08:26.420000 -CVE-2021-33160,0,1,d843dc60b700a48662dd844c02fc22975a41da4d0767bc663e20131d09f63c20,2024-12-12T00:40:31.770000 +CVE-2021-33160,0,0,d843dc60b700a48662dd844c02fc22975a41da4d0767bc663e20131d09f63c20,2024-12-12T00:40:31.770000 CVE-2021-33161,0,0,a2ea5d477a36cb82a3a68c0bada71ebcef578b9884f755153465fca1afeb0f86,2024-11-21T06:08:26.587000 CVE-2021-33162,0,0,b08afceaca310f5fcced287aa2c43b2c76e6dd7bf65b62bb25118f416daa4448,2024-11-21T06:08:26.710000 -CVE-2021-33163,0,1,c9fc58f762714afbc3991c1ce34504d633ee5204b01d9ac63270b5d8c5e0a5e7,2024-12-12T00:40:31.917000 +CVE-2021-33163,0,0,c9fc58f762714afbc3991c1ce34504d633ee5204b01d9ac63270b5d8c5e0a5e7,2024-12-12T00:40:31.917000 CVE-2021-33164,0,0,1519ee29c5c70b4a103201a1a15012c2aca3ef185dfeb781893145581ea67131,2024-11-21T06:08:26.870000 -CVE-2021-33165,0,1,5dadc020983e7ee7cc0260035fcc6bc707a4673bc991d2c9be486a30f469dc63,2024-12-12T00:40:32.010000 +CVE-2021-33165,0,0,5dadc020983e7ee7cc0260035fcc6bc707a4673bc991d2c9be486a30f469dc63,2024-12-12T00:40:32.010000 CVE-2021-33166,0,0,868a9b9dce56e0397c41c97cd5dfaed00a1d1337203a32b7dc033814c644da5c,2024-11-21T06:08:27.037000 -CVE-2021-33167,0,1,f3fe5f093d7d18e7a48b9f7884ffe3af79a6fe3392e9862731db4921c83b765f,2024-12-12T00:40:32.090000 +CVE-2021-33167,0,0,f3fe5f093d7d18e7a48b9f7884ffe3af79a6fe3392e9862731db4921c83b765f,2024-12-12T00:40:32.090000 CVE-2021-3317,0,0,bec09b757fa0100a814babe8831676461ed551a784ecc358deab4d004754983e,2024-11-21T06:21:16.607000 CVE-2021-33175,0,0,95b5a1089971a3f797603c2484b1a00cb90ff15f5355fda62292dd41e31b545c,2024-11-21T06:08:27.247000 CVE-2021-33176,0,0,653f421bc7c111e4ee143ab64ece19a1da343f5d5a731ba33625b29af5e02f81,2024-11-21T06:08:27.377000 @@ -180048,7 +180048,7 @@ CVE-2021-37401,0,0,c71e4deac7fe77ed8c0d0fef4d19628974c4005d7a8b68bbd24b6e67f6734 CVE-2021-37402,0,0,c0c9aee299adc056ebd1c52252b35eb5e3e4795ae9ecbfeb972a1a41b7a15cf9,2024-11-21T06:15:05.403000 CVE-2021-37403,0,0,1b764e08c0158edb62a4711ebdf8b0efc6728e085337eccf82042af2a895c7a1,2024-11-21T06:15:05.613000 CVE-2021-37404,0,0,0cbcee0a2fb62f0c0b4e605dcb58f0a856445aece950f320fa973917685b76e6,2024-11-21T06:15:05.910000 -CVE-2021-37405,0,1,15f063185253ab9f0273c82b364260f30e5a15e5ba71bee90e8e65308977a62b,2024-12-12T00:42:55.260000 +CVE-2021-37405,0,0,15f063185253ab9f0273c82b364260f30e5a15e5ba71bee90e8e65308977a62b,2024-12-12T00:42:55.260000 CVE-2021-37409,0,0,4922c7f8de9be19fc8dd3222e4edaa007fc88467971c26e82c64412fa35fce94,2024-11-21T06:15:06.103000 CVE-2021-3741,0,0,89d448344188605b3980f8549d91c3f992952972913c4a200b3f67f78a39f572,2024-11-19T17:07:38.267000 CVE-2021-37412,0,0,c35f96fabac3273d864a23de95c3576c1c4062c8b745dc0650469d23102874ba,2024-11-21T06:15:06.250000 @@ -181173,7 +181173,7 @@ CVE-2021-3884,0,0,676c4eefc5ff9d11a68e6ffe693ffb85528b9da0ddc286b37251fd79c35aca CVE-2021-38840,0,0,42da19012d8a86c89bf0aff92ecb0ed7f9908c8a787c963d95529ef082417ed2,2024-11-21T06:18:05.603000 CVE-2021-38841,0,0,18ab1af6dfb211659f5485d35a293f361c44313cd83b6f6542925f7197fa3a31,2024-11-21T06:18:05.807000 CVE-2021-38847,0,0,d48ef8371f093fa1ffed95b1d8b2b8cdcdf6db880372c289938e712289b6612a,2024-11-21T06:18:05.990000 -CVE-2021-3885,0,1,465dfcd0efe2b8732b7fc2c43f13cc9553111c2ad768cab4a44eb1d97898d5e5,2024-12-12T00:45:16.100000 +CVE-2021-3885,0,0,465dfcd0efe2b8732b7fc2c43f13cc9553111c2ad768cab4a44eb1d97898d5e5,2024-12-12T00:45:16.100000 CVE-2021-38859,0,0,d1295fbc3f55a45c4e22e211e3813589593f61b3c209301e9c70e42b1fca78f6,2024-11-21T06:18:06.190000 CVE-2021-3886,0,0,541b9faeaeb144d7df1a208f4f6cd55c7c390e63913f4dedac79f28426fd5468,2023-11-07T03:38:22.643000 CVE-2021-38862,0,0,1043c053e78c88dfdda5fe3427283ce99a3947740cf992f9085ca0b3ae584c23,2024-11-21T06:18:06.377000 @@ -183611,17 +183611,17 @@ CVE-2021-41848,0,0,c21f97ab88c06c48264272068b904d9d3dddb4d5c06f8bddf42476b612d36 CVE-2021-41849,0,0,239026552f98af63cd5dffc6ea721b80d94e7394dfc280b969253af26c3c3b2b,2024-11-21T06:26:54.027000 CVE-2021-4185,0,0,d8922b4f5d05e186a82dcb7809618fdf3ab0519a888924b601a8eb2da402b7ee,2024-11-21T06:37:05.767000 CVE-2021-41850,0,0,d944d7c6576f040a6c51a22bddd5c9dc2363b6f8b77cecf3fbbf3584793df357,2024-11-21T06:26:54.183000 -CVE-2021-41851,0,1,32cceeb5da196359c4f32da04462d5030ad9b26f01fa744628f5da53f79ece0d,2024-12-12T00:46:32.390000 -CVE-2021-41852,0,1,08a07513ba2e3033879b4d41f4bd49d1c7170631b34fc8071f3fec13b8bc87b7,2024-12-12T00:46:32.440000 -CVE-2021-41853,0,1,86ef059d18c4abe73cac07c2c6bfc95fc86f865508fd2f1a59ad0207268c6735,2024-12-12T00:46:32.490000 -CVE-2021-41854,0,1,4ff8aa7b5e46504d8fbcff36101d57a1d2bf5948775ddd94c045b73ca7d0cd4f,2024-12-12T00:46:32.533000 -CVE-2021-41855,0,1,037b8bf314160090e1abbc38d402eca33e8e973f7f089808e019f5f96916b233,2024-12-12T00:46:32.573000 -CVE-2021-41856,0,1,feb395fc016997c4d9502bd36963291f776c6a60bdd304cf98deda21a48ab660,2024-12-12T00:46:32.617000 -CVE-2021-41857,0,1,c2ec466066c3946d74c21e37668a3262b95b6abc341ba98d7a7a802ed0d29d91,2024-12-12T00:46:32.663000 -CVE-2021-41858,0,1,0319b0e412378abb23b7a247d303721d38e55d82fe52e026775aa28af66e262e,2024-12-12T00:46:32.707000 -CVE-2021-41859,0,1,437896ce3db761d56c5183c38dabb51fafdee068fb7d14a7ba966eb7835f08c3,2024-12-12T00:46:32.750000 +CVE-2021-41851,0,0,32cceeb5da196359c4f32da04462d5030ad9b26f01fa744628f5da53f79ece0d,2024-12-12T00:46:32.390000 +CVE-2021-41852,0,0,08a07513ba2e3033879b4d41f4bd49d1c7170631b34fc8071f3fec13b8bc87b7,2024-12-12T00:46:32.440000 +CVE-2021-41853,0,0,86ef059d18c4abe73cac07c2c6bfc95fc86f865508fd2f1a59ad0207268c6735,2024-12-12T00:46:32.490000 +CVE-2021-41854,0,0,4ff8aa7b5e46504d8fbcff36101d57a1d2bf5948775ddd94c045b73ca7d0cd4f,2024-12-12T00:46:32.533000 +CVE-2021-41855,0,0,037b8bf314160090e1abbc38d402eca33e8e973f7f089808e019f5f96916b233,2024-12-12T00:46:32.573000 +CVE-2021-41856,0,0,feb395fc016997c4d9502bd36963291f776c6a60bdd304cf98deda21a48ab660,2024-12-12T00:46:32.617000 +CVE-2021-41857,0,0,c2ec466066c3946d74c21e37668a3262b95b6abc341ba98d7a7a802ed0d29d91,2024-12-12T00:46:32.663000 +CVE-2021-41858,0,0,0319b0e412378abb23b7a247d303721d38e55d82fe52e026775aa28af66e262e,2024-12-12T00:46:32.707000 +CVE-2021-41859,0,0,437896ce3db761d56c5183c38dabb51fafdee068fb7d14a7ba966eb7835f08c3,2024-12-12T00:46:32.750000 CVE-2021-4186,0,0,dd0c71f3d57620e28a7a179648c9f35b8f17eb072720f6e3c8eb8d994bd97d5d,2024-11-21T06:37:05.960000 -CVE-2021-41860,0,1,1c47fa7c57219d9a3b0c9c32e54e69e66db51165fc5df955d644d4d51083b703,2024-12-12T00:46:32.800000 +CVE-2021-41860,0,0,1c47fa7c57219d9a3b0c9c32e54e69e66db51165fc5df955d644d4d51083b703,2024-12-12T00:46:32.800000 CVE-2021-41861,0,0,f1ed73d33502def3e66a0250b90fbb4a5bddafa44b0ccbad02d8695e49c79bbb,2024-11-21T06:26:54.747000 CVE-2021-41862,0,0,4f62dc8a40a0ee67f93c2ff6fd72e8f11e0e337fc5573493cbb9c53f25a0068c,2024-11-21T06:26:54.893000 CVE-2021-41864,0,0,2f087a92c676bab39708c4af4af035bdac09d3fe728ca75e4418cecb1988598d,2024-11-21T06:26:55.027000 @@ -184640,7 +184640,7 @@ CVE-2021-43339,0,0,4f77a94ed3d0da5738a342e29b8d6ec4531a5c3698f41acca4b646ba2949f CVE-2021-4334,0,0,72152454498bc700f241bb907d29e60a462e9365ecc4f5c7651b849c517d9a93,2024-11-21T06:37:26.650000 CVE-2021-4335,0,0,09097caaff3926158e7866f15414bc3611ceb898c0d4f4588c22f62237753af6,2024-11-21T06:37:26.793000 CVE-2021-43350,0,0,ad4cef3713ac2e538f3d9307e4e0f78d8c85a84f2529f016d5629a8bae389689,2024-11-21T06:29:07.007000 -CVE-2021-43351,0,1,95dda99b7120ad5efd9c40401a49495666792299a01e30a451e943ceca37853c,2024-12-12T00:47:22.733000 +CVE-2021-43351,0,0,95dda99b7120ad5efd9c40401a49495666792299a01e30a451e943ceca37853c,2024-12-12T00:47:22.733000 CVE-2021-43353,0,0,fea6bf5bacf4d2a1877e817f662e2076c66996ba38982472a8680d5d9a14b384,2024-11-21T06:29:07.180000 CVE-2021-43355,0,0,bf7355e8f081bfa580d6bce404b83dedb9e73618ac66533f1c390e9466c49d38,2024-11-21T06:29:07.330000 CVE-2021-43358,0,0,5c44c79e37626804e628ab7e9c8cfdc5de9fbe5c6965c1724434b350975e28ef,2024-11-21T06:29:07.480000 @@ -185498,7 +185498,7 @@ CVE-2021-44450,0,0,b94c1a907c27e587026a3d081e63e8ef179b853736b022f967aa7ae98779f CVE-2021-44451,0,0,1c84a549f4c7a0b5e257185c51135142c4e10920542577090af02c3338d6b4e4,2024-11-21T06:31:00.580000 CVE-2021-44453,0,0,c4ae56429ec732dcc97cedc93287c56bd50644b06922fcc3e2eab806748296b8,2024-11-21T06:31:00.720000 CVE-2021-44454,0,0,8cb2942a043a1063ea371b5e6903989f417ce41387aa7165dd0533424127bafa,2024-11-21T06:31:00.850000 -CVE-2021-44457,0,1,065f8855dd2e35bb6c605d46446c66573c4d8067a5cfc2f29a95808960209996,2024-12-12T00:48:05.837000 +CVE-2021-44457,0,0,065f8855dd2e35bb6c605d46446c66573c4d8067a5cfc2f29a95808960209996,2024-12-12T00:48:05.837000 CVE-2021-44458,0,0,6ef09f2079047621cd881186785cea0b72efc0199c412a7e898aecfdfa807fb0,2024-11-21T06:31:01.017000 CVE-2021-4446,0,0,bb8188348a1153a7d53c7eff8b959b490e30e428d550899029617f73adf92960,2024-10-16T16:38:14.557000 CVE-2021-44460,0,0,a69e89211633952e61608b5a9514bf5af38fbb780ec06e9ace0705cfaf6c9f48,2024-11-21T06:31:01.170000 @@ -217812,7 +217812,7 @@ CVE-2023-23452,0,0,7794609a7c92177d4b5f8d1512ca49423e2185c448c370f7f3280eaf0660b CVE-2023-23453,0,0,04f3407a1aad9a40c2fb62291a56f14898581ac442d9f9aac1f99c295964ebcc,2024-11-21T07:46:13.790000 CVE-2023-23454,0,0,17508cb1e4954dff4fe359b63cd793535c5eb6e9ab057c38dcf9e40f67ea5f5f,2024-11-21T07:46:13.913000 CVE-2023-23455,0,0,bccc3b4c3dc9a1fa58f316f1ea309499a8a108862fc3643350f262ed37959ca5,2024-11-21T07:46:14.060000 -CVE-2023-23456,0,0,5f6ba83aa6ec8878789cfe94ca72b8dfb796120b1bed24c27a4611d8af20d21a,2024-11-21T07:46:14.223000 +CVE-2023-23456,0,1,8fa4a5d56d9209dd58b00b8d725524663c8501554fb2f87038ef80179f9ad719,2024-12-12T01:15:48.337000 CVE-2023-23457,0,0,b8210c205a09cf5397de58e97722e58cefa9d4bc93ca2bd9c9d8d9394a4d203c,2024-11-21T07:46:14.360000 CVE-2023-23458,0,0,d3f7761c2ee13515fd4ca6ff09345f2fde9e4b66c23b7c6638b9d1406092bdce,2024-11-21T07:46:14.480000 CVE-2023-23459,0,0,24b4de90c5aa3ff773e6109203500a3c4f9a57ac3a380093739ae389909e2548,2024-11-21T07:46:14.607000 @@ -218341,7 +218341,7 @@ CVE-2023-23986,0,0,153d4ed52ed46b2bf1b03f1e43aa1bfffe04b962f008f5899a94c4fdb0060 CVE-2023-23987,0,0,321012c2c457c78dcda0fb780073a99fb84973f993e37039e2dd33e4933fed99,2024-11-21T07:47:12.837000 CVE-2023-23988,0,0,4aea36b2679f4014d0083d8b04fc38185e89979c524099b1ac9a511750c3a025,2024-11-21T07:47:12.957000 CVE-2023-23989,0,0,95280ace9ebd55b1cabb079557f1d6bf59f494394b55ae3115bfab0c0fa65376,2024-11-21T07:47:13.063000 -CVE-2023-2399,0,0,7d41c6bbdc4c4ed4cdfe2b7887e0503b9375779c9924f3766cc64aae64303c54,2024-11-21T07:58:32.500000 +CVE-2023-2399,0,1,5c184912df53327365010616054c11e3fd62531778234ed45cd2ec5d7e0814f1,2024-12-12T01:20:24.127000 CVE-2023-23990,0,0,95b4b5ee16b8689e4d65eaa5aea125c60466e8e369045431db7a68c6fb1d753b,2024-11-21T07:47:13.170000 CVE-2023-23991,0,0,ac4759d40466fe8da706a2cc345447ef31394f21ae3872854a6aad8f9a52d06d,2024-11-21T07:47:13.273000 CVE-2023-23992,0,0,738e82644c19f960be91bbc7d0275bb3778fe12fbc68efdee6adc868080a60eb,2024-11-21T07:47:13.397000 @@ -219375,7 +219375,7 @@ CVE-2023-25264,0,0,2610d9b0200f89f1533e61a73d97d3ca4968e7fb5865b80d7dc66d773cd6e CVE-2023-25265,0,0,5f5ef04a6c09628b350029f5be3f3d8bc401eb158442b7c9069fcc5a728f700d,2024-11-21T07:49:22.303000 CVE-2023-25266,0,0,a7a424dee66184245367649bf5db85fe3a024b5d141ab2b24100e5586bc08044,2024-11-21T07:49:22.433000 CVE-2023-25267,0,0,4259de3326950cd8e26ada70276d9aaf3cf4cb092f4dc89828c70d495046b4c7,2024-11-21T07:49:22.563000 -CVE-2023-2527,0,0,f379996a107e33c8d6507ff1381f51e8438fbe41182ee7b5dc7d015460798213,2024-11-21T07:58:46.827000 +CVE-2023-2527,0,1,b628c7086a29a9183da8f9f64491e1f494424d1684e0e71a944098c3e46be700,2024-12-12T01:20:30.213000 CVE-2023-25279,0,0,e8a25b9696c75d1401393e4e4625f800e5cc193bffed7af63d954bf69cab9e8a,2024-11-21T07:49:22.700000 CVE-2023-2528,0,0,7354ad96239bf796c6cbd6ba58728972cb6fb7255bae028f505e752f2e6ec6aa,2024-11-21T07:58:46.940000 CVE-2023-25280,0,0,a79c3cb01158c75cebb6ca46dbda57415199643ec1f65d6581773efff9df270f,2024-11-21T07:49:22.837000 @@ -220466,7 +220466,7 @@ CVE-2023-26536,0,0,d675d29e7114a8ee4527e0c5dbf1d0b0683804a85bc8517eaf87c416104c3 CVE-2023-26537,0,0,d6ce818632b5de9982b70a6fb14ca260c5c98a1b9960662a7f12337cd36e13a3,2024-11-21T07:51:42.180000 CVE-2023-26538,0,0,1b25f1778c45c9cc4dfc9c650a9efa235924f3931720d22e9c4a017afeb629a9,2024-11-21T07:51:42.303000 CVE-2023-26539,0,0,d049ef22bfab21dd45999da9224499b25e2a09956dc5e456d550d81fa8ac3b43,2024-11-21T07:51:42.423000 -CVE-2023-2654,0,0,9d93fb578a5bd171681d95a15e2457e31b75af1f8e84a50e6ffe7135de679f3a,2024-11-21T07:59:00.813000 +CVE-2023-2654,0,1,0ba28c5559272db63ee98c4d22b2519b7dcc3d7f71a7b8b9512139048e2f5471,2024-12-12T01:20:35.933000 CVE-2023-26540,0,0,8595cb7cba458f1a4242a35aef3f4103ab7718be72d4deaa55c1746b42180897,2024-11-21T07:51:42.533000 