diff --git a/CVE-2014/CVE-2014-71xx/CVE-2014-7143.json b/CVE-2014/CVE-2014-71xx/CVE-2014-7143.json index 9b63ebae273..04556e74a21 100644 --- a/CVE-2014/CVE-2014-71xx/CVE-2014-7143.json +++ b/CVE-2014/CVE-2014-71xx/CVE-2014-7143.json @@ -2,9 +2,8 @@ "id": "CVE-2014-7143", "sourceIdentifier": "cve@mitre.org", "published": "2019-11-12T14:15:11.157", - "lastModified": "2019-11-14T14:45:50.167", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2024-11-25T18:12:24.673", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 3.6 @@ -45,13 +44,13 @@ "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", - "availabilityImpact": "NONE", - "baseScore": 5.0 + "availabilityImpact": "NONE" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, @@ -85,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:twistedmatrix:twisted:14.0.0:*:*:*:*:*:*:*", - "matchCriteriaId": "DACBAD4C-364B-4260-9C60-F11522076CF2" + "criteria": "cpe:2.3:a:twisted:twisted:14.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "81F2683D-0839-42E9-958A-C19E0A6F293D" } ] } @@ -124,6 +123,37 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2014/09/22/2", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96135", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2014-7143", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2016/CVE-2016-10001xx/CVE-2016-1000111.json b/CVE-2016/CVE-2016-10001xx/CVE-2016-1000111.json index 4bdd396393c..a86b24af589 100644 --- a/CVE-2016/CVE-2016-10001xx/CVE-2016-1000111.json +++ b/CVE-2016/CVE-2016-10001xx/CVE-2016-1000111.json @@ -2,9 +2,8 @@ "id": "CVE-2016-1000111", "sourceIdentifier": "cve@mitre.org", "published": "2020-03-11T20:15:11.960", - "lastModified": "2020-03-13T20:04:35.520", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2024-11-25T18:12:24.673", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 1.4 @@ -45,13 +44,13 @@ "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", - "availabilityImpact": "NONE", - "baseScore": 5.0 + "availabilityImpact": "NONE" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, @@ -85,9 +84,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "versionEndExcluding": "16.3.1", - "matchCriteriaId": "EAB1F53F-5C2A-485E-9F3E-4F055D23B816" + "matchCriteriaId": "5FBB6152-73B6-47DF-A9E3-D53B998E875C" } ] } @@ -125,6 +124,37 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] + }, + { + "url": "https://twistedmatrix.com/trac/ticket/8623", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://www.openwall.com/lists/oss-security/2016/07/18/6", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2017/CVE-2017-97xx/CVE-2017-9711.json b/CVE-2017/CVE-2017-97xx/CVE-2017-9711.json new file mode 100644 index 00000000000..d3a2c0d0253 --- /dev/null +++ b/CVE-2017/CVE-2017-97xx/CVE-2017-9711.json @@ -0,0 +1,715 @@ +{ + "id": "CVE-2017-9711", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2024-11-22T10:15:03.387", + "lastModified": "2024-11-25T19:10:02.253", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Certain unprivileged processes are able to perform IOCTL calls." + }, + { + "lang": "es", + "value": "Ciertos procesos sin privilegios pueden realizar llamadas IOCTL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-264" + } + ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A960B86A-C397-4ACB-AEE6-55F316D32949" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D79B8959-3D1E-4B48-9181-D75FE90AAF98" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A35FECFB-60AE-42A8-BCBB-FEA7D5826D49" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E9765187-8653-4D66-B230-B2CE862AC5C0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FD1C359-C79B-4CE8-A192-5AA34D0BF05B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", + "matchCriteriaId": "716B747E-672C-4B95-9D8E-1262338E67EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "35B7E25E-FA92-4C36-883C-CFF36F4B3507" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ECD99C6F-2444-4A5E-A517-0C8023DDF23D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE28A59C-7AA6-4B85-84E8-07852B96108E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DEE828B-09A7-4AC1-8134-491A7C87C118" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FA80D57-3191-47CF-AD3F-9F2D64E443FE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B2AFB212-F01A-4CEB-8DB4-2E0CC2308CB6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0986EF1-0974-488E-84C4-6880F876CE55" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C08BA58-2EBC-4A22-85A4-2ECD54693B9B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "27110478-4C08-49E6-BD53-8BAAD9D5BD65" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3664D302-D22A-4B25-B534-3097AE2F8573" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C56BC939-2FE8-4AB4-B638-35C83B224005" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E36C12E2-7064-41E6-B357-3F0E6E6D0A0F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE5C66CC-B00C-4581-B8FB-0632232E480D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87F57247-08CD-473E-A517-F9E85BFC7BEA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E07C621F-0BC0-40C1-9678-1AF6498AC487" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9C621A62-E346-406B-9D20-8FF6C2B0851F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "549E6F7E-A54F-423F-BD4A-A8FB97DBD39E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", + "matchCriteriaId": "992C3835-7183-4D96-8647-DD9916880323" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7B95CCC-37F1-4768-8D64-CA2028E93E03" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D1426161-4F7C-44B1-AA9E-EA661AA68947" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ECF81213-DE2D-4C4B-99E8-71AFD87E92CD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", + "matchCriteriaId": "95E826EF-343B-47FA-AB54-F13E868CE6A7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D27A1760-8D1B-4172-B6CE-65C72332F103" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CC5F96F1-D3FB-482B-A3C8-57BA4DE86D5E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06E0CC35-AC20-42D7-8FEA-CA4685E33E72" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4A2C4DED-2367-4736-A0AF-C8356F1271AD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BC1650DB-FDF8-4BE5-9437-8ADA11A07116" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B51DD51F-4BDE-497B-89E5-551D10CF3442" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0752054B-2C29-4490-ADC8-29F82BAA17E6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", + "matchCriteriaId": "005038B5-BCB7-4A23-8562-ACEF6E156C1F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "95B4B4D4-0357-4E1D-9B72-635106D632CF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F992088-5E31-4625-8C3B-CE7F946C61F2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E077FC03-F86F-417A-A3E6-BC88CB85C6F0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E016356C-94ED-4CDD-8351-97D265FE036E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E08016A2-E4FE-4E9C-A915-C66BE157AFB5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "018452D0-007C-4740-B2AF-E5C8BBAC310F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CFF35A3-1472-4665-9DAB-1ABC45C0D5B4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F930E9BF-C502-49C6-8BE8-9A711B89FA1B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0A2D2B3B-CB28-46AA-9117-A7FA371FDE80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE18BF66-B0DB-48BB-B43A-56F01821F5A3" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html", + "source": "product-security@qualcomm.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2019/CVE-2019-123xx/CVE-2019-12387.json b/CVE-2019/CVE-2019-123xx/CVE-2019-12387.json index 19dcdb901fd..79006509649 100644 --- a/CVE-2019/CVE-2019-123xx/CVE-2019-12387.json +++ b/CVE-2019/CVE-2019-123xx/CVE-2019-12387.json @@ -2,7 +2,7 @@ "id": "CVE-2019-12387", "sourceIdentifier": "cve@mitre.org", "published": "2019-06-10T12:29:00.287", - "lastModified": "2024-11-21T04:22:43.900", + "lastModified": "2024-11-25T18:12:24.673", "vulnStatus": "Modified", "descriptions": [ { @@ -84,9 +84,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "versionEndExcluding": "19.2.1", - "matchCriteriaId": "B563D206-DF4A-4F09-90E1-971A8778E35B" + "matchCriteriaId": "1E158350-303B-4ECB-AF5F-E076C149980E" } ] } diff --git a/CVE-2019/CVE-2019-128xx/CVE-2019-12855.json b/CVE-2019/CVE-2019-128xx/CVE-2019-12855.json index ea2adaa64d6..f4178528013 100644 --- a/CVE-2019/CVE-2019-128xx/CVE-2019-12855.json +++ b/CVE-2019/CVE-2019-128xx/CVE-2019-12855.json @@ -2,7 +2,7 @@ "id": "CVE-2019-12855", "sourceIdentifier": "cve@mitre.org", "published": "2019-06-16T12:29:00.227", - "lastModified": "2024-11-21T04:23:43.553", + "lastModified": "2024-11-25T18:12:24.673", "vulnStatus": "Modified", "descriptions": [ { @@ -84,9 +84,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "versionEndIncluding": "19.2.1", - "matchCriteriaId": "B70A4945-1C66-41BB-BA53-04C6366081F5" + "matchCriteriaId": "A7234F11-D648-42F4-823F-E4B8AF9461B4" } ] } diff --git a/CVE-2019/CVE-2019-209xx/CVE-2019-20921.json b/CVE-2019/CVE-2019-209xx/CVE-2019-20921.json index 98fd52a7780..c86f736be04 100644 --- a/CVE-2019/CVE-2019-209xx/CVE-2019-20921.json +++ b/CVE-2019/CVE-2019-209xx/CVE-2019-20921.json @@ -2,9 +2,8 @@ "id": "CVE-2019-20921", "sourceIdentifier": "cve@mitre.org", "published": "2020-09-30T18:15:18.007", - "lastModified": "2020-10-05T16:49:06.507", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2024-11-25T18:15:06.253", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,7 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 2.7 @@ -45,13 +44,13 @@ "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "baseScore": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", - "availabilityImpact": "NONE", - "baseScore": 4.3 + "availabilityImpact": "NONE" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, @@ -110,6 +109,10 @@ "Third Party Advisory" ] }, + { + "url": "https://issues.jtl-software.de/issues/SHOP-7964", + "source": "cve@mitre.org" + }, { "url": "https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457", "source": "cve@mitre.org", @@ -123,6 +126,35 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://github.com/advisories/GHSA-9r7h-6639-v5mw", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://github.com/snapappointments/bootstrap-select/issues/2199", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.npmjs.com/advisories/1522", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-101xx/CVE-2020-10108.json b/CVE-2020/CVE-2020-101xx/CVE-2020-10108.json index c2ca1e3e511..a516dcdd7a8 100644 --- a/CVE-2020/CVE-2020-101xx/CVE-2020-10108.json +++ b/CVE-2020/CVE-2020-101xx/CVE-2020-10108.json @@ -2,7 +2,7 @@ "id": "CVE-2020-10108", "sourceIdentifier": "cve@mitre.org", "published": "2020-03-12T13:15:12.293", - "lastModified": "2024-11-21T04:54:49.883", + "lastModified": "2024-11-25T18:12:24.673", "vulnStatus": "Modified", "descriptions": [ { @@ -84,9 +84,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "versionEndIncluding": "19.10.0", - "matchCriteriaId": "7E9923FC-A0E6-499A-A75A-83E9EAAFA09A" + "matchCriteriaId": "081EC898-8BF4-4069-9E4B-5C54F6ECC5A9" } ] } diff --git a/CVE-2020/CVE-2020-101xx/CVE-2020-10109.json b/CVE-2020/CVE-2020-101xx/CVE-2020-10109.json index 9ea0e360cd8..7f5874fbb8f 100644 --- a/CVE-2020/CVE-2020-101xx/CVE-2020-10109.json +++ b/CVE-2020/CVE-2020-101xx/CVE-2020-10109.json @@ -2,7 +2,7 @@ "id": "CVE-2020-10109", "sourceIdentifier": "cve@mitre.org", "published": "2020-03-12T13:15:12.370", - "lastModified": "2024-11-21T04:54:50.063", + "lastModified": "2024-11-25T18:12:24.673", "vulnStatus": "Modified", "descriptions": [ { @@ -84,9 +84,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "versionEndIncluding": "19.10.0", - "matchCriteriaId": "7E9923FC-A0E6-499A-A75A-83E9EAAFA09A" + "matchCriteriaId": "081EC898-8BF4-4069-9E4B-5C54F6ECC5A9" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22151.