CVE-2023-26541,0,0,e6b9f95e561232a510cf659852b84a988c87860c6c579b14d4a7bcaf9a635f4b,2024-11-21T07:51:42.633000 CVE-2023-26542,0,0,10a144eb0641786e30932422d1d6bf676da8ff4d2e8f67c27f9a775a5a447fed,2024-11-21T07:51:42.750000 @@ -221125,7 +221125,7 @@ CVE-2023-27505,0,0,e9414eedc226150fb0bc76b73ea09cad96b9cad41e53e5a14174bcec3a971 CVE-2023-27506,0,0,c67ffbc0a2ef6d9e4c781ab5d0b1f865bcbb541bfbbb1a3e6167bba2babb0c19,2024-11-21T07:53:02.857000 CVE-2023-27507,0,0,d212027721cbcd9742fad26a49808d345c2144b49a36319d4ac08fd0d29b7cb7,2024-11-21T07:53:02.993000 CVE-2023-27509,0,0,cfa719798081e3abb1671501052e27fd46f2e54b1f87245801600aadd7df048d,2024-11-21T07:53:03.743000 -CVE-2023-2751,0,0,d6bbafa7896e502eebcffad69a173193afec6679a39253cd3988c2563f849f96,2024-11-21T07:59:13.363000 +CVE-2023-2751,0,1,935ca6acf60fe5a752c3b3927a722efa9fc1ec980f0bd7b1b523331ca22160b9,2024-12-12T01:20:40.913000 CVE-2023-27510,0,0,6f959761032f230455e8bf272eebaab9228d33fdd1038574e4ed1d2c95e2943b,2024-11-21T07:53:03.877000 CVE-2023-27512,0,0,25209505182de0dc1de45b47cf57db0abc13b19730e87c50fc22c314cf5305d6,2024-11-21T07:53:04.003000 CVE-2023-27513,0,0,c9fbd584e51c51b70e2e0cc07b756cefd3914b4ced409ad8d42a8da7c34f791c,2024-11-21T07:53:04.147000 @@ -222790,7 +222790,7 @@ CVE-2023-29344,0,0,aa9a273c7d2a522ac37d5ad0cdbeaae05813b658602af8017f63cb8a17b4f CVE-2023-29345,0,0,7c29009016e8a026a8e1f24105ad7c3d701ae24b8a89f17bb01d2e1b5bdc866d,2024-11-21T07:56:53.997000 CVE-2023-29346,0,0,9fec9678f6f849fcd1dcd7b229832f02e19eaf4372492fefe24a8743ad6da639,2024-11-21T07:56:54.103000 CVE-2023-29347,0,0,7540a8b8428988d01d75207c6801c8a4498852058d52dd035965bc8e2062d910,2024-11-21T07:56:54.247000 -CVE-2023-29348,0,0,ba177fd03006de02a0fa990934b78dce5ef5711625efd01a9c34970494ac2159,2024-11-21T07:56:54.360000 +CVE-2023-29348,0,1,cde6c9d0d1c4a590530eacdeaf218fbd357f360dae86b83faf7599fdfa227cbf,2024-12-12T01:19:43.200000 CVE-2023-29349,0,0,68f1fee57235f288caf20ce8e4d0f85f5f33cf9c2891304252a1903ff58cce8f,2024-11-21T07:56:54.493000 CVE-2023-2935,0,0,a1f830d805349a093c6cdeb2502a942677ce9d486e83c5e09da994318fabaf74,2024-11-21T07:59:36.050000 CVE-2023-29350,0,0,58576b3ef290c8abd9f91b3783fa25e4662c39ebc911e30bdc1f48f81e9908cd,2024-11-21T07:56:54.610000 @@ -224226,13 +224226,13 @@ CVE-2023-3134,0,0,b41055d7bc0dc4c054369608e6a2b8131a42873b85a487dd8d397c15935034 CVE-2023-31341,0,0,f11351f64d6c074bb20e27f377d305110c044439e0f7ce3705332015f39ca466,2024-11-21T08:01:46.530000 CVE-2023-31346,0,0,0f3aef9cb82d734f42dadff61934c6e7356f408812c277f7c7dc139cdf72f4ea,2024-11-21T08:01:46.650000 CVE-2023-31347,0,0,40bd095adcf20e32bd278c5ac69186bfbd901c6c106b24da3be411afb7fb0f7e,2024-11-21T08:01:46.837000 -CVE-2023-31348,0,0,1a3486380e50f76a445d391370e4805d98ed6ff38802308c1313b3e7b10cbf98,2024-12-03T18:46:38.467000 -CVE-2023-31349,0,0,bba5c58401546853f0e31eb0c8f3a091ae43f3f0fcdd313b2330d0e9a09e883b,2024-12-03T18:37:37.340000 +CVE-2023-31348,0,1,36de6f4439a3c352fc026755e75a90df41c385c2a4dc4700523138475af8101f,2024-12-12T01:21:40.110000 +CVE-2023-31349,0,1,71bf4a5703aad3a9f91fdab88a68f528b7c5cf5a77563430c2326a8beb20b035,2024-12-12T01:21:40.263000 CVE-2023-3135,0,0,5525abaed0951618afc57f6ab0cf7d86c246aa704e41354313c6c2430b9e4078,2024-11-21T08:16:32.173000 CVE-2023-31355,0,0,69aec8bfd9cbbdf6fccaa5a3f23ea5d697dcae13123e85a3c8dc9b60288b0210,2024-11-26T19:10:21.797000 CVE-2023-31356,0,0,893e97f999eb330aff79e73227c475717b30c28ede3be37575f389ac67bd4a20,2024-10-30T19:35:03.503000 CVE-2023-3136,0,0,0082a969c34110c3bc77819ecd8198dbee6358cca1ed9acd2e0be2b757fea739,2024-11-21T08:16:32.297000 -CVE-2023-31366,0,0,3024397a0d4aae2ef43f623686a8e01fdf5340c2590abe5ed9b21fc83aaebfed,2024-12-03T18:30:25.240000 +CVE-2023-31366,0,1,56cd8c4cc52708368ee480d321d1f65851f6a7388955145eeaa175ee61128e00,2024-12-12T01:21:40.487000 CVE-2023-3138,0,0,b298f529d2a3adebec7ac1cc8020248642c5a82f64af3207c99b824b1fec255e,2024-11-21T08:16:32.423000 CVE-2023-3139,0,0,03ea8a2258a8de6878e7a0f261295c025d834e2372e626fe4f26aa4f86b80726,2024-11-21T08:16:32.563000 CVE-2023-3140,0,0,ac15ba0ad8e32466189116c4890afe997ed236059def621005affbe2ceba36b0,2024-11-21T08:16:32.700000 @@ -226441,17 +226441,17 @@ CVE-2023-34154,0,0,eafc3fe079370e37ff7df7a88839f07e4ee2c129fb8876ca3732c82414e74 CVE-2023-34155,0,0,18a874ed9abba05c434db529ec7798f406b89d3d8e8e89da1e2b9234231fa020,2024-11-21T08:06:40.070000 CVE-2023-34156,0,0,4c845fbd22b69141a935a522b35d529a55435ffb60a88eb49c84b4b571143225,2024-11-21T08:06:40.190000 CVE-2023-34157,0,0,de3af443fb8981ce3e7b6cb3d0ef43a69013ee706865d66bc7dda2cff6f49fcb,2024-11-21T08:06:40.310000 -CVE-2023-34158,0,0,7699bc5a2175a6b76f4476b40e9a041769ee9b54430e4b2478c42d4b94fcdd18,2024-11-21T08:06:40.440000 -CVE-2023-34159,0,0,c922edf782010f4f6c654859f4c8773de90122937cab80650a0213db84e0d048,2024-11-21T08:06:40.560000 +CVE-2023-34158,0,1,465d4f6bcb385d1ecb951edb986565a3191e83a136de19f8adf0473d8fe0f9c8,2024-12-12T01:23:28.070000 +CVE-2023-34159,0,1,6f67b15aab8da28d8b6be0656e1bc2292d18166a3e8bfa37b8e7f98c4a48fafd,2024-12-12T01:23:28.263000 CVE-2023-3416,0,0,01effdd1f37bbe08145e97dded5c6c6399900e8c4ea201e1d945ad02a0134642,2024-08-19T12:59:59.177000 -CVE-2023-34160,0,0,5f26f7847f64d5467ec4bbf1b617875c9e1f87fde2cf0d63914e22abd6756feb,2024-11-21T08:06:40.673000 -CVE-2023-34161,0,0,69eb71ca1b96fbc1d2f2a14141a8affefe66382466ffaf72e83f449c5ece2ee2,2024-11-21T08:06:40.790000 -CVE-2023-34162,0,0,12c942712cf53556b45a7bf3459632d9fda1d8e0347a646908a8c367e217e889,2024-11-21T08:06:40.903000 -CVE-2023-34163,0,0,0c763761fc083cc4365a5b9ac184fbcc418019958e14439d7ad960ffe4adae06,2024-11-21T08:06:41.020000 +CVE-2023-34160,0,1,5a48a12daa267a0f042511df6e66c2a7d9bdfe4cd733be278bed75b1dcffc430,2024-12-12T01:23:28.410000 +CVE-2023-34161,0,1,527e0f799706c699ce971c6feb5109fa7d9b657a68256fa48206e3cf19f2df22,2024-12-12T01:23:28.553000 +CVE-2023-34162,0,1,794c2be67e123d84b5d4bac0eed815e170a0a937e59a65e73999c37329ded3d4,2024-12-12T01:23:28.713000 +CVE-2023-34163,0,1,3512c88817915e0d4882b331c3ed63e62e84a3fc9b73c67c46bafa6cfb0f159c,2024-12-12T01:23:28.870000 CVE-2023-34164,0,0,89e59cda1916187794a85dbade98408dde98471825f81ced11fc10058ba00e01,2024-11-21T08:06:41.137000 CVE-2023-34165,0,0,fb1bcde80dd7c1b08aaa87fbf36c7ed5a88b78d0f169e9af8ab8577e10bc770d,2024-11-21T08:06:41.270000 -CVE-2023-34166,0,0,32481000c8df5036e8a45ed1015e48658c08343cc01b9c1b13b36016c19d648e,2024-11-21T08:06:41.390000 -CVE-2023-34167,0,0,5e6bfdcda04ccb81c7216be65fc215beb8db98d737e5ec581fa2a4b855583f1b,2024-11-21T08:06:41.503000 +CVE-2023-34166,0,1,e2c1b9a822e284557bd50909b86b201b7fcd4e6c1faecd44c30bc720d66dad09,2024-12-12T01:23:29.110000 +CVE-2023-34167,0,1,de919142cd02f3d7d89f1e3829d6e79cbefcb4b84fadc6c9656929a400bdda1e,2024-12-12T01:23:29.260000 CVE-2023-34168,0,0,7b9649895f96e69e585ad91de12b961d6f966d9973d55ec37eb25fc0f7254cd9,2024-11-21T08:06:41.610000 CVE-2023-34169,0,0,89033dc263fde9e3df35d41acdb1f5dff37f8ee5701d56060980f2c354e8633a,2024-11-21T08:06:41.737000 CVE-2023-3417,0,0,e5f978235163561910b4674a06bc7a93e328baafa150445bfc6a59e7498275fa,2024-11-21T08:17:13.330000 @@ -226806,8 +226806,8 @@ CVE-2023-34599,0,0,8eb90eae10f1fdda791b4322316bb5f795c8b9b949690fede5415908f63f2 CVE-2023-3460,0,0,a2dfe0da3dec68f16c25d513a0e7b39b6dfc081cb8e72dc0da261ab0ccd3ef42,2024-11-21T08:17:19.017000 CVE-2023-34600,0,0,5c67e52e6c1a53e12b549aad2f286a34d8c73ff00f68ae891351d666a0788216,2024-12-09T19:15:11.753000 CVE-2023-34601,0,0,7e0c39baeacb8effc0ace9c343609992d8f1413c5bcee0132389f9463254cd7a,2024-11-21T08:07:25.447000 -CVE-2023-34602,0,0,637b81d26caf7a6995e6ea057593c8d717a83f54e9a5b570439c4359c40a7a85,2024-11-21T08:07:25.600000 -CVE-2023-34603,0,0,585493045312271571843bf4ed21f0c883ada7ec3efd4f2c25e257f8a2406ddd,2024-11-21T08:07:25.750000 +CVE-2023-34602,0,1,742c2b10605a028793e0efeb9be43d002d27e5b6c96d6fad8ddb6c06991432aa,2024-12-12T01:23:46.137000 +CVE-2023-34603,0,1,cb08294378b8181d973cb6a4a1effa4042c25e17407b1a16087dbefd8d5f8776,2024-12-12T01:23:46.330000 CVE-2023-34609,0,0,656917283d9c5f2f0890a65687e7468657160d5ca2b071bed8144279ab6cd4a9,2024-11-21T08:07:25.903000 CVE-2023-34610,0,0,0e3f066c5e23bf3f6d4b62f2e34c43e7571133156ad572fdafca9434cdab61c5,2024-11-21T08:07:26.063000 CVE-2023-34611,0,0,687b023253523d6e78594d20204e464b5b48f1822b7ada6e96002f20770efc4f,2024-11-21T08:07:26.210000 @@ -226828,8 +226828,8 @@ CVE-2023-34634,0,0,4d870d1b6cf159dfc67a3d820a8ef87d9cd071bbe580d531e100106bb9217 CVE-2023-34635,0,0,03c8b1274583d02afaf32207e6d0f8982c9e5ad7934aa1ad7f36d3be59fbc303,2024-11-21T08:07:28.230000 CVE-2023-34637,0,0,c7423109201320468b4ed97af365f93af544b6077e3cf7e2c6596646992848b2,2024-11-21T08:07:28.397000 CVE-2023-3464,0,0,546188b9658ae7a96c5043bfc44ce08774a5e26b5cfd0c1feb95140916edbca1,2024-11-21T08:17:19.453000 -CVE-2023-34641,0,0,52039d827cb0c2a5d940ac709937e4c0d596186fe307b5ede39f97502b871b29,2024-11-21T08:07:28.630000 -CVE-2023-34642,0,0,708991964c650d75926718f4fa7ab929b1db542a95e39f884d0bf3b95f10bba3,2024-11-21T08:07:28.783000 +CVE-2023-34641,0,1,db099afb97610a00ac65848d9c947afc0685524999c0da5af4c1fff9dd0a0ffc,2024-12-12T01:23:47.527000 +CVE-2023-34642,0,1,d9f2903142ad10b1fb3742e3a179efd5d33ae7ccc01af8d638e6359f5f4a745e,2024-12-12T01:23:47.700000 CVE-2023-34644,0,0,674fd1b750dcd6ce0cf8eba48689023756f5d302f5d0c1ad5873ba0849bfc442,2024-11-21T08:07:28.933000 CVE-2023-34645,0,0,aea392309cb5e847eca9e930aaf2323fe3cefd971e9ad460058a502094d0ed4b,2024-11-21T08:07:29.160000 CVE-2023-34647,0,0,d1e795e353558b60e8ebd13ec168802a2f2b7232195ee7683ec7167a8742f4f4,2024-11-21T08:07:29.303000 @@ -226840,7 +226840,7 @@ CVE-2023-34651,0,0,359afb3ebd5b8351d70547d812047c3c132df81c152fa69273811e80dbe44 CVE-2023-34652,0,0,237e97e128caf51899f71299fb027ce462d21fbc6bb400b20aa410851f8d2550,2024-11-21T08:07:29.893000 CVE-2023-34654,0,0,41de494a025da3573e09cdee6927dddfbf9efaac72f5a515ec0f1854383cc3cb,2024-11-21T08:07:30.050000 CVE-2023-34656,0,0,e8b18d7acdb5258f3011a99a900cbe8bfa5fd0f3cc49dbc6fa2a9cf2299236ff,2024-11-27T15:15:23.147000 -CVE-2023-34657,0,0,23a8a7e64ccd908adf8104cfec1b7f3953fc8a231bafacbdb84c55b40a5956b8,2024-11-21T08:07:30.343000 +CVE-2023-34657,0,1,bf053cbd74c90a74df41d8b3ed8bc13072e5caaf7579bb0e4c3c592b27ab9b5b,2024-12-12T01:23:48.450000 CVE-2023-34658,0,0,7e79f39e62fba74cd049d08fa473d9537b089c09510e99356df90f937c1a76b3,2024-11-27T15:15:23.273000 CVE-2023-34659,0,0,858fa2fe8d0c249add88fac3a9238f14ed93d6c3e8842373bd7945246940e613,2024-11-21T08:07:30.647000 CVE-2023-3466,0,0,c6f9b26c4d1cba93f2ece5b4bb11e3e31b05b8da8c0d4c2b1e5334fc7bf27a49,2024-11-21T08:17:19.750000 @@ -227490,12 +227490,12 @@ CVE-2023-35837,0,0,d16dde5cf23fa139b9e20afbc749327489ae7168e69839b5573e70190938d CVE-2023-35838,0,0,183f211cfdb5c0b95769b09aaa0c425385e59381d55642b1813c42fff31c8a36,2024-11-21T08:08:47.637000 CVE-2023-35839,0,0,656f78752e563a12ede3b5803be9c4748192ecddd9db4c5bb9648851053668b6,2024-11-21T08:08:47.797000 CVE-2023-3584,0,0,db20d2c7ac289598080cfe7af369da1c9e2f79983a8f4444c3d60e81d4ca7c03,2024-11-21T08:17:36.207000 -CVE-2023-35840,0,0,7cc43b3e6b8c3c6036205be8c2e9a2740dfa0b09641797d086c2751fbdc5bd93,2024-11-21T08:08:47.940000 +CVE-2023-35840,0,1,e624831a4363066935d7a110a834e68ac38575c0e01300ea5243dce323826892,2024-12-12T01:24:18.620000 CVE-2023-35841,0,0,96688b448feefdee3f886ad7e073ab5791abffc33200923f5b97353a9d361275,2024-11-21T08:08:48.090000 -CVE-2023-35843,0,0,e23b0626d527bc282f29eab0cffb1471b1ca539d5ea4eee2782ac7e5f0c57f7b,2024-11-21T08:08:48.230000 -CVE-2023-35844,0,0,ed1572ef02ae56dc1697d4c8f1c8483cda4260b8857fc5d7cfeeb9d87d314b3f,2024-11-21T08:08:48.380000 +CVE-2023-35843,0,1,dff5b57208457b1b89745cf920438c5613de01bbe3ee1d2badeb3bf1bcd445f3,2024-12-12T01:24:18.863000 +CVE-2023-35844,0,1,cf91b158423bf198c9afa70e675f69635b177baf7d99836b41277e74065985d2,2024-12-12T01:24:19.030000 CVE-2023-35845,0,0,d27306b2c62cdc71dabad38882c35bced6c4ac46b373ac2c221496e40d3d942a,2024-11-21T08:08:48.520000 -CVE-2023-35846,0,0,2a1efa773f284412e48b948cdc7e6b3e0bc33da80250b83178f75d545ae0f288,2024-11-21T08:08:48.680000 +CVE-2023-35846,0,1,e68352ff2c47a4788db6ce39f9279a87220882aa1503941722c5a4e1815723c2,2024-12-12T01:24:19.260000 CVE-2023-35847,0,0,20fc4c4e648ff93a9c9c9c4278e738345b2d87a5a8a289ceedaf5ee248cd51ce,2024-11-21T08:08:48.827000 CVE-2023-35848,0,0,08b32bf543edad2fea8ef309b9b4726301644342a6ca21b807b44e017fe896f6,2024-11-21T08:08:48.967000 CVE-2023-35849,0,0,d525e07e0bab974fc47917f3ae9221e18b5c3e7316b3705b4e030f6c19ebe5f8,2024-11-21T08:08:49.110000 @@ -227906,7 +227906,7 @@ CVE-2023-36405,0,0,833744e4b4d9b9c5903c68e42fe805e51f9746e4edd8fc523e3095c12dc24 