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22151.json index fd76c2bee64..8fe025362b5 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22151.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22151.json @@ -2,9 +2,8 @@ "id": "CVE-2020-22151", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-03T21:15:09.240", - "lastModified": "2023-07-11T15:51:07.247", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2024-11-25T19:15:04.760", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -19,6 +18,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +27,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 @@ -45,6 +44,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] } ], "configurations": [ @@ -73,6 +82,15 @@ "Issue Tracking", "Vendor Advisory" ] + }, + { + "url": "https://github.com/daylightstudio/FUEL-CMS/issues/551", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-241xx/CVE-2021-24171.json b/CVE-2021/CVE-2021-241xx/CVE-2021-24171.json index c9299a3a5f8..5dc45a283f4 100644 --- a/CVE-2021/CVE-2021-241xx/CVE-2021-24171.json +++ b/CVE-2021/CVE-2021-241xx/CVE-2021-24171.json @@ -2,9 +2,8 @@ "id": "CVE-2021-24171", "sourceIdentifier": "contact@wpscan.com", "published": "2021-04-05T19:15:15.857", - "lastModified": "2022-10-24T17:15:39.613", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2024-11-25T18:14:49.230", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 @@ -45,13 +44,13 @@ "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", - "availabilityImpact": "PARTIAL", - "baseScore": 7.5 + "availabilityImpact": "PARTIAL" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, @@ -66,8 +65,8 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "contact@wpscan.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -76,8 +75,8 @@ ] }, { - "source": "contact@wpscan.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "description": [ { "lang": "en", @@ -95,9 +94,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:woocommerce:upload_files:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:vanquish:woocommerce_upload_files:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "59.4", - "matchCriteriaId": "F831DE61-993F-4551-845C-07A1EFCF6386" + "matchCriteriaId": "4D755FA2-93D9-4FE2-BB9E-323398084C28" } ] } @@ -118,6 +117,20 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://wpscan.com/vulnerability/ed4288a1-f7e4-455f-b765-5ac343f87194", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.wordfence.com/blog/2021/03/critical-vulnerability-patched-in-woocommerce-upload-files/", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-302xx/CVE-2021-30299.json b/CVE-2021/CVE-2021-302xx/CVE-2021-30299.json new file mode 100644 index 00000000000..2f91ce3fa84 --- /dev/null +++ b/CVE-2021/CVE-2021-302xx/CVE-2021-30299.json @@ -0,0 +1,2343 @@ +{ + "id": "CVE-2021-30299", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2024-11-22T10:15:04.703", + "lastModified": "2024-11-25T19:11:21.280", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Possible out of bound access in audio module due to lack of validation of user provided input." + }, + { + "lang": "es", + "value": "Posible acceso fuera de los l\u00edmites en el m\u00f3dulo de audio debido a la falta de validaci\u00f3n de la entrada proporcionada por el usuario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F80BC68E-7476-4A40-9F48-53722FE9A5BF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "11B69595-E488-4590-A150-CE5BE08B5E13" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E839A0B9-64C3-4C7A-82B7-D2AAF65928F8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E870D82-DE3B-4199-A730-C8FB545BAA98" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15307882-7039-43E9-9BA3-035045988B99" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA85B322-E593-4499-829A-CC6D70BAE884" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "54C616C5-6480-4FE0-9A1C-08026CCB08D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn6856:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D8E02BA-3A7E-4B13-A8D7-20FD0FAE3187" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "180EB150-C114-429D-941F-9B99CDA4F810" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "93BA62AF-3555-463A-8B51-76F07BF0B87E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD031A8D-A48A-4363-8C00-C1FF5458D0FB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn6851:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64F5D7CA-6F31-4842-AC66-EB975C19C83D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3293739B-53D5-48C1-BC3A-FAA74D6C7954" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn6850:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E650C510-037F-47DB-A486-EBF871C73278" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8EE21BA-7178-4D69-852D-2322844FC6B9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn6750:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E9BACB28-F6EA-445A-B74F-0C3881FE59CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FB5DB2B8-25E1-4C0F-8AFB-7627FF9A04E1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn6740:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9BB21B3F-6D07-4B45-8A71-DC5490176296" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34AB9074-97A3-43F0-B829-CDB4E3066AC4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3998:-:*:*:*:*:*:*:*", + "matchCriteriaId": "362252ED-1DB3-4CF6-86DD-14919826D75E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19013619-9B73-4A4F-B5B2-2A7D9A41D81E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3991:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9523ACC9-9D2F-4A40-9CEF-9A9676176867" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2744A053-5BD9-45A9-A2FC-791BCA0CCD4C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D5F28E29-520F-469E-B048-62DE2EF07ADD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4BFB25F-013B-48E3-99FF-3E8687F94423" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BF676C5B-838B-446C-A689-6A25AB8A87E2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9C6E9038-9B18-4958-BE1E-215901C9B4B2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B36D3274-F8D0-49C5-A6D5-95F5DC6D1950" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3FEF2DB6-00F5-4B07-953B-EF58B31267F1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*", + "matchCriteriaId": "120E8F0F-EBEB-4565-9927-2D473F783EF7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F0D7B24-D567-479A-B4F1-595FAA053418" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3910:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33A8FAA1-F824-4561-9CCC-7F0DF12F740F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FB37B5DB-2493-4082-B2BF-60385B7E027C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6BCD2FE2-11F2-4B2A-9BD7-EB26718139DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D99CA230-0694-4898-A06E-9C522CCB86CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3620:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62B00662-139A-4E36-98FA-D4F7D101D4AB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAFD64E7-3F13-4DCA-8C46-6E8FE0C6F798" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "044A14FB-64F6-4200-AC85-8DC91C31BD16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92B17201-8185-47F1-9720-5AB4ECD11B22" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E1FA2EB9-416F-4D69-8786-386CC73978AE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "70292B01-617F-44AD-AF77-1AFC1450523D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA94C6D6-85DB-4031-AAF4-C399019AE16D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34143ABA-7D09-429F-A65C-3A33438BF62C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D56DFE3-5EF1-4B23-BBD5-0203FBF9CCEC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1295D869-F4DD-4766-B4AA-3513752F43B4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B98784DC-3143-4D38-AD28-DBBDCCAB4272" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE852339-1CAE-4983-9757-8F00EDEF1141" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D9E96B3-F1BB-46F8-B715-7DF90180F1E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8BA28CC6-C8BB-4F50-BFE3-A59F664A4F54" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D2BDF1-764C-48BA-8944-3275E8768078" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "28717583-463A-468A-8073-ECF0F90585F6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9335:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D1A7188-7D5D-4D46-AEAB-08BA84FFF539" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "76DB5472-DF51-4144-8A69-9B231CF782DA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm7250p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1D395018-251C-45AA-9EE8-A638CAB0B508" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "737807F6-F62C-4EC5-903A-0BA996834164" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm6375:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5B79990C-AAD2-4A91-A806-E449838054BA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm6225_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EC2668D5-623D-4E13-AF37-6F7040A14007" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm6225:-:*:*:*:*:*:*:*", + "matchCriteriaId": "72B0F4C7-CA0F-4B9C-A6AA-60934B2AB2C2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A27D26F2-3D91-40DE-8ABA-8CB03F02D0A2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sdxr2_5g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41EE5CAD-014A-4623-A177-154A8D93E01F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B726BE34-E18B-4A88-B8E6-778215FD419E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "585B794A-0674-418B-B45B-42EA97C40B9F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E93FB34B-3674-404D-9687-E092E9A246AB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3FF5A9A-A34A-499C-B6E0-D67B496C5454" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "913796B0-E3FB-4654-89A8-ED72D45A8D4E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sda429w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6616E0B9-B10F-483C-9B28-0A0557DC3372" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B991D515-9072-488F-B338-D7776C70FB62" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd888_5g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3F65BF0A-CC8F-4A4B-9FD4-7FC7066424F6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "577B18AC-9892-4373-AC0F-9FD477D64388" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd870:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EAF0EC2E-185F-40D4-AAE7-5F7ED76EC26F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "72433485-B229-46A6-BCA4-394AA4EEA683" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "04D40EC4-BF31-4BFD-8D0A-8193F541AF02" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2D52BC3A-6822-43B9-8CEA-2659481A9BA0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd780g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CC954854-0407-402B-8013-FAF53F1F5DC7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E170AD8-2723-42AA-9350-344874C4AC8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd768g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "13D505D9-E00B-4934-AD85-E5EA2921FD50" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40CAEB7F-1E1A-43CC-8663-171108DA27D0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd765g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDE196A0-AB55-4A5B-A1D6-630706310163" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C27A1EE0-EACE-4516-8423-A404E007DEC6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CF1560D8-14F6-4FD8-B83A-2023BB792065" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "770F9905-E0A9-43BD-819F-DCF577D02C4F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd480:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FFA522F2-6A5D-4B8D-8CA3-3394AEDC2E3A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D6D6965-B5B2-46D2-8718-43B7B22441C0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd210:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E75C7497-A7DC-436B-BACD-71F69D99517D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47AB5135-6391-45C1-81DE-803E3834F196" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd205:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FCEF246C-6B39-4DC2-81B0-040DCAAD5177" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51BC0A66-493B-43BE-B51F-640BDF2FF32E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8DA4D12-7ABF-4A04-B44E-E1D68C8E58AB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "69C1B02F-8D2D-42E7-B70D-41F4D9844FD1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3FEACAA9-C061-4713-9A54-37D8BFC0B00B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A71D74B0-0963-49FD-8E97-148C8993B263" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "910CBFA4-50F7-4C7A-B9B9-B88C8A919827" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "054F77D6-FC66-4151-9005-DC7ECDB5C722" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8ED3F589-16D9-46A7-A539-C9862473EE0D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C66671C1-AE1A-44BE-9DB2-0B09FF4417DB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "74AA3929-3F80-4D54-B13A-9B070D5C03BB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97BB1EB7-D194-4FE2-B4F6-A7A52F344DDE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qrb5165n:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA2C90E7-0F3A-43BB-ABF7-63CEA7A85ADA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qrb5165m_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D9CC1C8B-F642-4068-B9E3-ECE027486E45" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qrb5165m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A60F8378-B827-4557-B891-A8A02F8F2A25" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qrb5165_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89A1AAD0-9336-4657-8E1E-74E8F490C06E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qrb5165:-:*:*:*:*:*:*:*", + "matchCriteriaId": "386F2F37-974B-40F2-9B23-ABD49C60E32D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "403AE561-6C9E-49F3-A5D6-C48DDD51D663" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs6490:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6FAC140F-FC5E-4C88-B777-7F5EBF49A695" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4468EA5D-87B0-4FEC-A3DB-617651B0D169" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs6125:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6DA2C3E1-E285-4CAD-9FA3-813C8EC436F6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E634F59C-6817-4898-A141-082044E66836" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "29762819-EC90-499C-A8C6-1423DE3FE6B9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B05FD66D-13A6-40E9-A64B-E428378F237E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0D665C1-3EBA-42F2-BF56-55E6C365F7DF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2EEFADBF-D751-499B-80E5-C1069E129F18" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs603:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D327FBA1-69B5-467B-9B1B-A0380994D21B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06789CB9-E6FA-400D-90B6-C2DB6C8EF153" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs4290:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FFCB9F22-57F2-4327-95B9-B2342A02E45E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC43BB27-0516-4750-A4C2-C45298441398" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*", + "matchCriteriaId": "969585DE-93D6-4406-A632-D838ECD4D5AD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "36F5A18B-8C9E-4A38-B994-E3E2696BB83D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B703667D-DE09-40AF-BA44-E0E56252A790" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "93CDB7BC-89F2-4482-B8E3-9DDBD918C851" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs2290:-:*:*:*:*:*:*:*", + "matchCriteriaId": "76E03AE9-2485-449B-BCFD-3E452BB01FC6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ADD6D51E-5787-42A6-8A02-4EBBAFFF9C94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*", + "matchCriteriaId": "99AA0291-B822-4CAD-BA17-81B632FC3FEF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AB226552-52D9-44F5-A170-35C44761A72B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcm6125:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FBB16DC4-CDC9-4936-9C6A-0ED8E1F6D056" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3C7FFB96-53E7-41A2-BC99-7ACD853214A8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcm4290:-:*:*:*:*:*:*:*", + "matchCriteriaId": "74EBA77E-69A5-4145-9BEC-CD39BA132309" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5AB1F0FA-25F3-4304-A3BC-5264E55CC092" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcm2290:-:*:*:*:*:*:*:*", + "matchCriteriaId": "214A053F-D80C-4AD9-B4F1-83384095A3F3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FA8F9DA-1386-4961-B9B2-484E4347852A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca8337:-:*:*:*:*:*:*:*", + "matchCriteriaId": "117289C8-7484-4EAE-8F35-A25768F00EED" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0AE207DB-9770-40ED-961D-FDA75965826F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0E23922D-C37F-476F-A623-4C1458A9156F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D527E2B1-2A46-4FBA-9F7A-F5543677C8FB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8374DDB3-D484-4141-AE0C-42333D2721F6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "828CFB37-76A6-4927-9D00-AF9A1C432DD6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "11405993-5903-4716-B452-370281034B42" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B59672A0-2FA6-46CC-B75A-C599B842AFB9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6564au:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3847F4A5-90A5-4C84-B43F-0DDD81BD79CE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "886124F6-B397-4EB6-8E01-6012E468ABE9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6564a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "93ED74CE-6BF2-4983-8780-07D5336745B3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6564_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "00FE294D-4BE0-4436-9273-507E760884EC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6564:-:*:*:*:*:*:*:*", + "matchCriteriaId": "424CB795-58E5-43A4-A2EC-C563D93C5E72" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "04F574BC-9AB2-4B83-A466-556ECEBBD3DF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A34D021D-C043-4EFD-9AB3-B2174528CBA3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A344E78F-D15A-460E-8EF8-7C6FC39F2D5E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8FF5EC23-4884-4C2B-8E77-50B1E8E28A3D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "83B53119-1B2F-4978-B7F5-33B84BE73B68" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6FEBC0C5-CAA1-475C-96C2-B8D24B2E4536" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "96FBD6DF-F174-4690-AA3D-1E8974E3627F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A3BF86E1-3FAC-4A42-8C01-5944C6C30AE5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4E2F2D26-2833-45A4-81F0-8E9F338C1E13" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4EB171B1-D163-4801-A241-8DD7193A5DCB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A8A35ECF-B12E-42DE-A74B-2C3BE03639A4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:csra6640:-:*:*:*:*:*:*:*", + "matchCriteriaId": "65B283D6-B2D2-49B6-98A8-08EDB54C1F15" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA42F2EA-5D00-42B8-B020-C27675B72915" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:csra6620:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BFCF207D-B8C8-4860-89C7-673C821F0237" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C88B9C86-2E8E-4DCE-A30C-02977CC00F00" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:ar8035:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE473A5A-5CFC-4F08-A173-30717F8BD0D7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FCE1ADA9-8042-4CDE-A2B9-E96665CB41BE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:ar8031:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB1DE046-DD70-4ACA-9DF4-59939DAC1889" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD17C0A3-A200-4659-968B-B2DA03CB683F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B1F31FFB-982A-4308-82F8-C2480DABDED8" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2022-bulletin.html", + "source": "product-security@qualcomm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-217xx/CVE-2022-21712.json