CVE-2023-36406,0,0,ff37f29dca10c9e8340321a13ff2f7c36f4923df0a45cacff6d9ac2e8d0926c2,2024-11-21T08:09:41.727000 CVE-2023-36407,0,0,00e63bd88b9dc70b2f09c1451b9bf5040bc65b0424620e92a70d91a095488ffc,2024-11-21T08:09:41.843000 CVE-2023-36408,0,0,4c813abf5135631d8ed88e67aff157867679b30b06857c632b5275ea53396883,2024-11-21T08:09:41.960000 -CVE-2023-36409,0,0,4376211fb58c18b45a37756fc2cfda3edcccc00c077832ac15f07fcee0208ece,2024-11-21T08:09:42.093000 +CVE-2023-36409,0,1,ee3690414db9cb208d9bfd21536f3cfe057e76d1b25a518db24afc63de11b93f,2024-12-12T01:24:39.813000 CVE-2023-3641,0,0,14b7a88f4d64e06f32995fdaffc7b47e7e6cd67ff6af731720714168dafcfd89,2024-11-21T08:17:43.970000 CVE-2023-36410,0,0,e49d54ed38bd2e47f0cc4e4e4db118fabbfa4b281a3f5f208e06936606222411,2024-11-21T08:09:42.210000 CVE-2023-36413,0,0,3ea73506015dc4b1f9bec5b372a8684fb86097fc39d1e1e09b53eacd0c0988cf,2024-11-21T08:09:42.333000 @@ -227926,7 +227926,7 @@ CVE-2023-36427,0,0,7d7b65fb1ecedc0c25957971a376c0665f55233092338b68ca5de65fe0f6a CVE-2023-36428,0,0,0daa254ccfe22797edb189b552309d7f8d308cbc2b13760257c7656194581b16,2024-11-21T08:09:43.867000 CVE-2023-36429,0,0,d962c1ca69422b6b22e770288216c8bf352a576b2ee33ff1a9c8648bd0702c53,2024-11-21T08:09:43.993000 CVE-2023-3643,0,0,4c1df1608263cc8030549995e896fb08abe219509705e692121442256d47635d,2024-11-21T08:17:44.260000 -CVE-2023-36431,0,0,cc0228a82e6d6fba76ca3d342297c0c6ab6da3881a229b96dd5d9caba80eccb3,2024-11-21T08:09:44.097000 +CVE-2023-36431,0,1,46437c1e60896885876e5223939efc9353da75532b8fcc3e0b198a28dfb82e3c,2024-12-12T01:24:41.270000 CVE-2023-36433,0,0,044d052bd3a0dfa762cb10da5592c4d4ca08a3484a56f6d3628ea7646e68f2b4,2024-11-21T08:09:44.217000 CVE-2023-36434,0,0,0eafe32f1c032f5f5e7c75e622076df7be65ae6e423f02ead2bf37aa3ec6de6b,2024-11-21T08:09:44.313000 CVE-2023-36435,0,0,bbe2e78eeb1b64b9a57431295ac5f742f0ba71286fa874873874a0ad06c14817,2024-11-21T08:09:44.447000 @@ -228034,7 +228034,7 @@ CVE-2023-36555,0,0,77e8002980dd5279b1eab2a2d9647a74a358b30c4e4ab4e57de272e345903 CVE-2023-36556,0,0,ad32053ae9687fead556e8963218c218f451b3bbb938a9df9f5e3df7c0d77d41,2024-11-21T08:09:55.593000 CVE-2023-36557,0,0,6865cba0e6a8115b36ee4277cf9f680688686bd4d4b691c3b4bdc0ffc1f4badd,2024-11-21T08:09:55.717000 CVE-2023-36558,0,0,d6b24cdf3005e0169b26d3e1571b29717d0e579a66d450dacf9a781f8b9c2c16,2024-11-21T08:09:55.847000 -CVE-2023-36559,0,0,c87c16155fe4eea38ec763ba269aaa13538f9d4d2f6e76e8d6e13472eca8aaef,2024-11-21T08:09:55.990000 +CVE-2023-36559,0,1,bac72d2b388d7909ee4a55391a9c04c2d4219227f814baa52e44183bb365c724,2024-12-12T01:24:47.080000 CVE-2023-3656,0,0,f930570918774958aa46e1f6bfca82256000c3ab197bcebee6918dccb4f1fa30,2024-11-21T08:17:46.130000 CVE-2023-36560,0,0,da816317c751ee57919ebac64ce332d4d30ef1436a3dcdf3c6a3093b110c2240,2024-11-21T08:09:56.103000 CVE-2023-36561,0,0,4ba8b597a417127094fee0349e109a05e685c72cfd62834f9412d306cbf18fb4,2024-11-21T08:09:56.273000 @@ -228053,12 +228053,12 @@ CVE-2023-36572,0,0,eb3066fa46f1cdb576b5ddca55cfe6b0160d263be0a4753c868ffb717be27 CVE-2023-36573,0,0,09a7d77b39a55c06df1f7d7299708ffa2d50344b42b6a1db80f6984be839c5c2,2024-11-21T08:09:58.030000 CVE-2023-36574,0,0,56c216f141ed7273e3aea477eba8f7a7903319c571b3db8435b8d52672401fbc,2024-11-21T08:09:58.177000 CVE-2023-36575,0,0,51302a868fdff18097a8a73acab10d3e6e50ad1c86ab2048fe9f1b891093317b,2024-11-21T08:09:58.320000 -CVE-2023-36576,0,0,d23a4f0a53d7b6e666e4ccda70efa2ec8e55af33ffc167ab729686a26779c9f4,2024-11-21T08:09:58.470000 +CVE-2023-36576,0,1,5fb8af0cca87fd2256d4d6d3dd23e8f3e78a2619ee5994e552443fc5913d712f,2024-12-12T01:24:49.650000 CVE-2023-36577,0,0,e50aeafe79c861d091e7057a4e84c858e731c6a359aa0fa9fd6f18815c5b1164,2024-11-21T08:09:58.613000 CVE-2023-36578,0,0,0ff8143c5a5c65144cb69b60fefece7fa8ae33ca61d56f8d26ec4eddd5eee6b6,2024-11-21T08:09:58.770000 -CVE-2023-36579,0,0,f2606416ad85d9d7491f3ee91d66be409f0c9133e3b0c877e41d06dc6f0d481b,2024-11-21T08:09:58.940000 +CVE-2023-36579,0,1,9db373cb9650d90e994e84bb77785709325f48277cc55705979a36add041705c,2024-12-12T01:24:50.247000 CVE-2023-3658,0,0,1bdfaf49a6970089ab22151be1bd030b6dbcff11fd8d50f472864a258af31fe7,2024-11-21T08:17:46.420000 -CVE-2023-36581,0,0,4ced537793e9c1bbd0246cbe886dd5761c4fc39fe4f49cb404ef0841eae32cd3,2024-11-21T08:09:59.090000 +CVE-2023-36581,0,1,038266ce2e7ce60ae77739f4585d3065136584591f5032528f12d26fba11bb30,2024-12-12T01:24:50.473000 CVE-2023-36582,0,0,17fa89a7fba58752482f8d60d13589452a956e1b0a95299a16c8963661bd30c3,2024-11-21T08:09:59.247000 CVE-2023-36583,0,0,16c68d118ea57336250d71f3b0e590b09e39662e96b8c1bbb32d494d1ce6430a,2024-11-21T08:09:59.397000 CVE-2023-36584,0,0,1a5ce4c004be36b942fa9069a53df592ac18172a4a87a5cb6429974a9f820454,2024-11-21T08:09:59.547000 @@ -228076,7 +228076,7 @@ CVE-2023-3660,0,0,b6ebf63245dc7236847d9f1786f721c048dbf683a83e959edef023761a72fe CVE-2023-36602,0,0,342c3248a27ba72f046792b417702f0b9687bd1eb072aac9cf712d7468c0cdd8,2024-11-21T08:10:01.510000 CVE-2023-36603,0,0,c759c86fce76991f643696c60e802b2c706464b341d2aa04293abf0948f47d09,2024-11-21T08:10:01.790000 CVE-2023-36605,0,0,8880f7d1669b60b361143cbd88093eb950cdd4e178cd81385de2bd2d52f4dbc1,2024-11-21T08:10:02.040000 -CVE-2023-36606,0,0,3b1d514e6364eb02296f56e2052d3b8358c62304249f07d62baef228c2b06cc4,2024-11-21T08:10:03.227000 +CVE-2023-36606,0,1,a9c1fc156da27e86145c2f713046e334c420ee762b59ae2f211dacce104c754c,2024-12-12T01:24:53.040000 CVE-2023-36607,0,0,907e895e4acc196ae5b995a3597fb46549c5dccb8c628883199318a237d9341d,2024-11-21T08:10:03.440000 CVE-2023-36608,0,0,8b01470f50b6837b2c2c18d6c4a055f30c671ca9684793d95ef902af44b2bfc3,2024-11-21T08:10:03.653000 CVE-2023-36609,0,0,83c281d54e6d44d53442da715367df80f3ca256b02318a1aed0913cea8e5f349,2024-11-21T08:10:03.853000 @@ -233707,7 +233707,7 @@ CVE-2023-43956,0,0,287c16836b7f2388aafb63c0e9b6832690d16233ba3cdc6bea2100ffdf340 CVE-2023-43959,0,0,83c13aec946e69662beede37eb4228952b206c148c530260e4f264992d519f45,2024-11-21T08:25:00.993000 CVE-2023-43960,0,0,cb9f587c2076d2cc3e6b162d728882e2ca0cc4f582aa12cc86c2ff36accbe2c9,2024-11-21T08:25:01.170000 CVE-2023-43961,0,0,b0da0c9c90e56ee0fb0ab58c3be4a325af3611079aebc3edf7e7e4214416d9b2,2024-11-21T08:25:01.343000 -CVE-2023-43962,0,0,3c2e737c86c10db5923d84dded98752fbb682a531615470f2a39ace0be971ae9,2024-12-09T17:15:06.057000 +CVE-2023-43962,0,1,4d1f871132e83488ef7bcbce628fa464ea998003490a46c081c785eb3a59dc1b,2024-12-12T01:30:29.560000 CVE-2023-4397,0,0,b69f4c3d20ab202366757d95f79a88c2f27d0460070fd169b459d8743eb14286,2024-11-21T08:35:03.707000 CVE-2023-43971,0,0,41bdc86e97ea2b1f4563c03f92eb3c37c5cc33cc5c1ad1f7d295374596640d13,2024-11-21T08:25:01.583000 CVE-2023-43976,0,0,4c907705315556b177cdb72974fab7f1e8c606e3978f7955890965d88da55946,2024-11-21T08:25:01.757000 @@ -244262,6 +244262,7 @@ CVE-2024-11862,0,0,7712aab25e9f815f730578195e7a4831741702c7ef40dfbc871d5c94d5212 CVE-2024-11866,0,0,f98849df3d1b11c4a74b976ef8b2271c79a4b31b45f414582e51d5b7f2d3bff7,2024-12-03T09:15:05.487000 CVE-2024-11868,0,0,6562d73f3ac693485a95f5a10095f9315239583a70a12d5f33afc1f56bd78bd9,2024-12-10T13:15:15.973000 CVE-2024-1187,0,0,34bfab1d2868a509e17e58177c8ef1072428b9ace11ecd550f1c0daa57f2d37c,2024-11-21T08:49:59.543000 +CVE-2024-11872,1,1,b80fa2cdb2fa8f23b2eba6f57f5d714702c44d3760ac384daecd2f1c3b74b9c8,2024-12-12T01:40:20.537000 CVE-2024-1188,0,0,a65e9144328c7bf88ed9510065b2567c80bec907fa15019254b44a904bcf4c98,2024-11-21T08:49:59.690000 CVE-2024-11880,0,0,bc08b419001e69ecc8df6960919cacc77cc712a48473883e8526af3cf15bbb8b,2024-12-04T09:15:04.470000 CVE-2024-1189,0,0,3e2c1a3fc9f24eb6eaedd5adba4b6f521645b93b8971a5e9477fe83a4ee5ef97,2024-11-21T08:49:59.850000 @@ -244284,7 +244285,11 @@ CVE-2024-11941,0,0,a22d4f126379cd23fab32eff7ac35d36ca73679077d565711169df70fc99a CVE-2024-11942,0,0,b0307c3d5deb4f1958153d56169209064a816f43c966e68315b932939b90f0c7,2024-12-05T16:15:24.033000 CVE-2024-11943,0,0,255da8c836c952820ff0b7bcd3c6515650b6d087f7a115e643c6d0649e7af878,2024-12-07T02:15:18.393000 CVE-2024-11945,0,0,5942d6aad6bf3e75acd40cb415876b45557f533745bb7af10573948fb59a4863,2024-12-10T10:15:04.810000 +CVE-2024-11947,1,1,777a871a2ed11102d8895fff7371e86632044717a392ccf6918640a06cba1e0d,2024-12-12T01:40:21.487000 +CVE-2024-11948,1,1,7083d3122baf980c6a6d3fb12880d6530f94fefccd2f69ed3f02cdea9896af14,2024-12-12T01:40:21.610000 +CVE-2024-11949,1,1,322f25f1f4f7efd66526ffc2d9f11938cc7cf6ed905dd4fb1d4c72e9ddb0b8cb,2024-12-12T01:40:21.700000 CVE-2024-1195,0,0,3368bf518c27a729a23598a4bc9bc8456794ebbc8ed421e1b9fb54311a27af0c,2024-11-21T08:50:00.723000 +CVE-2024-11950,1,1,281da45ce5807ed45c8fdf11061c5b801b0ae3854c0cb1bff6a71405b1e3ff44,2024-12-12T01:40:21.820000 CVE-2024-11952,0,0,8be0c69e3107fa6f3273f59b11ff511450df70a157d0236a300dd71a0356b941,2024-12-04T09:15:04.637000 CVE-2024-11959,0,0,8e4c044a79a34553dacc3bbf68fddd2b6e5f24a72d4b7a0c2b06bf8643853e87,2024-12-04T16:52:55.150000 CVE-2024-1196,0,0,fb9cee3548f997ff6f5fcfe0021c5d65fb9ff65b14bac0023a1f0fa42083dcd0,2024-11-21T08:50:00.883000 @@ -244445,6 +244450,8 @@ CVE-2024-12363,0,0,0a491da0a2abbcf7984025bbc6c43b56fe1619f44d47ff309424ed17b404b CVE-2024-12369,0,0,020d729c045c8eaa8f498306958a74fd2b364bdb1cd395ef2460e8703f80119a,2024-12-09T21:15:08.203000 CVE-2024-1237,0,0,7608b762d209f55f10a23dbde634d086adad1d6240344714ec7de5c458d836b6,2024-11-21T08:50:07.910000 CVE-2024-1238,0,0,61e2d99ce6e3dfa86afb8331abcc236f68b5fa34f245659f4f6216db5239b32e,2024-11-21T08:50:08.053000 +CVE-2024-12381,1,1,0d574de27c9432a72f3b42da0f31efd50ba45e432386071e517970598d1d10c3,2024-12-12T01:40:28.630000 +CVE-2024-12382,1,1,b17683f8dc6bc29fcc351201572994616966df4bb23a00ca8bc7189ee5231d3f,2024-12-12T01:40:28.737000 CVE-2024-1239,0,0,a515a367dab4b48d00e7f390a15c0d107266b53b28358b9f5ebf3476b0a625f5,2024-11-21T08:50:08.180000 CVE-2024-12393,0,0,39a195de61de1d5575a41974225041afe3006b623a6c202b6b63283c75a42f9c,2024-12-11T17:15:14.657000 CVE-2024-1240,0,0,04799415e1f0377b54b78e2b8bdc0cc625bbd87f5e08d92014024c374e43cc79,2024-11-19T19:04:53.913000 @@ -244453,11 +244460,27 @@ CVE-2024-1242,0,0,d730388eb7530fa29fb11ce649456e01cfb020c8a1d70e87c977d44dc13140 CVE-2024-1245,0,0,95e8542ba13fb11ab7fe96b21acceb5168a3d85655e46eadbf4243e255ea26c4,2024-11-21T08:50:08.740000 CVE-2024-1246,0,0,1f374a88e5f240286cc1247b0f1cf35c16b35bebd909ebb6b31cd5f41f473567,2024-11-21T08:50:08.877000 CVE-2024-1247,0,0,87dd54613b1838220658d2242080e8fb0b79934df6e5afef144b61ee319c0ba1,2024-11-21T08:50:09.013000 +CVE-2024-12479,1,1,a43f8145b082e439d09ff6167e64d352f39b03576b87a98804243a903d0554df,2024-12-12T01:40:28.927000 +CVE-2024-12480,1,1,b0eab20a7ec0a125c8d7de42a5914029294e75829166f8b51f3f5c9a83e1f3a0,2024-12-12T01:40:29.110000 +CVE-2024-12481,1,1,3e9786a74d677be6b7cd28e583f2f0cb88258a41135cc0178113b8cfe45c18f7,2024-12-12T01:40:29.260000 +CVE-2024-12482,1,1,5ea7756dd65113fc89584c9273b02dcd8a8c60e33918bf03019926dd49af8e42,2024-12-12T01:40:29.433000 +CVE-2024-12483,1,1,342ec52ad7fdc53fe39df55751ed0d3b2f24ae1c11341d982614ed33786954f3,2024-12-12T01:40:29.600000 +CVE-2024-12484,1,1,9f2425be9afb4aba1515a49c41f6d3e67a4e2a6046044a73fa4907ea50ed8205,2024-12-12T01:40:29.763000 +CVE-2024-12485,1,1,21d6badb9c7df1b988d0b267dabe1062ddb0fc58566c97a95e703aa1ff3175e8,2024-12-12T01:40:29.920000 +CVE-2024-12486,1,1,1eb0728f50e2df75ae0b1b8d9f6020710df033951fc05a78bbfd05e4924be270,2024-12-12T01:40:30.120000 +CVE-2024-12487,1,1,02a3a16134345bc1a3319b4891de6de40c9de3950b25a2d5e3f78855b85cc450,2024-12-12T01:40:30.270000 +CVE-2024-12488,1,1,7dbbd28eaee06eb7ed74cccc42f07fa3e364285be6e6352645baad6b69f701dd,2024-12-12T01:40:30.413000 +CVE-2024-12489,1,1,856565bf789802493985c4d4a6bdb7c8995437f6df3db5f4a39b74e34e616e15,2024-12-12T01:40:30.560000 CVE-2024-1249,0,0,9c5a57e06c52f317cf27f7cc2217e068f960e2413695cebf0a7e0dc21397817d,2024-11-21T08:50:09.153000 +CVE-2024-12490,1,1,e59494c6fd6ab576527ff17933f26a2d881ea66022e62ef95d7aba42752c0c17,2024-12-12T02:15:21.530000 +CVE-2024-12492,1,1,9a4d5c38361c4521b866be5c03dee7b0f52c8dd654ea373db48bc43f5907daba,2024-12-12T02:15:22.167000 +CVE-2024-12497,1,1,a54060ca1d1edfbf3b55cdb2cdf56cc9f2520bcd5bdebc8b3e0758914039dcca,2024-12-12T02:15:22.367000 CVE-2024-1250,0,0,c54b18c5c3077dc882ddb080c03b243e2860ef906533ea0af6c558156b694109,2024-11-21T08:50:09.347000 +CVE-2024-12503,1,1,1bd10902776b4f3f5751c463de521cb7405e7f17c901e400e39826852a9df0a2,2024-12-12T02:15:22.530000 CVE-2024-1251,0,0,55abf2dab54853ea7e8f2064ba1aa2b598c46c69f42989126a0631cc6933eb7c,2024-11-21T08:50:09.497000 CVE-2024-1252,0,0,1e0330317f0d20e2dc4f408c2767288b043e4447c6e0251a866055642f0946ec,2024-11-21T08:50:09.700000 CVE-2024-1253,0,0,9fbe74a1c11be637e33880cb418c7b8ba8d1c852d6613e52fe041fc1300d8ea2,2024-11-21T08:50:09.843000 +CVE-2024-12536,1,1,d3cc0c4f8490bd75e66ecb496fdd58fd72080eab02379a0e98ff2206eff7774d,2024-12-12T02:15:22.713000 CVE-2024-1254,0,0,44df8e919ae544d26fc82110d33f6e7af1fff88011a3bcb100ca7209bc278c91,2024-11-21T08:50:09.993000 CVE-2024-1255,0,0,d4be5ae93b9e5092a7e5ab21334a6f9f4c81c0431c6141ca4ea56d5a3455190b,2024-11-21T08:50:10.150000 CVE-2024-1256,0,0,ea8829298a5ced036094d7fead955f33827bc36bbc0a7f87a81ee1f95b95b282,2024-11-21T08:50:10.293000 @@ -251456,7 +251479,7 @@ CVE-2024-28137,0,0,d00b9036b2b7e693ab669d43cf51d8844983db366103d517587e7601c3ae5 CVE-2024-28138,0,0,af84d5c66a2669116f8f10dc2942fd5e7b29713533dbd72a5523f381091dad4b,2024-12-11T17:15:14.827000 CVE-2024-28139,0,0,871d40bc8a7366798572b17910afce0da36a7dc3bc42652a155d0d45e3265634,2024-12-11T16:15:09.930000 CVE-2024-2814,0,0,266291004cb50fc9fa499704214f3d6d747ab61c03d4ecf60b55016bd9e70c6a,2024-11-21T09:10:35.307000 -CVE-2024-28140,0,0,dadde50b75eefe01f0efda1b4e1316f0bfd01f34e1b0c90c96285d838caa2661,2024-12-11T16:15:10.050000 +CVE-2024-28140,0,1,4c0d53437c48eb1f32a5b64caceb78ae4d2e11497873371834b83dd5680d3140,2024-12-12T01:47:46.317000 CVE-2024-28141,0,0,d301dc86e6b9da2d535b33aa3d93591f7cfa6960db015fd11adcc9dde289a182,2024-12-11T17:15:15.007000 CVE-2024-28147,0,0,385f022ef3b9e74c16d2ca430dbfe84754b0905ec234f9f62a2995438a07dfd7,2024-11-21T09:05:53.770000 CVE-2024-28148,0,0,3ac8f61b51b12f3a297806b3219d55d9a6d8e022b2f823c428c505a4ab5ae12c,2024-11-21T09:05:53.983000 @@ -258296,6 +258319,7 @@ CVE-2024-37370,0,0,adda354b76b8fa58bd9731c96d1e30a3ccd5dbce3e4544cb7fb32e40dfeb9 CVE-2024-37371,0,0,d5bd17b13bbf8a5c0a4f444cac6792f0b0ada0b42f4cbb75fb993722f35ef31e,2024-11-21T09:23:43.740000 CVE-2024-37373,0,0,2847e99c027e210636b1d596d67704fa58348616cd3faf9bd4b3793a4d930cde,2024-08-15T17:31:32.407000 CVE-2024-37376,0,0,bc526bae202cd53fd7d437324fb7b06b20355a99aa96acae85cbee93a0566dd9,2024-11-13T17:01:16.850000 +CVE-2024-37377,1,1,a23cb5a4a034ef85457fe03be1d697ebbedd66262ac99d9578ce304d4c4d4c37,2024-12-12T01:55:19.320000 CVE-2024-3738,0,0,6b7c5ee43d749786d04736c3425539aee3d10b90489eb5acbf775617e1e2b292,2024-11-21T09:30:16.940000 CVE-2024-37380,0,0,77cf3dfb25923a81bead84472c82f0af78f2d433b4d7604e764b919f8522c470,2024-11-21T09:23:44.180000 CVE-2024-37381,0,0,9f8a1e24016e672c46f9ac1942c6c3e469697399412e29900bea76bbfcf0caef,2024-11-21T09:23:44.310000 @@ -258316,6 +258340,7 @@ CVE-2024-37398,0,0,0f42760c0326cdea8f98f78b855bbf63b71770b97a72517371b459e84e271 CVE-2024-37399,0,0,91513a99b1995bb678a44db233b24968cd7625f00c77086c4c8d80914d8fefca,2024-08-15T17:31:49.067000 CVE-2024-3740,0,0,f1db815ebd196c841f9a03e4af1f223458e4ef3810b51b1b12ab408848abbe0e,2024-11-21T09:30:17.230000 CVE-2024-37400,0,0,44d4620048d68597390885c4489b34adf3ee284340996c671f0f07b4dbb0a17e,2024-11-13T17:35:04.687000 +CVE-2024-37401,1,1,2f9ddbe87d5cd12d267fef696e8346d51e2967d2bee3a2a16897aa2e482e5f09,2024-12-12T01:55:20.820000 CVE-2024-37403,0,0,14ea83546b947e76c88f950fddde3f8d686832bff7b7e72c57832b3df2747cdd,2024-08-12T18:55:15.890000 CVE-2024-37404,0,0,cb110a34d87f4812dc406a460298c89dd3f74daf508e6083996d73ed421121f5,2024-10-21T17:10:22.857000 CVE-2024-37405,0,0,3fb82c05472465d4a94ae43ca82eb762e9089f45f86f1b3cd3cb77a2d12c0c24,2024-11-21T09:23:47.573000 @@ -258466,7 +258491,7 @@ CVE-2024-3757,0,0,6db3adf00b2a28288e930bef31c29319c2678fc7875ec83e3e1f66d2849372 CVE-2024-37570,0,0,c4fbc4bc6652715bca1e79de02d7270384ff34a42fccaf687444a1714d338c8b,2024-11-21T09:24:05.917000 CVE-2024-37571,0,0,52e74e356b12dcf017ae7d0b704cf1fb285fbda3feee1b616a685a1d89eb4c10,2024-11-21T09:24:06.157000 CVE-2024-37573,0,0,f353399c191e8c518ed5f310bd3c1cf066d7a5cf32048e642438abac23137274,2024-11-01T12:57:03.417000 -CVE-2024-37574,0,0,6ff307d9d39c6668f210ffd29c1bb2d77f6cacf10f0058367ed4648beb3c5af5,2024-12-04T16:15:24.877000 +CVE-2024-37574,0,1,a96f1776635e51f2e34e77909e23c3f1220b90c1f2c84da46c09791232471edb,2024-12-12T01:55:28.117000 CVE-2024-37575,0,0,fb41a93cda92e423debc2a813128d4d353bf25b2fe44666c8d6cd43b5e9b3674,2024-12-11T16:15:10.327000 CVE-2024-3758,0,0,ebf5799491c4d50327d301387a24bc8824b9b66932f3c9df6e38a156e61e4f83,2024-11-21T09:30:20.143000 CVE-2024-3759,0,0,3d6dc0f4725aed5b6af7da3389ad5200afc9d6c0e264cf08ee0e0679922e0506,2024-11-21T09:30:20.260000 @@ -259549,13 +259574,13 @@ CVE-2024-3891,0,0,01b6ec713ed8be3dbb0b34c75f24b8e487b078e347c284567a69cc1be38546 CVE-2024-38910,0,0,9b9d56b6ca7b9b2f572abd0d1c91bd1caaf8b4489fac676a0437332f26a4a570,2024-12-06T20:15:26.337000 CVE-2024-3892,0,0,9a7be4237b1fbcb94a793f648ebdaa1534b4528ec69acd1d2e8cee312d0c7a26,2024-11-21T09:30:38.637000 CVE-2024-38920,0,0,5adb5cc1a488110dfe62e4dd7de52578c77a485f0d0671999f5f3df15147a4ad,2024-12-06T19:15:11.923000 -CVE-2024-38921,0,0,1c4cfd0c517e797bb811b9f3add3f370ae7f9d325d419ac2ef81526b425af2dc,2024-12-06T22:15:19.600000 -CVE-2024-38922,0,0,be9f6e3a0f603950afc205c0765ff0a6c27c14ffc29cf7a35d3684b8830722db,2024-12-06T22:15:19.720000 -CVE-2024-38923,0,0,af018cd475134bf0841f26c6c72d7562efb184556400307511e5156ea7d7ce5b,2024-12-06T22:15:19.847000 -CVE-2024-38924,0,0,d8f4f799e655851d08024d59b672f27d02325f5b4d3ef9b5a828c9ad867e91a5,2024-12-06T22:15:19.963000 -CVE-2024-38925,0,0,c194277526f7c97424e540c1c1a39943def62cc3823439f94a2cdbe7f591ab0f,2024-12-06T22:15:20.093000 -CVE-2024-38926,0,0,3ed5bfd4a91abab6e83fd2528032cb846ba14b16f10698919d0206ee8135a2e3,2024-12-06T22:15:20.200000 -CVE-2024-38927,0,0,3eeb3be1ce28e0624e21eb786f0fd45f687e49a3199c6b60292728643544e47e,2024-12-06T22:15:20.317000 +CVE-2024-38921,0,1,129aa3d6e4f29332e6f33eaeaa88125b5e4416a5362d9a48d951c1df2b342719,2024-12-12T01:56:42 +CVE-2024-38922,0,1,7e69df40ddc94704cf3346ba916c9188067835a001a791da6b222e97bff9151b,2024-12-12T01:56:42.217000 +CVE-2024-38923,0,1,b2e53e244a6ca8a11cc6d2e99260311ec9d23fdc63199efd7b27735842e799a1,2024-12-12T01:56:42.413000 +CVE-2024-38924,0,1,389d7a4cd4e49b1a7362e5a5c30074cc5e17d1872cedf64ddf958600cc9635db,2024-12-12T01:56:42.623000 +CVE-2024-38925,0,1,48faaffceba7f9cc7b51f155d408d0109420fb87977ba15e6ea56b0188e44e73,2024-12-12T01:56:42.833000 +CVE-2024-38926,0,1,4aea3153263361100f0290c876d84ce7951c822f5beddfa860b140bbedae799b,2024-12-12T01:56:43.440000 +CVE-2024-38927,0,1,04c9ea9f481526157434ae19455299b6ccc0cab23a88e514ddd2f436cbae33e7,2024-12-12T01:56:43.677000 CVE-2024-3893,0,0,09efe4cc959eb8a4000a2996938df3ee2abc638e569f1f06c5c89fa7fb7b0036,2024-11-21T09:30:38.763000 CVE-2024-3894,0,0,b3a2aa3b7941117f799646b94fe80eaf70c3bf0a40df09c6ce1c103c909b6f7c,2024-11-21T09:30:38.890000 CVE-2024-38944,0,0,aea38a4752802a1f34132bcbb575e35233d1954a8780f67f8d4f7cb5965d4f2d,2024-11-21T09:26:59.773000 @@ -260963,6 +260988,7 @@ CVE-2024-4114,0,0,bffdfff59b8e8c1973fa293ec179ba5ad5b6804845f0d8c3580b8b465845a4 CVE-2024-41141,0,0,9fdd7a5cfa6dfcf4e31de8f662634169e83526c98d82fdea951ee52f3c3bade3,2024-11-21T09:32:18.643000 CVE-2024-41143,0,0,8799e9b8f93d667e7053f384d3b50025554822f122dd37c394e433231808cac2,2024-11-21T09:32:18.823000 CVE-2024-41144,0,0,d705e4f77b5a2c06974e9e65f896eaf4fba04d31882cccffe75db10bb34113df,2024-09-04T17:25:48.123000 +CVE-2024-41146,1,1,355da633135c14ac6e45c41f1954ccb29ebe436cf89dd6a9e24759c57f4b4dce,2024-12-12T02:15:22.880000 CVE-2024-4115,0,0,b57267cb8e1bb6187223c6763b432c2e47371c5db7fb3c6e57e19714f114293c,2024-11-21T09:42:12.977000 CVE-2024-41150,0,0,b3fa487187a6e523624f7e09b49e1bcf30bc22e86ed50f81eb7ef85655bb3043,2024-08-27T14:35:09.013000 CVE-2024-41151,0,0,00f13e1e96fa8ce3e2849a0ecdb2937bd23efcaa80a1d6b9e409fd228363f8f4,2024-11-21T09:32:19.073000 @@ -261193,14 +261219,14 @@ CVE-2024-41631,0,0,e278a91445ca4816c91b9aa34d7370faa63e0e5b60deeecaf4b2a059f33e5 CVE-2024-41637,0,0,28972c6397acbabcec47f213f18f82e184d10611fcf08d0185f09bb7cad2b4b2,2024-11-21T09:32:54.230000 CVE-2024-4164,0,0,f4a6c0f6eb2421dc4c37c6aacfeedf468b83b5fac4e8723b3b702be95193ccd6,2024-11-21T09:42:18.713000 CVE-2024-41640,0,0,ba8bef123899a8d2e35a01aa3d6b2feeb9e067e64107f808fc47650371754c76,2024-11-21T09:32:54.450000 -CVE-2024-41644,0,0,a872e42965a19a343d1c70039be52e4698d8d748ad8d2ae209c63c427f172c3a,2024-12-06T22:15:20.450000 -CVE-2024-41645,0,0,86fcc51d920ccc166ad8e61457a763c69cac99207582a98c67903969b3a4df1b,2024-12-06T22:15:20.563000 -CVE-2024-41646,0,0,d39e5e11e26a8d9afd48716cf4f887a74e9baad742d50c60ecef96c5935f478e,2024-12-06T22:15:20.683000 +CVE-2024-41644,0,1,e1aeb81eb986ac625ce33409a0bd6c7b9b1be52a302f4f0dd3e41661cf3e487d,2024-12-12T01:59:13.833000 +CVE-2024-41645,0,1,7633abe23ef39109b66843269981256ee7c952df786865cfc9a3538f5408971d,2024-12-12T01:59:14.067000 +CVE-2024-41646,0,1,b55c4f8a4027579888cd08c54fb1e8e8ecf8b256069a8707e77b12c2d2b376ed,2024-12-12T01:59:14.273000 CVE-2024-41647,0,0,006340db7ccdd8977dbf8ae0a0b18e71a15c71af2104205da3b4f6c96776e660,2024-12-10T18:15:36.287000 -CVE-2024-41648,0,0,1fbaff7e359a5b8411936e1ea77b37efd5d2cb66805eca5c740b54a077b44b86,2024-12-06T22:15:20.920000 -CVE-2024-41649,0,0,0b35333a31b2df30124be4e08a79adc1094f6822354c57126d201d19de10f053,2024-12-06T22:15:21.037000 +CVE-2024-41648,0,1,2c069196901058d46f7b77fdf9050142ad923317fa309635e72e41afdf655374,2024-12-12T01:59:14.617000 +CVE-2024-41649,0,1,26c0f2871996c53cba24758f5b4b1bf9d33856dd2b3765d3fb394c1391a3896f,2024-12-12T01:59:14.847000 CVE-2024-4165,0,0,6f737a5c817af62848ed802ef00187a628deb7d68bc0e959e970cc8c16d92692,2024-11-21T09:42:18.840000 -CVE-2024-41650,0,0,ea28a8144d148484f5a308855181c229ff10711984f6a32d584063a3d7deec54,2024-12-06T22:15:21.163000 +CVE-2024-41650,0,1,8a3799bdfbc6ef3e39bac15f31121cec16b97ec5cebea0ef9c40105a5f88cc94,2024-12-12T01:59:15.050000 CVE-2024-41651,0,0,46fd364c2b81103e8aca493b5c6ea9f4cbb51180583e345c6a457371aa290a9b,2024-10-09T18:15:05.387000 CVE-2024-41655,0,0,23e6f3d4441efb5cc3a6364cda7ed78e83bcf8961fa61de9bf11f75b976ab14a,2024-11-21T09:32:54.903000 CVE-2024-41656,0,0,5547ca1fc7f086123134ddf7e25997a9e8d115d893b3ca9d5b86084e55bc72f8,2024-11-21T09:32:55.050000 @@ -261855,6 +261881,7 @@ CVE-2024-4240,0,0,ee33d8019cc9f4293f7f230ae345e4e79de11a4c738d52234a7cdc0be12872 CVE-2024-42400,0,0,b23dfd205967d309343e484e6eb5c901d62a0b3953c77493b57f0104c8430fad,2024-08-23T15:06:00 CVE-2024-42404,0,0,bb61ac33954fbd9cb789abfbcdde8b366f1c0c5dfe94d454dc594181179c8a15,2024-09-20T12:30:51.220000 CVE-2024-42406,0,0,27ec0815435bbda0c2431d4630bea0ca6b595a1297245017087d145f127b6444,2024-10-01T11:15:48.450000 +CVE-2024-42407,1,1,c3464d9de3429e40d2bc70933afd1def0b1c5815289ac9259214f5184c590458,2024-12-12T02:15:23.017000 CVE-2024-42408,0,0,0995a219700a97a41474f23476b6cdc711c13689cc04dd5ca5f2218d0e309d34,2024-08-29T14:22:45.603000 CVE-2024-4241,0,0,9793440d84093b6f47af29fa0d1c3f9eef427a6a46d154a9ff4c6bc56e4239dd,2024-11-21T09:42:27.257000 CVE-2024-42411,0,0,4ade0497533c50e3de8b82e11fd54f8955ce17bc8d332a9a9a0d03574bff419f,2024-08-23T16:04:26.227000 @@ -261883,6 +261910,7 @@ CVE-2024-42440,0,0,e21d9b776ef80bd04d695f0a47e516545028ac8225f143837019c4c0b08b7 CVE-2024-42441,0,0,04cb6e9a13f27c86bb2051d7eae465da3e0fd75a34af891d94c6ed0cb275f3f5,2024-08-28T23:58:06.960000 CVE-2024-42442,0,0,c95b9702729f1aa9eb8ceba5f94968c5cfabdca93c030d049ba8bcc0788889f5,2024-11-12T15:48:59.103000 CVE-2024-42447,0,0,8a54b5d75a9ee2bb018b4e79d6dd3049cbfe92b2c26222646dba4ea778b5e80e,2024-11-21T09:34:02.990000 +CVE-2024-42448,1,1,e0d49f081de1de2c3db8492c3c68b16a6d7d34f5ae534b4cc74af80e17baea0c,2024-12-12T01:59:47.493000 CVE-2024-42449,0,0,9f33ee15a72f8c53ed840f00741624888679f87eea5e3eefcd0793f447b6eee8,2024-12-04T02:15:04.533000 CVE-2024-4245,0,0,62da03c7c45f5715870c7452d2ba39c7dc4793b1137a1a68a18eecf037a816ce,2024-11-21T09:42:27.793000 CVE-2024-42450,0,0,247371642f216621957d3ac8101b783a7fea35b11410d9c1546f4dc5a8778b9c,2024-11-19T21:56:45.533000 @@ -262729,11 +262757,13 @@ CVE-2024-43590,0,0,56f37bed6fa12b529a536cabd867859c2b7202ec5a699f63f91ae2da59bda CVE-2024-43591,0,0,122a3422706c1a52ba2f8f892feb955dcc1b1b00d57e2a43f0bf994287808e37,2024-10-16T21:46:38.153000 CVE-2024-43592,0,0,aefb3ea2eef4806b0b04bf1216ce25a8b6f83f456c5748fe7fb5b675b193040f,2024-10-22T19:30:02.777000 CVE-2024-43593,0,0,2bb48f4f0afa52430e295c1e926a52b9335896fd8f7df026028468d0b3163bed,2024-10-22T19:30:19.870000 +CVE-2024-43594,1,1,7cde0dcf3976a2ca9d8f8b9aceded3954a7a11855ddd01065ded2b28e57995f9,2024-12-12T02:00:54.287000 CVE-2024-43595,0,0,cb5b5951e4919de1a872d590fd0c42132b697a287d76901f8d922654387160cb,2024-10-18T16:55:06.487000 CVE-2024-43596,0,0,378e2538af1a4ff984cad3b4476baafa72ef2d70988fd63f25f16366167c11ae,2024-10-18T16:59:08.667000 CVE-2024-43598,0,0,e3ba2ac69aa626cce11d0f511da9d5528d9a33bfea6bff124e6fc71c816b20a4,2024-11-19T03:52:01.630000 CVE-2024-43599,0,0,e8ed1fc525a6895d6a19bfee310c1be1add8fbfc1bd1f275dd80d76add28514d,2024-10-17T20:03:28.687000 