b/CVE-2022/CVE-2022-217xx/CVE-2022-21712.json index 080ef861bff..1b0c3300502 100644 --- a/CVE-2022/CVE-2022-217xx/CVE-2022-21712.json +++ b/CVE-2022/CVE-2022-217xx/CVE-2022-21712.json @@ -2,7 +2,7 @@ "id": "CVE-2022-21712", "sourceIdentifier": "security-advisories@github.com", "published": "2022-02-07T22:15:08.587", - "lastModified": "2024-11-21T06:45:17.317", + "lastModified": "2024-11-25T18:12:24.673", "vulnStatus": "Modified", "descriptions": [ { @@ -114,10 +114,10 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.1.0", "versionEndExcluding": "22.1.0", - "matchCriteriaId": "AB3625CB-8933-4E70-A2B4-C970732F9E43" + "matchCriteriaId": "D4767A5F-EF09-4130-8DAF-0A4DCBE0D1D3" } ] } diff --git a/CVE-2022/CVE-2022-217xx/CVE-2022-21716.json b/CVE-2022/CVE-2022-217xx/CVE-2022-21716.json index e4fc0e905c3..91e8d2dbb5f 100644 --- a/CVE-2022/CVE-2022-217xx/CVE-2022-21716.json +++ b/CVE-2022/CVE-2022-217xx/CVE-2022-21716.json @@ -2,7 +2,7 @@ "id": "CVE-2022-21716", "sourceIdentifier": "security-advisories@github.com", "published": "2022-03-03T21:15:07.747", - "lastModified": "2024-11-21T06:45:17.730", + "lastModified": "2024-11-25T18:12:24.673", "vulnStatus": "Modified", "descriptions": [ { @@ -114,10 +114,10 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "versionStartIncluding": "21.7.0", "versionEndExcluding": "22.2.0", - "matchCriteriaId": "CCAC1EB4-978A-4D5E-8DE7-8726B18FD9F9" + "matchCriteriaId": "8C744C2C-D511-4F4F-AFC5-FF6D88E2DF26" } ] } diff --git a/CVE-2022/CVE-2022-248xx/CVE-2022-24801.json b/CVE-2022/CVE-2022-248xx/CVE-2022-24801.json index 2fc86bf2579..bbf6253f625 100644 --- a/CVE-2022/CVE-2022-248xx/CVE-2022-24801.json +++ b/CVE-2022/CVE-2022-248xx/CVE-2022-24801.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24801", "sourceIdentifier": "security-advisories@github.com", "published": "2022-04-04T18:15:07.933", - "lastModified": "2024-11-21T06:51:07.710", + "lastModified": "2024-11-25T18:12:24.673", "vulnStatus": "Modified", "descriptions": [ { @@ -114,9 +114,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "versionEndExcluding": "22.4.0", - "matchCriteriaId": "6BE51A4E-B4B5-43AB-9C1A-46FC251C9BB6" + "matchCriteriaId": "541BD6DD-5A15-4333-93FF-51B1F4D6AADC" } ] } diff --git a/CVE-2022/CVE-2022-393xx/CVE-2022-39348.json b/CVE-2022/CVE-2022-393xx/CVE-2022-39348.json index 1d9eb29c1c3..b8b9c50565e 100644 --- a/CVE-2022/CVE-2022-393xx/CVE-2022-39348.json +++ b/CVE-2022/CVE-2022-393xx/CVE-2022-39348.json @@ -2,9 +2,8 @@ "id": "CVE-2022-39348", "sourceIdentifier": "security-advisories@github.com", "published": "2022-10-26T20:15:10.580", - "lastModified": "2023-03-08T01:07:01.430", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2024-11-25T18:12:24.673", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -18,11 +17,13 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "security-advisories@github.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,19 +31,19 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.3, "impactScore": 2.7 }, { - "source": "security-advisories@github.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -50,9 +51,7 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.3, "impactScore": 2.7 @@ -62,7 +61,7 @@ "weaknesses": [ { "source": "security-advisories@github.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -94,10 +93,10 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "versionStartIncluding": "0.9.4", "versionEndExcluding": "22.10.0", - "matchCriteriaId": "3353C73D-404F-4F2B-A6C3-3E00CF2CF875" + "matchCriteriaId": "5F189425-61DC-4B09-B387-6F7E6E536A0C" } ] } @@ -157,6 +156,44 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] + }, + { + "url": "https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] + }, + { + "url": "https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00038.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://security.gentoo.org/glsa/202301-02", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-262xx/CVE-2023-26280.json b/CVE-2023/CVE-2023-262xx/CVE-2023-26280.json index bfc557f339d..5518cfebf8e 100644 --- a/CVE-2023/CVE-2023-262xx/CVE-2023-26280.json +++ b/CVE-2023/CVE-2023-262xx/CVE-2023-26280.json @@ -2,19 +2,19 @@ "id": "CVE-2023-26280", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-11-25T16:15:06.243", - "lastModified": "2024-11-25T16:15:06.243", + "lastModified": "2024-11-25T19:15:06.987", "vulnStatus": "Received", "descriptions": [ { "lang": "en", - "value": "IBM Jazz Foundation 7.0.2 and 7.0.3\n\n\u00a0could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control." + "value": "IBM Jazz Foundation 7.0.2 and 7.0.3\u00a0could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control." } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@us.ibm.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", @@ -37,7 +37,7 @@ "weaknesses": [ { "source": "psirt@us.ibm.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28461.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28461.json index bc914946ea0..5fb247604cd 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28461.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28461.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28461", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-15T23:15:10.070", - "lastModified": "2024-11-25T16:15:07.803", + "lastModified": "2024-11-25T18:15:09.090", "vulnStatus": "Modified", "descriptions": [ { @@ -71,7 +71,7 @@ "description": [ { "lang": "en", - "value": "CWE-862" + "value": "CWE-306" } ] } diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46137.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46137.json index 6eb0a3da59e..fe5b4ce4476 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46137.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46137.json @@ -2,9 +2,8 @@ "id": "CVE-2023-46137", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-25T21:15:10.237", - "lastModified": "2023-11-02T15:57:53.777", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2024-11-25T18:12:24.673", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -18,11 +17,13 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "security-advisories@github.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,19 +31,19 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 1.4 }, { - "source": "security-advisories@github.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -50,9 +51,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 1.4 @@ -61,8 +60,8 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,8 +70,8 @@ ] }, { - "source": "security-advisories@github.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "description": [ { "lang": "en", @@ -90,9 +89,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "versionEndIncluding": "22.8.0", - "matchCriteriaId": "40A991C8-3D50-4216-99C2-A5FC733D28D0" + "matchCriteriaId": "1CEAFE1B-0546-4D6D-AAB6-2EE69DEA1353" } ] } @@ -107,6 +106,14 @@ "Exploit", "Vendor Advisory" ] + }, + { + "url": "https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6363.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6363.json index 0061a12d297..5494fcb75d9 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6363.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6363.json @@ -2,9 +2,8 @@ "id": "CVE-2023-6363", "sourceIdentifier": "arm-security@arm.com", "published": "2024-05-03T14:15:10.730", - "lastModified": "2024-05-03T14:17:53.690", + "lastModified": "2024-11-25T18:15:09.670", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,30 @@ "value": "Vulnerabilidad de Use After Free en Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de memoria GPU inadecuadas. Si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez podr\u00eda darle acceso a la memoria ya liberada. Este problema afecta al controlador del kernel de GPU Valhall: desde r41p0 hasta r47p0; Controlador de kernel de arquitectura de GPU Arm de quinta generaci\u00f3n: desde r41p0 hasta r47p0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, "weaknesses": [ { "source": "arm-security@arm.com", @@ -32,6 +54,10 @@ { "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "source": "arm-security@arm.com" + }, + { + "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7013.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7013.json index 10a379d0872..c81ea3d4d5b 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7013.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7013.json @@ -2,9 +2,8 @@ "id": "CVE-2023-7013", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-07-16T23:15:11.340", - "lastModified": "2024-11-05T15:57:00.397", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2024-11-25T19:15:07.563", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,12 +31,30 @@ "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 4.7, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 } ] }, @@ -49,6 +68,16 @@ "value": "CWE-1021" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1021" + } + ] } ], "configurations": [ @@ -84,6 +113,21 @@ "Exploit", "Issue Tracking" ] + }, + { + "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes" + ] + }, + { + "url": "https://issues.chromium.org/issues/40071326", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0353.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0353.json index 40acdc837a3..58a660ec633 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0353.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0353.json @@ -2,9 +2,8 @@ "id": "CVE-2024-0353", "sourceIdentifier": "security@eset.com", "published": "2024-02-15T08:15:46.023", - "lastModified": "2024-02-15T14:28:31.380", + "lastModified": "2024-11-25T19:15:07.917", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -55,6 +54,18 @@ { "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed", "source": "security@eset.com" + }, + { + "url": "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10710.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10710.json index 31182054aff..88a9b3aa357 100644 --- a/CVE-2024/CVE-2024-107xx/CVE-2024-10710.json +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10710.json @@ -2,7 +2,7 @@ "id": "CVE-2024-10710", "sourceIdentifier": "contact@wpscan.com", "published": "2024-11-25T06:15:05.960", - "lastModified": "2024-11-25T06:15:05.960", + "lastModified": "2024-11-25T17:15:11.747", "vulnStatus": "Received", "descriptions": [ { @@ -10,7 +10,30 @@ "value": "The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 2.5 + } + ] + }, "references": [ { "url": "https://wpscan.com/vulnerability/165ab698-c8b5-4412-a621-c5365d621fc5/", diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11514.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11514.json index e36ad72ccb7..c67df6242d0 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11514.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11514.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11514", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:09.693", - "lastModified": "2024-11-22T21:15:09.693", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:57:28.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ECW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23975." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en mont\u00f3n en el an\u00e1lisis de archivos ECW de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos ECW. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en mont\u00f3n. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-23975." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,48 @@ "value": "CWE-122" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1599/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11515.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11515.json index 84d6bc3dcc2..0428fd4177c 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11515.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11515.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11515", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:09.803", - "lastModified": "2024-11-22T21:15:09.803", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:57:23.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24010." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos JPM de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos JPM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24010." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1598/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11516.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11516.json index 192e766f2b8..a5bf9dea7a1 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11516.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11516.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11516", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:09.910", - "lastModified": "2024-11-22T21:15:09.910", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:57:19.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView JPM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24011." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en mont\u00f3n en el an\u00e1lisis de archivos JPM de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos JPM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en mont\u00f3n. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24011." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,48 @@ "value": "CWE-122" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1600/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11517.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11517.json index 2998aa91121..b6cfb24a8ca 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11517.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11517.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11517", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:10.020", - "lastModified": "2024-11-22T21:15:10.020", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:57:16.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24118." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos JPM de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos JPM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24118." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1597/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11518.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11518.json index e9f81dd70e7..b995534a3c3 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11518.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11518.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11518", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:10.130", - "lastModified": "2024-11-22T21:15:10.130", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:57:12.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView RLE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of RLE files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24444." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en mont\u00f3n en el an\u00e1lisis de archivos RLE de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos RLE. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en mont\u00f3n de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24444." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,48 @@ "value": "CWE-122" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1596/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11520.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11520.json index 29941803077..54ac04b2b56 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11520.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11520.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11520", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:10.360", - "lastModified": "2024-11-22T21:15:10.360", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:57:06.950", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView ARW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24488." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos ARW de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos ARW. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24488." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1580/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11521.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11521.json index 816ddd92a2f..cdb3da2fa67 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11521.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11521.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11521", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:10.480", - "lastModified": "2024-11-22T21:15:10.480", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:57:04.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DJVU File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DJVU files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24578." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo mediante el uso y la liberaci\u00f3n del an\u00e1lisis de archivos DJVU de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DJVU. El problema es el resultado de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones en el objeto. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24578." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1579/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11522.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11522.json index f6c0441e36a..4373f02958d 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11522.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11522.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11522", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:10.597", - "lastModified": "2024-11-22T21:15:10.597", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:57:02.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24595." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24595." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1590/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11523.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11523.json index 9d4c753386f..205b908b9d9 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11523.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11523.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11523", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:10.710", - "lastModified": "2024-11-22T21:15:10.710", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:56:56.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24597." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24597." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,48 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1592/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11524.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11524.json index 5e007c7e015..11673e876eb 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11524.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11524.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11524", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:10.817", - "lastModified": "2024-11-22T21:15:10.817", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:56:54.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24598." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24598." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,48 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1593/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11525.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11525.json index c06e460fa5a..041f9a5317b 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11525.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11525.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11525", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:10.923", - "lastModified": "2024-11-22T21:15:10.923", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:56:51.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24599." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones en el objeto. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24599." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1591/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11526.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11526.json index 861537ef777..e66c37d486e 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11526.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11526.