CVE-2024-4360,0,0,bf74f5eccc1881547f6f91a61251be583253ca151ec1301fcbaee9647faf35b1,2024-08-12T13:41:36.517000 +CVE-2024-43600,1,1,16b4e41086d02726f08db6594de83bd89ec893953db516906ebe5fc26b5ba180,2024-12-12T02:00:55.070000 CVE-2024-43601,0,0,f4750adec6049954723df6377c0e9969d37c9d4c9bb640431f543dc8ccffc558,2024-11-08T22:15:20.270000 CVE-2024-43602,0,0,8305a93b11e5988c2ad84757fc77cd97d5fa424c6919ea25cb20c9e18393fcb4,2024-11-19T03:40:15.550000 CVE-2024-43603,0,0,06afd6ae30de0f84874ac0f27e9ca0fa20255c6f1ba3c73cbed895f042f11d3a,2024-10-17T19:55:34.360000 @@ -263280,6 +263310,8 @@ CVE-2024-44196,0,0,efba4227fd693646a405367aa8a07c9ade4c0b362274669a348a203539254 CVE-2024-44197,0,0,4d5ea1ffd5ac300a8aef7ddcdb7d03d5b4f53fc506b231f15824ab1d8acba09c,2024-11-14T02:16:23.927000 CVE-2024-44198,0,0,ac9983938813bdb2273db436dba2e85817aa94ffd182ac96898511d49f70472b,2024-09-24T15:45:32.787000 CVE-2024-4420,0,0,da3abe7e16550de97932f9b3c5dd803b1a738b41d393d084a40fd944d296d949,2024-11-21T09:42:47.737000 +CVE-2024-44200,1,1,3c0bb01557a8a065164e1e4cf519809a3d6c48f48a3d35e1b1ee49da114a8bb8,2024-12-12T02:15:23.230000 +CVE-2024-44201,1,1,2776d928161b05becc794493bc7e587af69fe5df59967a982b7e445d9acbe369,2024-12-12T02:15:23.313000 CVE-2024-44202,0,0,f843991ecb70d5060d8b6f9fcebf03f82b2e481c00c2f990193bedbfc766c55b,2024-12-11T03:02:13.987000 CVE-2024-44203,0,0,10ef0c388ad5ba99a448545d81632cda2066f0ecacbc18ea7365f3fb4908c009,2024-10-31T14:08:10.090000 CVE-2024-44204,0,0,dacccc5d7516a74935654a93de76201d19b63e50d1e28953c50fae9eab790ccb,2024-10-04T17:29:54.933000 @@ -263287,13 +263319,17 @@ CVE-2024-44205,0,0,479ce40b4658e11ccfe7113f730a76d2315c870d209a012f733f4449cc380 CVE-2024-44206,0,0,d8e5aac347cb04d8524629aaf70121480231b4f8b4280238ac4fc071f1a60444,2024-11-21T21:15:21.477000 CVE-2024-44207,0,0,df8e300cf7f6b361cf79cc82a13f930868069c30b911e0bc1e5fb07b5725fa64,2024-10-04T17:31:41.970000 CVE-2024-44208,0,0,0f110c58ea3b1936a6fa272413b21f60fe5e44f11a840cf53eeb8d5bd692f5ed,2024-10-30T19:35:18.340000 +CVE-2024-44212,1,1,bdb0d2cb3aaeccdedad7230c83d214ce0421c5daca84ae98bacc4ecf7bfc79e1,2024-12-12T02:15:23.393000 CVE-2024-44213,0,0,d54c85400318007c85dac3cf8abc38cb1350827f6126f81634ef8d1828179ea9,2024-10-30T19:35:19.187000 CVE-2024-44215,0,0,e32762ff0bf2f6f2e22b7422e9deddd79856979cb2bda3d837557df7bdb5d6cf,2024-10-30T21:35:06.770000 CVE-2024-44216,0,0,0e735b9b9c76f8c16e951043d1b503e65ea52a5ee3559b30087cee750143a76d,2024-10-29T20:35:26.520000 CVE-2024-44217,0,0,b330fc98a86cd2b80f2f6dc000652ed7d6fd9eaa901ee43f5182b2c77942809f,2024-10-29T20:35:27.313000 CVE-2024-44218,0,0,f11365ca91eee54b03c90ea2492115b72c14e7e1b502a66bb17b9ea40f96966f,2024-10-30T17:24:01.703000 CVE-2024-4422,0,0,88e38c8f81c558e863db276496d3d3966ccaae5dc31d3db1528474edcaac1cce,2024-11-21T09:42:47.860000 +CVE-2024-44220,1,1,bc373d304a126b0e1d24bb31156758778d625273627f049d663214847b041b41,2024-12-12T02:15:23.500000 CVE-2024-44222,0,0,73a3c689e7090451963deac3a94c7bd82e8f2ad14cb50c55b40009dcf9370f17,2024-10-30T17:25:30.903000 +CVE-2024-44224,1,1,ca65e764ebba6a513d2ab5d9d958711c83c17111586353bd70612d8c5f73416e,2024-12-12T02:15:23.687000 +CVE-2024-44225,1,1,7f1b47375ce393ddc36a7948350808b7867efba9596fbd3a0746260e3e9f558f,2024-12-12T02:15:23.780000 CVE-2024-44228,0,0,233a9fa817aba532dc55e3bf55f1e7e1e04a30b62b44a655772ef05440625188,2024-10-30T20:35:27.570000 CVE-2024-44229,0,0,79811515ccef73d41159136745a09e4e9b2ae027bbfa748a8533cf5125c53ff1,2024-10-29T23:15:03.437000 CVE-2024-4423,0,0,904bfc58b1909282d82661cafb70a1a74dc795b741ee1a78c704e0498aedee0e,2024-11-21T09:42:47.973000 @@ -263306,8 +263342,14 @@ CVE-2024-44237,0,0,63bd5ccf3a3ce571ec91eec3a365766c854e30475b4983ce4c162f0b50b0a CVE-2024-44239,0,0,55c58f38a18f355bde159fceaff547de71ee0f508cca726d874ec9cf47c6613e,2024-10-30T21:35:07.853000 CVE-2024-4424,0,0,e4fbc59b97d3ab662d4c41a8eae50b7dfed7720bc7b4a2def773ac1eb5bfa845,2024-11-21T09:42:48.203000 CVE-2024-44240,0,0,f64d7b55b1f1e4781addcaf087c292cf6e562a96e8c9967114186a0c578cc66d,2024-10-29T20:35:28.870000 +CVE-2024-44241,1,1,7de27cd69d6c4d3b25ad454dacff41f7332827f63d654738d15ce5f4fc4e64d7,2024-12-12T02:15:23.860000 +CVE-2024-44242,1,1,f03e321dda6a88fe4983a0ef37db755ec5d307271772b68af9c37a4b095044ec,2024-12-12T02:15:23.950000 +CVE-2024-44243,1,1,8c1388053d1505b372b32c65236178d7a851fc45948d0b6ca54bfa173c8a7f91,2024-12-12T02:15:24.037000 CVE-2024-44244,0,0,573c6be3aefd70d7c10a9a2e90a39d7e9b0481351a0f285c1fb9ad7116e70d3d,2024-12-06T15:15:08.857000 +CVE-2024-44245,1,1,285d05b7b16419438c57239662b1d9af7a09ed3b721af0651428795a64d132cb,2024-12-12T02:15:24.113000 +CVE-2024-44246,1,1,6d3b942a4439810201080c397e94d71f1cbbaf7f122f16ad8e12b345a1cae980,2024-12-12T02:15:24.200000 CVE-2024-44247,0,0,e5d19c840bb58be3d8febe871a15e2408881be2e884d262abcdad60ec348a828,2024-10-30T17:49:05.693000 +CVE-2024-44248,1,1,bc0288da4844b23a96994d5203987a882e0506e20d4c5d308098687ab066e446,2024-12-12T02:15:24.280000 CVE-2024-4425,0,0,bc14fc928873bc1e17e20e27bd9ee5c3e6600325b48f8519be3a125c559d0402,2024-11-21T09:42:48.317000 CVE-2024-44251,0,0,efd4484ccf413da27c840a1b5bfcdb39f987aa1d7f3c00dd48ad7085440ccce1,2024-12-06T16:15:20.907000 CVE-2024-44252,0,0,19357bf1f3ceb43a76e701ab6fc651c3f02730dd61b425b2768181790d2c5e48,2024-12-09T15:15:15.750000 @@ -263345,11 +263387,15 @@ CVE-2024-44285,0,0,f52551cd151272e75e2e9c1e860d275100cc0677baa4f8ad08a471b6223e7 CVE-2024-44287,0,0,f9ab1474cc919e4b5efc0187cf8790f17d184d2909fbec86726d782e04489fe8,2024-10-30T19:35:21.620000 CVE-2024-44289,0,0,cebc5a6dd69bb4dfb6fc1913fbecdc8def2c3ab557066dcaad90744b17bd9238,2024-10-30T16:35:28.097000 CVE-2024-4429,0,0,a4a8f97ae1846585dda39a340897585bd413fb1368db5055aa3e7c7ef6d4f3eb,2024-11-21T09:42:48.820000 +CVE-2024-44290,1,1,56bf069411f7bc234bb579a4d70c79f808027a7d37cc657f1ad8da6bb9f0c6c3,2024-12-12T02:15:24.357000 +CVE-2024-44291,1,1,34ab9b0afa24aaaf057ca2130b8efae45edfb1f0609aa94636a931b62bb76f0c,2024-12-12T02:15:24.433000 CVE-2024-44294,0,0,39c4b8619d1953e77ef2c82b0222202a45c3a25d1ed0c03e471ab470880aa0e2,2024-10-29T21:35:21.347000 CVE-2024-44295,0,0,5bc87bbc7591f35532d0879f32fa7039d5871202e04e7828a6dbc3fc042989d8,2024-10-29T21:35:21.523000 CVE-2024-44296,0,0,5fa9d13f224f3a0a67aaaa3541de4a3651fe9910d7529312fb8483d35af02925,2024-11-14T14:58:09.900000 CVE-2024-44297,0,0,15b11a1a880cbcc6b8dc8f6c7e90f9afa6080bf98d20fe4b15a67c3ef7cd8eaa,2024-10-30T15:35:17.777000 +CVE-2024-44299,1,1,0081da44c407c26cba017ef0c60b9fc8a0f392e708157a74e35c2ce62a1ee335,2024-12-12T02:15:24.513000 CVE-2024-4430,0,0,d5d36fbeccc483ac36a1692cd3da44d019b58c951236b193b64bdfb1c1fbb731,2024-11-21T09:42:48.940000 +CVE-2024-44300,1,1,cc4ad34dc7e2f3b7098cb18c7c92a46083ce7b7169b3148bbc325b44524010d3,2024-12-12T02:15:24.590000 CVE-2024-44301,0,0,92d51fc975ead2b338c26accd94652ad84b6246707eb6eb0fccef69671475afd,2024-10-30T19:35:22.447000 CVE-2024-44302,0,0,8e2df0f8c8bbf990ae9e0c0188d5dc060a503901afef39bb207c003562ed13c7,2024-12-06T15:15:09.050000 CVE-2024-44306,0,0,8fb83c68a3960e43ecba5e716ce2c319df21cea60529cc8954824fbcac0a96d6,2024-12-11T20:34:16.127000 @@ -263528,11 +263574,11 @@ CVE-2024-44845,0,0,be723405d776fcd23ce5801cd5dc6a06dd41574f2f123999283d6be69263a CVE-2024-44849,0,0,556a0bd4002e0d7931d67df8540866973c154d8cb1d32b49d0c67e3b0c20db93,2024-09-09T20:35:18.097000 CVE-2024-4485,0,0,5e6a42abe6c2f13fab70930cea3afb839a54b10beee706342c16d2d18176ea57,2024-11-21T09:42:55.363000 CVE-2024-44851,0,0,6abfc69b738de66078e20610415b56073c882cc1306851277a169c82063db87b,2024-09-13T16:34:45.413000 -CVE-2024-44852,0,0,19f46057d04ee375a41f1bea6896a47429f4f0e2f33c6474789b7b1fc3f1d3ff,2024-12-06T22:15:21.277000 -CVE-2024-44853,0,0,b423d61253128b54cf4e88a41508b0fc4ee1aa00207a735112a2e32b98591c34,2024-12-06T22:15:21.390000 -CVE-2024-44854,0,0,e463b188dbc4c2de31f58cd3d3222545a6bf60b8c423a61528bdb6edc92de80f,2024-12-06T22:15:21.500000 -CVE-2024-44855,0,0,c98e531e2c68772b48b21161e82d98b8ea430016d610bab0b7bcb872e8afbb3b,2024-12-06T22:15:21.630000 -CVE-2024-44856,0,0,0b1360486d918fd229da3e2e365a8e325c8dbc87acd42857d1a936efca028af5,2024-12-06T22:15:21.753000 +CVE-2024-44852,0,1,7d35e2da4425183d095fb5b8d7f76b45a25016ee1ad8cb2bad520380b1933588,2024-12-12T02:01:44.580000 +CVE-2024-44853,0,1,c08e2bcde0eb9783cf5196a8669693652fb12b82c5ed2d8a031bf089556857a9,2024-12-12T02:01:44.780000 +CVE-2024-44854,0,1,a5094389ee01a5f033d8d18dc9e8bbcd9a43fd1a68a2a17b28c0e16ed051346d,2024-12-12T02:01:44.980000 +CVE-2024-44855,0,1,bf0dbd3e39b9d05572f9e83127cbf2506b52ae9fb6ea59822aec83d40e786647,2024-12-12T02:01:45.177000 +CVE-2024-44856,0,1,856e03ffb97cb01ddebf1e70d5662118e6d21eca9fef55cb9d8eb1a1438d5bae,2024-12-12T02:01:45.373000 CVE-2024-44859,0,0,1ff4ad5ad4cddcdb1302209b9b28986e26870e16476fd6e01c9d6790959f1487,2024-09-05T12:53:21.110000 CVE-2024-4486,0,0,d95d6336818009c9b70dd65fb3d4752504bdb5c2630eed2945b4771d79bd5905,2024-11-21T09:42:55.490000 CVE-2024-44860,0,0,b57c8bd2bd66e030d28d8223c6a00765fe3018482e70feea4ac82ddd9af0ff85,2024-09-30T12:46:20.237000 @@ -263931,6 +263977,7 @@ CVE-2024-4533,0,0,565c4992f22cce399c7ec79b1c1f5241de1ceb51c7019357739f36b97aa0a0 CVE-2024-45330,0,0,e9c0a42cafd75c39cc2fb6322b0e3eb6100b15258e5462b4bef0ad15a3b44297,2024-10-19T00:41:09.717000 CVE-2024-45334,0,0,c1a95be34d5696913864dee9719b7ad805fe7ff8dee6bbd29645a138cdd2805b,2024-10-25T14:41:43.473000 CVE-2024-45335,0,0,df1b52d83b5212b89c08532eb4b3f1fce61dd8609884645d9cc9fbfcae22125a,2024-10-25T14:37:39.387000 +CVE-2024-45337,1,1,035177bdc0111d3d5695e66dbf972efe2f6e7d1a1f23f0ee9fa8f4c818bfab74,2024-12-12T02:15:24.673000 CVE-2024-4534,0,0,05ec1ad9bbf04373d4c888e50c4da6ee25a8849a5c55f74fc5c0d8923189992d,2024-11-21T09:43:03.287000 CVE-2024-45346,0,0,42bcf491a94494c9433ce7696078ac7ab2eca46d8c28dcac4158f4b2b20fa4a5,2024-08-29T03:15:05.247000 CVE-2024-45348,0,0,1e1db77a5a16312aa537fb47b5ac485ad4a9ec1edf7b08e9d1addf2cc98471e9,2024-11-25T17:14:11.713000 @@ -263966,6 +264013,7 @@ CVE-2024-45400,0,0,6b3de7c142ace12a32180145a837a3fee347d92bd8a9824f5e254ab172d00 CVE-2024-45401,0,0,ba5126d8b574881c758724c4efd136fd3316e92a682c4a28ebf48fcb3e2afc99,2024-09-19T18:12:52.220000 CVE-2024-45402,0,0,d69e2714ecc87c588bfbaa927b38f10416a37dd455771f03f01fc0db42712d02,2024-11-12T20:02:56.167000 CVE-2024-45403,0,0,fc1a1ea22a1e5886fbc09e495c39b7c751253cbcd9bcd0da75746ed78c736397,2024-11-12T19:59:51.097000 +CVE-2024-45404,1,1,67e497b01b740a7f0632396de389308037c7c3e4af49c83e82e05e6d43215215,2024-12-12T02:02:09.530000 CVE-2024-45405,0,0,70c3022fc1c5f98ac6bfbf212bbe9a198a088d44f0351720e6f2af8cd6692070,2024-09-06T16:46:26.830000 CVE-2024-45406,0,0,19582af0b0bfb612e1e34662be501c58c951b3669d69edc0413ccdfab51c97a2,2024-09-13T15:30:45.380000 CVE-2024-45407,0,0,edf1998eb908871f83a15a4b54c33dbbf8ee82a6115588b799159388838ccff1,2024-09-20T16:18:46.717000 @@ -264448,7 +264496,7 @@ CVE-2024-46446,0,0,32498f8ed9e97dfaea9d9d29b52aff01ff427c37b0ae17db53d50ecbc649b CVE-2024-4645,0,0,ae6fcbc17927f6fb7b15dd7e2cd4ad23d3bc0045e51ea10de74a0f641554c9cd,2024-11-21T09:43:16.590000 CVE-2024-46451,0,0,5691c8cee8fae2502da71b898418de27414898c09a161c995aa0a792f136951b,2024-09-17T14:35:31.353000 CVE-2024-46453,0,0,eb16d6a14c6afb2906a10bcd83b48fa20d81c17662bd8c281c8b51af6f96c56d,2024-10-07T13:53:04.767000 -CVE-2024-46455,0,0,ba9ce0ebf06e1bd0c0987233bc0022978550c428d1b832fe402e366b1f5e85bd,2024-12-09T21:15:08.367000 +CVE-2024-46455,0,1,35bcce85d835b4e78bec8d2aa5e897a76f4723f532dd9bf256a9c09ea1c5b7e5,2024-12-12T02:02:38.990000 CVE-2024-4646,0,0,84e657a16163e0b8b5edf3dbcc34deac6df23205780b9ce2cb53f84fb9f65dcc,2024-11-21T09:43:16.737000 CVE-2024-46461,0,0,193255aeda3d0be25057e1e6b1f132d6eb1fd93d4e8cfc98a5d89960703a5e36,2024-09-26T13:32:02.803000 CVE-2024-46462,0,0,3a99188133d7fca09bbf3de3c1817898cfd4369a1c534cc112471a26f73fab73,2024-11-25T20:15:08.323000 @@ -265280,7 +265328,17 @@ CVE-2024-47533,0,0,41a201694742c90b8f85fbbe30b794402c2192bad28c80f58c5f6f1e26bc1 CVE-2024-47534,0,0,df13f2ee68fa5e66e525b7b1f66f6aa0f0e1c060ce893dece259dc49bb6274b1,2024-11-21T17:15:17.047000 CVE-2024-47535,0,0,298d41133677422a8f6d390f12d2cec10b4d60092e295406e026ea754c8a295e,2024-11-13T17:01:58.603000 CVE-2024-47536,0,0,6f8a4b4f8220f9b26154b954ad727df271a73f901fc0c3d5863c162fae5afc51,2024-10-04T13:51:25.567000 +CVE-2024-47537,1,1,50b1374953d7367878aad9f36b21e31d5f538785ca718cafa76751c033302b30,2024-12-12T02:03:27.877000 +CVE-2024-47538,1,1,f9edbd53db13ac21804362399468a90800afc57abc6f622dd7a44cdd413e42e7,2024-12-12T02:03:28.070000 +CVE-2024-47539,1,1,7cc22f1bd05687ce4684e6f20068358056ccbbe075c46fca5c7dee8d350d3828,2024-12-12T02:03:28.203000 