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11526", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:11.033", - "lastModified": "2024-11-22T21:15:11.033", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:56:47.030", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24600." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos CGM de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos CGM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24600." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1539/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11527.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11527.json index 8f244ab118a..cb7e6635af0 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11527.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11527.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11527", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:11.140", - "lastModified": "2024-11-22T21:15:11.140", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:56:40.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24601." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DWG de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DWG. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24601." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1538/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11529.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11529.json index 20ec8b172bd..c5af604bf17 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11529.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11529.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11529", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:11.360", - "lastModified": "2024-11-22T21:15:11.360", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:56:38.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24604." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DWG de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DWG. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24604." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1537/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11530.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11530.json index dc3e14f3d08..50a934fda91 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11530.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11530.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11530", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:11.470", - "lastModified": "2024-11-22T21:15:11.470", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:56:27.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView CGM File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24605." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos CGM de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos CGM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24605." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1536/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11531.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11531.json index 42fe987dd70..6812cbf4982 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11531.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11531.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11531", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:11.580", - "lastModified": "2024-11-22T21:15:11.580", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:56:20.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24606." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos CGM de IrfanView que no se encuentra dentro de los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos CGM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24606." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1535/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11532.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11532.json index bf5594ff4a4..062e567331f 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11532.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11532.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11532", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:11.690", - "lastModified": "2024-11-22T21:15:11.690", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:49:00.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24615." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24615." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1587/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11533.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11533.json index aa7f37216e9..5872fcea10a 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11533.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11533.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11533", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:11.800", - "lastModified": "2024-11-22T21:15:11.800", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:48:20.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24616." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24616." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1586/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11534.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11534.json index a7246ac8c23..9c1be0ec800 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11534.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11534.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11534", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:11.903", - "lastModified": "2024-11-22T21:15:11.903", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:48:13.973", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24617." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DXF de IrfanView que permite que los atacantes remotos ejecuten c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Para explotar esta vulnerabilidad, se requiere la interacci\u00f3n del usuario, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24617." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1585/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11535.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11535.json index 8b30cabec46..b5455ae26fd 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11535.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11535.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11535", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:12.017", - "lastModified": "2024-11-22T21:15:12.017", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:48:00.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24618." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DXF de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24618." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1584/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11536.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11536.json index 928546c2160..0c19baf7e8c 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11536.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11536.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11536", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:12.127", - "lastModified": "2024-11-22T21:15:12.127", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:47:55.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24619." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DXF de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24619." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1583/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11537.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11537.json index dc04ea54896..ba347f387ef 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11537.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11537.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11537", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:12.243", - "lastModified": "2024-11-22T21:15:12.243", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:47:49.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24620." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DXF de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24620." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1582/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11538.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11538.json index d679a78d396..05d61505521 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11538.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11538.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11538", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:12.353", - "lastModified": "2024-11-22T21:15:12.353", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:47:23.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24629." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24629." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1588/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11539.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11539.json index f83b78f5f1c..55981f44d5c 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11539.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11539.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11539", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:12.463", - "lastModified": "2024-11-22T21:15:12.463", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:46:33.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24699." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24699." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1553/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11540.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11540.json index 4da0c50ccfb..d10f12b669c 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11540.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11540.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11540", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:12.583", - "lastModified": "2024-11-22T21:15:12.583", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:46:13.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24700." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DXF de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24700." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1551/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11541.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11541.json index 1192516d86f..45fbc0e4585 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11541.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11541.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11541", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:12.697", - "lastModified": "2024-11-22T21:15:12.697", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:46:03.