CVE-2024-4754,0,0,f946bc350cafc376503b251e8950814dfbf85a03e7ce93cc628c4f28533490c5,2024-11-21T09:43:31.777000 +CVE-2024-47540,1,1,e673a785dbe4a0515c19fc98c34568af10914fd5597ae70ea62c8e0893fa5f2e,2024-12-12T02:03:28.343000 +CVE-2024-47541,1,1,0cb28609d07050a32562ffd2402f91ff7c4c978a22bbd4284e8ef38f10e54e59,2024-12-12T02:03:28.477000 +CVE-2024-47542,1,1,4e0a1fb261fe66b06aeddf20c937fe0cf7a2ea0e26bbc7af2106a65d8cbecdbc,2024-12-12T02:03:28.630000 +CVE-2024-47543,1,1,e5d80945be76cc346112303241145188fdfc9f5091b27839681f7fed38cad0c5,2024-12-12T02:03:28.807000 +CVE-2024-47544,1,1,531c71dd5b362fa994dc0649b909189abca4a66574c053d3a613eb910555b7c4,2024-12-12T02:03:28.950000 +CVE-2024-47545,1,1,3ca8630588c57543f6df29d45ce69cc7ba2c1b7d7f2f3b284deb9d3e394a6efb,2024-12-12T02:03:29.083000 +CVE-2024-47546,1,1,919398d3b27c2e928b3bd3012888319d31c9837b5bf965bcf612bec6267b30e5,2024-12-12T02:03:29.210000 CVE-2024-47547,0,0,2d31481abca240bc3ed5dcc05f409322a0c2b6bcc9f35c57907a82a526bf2e3f,2024-12-10T19:57:32.987000 CVE-2024-47549,0,0,ec88edfad973e804c3e080b206fe5d22667e6bea7ecbaa56013ae1c9427b52bf,2024-11-05T19:40:52.070000 CVE-2024-4755,0,0,cf57304aa4a44badae0bfd971e93fc9d9b32ba95a21a3c55b71d92c862671250,2024-11-21T09:43:31.903000 @@ -265318,15 +265376,27 @@ CVE-2024-47592,0,0,7514b1d0682229e8e8d72f71655b912eae2bf102984769f70b3a93113c524 CVE-2024-47593,0,0,4485a35cf6d452090b7fd36461c91f586cdd110571706bdf5c04b7a553b6ebe0,2024-11-12T15:35:13.233000 CVE-2024-47594,0,0,7e345ff54c7effa11a9979482e9e679ccb391308ea3cdbd79ee7edd65b331424,2024-11-14T16:12:13.877000 CVE-2024-47595,0,0,8487073d9f25df501ffd874ff6ba96468e413512174a07e87d56dec935df872f,2024-11-14T15:21:32.080000 +CVE-2024-47596,1,1,31127980a7eff7c7f520749f8bbe04dbc5c010cdca52ed502bbf7683043da664,2024-12-12T02:03:31.010000 +CVE-2024-47597,1,1,eccdf9b5c0a9b423527422c6049491c9a039064372607263c727b91c4174fb35,2024-12-12T02:03:31.137000 +CVE-2024-47598,1,1,bdd1a21efdbc707769a24c0ebd0a809003a135bdae9107ef7b336ae206cc676c,2024-12-12T02:03:31.283000 +CVE-2024-47599,1,1,7e97b2ea1b6ad2b6edd1fe5e6dc8c50e6352e7b024c47851eede29d2a37a4cf7,2024-12-12T02:03:31.440000 CVE-2024-4760,0,0,de926bec8e8c13a7e4c13bca922cad2399c8ba3da1db5b99551a2507b2214b2e,2024-11-21T09:43:32.823000 +CVE-2024-47600,1,1,609d69120817dd757cff6f695c3f1a1071ebf6289ccb0e779cee1d65a5fa2ef0,2024-12-12T02:03:31.577000 +CVE-2024-47601,1,1,0639adf55066f43d7e37709cfc26dbcb9405d95a8eec8f65ca91e37ca47172cc,2024-12-12T02:03:31.727000 +CVE-2024-47602,1,1,cfa37a3b360e3c28b64402bdf25e9205893adea2ec4a96954ad53dd5b833598d,2024-12-12T02:03:31.893000 +CVE-2024-47603,1,1,6c5f6673249672f2cc551de3fbad5ae60b70f16aba167702b5119843fc690dc1,2024-12-12T02:03:32.033000 CVE-2024-47604,0,0,0bc47ae414bdd6b01a65c265f3f3055e1a0a5458b44c790858631e91134d9f75,2024-11-13T23:17:14.437000 +CVE-2024-47606,1,1,b612b64bdfc8cadb42632d6aa89a37386a151c466816f17c23f8eb03fd7dfe5f,2024-12-12T02:03:32.220000 +CVE-2024-47607,1,1,f4d23f6c4ea0b2bd332293608b1d4d0b6278f2cefc26f98ee1a3ce3cbfc72e8e,2024-12-12T02:03:32.363000 CVE-2024-47608,0,0,faf2493582fe3a34fac4bfb7bf0db1ffb266a3559b0df9444b9316dca1a3137d,2024-10-07T18:51:05.650000 CVE-2024-47609,0,0,20abbd49af76b9706e2ef27aa5069189f8951d7c9ed85341c5ad92d8d50e5593,2024-11-21T17:15:17.250000 CVE-2024-4761,0,0,b5b9b94640bdcd30963959e09a807495e3ffff5a309b277c21376a537c0252fa,2024-11-27T19:27:02.497000 CVE-2024-47610,0,0,79433a4f9744cd95c5de1d9d5967c3838e96475a9a635fb65191309b2c9186c1,2024-10-10T12:57:21.987000 CVE-2024-47611,0,0,b0c081a45be070a6c874cd14caf53821983a739df0a9a3ebe7ea658bcd776045,2024-11-21T17:15:17.430000 CVE-2024-47612,0,0,d5811a1cb49976d7fada5f7a47d0f3e841508b82b7cef64c71ec60599cc817cc,2024-10-04T13:50:43.727000 +CVE-2024-47613,1,1,1cb07c80e6312055e352421e5d3526c34c272a845574f54e69340983fd4a0378,2024-12-12T02:03:32.740000 CVE-2024-47614,0,0,13b8f5fed972c287ea21593294d0c80306f99fc0ed826045b0165b45e24c461b,2024-10-04T13:50:43.727000 +CVE-2024-47615,1,1,304daff41939c6d31ac20223217f53ec223750b5ed530bb41269805e8bdf0b2f,2024-12-12T02:03:32.940000 CVE-2024-47616,0,0,e468a01c0ad8c1681bd9bcca10b68d0dc49f1762ba4c73b0fcd42c94c3a03664,2024-10-04T13:50:43.727000 CVE-2024-47617,0,0,6808f4f1a39cfd172fc3fb97ceefa056192d82fd1335e0915ad2252e36090af2,2024-10-08T14:23:38.597000 CVE-2024-47618,0,0,78fd78bfc1ee9f9650f798677686d5a20d8d5637ae000c91b6ecc17157cb2c51,2024-10-08T14:31:08.180000 @@ -265497,6 +265567,11 @@ CVE-2024-4777,0,0,0559f9fc05b16fbfafe09a51db41feace21d30c4b62adaed6c18b481b5c868 CVE-2024-47771,0,0,d9e667f8f1c80546a8045e1095310494da0b5c3573a4d135848ba5926d74346b,2024-10-16T16:38:43.170000 CVE-2024-47772,0,0,d44ff120e944da2dc5af52cd93bc3dbbc90b32bb1d1dfafa64c4e29499f80303,2024-10-19T00:58:21.947000 CVE-2024-47773,0,0,2009644e404b2ecafb661ade272442df90db2955e19ee81df643af922d4ed623,2024-10-10T12:56:30.817000 +CVE-2024-47774,1,1,ad0a40d21ba60babcd641845ee1d63acdc4bdbc324ec61e1c292e22635404204,2024-12-12T02:03:40.297000 +CVE-2024-47775,1,1,2b654dce01c41f6ddbc297b90ad3fb8c5d208c2ca5e95574dc0328e73ec8ada9,2024-12-12T02:03:40.430000 +CVE-2024-47776,1,1,5fc74d327bc124d6d9efc62bd145f4554b2622e6527c062e9dfba6aab8c4c9ec,2024-12-12T02:03:40.557000 +CVE-2024-47777,1,1,79b62b52b74f30016e94510d0efd72b17f96e767545359cffce38dae3d09654f,2024-12-12T02:03:40.700000 +CVE-2024-47778,1,1,f7f0b24fdbfac0fa9cf4cffdda0c116f5b968c4d289d7b29a2e27c6039c0058d,2024-12-12T02:03:40.840000 CVE-2024-47779,0,0,f45bec609c4badd092d94b15a6e989750499ce429b106701bd6194af2bd710e6,2024-11-12T17:15:08.037000 CVE-2024-4778,0,0,e57b8973c317673f3da5d03c70e39b5751656f3ce9cc483a1083f3fb6adea583,2024-11-21T09:43:35.683000 CVE-2024-47780,0,0,7663ff45af636c13b030ae6fb174e9903ff436d33bf119a27c44ca85ee88de6b,2024-10-10T12:56:30.817000 @@ -265542,6 +265617,8 @@ CVE-2024-47830,0,0,743064bf130fdd14a137794859b60609448751c54b54b84343bbf33a11303 CVE-2024-47831,0,0,2da9380408ec987b38c3ce4a1241b2ce84ade82e57460ab76452d64f3cf66aa7,2024-11-08T15:39:21.823000 CVE-2024-47832,0,0,08304b989bf4fd67fbf1287271f2d844b91bd7eb92f6d1e1820084bd13aee3d3,2024-10-10T12:51:56.987000 CVE-2024-47833,0,0,2cf7018b5754d4cf2a871933c30f423ab9d07a7d30faa3a027bc6b90d8d7f897,2024-10-16T16:33:34.493000 +CVE-2024-47834,1,1,831477fb18465e7e6b8f1eacc79b3ad2c5a4371b2feeaddba49658e6e1b5e721,2024-12-12T02:03:43.017000 +CVE-2024-47835,1,1,2f5064a78b72fad3c4d1c8603a26d32a0597f7635db60acf8d72dd96ced566bf,2024-12-12T02:03:43.163000 CVE-2024-47836,0,0,8435584b9f41e021b18ba8ae67dbd1d9d6f175899d2582f8891eecb04cef04a7,2024-10-18T12:53:04.627000 CVE-2024-4784,0,0,2e76d4546e9c62c3ba092021d46c486d8384cfb9c654dd39c0e0103c384bad26,2024-08-23T16:59:30.430000 CVE-2024-47840,0,0,133715aa63b225129caeb9f361174ef8c3d70528dec65494b16a4b26cb8e6a96,2024-10-16T16:44:54.440000 @@ -265828,7 +265905,7 @@ CVE-2024-48442,0,0,2d256703959d5674c7059d0fc373d70703c32fa535ede7e1382722511cb6a CVE-2024-48448,0,0,a99f12680e27f2aa26c82e15e379e1be001a083141c2de9e36bbeee9d3fd22db,2024-10-29T21:35:22.540000 CVE-2024-4845,0,0,e1e461ef60509dabf0e7e2dde808d36cb958becba4b5c88bdf30fa8f1c23ed01,2024-11-21T09:43:43.393000 CVE-2024-48450,0,0,2ad4bca80a954b5a64850267d64cde36a0cc73a58476afe8de69f997e4304a47,2024-10-29T21:35:23.350000 -CVE-2024-48453,0,0,4cc027c3a8cf7f5c415b35650fe2bbfcf589ec6ab7e04f8ab71540820050c461,2024-12-04T18:15:14.523000 +CVE-2024-48453,0,1,3e4df1eeae274bbab92d66627c425462f4715efda5653276293edf2b80192e38,2024-12-12T02:04:03.420000 CVE-2024-48454,0,0,9e0f8e82bd55ca3c8b98e816c5edf51ab830449d458f68194479be7d35927289,2024-10-25T12:56:07.750000 CVE-2024-48459,0,0,f2ab7e7f3244c10dbfc979fa6bc201608cff2894282b5a96f254cb41fcce18b6,2024-10-29T20:35:32.737000 CVE-2024-4846,0,0,74d9cb500e6ec3c3eeaefc6b52bb41cb76c1e47820ff2b958b0158c620b5f565,2024-11-21T09:43:43.533000 @@ -266019,7 +266096,7 @@ CVE-2024-48909,0,0,5af217867017b45645b1cd88e9368407196c63b062f42cfaf011c832caa8e CVE-2024-4891,0,0,7cb3db743f108d5675454fcadd708016c769ea8cf5a8b2853b03b88bb20963e7,2024-11-21T09:43:48.267000 CVE-2024-48910,0,0,7f12c97e649c7955bf5eb5f3507eac6092487e8d427486ba58a1995cf7bdfe0b,2024-11-01T12:57:03.417000 CVE-2024-48911,0,0,55b7a5a266268268213060e2c0d21ae7b031d3c5984450b459efb48b395401c8,2024-10-17T21:13:37.147000 -CVE-2024-48912,0,0,ff95c64412382e8bf9935aaafeab92fa0a3884f65d560a3b6c434adca6180412,2024-12-11T17:15:17.043000 +CVE-2024-48912,0,1,0be7ae862b026efd5abcbbd8f69ce462287a28caad88130532603cd7782c29fb,2024-12-12T02:04:18.923000 CVE-2024-48913,0,0,27febbef07f52d15082822a078467473fe159291b0acb1f4d5bbfdd00e1f7d37,2024-10-16T16:38:43.170000 CVE-2024-48914,0,0,06e6403f67b46df13be7d3307b268a340a7b5ecc4c110c41c7ad7a6e410813ce,2024-10-16T16:38:43.170000 CVE-2024-48915,0,0,9d7a6a29dbd5024252c24e84e8b90c6b30d7a5e8086888e4b95df3996ef82dfc,2024-11-21T17:15:20.387000 @@ -266143,16 +266220,85 @@ CVE-2024-49052,0,0,dd0bcb66115c1771d06ad625f605bd6935a6b37adbfb250ee90053ac68868 CVE-2024-49053,0,0,59da9bbc5c38e7d4afcbbccf6f87feb699c3c24c67cc56dbfb3abfa511e08245,2024-11-26T20:15:32.890000 CVE-2024-49054,0,0,62448bf015dcf89d959c31bd00aed3360cb35a080d7b2e98a7f5f314352b9e36,2024-11-22T16:15:32.150000 CVE-2024-49056,0,0,12decfd3c3f8681897e7f96665e98f3998f2b9cf7669bae978788124a37899c4,2024-11-13T17:01:58.603000 +CVE-2024-49057,1,1,5b4d3a70e4b50f720cfe92695862d3da17b39d472c35b4ec7051906be67a62eb,2024-12-12T02:04:29.907000 +CVE-2024-49059,1,1,6708a5dac64d319e07d91604723b5a92afa6add21b7fc74d6bfcca58a6f5f728,2024-12-12T02:04:30.040000 CVE-2024-4906,0,0,867b56b92bfe21b322ca43ff902131a5c10ad7122b44578e5002b985071da5a0,2024-11-21T09:43:50.303000 CVE-2024-49060,0,0,8d384c39c33aff3287c8ce53816a9ba69e4bd70b5dce130b5d549ebd7ec1e5b7,2024-11-18T17:11:56.587000 +CVE-2024-49062,1,1,a3e701c896ef1a4ffe9fca9b59b67b78f0a06fc5364232bd5e21bccd840bab2e,2024-12-12T02:04:30.273000 +CVE-2024-49063,1,1,b83229c81939b1b707daa5b54fc18f694e81ac38b6bdec2096dce68622733549,2024-12-12T02:04:30.397000 +CVE-2024-49064,1,1,ec51fee6da1c6e61d49b9eefee9bd707222ccf07c9ecbbb71fb261a5e30ce2b6,2024-12-12T02:04:30.567000 +CVE-2024-49065,1,1,55cb070e131e1bc86c1cbd0180826ed47b73ee3bc66022017e8083b5fdbacffc,2024-12-12T02:04:30.697000 +CVE-2024-49068,1,1,1c1bcaf90da4c910cf96c8e2ac74caf631944ebe7ddffe19b0ed0101e3263cf4,2024-12-12T02:04:30.833000 +CVE-2024-49069,1,1,997252f48e03c7481776761316c055940912a82cc9c74518ca5fec4f7a025215,2024-12-12T02:04:30.967000 CVE-2024-4907,0,0,d6b7dc03b21dceb93f6fd73ab4b273cf2b8cc8c5e840e9fe21cad2f09e57703e,2024-11-21T09:43:50.450000 +CVE-2024-49070,1,1,f46b33345cab635f43006d057211d19817c7b77271e62aa689a52e23f1366fa2,2024-12-12T02:04:31.113000 +CVE-2024-49072,1,1,abd2d1147c85e50a55201c5d632959f0f799a0e5c6a057dbc583bd3db8c2ba47,2024-12-12T02:04:31.257000 +CVE-2024-49073,1,1,4bef736fa3b3ead6ff1389577fca8c64415e165dfdd41b40af089a10104710fb,2024-12-12T02:04:31.410000 +CVE-2024-49074,1,1,ffe4eaf979449c6ae52c5223e4cba37ef93314196e478fee90c8aea8f1be979a,2024-12-12T02:04:31.557000 +CVE-2024-49075,1,1,6927256de6daf45ced3cd3667d5f73cb06126ad54014e11b656deadde2e036ff,2024-12-12T02:04:31.700000 +CVE-2024-49076,1,1,1b8d7a26f516ac92f4e011d343d0048a08b39abbb48029c6b5f33273f786ee3d,2024-12-12T02:04:31.837000 +CVE-2024-49077,1,1,d9072d5c054cf577c19a53550e62cf8000a8dd5a20c93614b5e0b53af357407c,2024-12-12T02:04:31.990000 +CVE-2024-49078,1,1,06555ba0c21bbf6ebb81571c7419f612ce09737f6b9e54f82477c10004130a88,2024-12-12T02:04:32.137000 +CVE-2024-49079,1,1,7ae30547d5fd9eb15f9afcd215ffc48b5b9afe7ced1e55dbee225089b21e01bb,2024-12-12T02:04:32.270000 CVE-2024-4908,0,0,296f87c841a08f04a290e77f1c05e89a12f44b0b422a15c2762cf270d0237695,2024-11-21T09:43:50.597000 +CVE-2024-49080,1,1,c36673d272b319a8c4f1c6d79df476068d7a99c20829c6a562fb77967201c56a,2024-12-12T02:04:32.427000 +CVE-2024-49081,1,1,ccfb56455dc0ca5d1c8247447f752a6eb640fecfb83c88b8ecc377c046184e98,2024-12-12T02:04:32.587000 +CVE-2024-49082,1,1,52a7bc9d06c14037bd1e9445506603cc7abcd9785cb56479e035a0aea4c3727c,2024-12-12T02:04:32.733000 +CVE-2024-49083,1,1,c15969da1ff739032e4d20ca2cf2a9e7ac5d2e352e901bef0c511f449db5942d,2024-12-12T02:04:32.890000 +CVE-2024-49084,1,1,c34d4b07a24ad234d7d40c57bdce497b685ddde6587e2bff4a27f84653daa186,2024-12-12T02:04:33.077000 +CVE-2024-49085,1,1,eaad260d04e860dc1afeb1e2579a74bf8b923d7e3100d60139a839c997d5a2c6,2024-12-12T02:04:33.310000 +CVE-2024-49086,1,1,c68daac935e9268102fc4ff1c816dfb606d1dd2db7e01af8f3359a7507ab75aa,2024-12-12T02:04:33.460000 +CVE-2024-49087,1,1,925f6414cd2859747ad689df2c6dbf3e75f071f141e56d28917b25af8666e9fd,2024-12-12T02:04:33.660000 +CVE-2024-49088,1,1,40e222262c9d820f2524b94c11f4ab84405fa685dd7130e8be761d2c15fbd421,2024-12-12T02:04:33.827000 +CVE-2024-49089,1,1,9937ad244862ea44ad0fd756dcb002c2f9a092c665f499f695e99fee08021223,2024-12-12T02:04:34.010000 