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24702." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24702." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1552/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11542.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11542.json index d8b5a5fe7ea..72b6b56176a 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11542.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11542.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11542", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:12.810", - "lastModified": "2024-11-22T21:15:12.810", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:45:57.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24703." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24703." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1550/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11543.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11543.json index 2aa333e0b08..3baa11f2aef 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11543.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11543.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11543", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:12.927", - "lastModified": "2024-11-22T21:15:12.927", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:44:09.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24704." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24704." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1548/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11544.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11544.json index 6ad3199b090..ac23b4e62bd 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11544.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11544.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11544", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:13.047", - "lastModified": "2024-11-22T21:15:13.047", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:44:03.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24707." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24707." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1541/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11545.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11545.json index fc72817bfd9..508c5a4e47b 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11545.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11545.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11545", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:13.183", - "lastModified": "2024-11-22T21:15:13.183", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:43:57.310", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24709." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones en el objeto. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24709." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1542/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11546.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11546.json index eec1c6baaf7..6089d5067c2 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11546.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11546.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11546", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:13.310", - "lastModified": "2024-11-22T21:15:13.310", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:43:36.980", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24714." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24714." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1543/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11547.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11547.json index bd66c111eab..ce4391e7b5b 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11547.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11547.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11547", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:13.420", - "lastModified": "2024-11-22T21:15:13.420", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:43:31.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24732." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DWG de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DWG. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24732." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1544/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11548.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11548.json index 76962aef593..2b593a15106 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11548.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11548.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11548", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:13.537", - "lastModified": "2024-11-22T21:15:13.537", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:43:25.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24745." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DWG de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DWG. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24745." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1545/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11549.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11549.json index ccdd650a5e3..aef64da5d84 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11549.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11549.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11549", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:13.647", - "lastModified": "2024-11-22T21:15:13.647", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:43:19.760", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24746." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24746." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1547/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11550.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11550.json index 06ea439af4f..3f875f91b43 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11550.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11550.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11550", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:13.763", - "lastModified": "2024-11-22T21:15:13.763", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:43:04.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24748." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24748." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1540/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11551.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11551.json index cdbd0ea670a..0fee62190c8 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11551.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11551.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11551", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:13.877", - "lastModified": "2024-11-22T21:15:13.877", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:42:58.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24749." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24749." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1549/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11552.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11552.json index 9d3c4aac830..f15b27cc76c 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11552.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11552.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11552", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:13.980", - "lastModified": "2024-11-22T21:15:13.980", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:42:53.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24751." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24751." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1546/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11553.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11553.json index 7a943abc8ac..d426ff1457a 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11553.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11553.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11553", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:14.087", - "lastModified": "2024-11-22T21:15:14.087", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:46:34.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24752." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24752." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,48 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1554/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11554.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11554.json index 28184e1201a..2f30c1d7f4b 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11554.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11554.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11554", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:14.197", - "lastModified": "2024-11-22T21:15:14.197", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:41:46.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24754." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DWG de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DWG. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24754." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1581/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11555.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11555.json index 8aad690af39..449a7c730fe 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11555.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11555.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11555", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:14.330", - "lastModified": "2024-11-22T21:15:14.330", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:41:43.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24780." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24780." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1559/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11556.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11556.json index cc053b6428f..9233e26a9a9 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11556.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11556.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11556", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:14.470", - "lastModified": "2024-11-22T21:15:14.470", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:16:55.