CVE-2024-4909,0,0,f193cd8689d0e2da2197a3b0cf2283d52a2a9b0130a819e463c97138ee5ce1e5,2024-11-21T09:43:50.737000 +CVE-2024-49090,1,1,f8ab829f6cdbbdea093a9eea9387dd34008c458444a0d568ae16213a4337b391,2024-12-12T02:04:34.190000 +CVE-2024-49091,1,1,da6aec917d94b7b34aec3c48f6d60480a660cb8ec7a9140fc8dbdf6786992470,2024-12-12T02:04:34.370000 +CVE-2024-49092,1,1,a299a560d9f7f5e5c7ba11f25716dbb95ff09a427844514392a4aa61a84be965,2024-12-12T02:04:34.573000 +CVE-2024-49093,1,1,827563be2b27a41909d6aa9cdce8cef76ebb7143ba384d5fb7cd97d6406cf16e,2024-12-12T02:04:34.747000 +CVE-2024-49094,1,1,8ddc9fa3559373cbac1aa7ac82f5274189d3ea0636d74cfcd350d7a786b2d6ca,2024-12-12T02:04:34.920000 +CVE-2024-49095,1,1,70848d582fb36c4126faf4fab4fd40062512b3c0f2823918600311f70911b91d,2024-12-12T02:04:35.080000 +CVE-2024-49096,1,1,d081e4ee39f992a49a1194eee288354ac11a96b566aa4aec577686b05977b35e,2024-12-12T02:04:35.230000 +CVE-2024-49097,1,1,228c7015d6e5321ccd0d6124691dde7590a2c9887da33370621071903f8d57b4,2024-12-12T02:04:35.387000 +CVE-2024-49098,1,1,9be6e1fd466e8f4ba084a71434372ffbd3e13517f1ca87d776057d87d8721f6e,2024-12-12T02:04:35.533000 +CVE-2024-49099,1,1,a50af4a57ffd48708ef45b7405361128197860c87dc6e0cedb8b77cbec3abba7,2024-12-12T02:04:35.677000 CVE-2024-4910,0,0,c17825c5def984b02f7c4fe179a9a588c35d5b662446b0b9897985e669f2c9cc,2024-11-21T09:43:50.870000 +CVE-2024-49101,1,1,838b922f40e98134ac77e2542ecd61b82060f51a69bc9a671c5fb560c2cfe950,2024-12-12T02:04:35.823000 +CVE-2024-49102,1,1,83913d9a4c7c7154c8d041d9fbe6017306df21a3340129b9a3975bc37b950d33,2024-12-12T02:04:35.970000 +CVE-2024-49103,1,1,c82b35193a259a4136957aaeeafc727f598f793d2d4fde03f42797f82e8fb35c,2024-12-12T02:04:36.123000 +CVE-2024-49104,1,1,a37a92b0e3284fec286129f774d78225a540a50d5e65c86d94ebbc27e7aeffbb,2024-12-12T02:04:36.267000 +CVE-2024-49105,1,1,e5308f8a5690995518ca278b447ced81f2f68bec9160ca7e2a2cee97123c0d8c,2024-12-12T02:04:36.417000 +CVE-2024-49106,1,1,c0dd6bc58a96911620a84a971f6330ccf73ee4252c3b0846e884748b5c2cde70,2024-12-12T02:04:36.573000 +CVE-2024-49107,1,1,37974d8a9cc57c4e568b5f662876d992b2aba7954bc2e4256743341373a10dff,2024-12-12T02:04:36.713000 +CVE-2024-49108,1,1,553614fff0376a64876460a5de1cd145bc422a2e00c7d49aa3e239f92ba3d10c,2024-12-12T02:04:36.877000 +CVE-2024-49109,1,1,9e1e41e8830c0eb3f18792cde4acaa10ae19df011bb008817a83ff1482b06c25,2024-12-12T02:04:37.023000 CVE-2024-4911,0,0,48d7e51443f8d41a59cc661d31773acd4e5457ba1cdcb301957f03052683f312,2024-11-21T09:43:51.007000 +CVE-2024-49110,1,1,71bcf23448de3773c248195ebcb0c3f13fdf8657bb5b687be7d3de81ee05d3cf,2024-12-12T02:04:37.170000 +CVE-2024-49111,1,1,1b24d1208f1eb5413a258893d144acddbc664244d88d09fd7044f9655260bd01,2024-12-12T02:04:37.307000 +CVE-2024-49112,1,1,2ccc1952c13d5850d81c3f877df35e534564e8c8d5c1009c3f8c6ac1caf6dc18,2024-12-12T02:04:37.453000 +CVE-2024-49113,1,1,6dc1e48e17815c88e1fc7b44710b7d650c0993c463604e8b57307d0bb4bab564,2024-12-12T02:04:37.610000 +CVE-2024-49114,1,1,a5cc7d89d5785eb8bafc1805266bae979fcd56130be7ca20d07e7af136241888,2024-12-12T02:04:37.757000 +CVE-2024-49115,1,1,665d17acef8171e0ba56a1b06380b5afc51fc29eb62443c8d2c82ee13d842151,2024-12-12T02:04:37.900000 +CVE-2024-49116,1,1,bbe95860f6e013d335bb010d5a12c8616fa781e9ff6e8f8291d9b892608548af,2024-12-12T02:04:38.050000 +CVE-2024-49117,1,1,dcef826a18b7ccd3b1d1016f100cb30571270737a5ea60aa0e762ee438d4061f,2024-12-12T02:04:38.190000 +CVE-2024-49118,1,1,c76cf39fb3c7b440dde84b937b6629051451353e1f08663b0391955f384cdc24,2024-12-12T02:04:38.333000 +CVE-2024-49119,1,1,b42bb795b79f77c5e8766839381fd05b3b3fae4293e518f4a1da79099884b3ad,2024-12-12T02:04:38.490000 CVE-2024-4912,0,0,2e32c58973d8251e1cb235e50a89f5def47ab3fcd3ac832fd6ca58856582e9b3,2024-11-21T09:43:51.157000 +CVE-2024-49120,1,1,574793c8aa72545357e1d95c5772c0e2266c4eae30d9f76c35cc66b91987d48f,2024-12-12T02:04:38.643000 +CVE-2024-49121,1,1,e47d7b5b6384afeefda49b149407ce3c2c2fa051a8b2c89949559d3b5ed5ce13,2024-12-12T02:04:38.790000 +CVE-2024-49122,1,1,efdf43c2e14aac20858fc68d65c7e3fe0b45266189ecf1e253fe9ffb02a84902,2024-12-12T02:04:38.950000 +CVE-2024-49123,1,1,df8fd9dab1515daa35805efa2b60587b4f2c1338e0a4daa08a8aef980702715e,2024-12-12T02:04:39.090000 +CVE-2024-49124,1,1,3d94a62afa736fd9e97f6930f5187996cfeb3b57ac5be7d3f558cc78fe5dcbdd,2024-12-12T02:04:39.233000 +CVE-2024-49125,1,1,fd01da8ce9f6a158e1359419039e8c7ba67c006b3b1f8036f83c02dcc32da844,2024-12-12T02:04:39.380000 +CVE-2024-49126,1,1,922deb91fc42c649a162854155178d0d645d62a4981afd0c7d2eccb2ca4fdcee,2024-12-12T02:04:39.540000 +CVE-2024-49127,1,1,c94e5564c42f93cd656528b1061426492249b20bb54a20e92248be0b1d50bf36,2024-12-12T02:04:39.720000 +CVE-2024-49128,1,1,62c289a9cf6370d7877bc5e7705986f03a0059bf80e5be27b4d7b39696894289,2024-12-12T02:04:39.870000 +CVE-2024-49129,1,1,b3b172ec96baf2942bfc95a9964668b86d02a321e18ad5de161d92f9716d495e,2024-12-12T02:04:40.023000 CVE-2024-4913,0,0,8f1077ca1f909bbf49b8f2a274026fe5a87623cec281204da7efc615ad191bc7,2024-11-21T09:43:51.293000 +CVE-2024-49132,1,1,f36aa79fdc9ec24a823b758d7ee1cf7540ef13f02e2b6a693953897c58e149d3,2024-12-12T02:04:40.163000 +CVE-2024-49138,1,1,a03c9a73546489f5dd65bbbad7de4ac9d0c7371f7ce29f14b1430ce4ce333b93,2024-12-12T02:04:40.307000 CVE-2024-4914,0,0,c1e4acb17def81a0854cc115da953100335e1c8f9a391685fb384320f3256d4e,2024-11-21T09:43:51.437000 +CVE-2024-49142,1,1,754e43c80be5e2faf236ca9e5b39c8e09727b1d9eb133503d009e67ee6405f4b,2024-12-12T02:04:40.460000 CVE-2024-4915,0,0,0db50bbbf81e6509cf2f04f7c74802ee1539c5988eb17e78bcc8e3a916243d8d,2024-11-21T09:43:51.583000 CVE-2024-4916,0,0,46062bb382c89200b166e2e86c9831624440cd917b76f7208234261e0e99e402,2024-11-21T09:43:51.723000 CVE-2024-4917,0,0,95cec23e602c996c3b6188d4e4ba043035d85d558b4aed6963a603c245d41e9b,2024-11-21T09:43:51.867000 @@ -267099,6 +267245,7 @@ CVE-2024-50333,0,0,2215b3721c9d11db558b39b1f74e4135c527ec52585c9b11c8251b7d114d6 CVE-2024-50334,0,0,5e65585748688385db99f8cbdfacf1d5e33645d25ebdde7d1e18f958016de1b7,2024-11-08T19:51:58.433000 CVE-2024-50335,0,0,ade722febc9dfd29ff5312a49cac7a2eae90cb1cee015a18ca21af2b83fd11a3,2024-11-08T15:09:07.440000 CVE-2024-50336,0,0,a5193abafd166cfb889100203ecf427fcaaa84768e0716a0a63351a39095d6d7,2024-11-13T17:01:58.603000 +CVE-2024-50339,1,1,c2d53e1ed0fc6c79923ccd0a043db73413418f26ac8a3a22467d142246766b5e,2024-12-12T02:06:19.147000 CVE-2024-5034,0,0,d223ae16593e2ecdb2242c0e6f0a8631184cfb6f48c2e0d137df7245167f186a,2024-11-21T09:46:49.320000 CVE-2024-50340,0,0,c04a10c0fd471eafad0846a62f3f7bc515d754e783b072015dcfb8d1d5493bea,2024-11-08T19:01:25.633000 CVE-2024-50341,0,0,5f65553b92d12d51b2a0f4b4c0e31e864f6370a6e6f53725be24fecbb503b767,2024-11-08T19:01:25.633000 @@ -267340,7 +267487,7 @@ CVE-2024-50580,0,0,3398f584a5664889c1e4deaaab3b304a2b81a8e4a61ec448e96876890935c CVE-2024-50581,0,0,46efa2852e259a5f8d275b5dae3ea2a01d70670e7b9ab092dcb227fcb28b2ae1,2024-10-29T17:17:20.747000 CVE-2024-50582,0,0,bc56234b3ab653a760273693a6e0012ab15651a705a524c4f1f1233ab3806295,2024-10-29T17:16:46.007000 CVE-2024-50583,0,0,7274c5e22b718796ad1b4962554320fbc5e753e3e5b53c77142694b9ec8dd2dd,2024-10-25T21:35:08.253000 -CVE-2024-50585,0,0,05bcfb58391cefc8f14532acb51d1b4f80ad2fbcc996285de3b36a5c41ba30a0,2024-12-11T15:15:14.920000 +CVE-2024-50585,0,1,3ab67247e8f30f4fbfca962702858819d9540939e9d4e81cc6f18dea9bcdce2b,2024-12-12T02:06:30.727000 CVE-2024-50588,0,0,bfaa579943a78c86d813d9dedefba8b226ac11f00c84d1c00da87c599a1cb193,2024-11-08T19:01:03.880000 CVE-2024-50589,0,0,64643b83ced7e561121c5a71099032b9b033224c4f3853ee59622fb2bbd5e998,2024-11-08T19:01:03.880000 CVE-2024-5059,0,0,54938619cfdd6fbe1950b0926ce86597803c8de43a913f5077eec999d27cec3f,2024-11-21T09:46:52.720000 @@ -267363,8 +267510,8 @@ CVE-2024-50616,0,0,f16f40ce12577bc20e6d17ff8fa15bd5a1f69a543581dc34546ce7e8ac772 CVE-2024-5062,0,0,9128f70d0672705b0b285f525f62637be138c9786cd6adfa5de361b1c4e33225,2024-11-21T09:46:53.077000 CVE-2024-50623,0,0,6fcd66e2e3cba1cd1f30ebab630bce12ee40ef64a6546c3f39f7c8deba3898a7,2024-12-10T20:15:20.257000 CVE-2024-50624,0,0,425b4912ca74d0f19519cece63451f565c900b6a769644536a74ca4edcfab020,2024-10-30T21:35:12.223000 -CVE-2024-50625,0,0,5abc4084e07d9a3c79345867768f046fd6b8291d524d27fdad129b14201bd194,2024-12-09T22:15:22.610000 -CVE-2024-50626,0,0,663472eceab67dc8729488b116bdfc4f91c7ae178fe7f09c80d8f236516196dd,2024-12-09T22:15:22.733000 +CVE-2024-50625,0,1,0615c3ce00402c7fcf7bd9b67896f95a07c8c57e2adb669aeb487631cfaa7e03,2024-12-12T02:06:32.647000 +CVE-2024-50626,0,1,b58a9e7329930925a1ddf93a83d5b99f5db2eb97bc485eb0cfbf434a0322b898,2024-12-12T02:06:32.817000 CVE-2024-50627,0,0,ea64848ef2e270f567cb88c4dbf4ab01f9f2d915f5893b3b8f1eff3daf718969,2024-12-11T17:15:17.200000 CVE-2024-50628,0,0,1daf5ff0cc9df608c8ff4c00f291eda5553afef20749a9ab4a5287cfc68ca0a9,2024-12-11T17:15:17.350000 CVE-2024-5063,0,0,d66483573e96022ccfb509c4cd99c3f2ab64b3e900fde1922f4af776a81cdb65,2024-11-21T09:46:53.250000 @@ -267451,12 +267598,12 @@ CVE-2024-5091,0,0,942cd7816598a9a38306116813c44d46c4017ec3ca91059e04ec4c54cf0eda CVE-2024-50919,0,0,0e0de43028cbc2e3a7be2da6c3327cae947119486f4b0445705a5caa5d92a911,2024-11-19T21:57:56.293000 CVE-2024-5092,0,0,b1e4be6fd5ffc39750cf5fee980ce18eada6838842fb0652be3753b9b4a8934e,2024-11-21T09:46:56.943000 CVE-2024-50920,0,0,54dfeb08ffcdcf28508c5d36f7210703a893d5920e6e61d8ef674773d405de7f,2024-12-11T16:15:12.907000 -CVE-2024-50921,0,0,2b8e93f961af13cb8d2fe0b68f0ae0d21fc348db3041f530d3b90a34a028fac5,2024-12-10T19:15:30.380000 -CVE-2024-50924,0,0,587064682cfea38b6e6f1d4573f519684e441e040305f2713e4142f256f9b47e,2024-12-10T19:15:30.463000 -CVE-2024-50928,0,0,e62304ef2c754bf7721c6b4565f0b5b8591463e4aea1b7d5519fe6ba4bdd49b4,2024-12-10T19:15:30.550000 +CVE-2024-50921,0,1,dec22af4e69200eda28548d43ad1387a47bfbbf8b2af66503805a4d3fb7d4279,2024-12-12T02:06:39 +CVE-2024-50924,0,1,3f27cfcbe0eb82b0c36cd9295f4725e81b8483a8ff3b8d402b9ff21d16197dde,2024-12-12T02:06:39.167000 +CVE-2024-50928,0,1,364bd038ea4e3b839b8f07390a8ba2fa0c79e45f6a0c4626b7094944714c263d,2024-12-12T02:06:39.320000 CVE-2024-50929,0,0,c77f654eb3c75e0f6332a234eca373313f7a71a484db912d85e39f0a23979b72,2024-12-11T16:15:13.113000 CVE-2024-5093,0,0,980fcdd185426a9fa9ea34c399d0eba666c68a5c3f4d7d9361932fc8f79b7500,2024-11-21T09:46:57.060000 -CVE-2024-50930,0,0,3b1b5c2d6223c13d4b1a79d7b55ee8b8035b571a4ac69dd2b9ab01250f6d6e2c,2024-12-10T19:15:30.727000 +CVE-2024-50930,0,1,63597b40d062e2ccb186962fda21a0800dc34983d8682eeee25b0d907686a485,2024-12-12T02:06:39.577000 CVE-2024-50931,0,0,02943804abc1002f0dd15d43a7dfd2141cfe2d49d87bd4254fdcb95f3c552bc7,2024-12-11T16:15:13.317000 CVE-2024-5094,0,0,f572ab7eafee07c8d987d5a3c905aa40f60dd2446639e00e7652e97e7c95fb47,2024-11-21T09:46:57.203000 CVE-2024-50942,0,0,74bb27dcec6f641721fef2704da713b75046095ccb8aeb2b392b8ef1abb8cd71,2024-12-04T17:15:15.020000 @@ -268843,6 +268990,9 @@ CVE-2024-53264,0,0,a32d4daa26a746493ea0f873c770ba4e99221937a3918a07719b9b2327c46 CVE-2024-53267,0,0,accd32a67a608848754723b681c6e9dcbc299572dceeb0ccc536e90037eb33ec,2024-11-26T19:15:30.473000 CVE-2024-53268,0,0,a408af8f5ee18e6e866628a8181262e5b345f36ec790e37835b95d7b67c7ce70,2024-11-25T20:15:10.583000 CVE-2024-5327,0,0,c9fe7d7fa06a5d3d75a080dba8857bf423c18144dc7f53781589989842b7c438,2024-11-21T09:47:25.873000 +CVE-2024-53272,1,1,fbc5c9af12eb2bfe339727cc5b546b5f3cef9f54f82fdc0baf1a6fb9a12cfcfc,2024-12-12T02:15:28.670000 +CVE-2024-53273,1,1,3e7756e4dd08d211689aa96485acb8aa72a485371141832aab96a261beead8f8,2024-12-12T02:15:28.813000 +CVE-2024-53274,1,1,f819dd2187814f1151f0ec542e5ba0c8e05c34296a8dd2088f589935f1133f7f,2024-12-12T02:15:28.940000 CVE-2024-53278,0,0,6f30b711eaa2519505a8ae7e3cc5077447b747b2c4a9b5a5e0658f524894f224,2024-11-26T05:15:10.563000 CVE-2024-53279,0,0,dfc5f096a36d29d0f8644df8f6c1c9487efce3642c797493ad061622e50e96a6,2024-12-09T04:15:04.477000 CVE-2024-5328,0,0,6202213e4923d2ad4b73c742ef3cdb1565340ec9be018d39ba9d29068bc91119,2024-11-21T09:47:25.977000 @@ -268881,7 +269031,7 @@ CVE-2024-5343,0,0,a520df0d2c87c5fe35335a1b343c956cc8dcf1b7b7959b5acc51996bdc11fd CVE-2024-53432,0,0,91200366caef4fd477ae549a4b97936ab0103419821400acdfe9619ad1d645ce,2024-12-04T16:15:26.240000 CVE-2024-53438,0,0,269e7677ace7d9295c53368d7a770c8536638e497558c04303dcd88d3a89eb20,2024-11-27T17:15:14.647000 CVE-2024-5344,0,0,8f458be972a177773c42d8be4d4a2a3285a02690bc775c46c880075a709e9dd2,2024-11-21T09:47:27.763000 -CVE-2024-53441,0,0,6fa821e2c267d095456f77ca67b20d4bddb8527931416944a8acea3783a3793c,2024-12-09T20:15:20.800000 +CVE-2024-53441,0,1,6fd1ab6c39283c281fb77a33e67ee748a9a5101b24caf395826a036ac10d8136,2024-12-12T02:07:57.850000 CVE-2024-53442,0,0,d228660d56d3a571a361a3c128f6a576835f40179a930e9ca9db1661418723b2,2024-12-11T17:15:19.083000 CVE-2024-5345,0,0,c0e9154b8cf6eccc0abbcabbb8ee4621432a41cc6dca94348a2468e667caa563,2024-11-21T09:47:27.883000 CVE-2024-53450,0,0,35c5f2872561bc157223093101834ca44cd8e03e4dad5a58a6584da3319abc23,2024-12-11T16:15:13.910000 @@ -268892,7 +269042,7 @@ CVE-2024-5347,0,0,a4eb7d8feed8c584fc13b2c0e6136e67598b45cb75b5638081f14ed1c0f5fa CVE-2024-53470,0,0,7e717d458d3e971476fce58f4e759acfb3653594788d9bb4f7ef6a8cad1dbc8b,2024-12-10T22:15:25.010000 CVE-2024-53471,0,0,dea70dfafbf7c115f6b9fc5aab8fa383b86b6c8d65d06c11e3049e5b3d3b885e,2024-12-10T22:15:25.277000 CVE-2024-53472,0,0,f62f01117567dfa980810b663addc9d4b9e324fc111266531f31ef2f0fb28372,2024-12-11T17:15:19.720000 -CVE-2024-53473,0,0,358e2b05fdc54a6e3691e8ba3f77fedff57be14fcbc952f41ed19a97501744e2,2024-12-07T23:15:34.137000 +CVE-2024-53473,0,1,4f11e5668fdef12cb16e2bf05d839c650d20a6c384846fe0258311160154b68b,2024-12-12T02:07:58.713000 CVE-2024-53477,0,0,3dfbb52637bb052a793d1b67a024cd50b899929ad7fee8a9366a9aa6e069e388,2024-12-11T16:15:14.150000 CVE-2024-5348,0,0,0c3454114961657672c2409af3f9f2f3bb9995c6579ea15f7d29552347b906f3,2024-11-21T09:47:28.240000 CVE-2024-53480,0,0,4889d0ff1fe4dddc3829b2478649a6155b88e7256aa2574b5a87fc73b9645c93,2024-12-10T20:15:20.920000 @@ -269090,6 +269240,7 @@ CVE-2024-53832,0,0,d5319c051d93938c512d53d904b1dbef4fa88b0e7db94b21b8cca1375be3a CVE-2024-5384,0,0,8d376a2ca7902f4602c393c8e22120c83f3a08831ccd742c2d440f44affa2cad,2024-11-21T09:47:33.103000 CVE-2024-53843,0,0,c44c99ef4402ecef78ac8c1b113f8d73cb64b635f31482723ce78cbb921e8259,2024-11-26T00:15:07.430000 CVE-2024-53844,0,0,b0e1409716740a79089a588f0454ff38097ac555d54020c4c21a59c02d9d74a3,2024-11-26T19:15:31.463000 +CVE-2024-53845,1,1,dc2b41c880a053058b5cbf2610e15ce60c185ffaa5d296bdb0747709bb40ae31,2024-12-12T02:15:29.087000 CVE-2024-53846,0,0,19691747037ea52c60e879802f51a31a2fb4ec7d37738a291a8cacea731ff30b,2024-12-05T17:15:14.477000 CVE-2024-53847,0,0,7b329f935dd179a8538a148bb39de95ebfd2c6752ba8c06ae42e4a14381954fe,2024-12-09T19:15:14.387000 CVE-2024-53848,0,0,5d7406bf40d4383800e1de0c70eb6032691db24ded6c883df8d312fa0222f375,2024-11-29T19:15:09.290000 @@ -269309,13 +269460,50 @@ CVE-2024-5442,0,0,d04c2bb3cc8f82a2c7270c721f12e5a9b2940fb0a26db1ab02f9941e2c6a77 CVE-2024-5443,0,0,adadd9c694860afcdd394e8dee0fe463a311b2c2fa5a4e181ef4b87c4458e44d,2024-11-21T09:47:41.690000 CVE-2024-5444,0,0,d122b54e471150af4b6bf3b5aac169a49909a5e1c30b12ec4d263232852abd0e,2024-11-21T09:47:41.810000 CVE-2024-5445,0,0,868cf662746874f2c335da1d583d2882ec8b61a1e57de341d372842bb0244e3a,2024-08-12T13:41:36.517000 +CVE-2024-54465,1,1,f8f38f66d86de9cbecab7f919e2deb61c2a995cf391ec3c5f7efc54e6b59e8f9,2024-12-12T02:15:29.243000 +CVE-2024-54466,1,1,f16476694d7d7f09848a3428adddd3a6ecf6f6b4a8d6b1ac09e8b127fc2aea39,2024-12-12T02:15:29.330000 CVE-2024-5447,0,0,b60e0535b73a6be4da90a7fc1432b0141afa78596c3a5ade6408fe521639c5d0,2024-11-21T09:47:42.057000 +CVE-2024-54471,1,1,1b6fe67a5013f3ec3d20bc2cbdb940ad543867076b35c5f3e98a544c844916bf,2024-12-12T02:15:29.420000 +CVE-2024-54474,1,1,005936ea91f3a39d3469e2ab311570f968dc0ad8c539dd67da260e388395e6a1,2024-12-12T02:15:29.500000 +CVE-2024-54476,1,1,9d405ca143664eac061708d4c5cb23032e020f1f9d2c73eb13a4c4c6d1bcb006,2024-12-12T02:15:29.583000 +CVE-2024-54477,1,1,558d61f13c9ffe8e2eb142acaefb8f8434021a61930542cbe5e2c5734f785148,2024-12-12T02:15:29.663000 +CVE-2024-54479,1,1,f05ccc4bcab0c07cf2d06a64b5645b0d4f99e7ff4f19d612d37082332f7e92fd,2024-12-12T02:15:29.750000 CVE-2024-5448,0,0,fb51af8aa43452e6336e86308a3b6b8f94eaece6d7d51fb1e15ce1d675c555ee,2024-11-21T09:47:42.227000 +CVE-2024-54484,1,1,38c630753772c6e087ac01da5aa510336b9683963e22be6a19f19c372f505298,2024-12-12T02:15:29.843000 +CVE-2024-54485,1,1,831723989ca0075acd838f11a776d0580279edfa5aa11e8d0e4102a383eb0a1d,2024-12-12T02:15:29.923000 +CVE-2024-54486,1,1,78ca056304bcb0d91c706c025cac8fa72f00589420b6c66544a820487a2a0fdd,2024-12-12T02:15:30.010000 +CVE-2024-54489,1,1,a6636d6fe9e57534deb14459a766f0093cc8052684efcb93e99592cb374e77c8,2024-12-12T02:15:30.097000 CVE-2024-5449,0,0,1d8d63580d1cb9064d797bded58f9169ad76c503e92c814880090cdd281d631c,2024-11-21T09:47:42.400000 +CVE-2024-54490,1,1,f81247b03d3ce9b55d846cbe17ffae088b55233bc0f42dd0a9ead4754f2737a5,2024-12-12T02:15:30.183000 +CVE-2024-54491,1,1,bcd50b5dce3c04934400f9bee0e020bbea76a20290c94f9de92917e71499cfc0,2024-12-12T02:15:30.270000 +CVE-2024-54492,1,1,dd59f74455fc35061480358b1d658f9e6abde36ae3621609921179965994c4a8,2024-12-12T02:15:30.350000 +CVE-2024-54493,1,1,bfb960c4ebbe0d4565037ecac9382532b4c09aac88521f33498fb6ea8c94fc2c,2024-12-12T02:15:30.433000 +CVE-2024-54494,1,1,98bd7317904281b9342cfeee9f3138b0355bcebca61377dbfcdf76ad03249e10,2024-12-12T02:15:30.513000 +CVE-2024-54495,1,1,4b94d5ec0ae75a56980fc169321a9176d5c1d4ed716e6843e3464d9124747bda,2024-12-12T02:15:30.600000 +CVE-2024-54498,1,1,645804d3ae00c7323ce15693a4daa43ab064cc5064ef63d9bd1f1c6656ec6366,2024-12-12T02:15:30.683000 CVE-2024-5450,0,0,24d03210219d9f2f3eeb200aadfbbd2297fa2c6b8d7ee9efe09cbafc9256a693,2024-11-21T09:47:42.517000 +CVE-2024-54500,1,1,3eeadc2a6769c05118da67113f7387f561a45aa53b591491122e4820f15f7a8c,2024-12-12T02:15:30.777000 +CVE-2024-54501,1,1,2c1dad345eb236cb858913e489bc9b811e260f6821e7ca701580c696fd657c04,2024-12-12T02:15:30.863000 +CVE-2024-54502,1,1,1db980c641f8fe23d57e57207c89a028a629955687d5863b268257336dfa6a59,2024-12-12T02:15:30.957000 +CVE-2024-54503,1,1,8c9b8167352d71196cff2380e560a8ff15a6770d801573ffc9b346fe13ad576f,2024-12-12T02:15:31.057000 +CVE-2024-54504,1,1,56ed60eca99a68be661f4387a7fd57e855ea039aaa1785baf297a8b0d21890c9,2024-12-12T02:15:31.140000 +CVE-2024-54505,1,1,66564d8ca2238a8ba3f04dd2a78a9739abf045c1face54c5439d391f06777b86,2024-12-12T02:15:31.227000 +CVE-2024-54506,1,1,c78cf0d6e721d3c7b61d2cde199e4e1cf692c7ca888297bbeddf8bd7e44f449e,2024-12-12T02:15:31.310000 +CVE-2024-54508,1,1,359cc8bfa17c568cfcb39517a2122b31a8b91654457e5317886d88dcd303b28f,2024-12-12T02:15:31.393000 CVE-2024-5451,0,0,20c45f860616b7f2fb649e3fe37f7d2b12e76160bf7131f2da5e11d5d4dbf253,2024-11-21T09:47:42.677000 +CVE-2024-54510,1,1,b8dd87123370739c859f6bcb75254560387b71c0e62db5e2f43a424be4dc0646,2024-12-12T02:15:31.480000 +CVE-2024-54513,1,1,f2ead93d5d405e8da1a6ac4ef58bd5f4a38980b91910f84a5c70a1643622ade5,2024-12-12T02:15:31.557000 +CVE-2024-54514,1,1,57428155ecd809637fa0f0d325c6656547ed3067f49c5d49d1136109ef9975ad,2024-12-12T02:15:31.643000 +CVE-2024-54515,1,1,21d91623b8b2bca6b7424202e7f4117ecd694df463026fd6ec38afc1d472bbf9,2024-12-12T02:15:31.723000 CVE-2024-5452,0,0,b01b2e3bd56dc4d1c97364b861c6906ac1d43b69b37e06474f7fb830a26b907e,2024-11-21T09:47:42.793000 +CVE-2024-54524,1,1,f4c5b79321783e067467207e598021e6bffe23a4deb80002e490eabc0fd7868b,2024-12-12T02:15:31.803000 +CVE-2024-54526,1,1,51631b50738005bf0362876416a5b98252df780bbecf6ab8a27b70faf72e4517,2024-12-12T02:15:31.887000 +CVE-2024-54527,1,1,70657c98dda90eec87ed736c766d146289a26414dc70fda3effc781ea4d7f323,2024-12-12T02:15:31.973000 +CVE-2024-54528,1,1,a70244c3172340112bf10eac5e5d17331669e092603913f3c62c782dbb767bd4,2024-12-12T02:15:32.063000 +CVE-2024-54529,1,1,d2dc18ce976c69efaa0c65fa605a5625fe0ab3e667d0e1f02ae746f93a01007f,2024-12-12T02:15:32.140000 CVE-2024-5453,0,0,a2ec805a779750f157f5864949edd755631f777b8533cba1597f48b2163330b0,2024-11-21T09:47:42.923000 +CVE-2024-54531,1,1,fbd7292a6c5cd1d75daae89bf65fd7400639e5370928c35669ff9aefaa0790a7,2024-12-12T02:15:32.220000 +CVE-2024-54534,1,1,8686cc74841df747a081deaf10064cbedcc70e58e16b2b5ed7de7380476db076,2024-12-12T02:15:32.297000 CVE-2024-5455,0,0,bb7f0660a3d41dc609cc2469cc15470bc23e52876e20e5d8aaba4695f97fb58a,2024-11-21T09:47:43.050000 CVE-2024-5456,0,0,3a1546469deeff993eb12e81bd13a91014bb8b4c59bc306c05d9d1bfeb03ccf5,2024-11-21T09:47:43.173000 CVE-2024-5457,0,0,5c67880d08a73805d7cd1c17b384d326fd43c5a8887de09123f9750f9092dc92,2024-11-21T09:47:43.290000 @@ -269341,7 +269529,7 @@ CVE-2024-5473,0,0,fdd6160c6121db618882f16bfc9c17f8c3a2501715cb9519638ef5a1fcd244 CVE-2024-5474,0,0,63893131768de13d83eb37c8075bce21b1c0f49d4d852fdf9f27e69aab8b3e48,2024-11-15T17:00:35.697000 CVE-2024-54745,0,0,fa6c31d7a2d0035c561f7b97850c2a530b0e2e38d0e9249ae4c46e230cdcbc34,2024-12-11T17:15:20.460000 CVE-2024-54747,0,0,9f0fca61fa6eccf9336f8eaa6d72537b4bbb8d5e3fd08e6c628143c0e6117234,2024-12-09T15:15:21.320000 -CVE-2024-54749,0,0,9843b013f360d8fb3ff95bfdcdfc0bf5c3f632d1d8b1b0bbd6fc777fe9950e5c,2024-12-07T23:15:34.810000 +CVE-2024-54749,0,1,2c9d895fdb5b90a3967a9403130c1863e1d8648bd0343f58138b0aee4bfec8d2,2024-12-12T02:08:18.910000 CVE-2024-5475,0,0,3f93fbbe9009c236ea2c6da72827f7bd871ace2e1ffd3b439453d8900914ef7f,2024-11-21T09:47:45.480000 CVE-2024-54750,0,0,a2b9bd793ac60105835f796550f4eca54ad7139b40ad2fdf283a28d5ab7647fe,2024-12-09T23:15:34.020000 CVE-2024-54751,0,0,78f3a2bd185940189152bb69b6376cf1d8ba8c4408c6ec0691296862b6b595c3,2024-12-11T16:15:14.910000 @@ -269460,7 +269648,8 @@ CVE-2024-55579,0,0,eb7b97c3360bce570eb740843f88f428eb8ed07ac934bdc24aaa75a35aac6 CVE-2024-5558,0,0,b9640ac59698561d1e2153bd708b9d8ca2d328fcb61a159842590b547b4c1a0f,2024-11-21T09:47:55.700000 CVE-2024-55580,0,0,d0db8db8caa9064b5ccfd1ebfcb70a56a05a77720b165abb2a708efdd1b5b12c,2024-12-10T15:15:08.300000 CVE-2024-55582,0,0,8c7e64bb3acec7a473c6e65040db0fdec814405cb32a2dc0c98b336fe36f3523,2024-12-11T17:15:21.103000 -CVE-2024-55586,0,0,783bbc0952a9c9a1d0e90c4c1133d59847ae90b7821de6a7e7ad86d9d5d5c9cf,2024-12-11T16:15:17.473000 +CVE-2024-55586,0,1,3d0bb4c2bac27d3b4a03aae38affd3479b13f167ab1c15ce773027b2d051abfb,2024-12-12T02:08:22.247000 +CVE-2024-55587,1,1,711e2633008eb1eba76caae9e56137ed795fc1a2da3aae74994e496b37e2deea,2024-12-12T02:08:22.413000 CVE-2024-5559,0,0,da875044adc3709281edfed6e696b593f02a48923f7270d2350dbdeb9c3f0186,2024-11-21T09:47:55.840000 CVE-2024-5560,0,0,5aa7f1759c9eb53992bc8fa45515cc25adc477b89cd6554f8c0736d42239dd24,2024-11-21T09:47:55.983000 CVE-2024-55601,0,0,89175adefd85ee52b8d0660bf5cffaad0818c3ee1a9c4ccd9c1b1dad82da5932,2024-12-09T22:15:23.100000 @@ -269473,9 +269662,14 @@ CVE-2024-55637,0,0,b339d1b46d013911874bbdadbc242ce2cec2e62c40f0c0b5fcadabacc3a18 CVE-2024-55638,0,0,a4181edcafad19b32a68c9307a9f7762f0502e887b0637bf4f98f55d3d91262d,2024-12-10T22:15:28.640000 CVE-2024-5564,0,0,3aa73f6c6404c243b9f6f394613afc94e063551efa8746acdefa8554437d3ac7,2024-11-21T09:47:56.340000 CVE-2024-5565,0,0,032bdcff8dac2089c90f98c674e66bb1a3269fca437d11950d454869056d685d,2024-11-25T13:15:07.310000 +CVE-2024-55652,1,1,df9c0a2e732c44517c1b572ec64766f50a44824e852c356d56737dbdd5bf604b,2024-12-12T02:15:32.377000 CVE-2024-55653,0,0,23cbcdc73ea3dd154265821e22496b95434ef5c6f5ff0474f2c26897e605302d,2024-12-10T23:15:06.410000 CVE-2024-55655,0,0,07019389634e3065fbeabfcfefa9ff068beb42552c22fbc2c221237f731ec5c6,2024-12-10T23:15:06.570000 +CVE-2024-55657,1,1,17a350d542cf34c2b22f3e00e2d57d66478e86eb48a2634497cf637379f17fbd,2024-12-12T02:15:32.507000 +CVE-2024-55658,1,1,9ed30072d0bb76726ab45fe24903242e643e69911ab5263487146ebedeee8fac,2024-12-12T02:15:32.633000 +CVE-2024-55659,1,1,9219361a42ab4ff38a574bd433d5d8243eeea10fb137e23211bf7440f9661806,2024-12-12T02:15:32.760000 CVE-2024-5566,0,0,55157068cefe792f617f9d985299d525c0156c753cbd8d7bb670501225f08f89,2024-11-21T09:47:56.607000 +CVE-2024-55660,1,1,d00088d6e909f8bc1cffbd084b108706165ff35f5947ccfb8fdaf9926a736207,2024-12-12T02:15:32.883000 CVE-2024-5567,0,0,58e82791c8fea00e3d24c3a38ca7e73d8284e730929acebb640917b4f39b60a1,2024-09-26T18:27:51.817000 CVE-2024-5569,0,0,af3784ad99fd1d8f40146e3cc0f791571d7dbaa8c15694f8f3c51428e2663498,2024-11-21T09:47:56.840000 CVE-2024-5570,0,0,af32f7b53ec97ba40a01429c66641e4f606201cbce98a2ca05767d4db7dc87d4,2024-11-21T09:47:56.960000 @@ -269496,6 +269690,7 @@ CVE-2024-5585,0,0,3265a88df8d70ddbcf0498f70471f819e196119d056334b0cc740862fdf747 CVE-2024-5586,0,0,9e958cf7b9d4e348a682e719d2a25256081b601b7da1ee22adfd05da1ccefb9c,2024-08-27T14:37:06.513000 CVE-2024-5587,0,0,23da3464337f3ff9fc8e3a69da35153eb22a5d4401c42b8adcfb39161b58e5f0,2024-11-21T09:47:58.613000 CVE-2024-5588,0,0,cd4fd6a3070fd76f99f64f98fe5c8858877cfc8403e9efe0eba9cc6fe8e6a080,2024-11-21T09:47:58.750000 +CVE-2024-55884,1,1,b6f5837f953cd717ff4cedf058f019f1933e170a7768a2feb59a91a21e1bd6bf,2024-12-12T02:08:23.127000 CVE-2024-5589,0,0,f5444edd52a970169072d34e3475e47df466a0f4e4d6a1a900b9eeb8173a84e0,2024-11-21T09:47:58.880000 CVE-2024-5590,0,0,61c18480efc672e6d99b43c679013d2693f79c71f53844282e3c898145206740,2024-11-21T09:47:59.020000 CVE-2024-5595,0,0,5c3da38e1b5f1812e17cdadfa64cfac3c13c5342e8821d9036b7da1dd32b505d,2024-08-02T17:35:43.927000