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24795." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24795." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1562/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11557.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11557.json index 8d370451885..c3e2b95bffc 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11557.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11557.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11557", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:14.593", - "lastModified": "2024-11-22T21:15:14.593", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:51:46.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24807." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24807." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1561/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11558.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11558.json index b597e0d9775..d806d4bf5ff 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11558.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11558.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11558", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:14.700", - "lastModified": "2024-11-22T21:15:14.700", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:52:29.450", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24808." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24808." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1560/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11565.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11565.json index 13720c78ced..137a9e43aa8 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11565.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11565.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11565", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:15.483", - "lastModified": "2024-11-22T21:15:15.483", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:50:52.400", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24866." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos CGM de IrfanView que permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Para explotar esta vulnerabilidad, se requiere la interacci\u00f3n del usuario, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos CGM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24866." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1567/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11571.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11571.json index 2b12bfac59b..e51b292f89e 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11571.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11571.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11571", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:16.133", - "lastModified": "2024-11-22T21:15:16.133", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:53:28.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24895." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DXF de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24895." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1566/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11572.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11572.json index d75b7935da8..64d5aba9290 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11572.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11572.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11572", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:16.247", - "lastModified": "2024-11-22T21:15:16.247", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:53:24.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24897." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24897." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1570/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11573.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11573.json index 2af5a87de96..7e6b4573a82 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11573.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11573.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11573", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:16.360", - "lastModified": "2024-11-22T21:15:16.360", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:53:19.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24898." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24898." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1565/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11574.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11574.json index 9b069bbb7c7..df7ce9959ab 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11574.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11574.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11574", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:16.470", - "lastModified": "2024-11-22T21:15:16.470", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:53:09.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24900." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24900." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1573/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11575.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11575.json index 5e3ee86a097..68d376e5de6 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11575.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11575.json @@ -2,15 +2,41 @@ "id": "CVE-2024-11575", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:16.587", - "lastModified": "2024-11-22T21:15:16.587", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:52:56.080", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24901." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24901." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -44,12 +70,47 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*", + "matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1569/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11586.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11586.json index 2e1e00c13e8..3b68c93fe29 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11586.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11586.json @@ -2,12 +2,16 @@ "id": "CVE-2024-11586", "sourceIdentifier": "security@ubuntu.com", "published": "2024-11-23T03:15:07.740", - "lastModified": "2024-11-23T03:15:07.740", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:15:10.123", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected." + }, + { + "lang": "es", + "value": "La implementaci\u00f3n de pulseaudio de Ubuntu puede verse bloqueada por un programa malicioso si se conecta un auricular Bluetooth." } ], "metrics": { @@ -34,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], "references": [ { "url": "https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822", diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11671.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11671.json index 7a63e79eaa7..18c96badba8 100644 --- a/CVE-2024/CVE-2024-116xx/CVE-2024-11671.json +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11671.json @@ -2,7 +2,7 @@ "id": "CVE-2024-11671", "sourceIdentifier": "security@devolutions.net", "published": "2024-11-25T15:15:07.040", - "lastModified": "2024-11-25T15:15:07.040", + "lastModified": "2024-11-25T17:15:11.930", "vulnStatus": "Received", "descriptions": [ { @@ -10,7 +10,30 @@ "value": "Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, "weaknesses": [ { "source": "security@devolutions.net", diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11672.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11672.json index 2e769095b74..2d16c98299a 100644 --- a/CVE-2024/CVE-2024-116xx/CVE-2024-11672.json +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11672.json @@ -2,7 +2,7 @@ "id": "CVE-2024-11672", "sourceIdentifier": "security@devolutions.net", "published": "2024-11-25T15:15:07.180", - "lastModified": "2024-11-25T15:15:07.180", + "lastModified": "2024-11-25T17:15:12.110", "vulnStatus": "Received", "descriptions": [ { @@ -10,7 +10,30 @@ "value": "Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the \"Add\" permission via the import in vault feature." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { "source": "security@devolutions.net", diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23787.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23787.json index e2e48760f97..ff1cd4c31de 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23787.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23787.json @@ -2,9 +2,8 @@ "id": "CVE-2024-23787", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-02-14T10:15:08.780", - "lastModified": "2024-08-13T14:35:10.747", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T18:54:34.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,12 +16,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +51,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 3.6 @@ -40,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,18 +80,106 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sharp:jh-rvb1_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "b0.1.9.1", + "matchCriteriaId": "B7EC16DF-21FB-473F-8F62-DDBF1C149A9B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sharp:jh-rvb1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "27ED2F7C-C3F1-41AA-81DA-3CD5C3B83F88" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sharp:jh-rv11_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "b0.1.9.1", + "matchCriteriaId": "E0A2340C-A0BC-4DD5-A120-F7041D76D776" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sharp:jh-rv11:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CF83BDB-56B1-4E80-91C3-AFAA96A0C25C" + } + ] + } + ] + } + ], "references": [ { "url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jvn.jp/en/vu/JVNVU94591337/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://jvn.jp/en/vu/JVNVU94591337/", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24256.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24256.json index 164417787bb..a14007b380f 100644 --- a/CVE-2024/CVE-2024-242xx/CVE-2024-24256.json +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24256.json @@ -2,9 +2,8 @@ "id": "CVE-2024-24256", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-15T08:15:46.410", - "lastModified": "2024-02-15T14:28:31.380", + "lastModified": "2024-11-25T18:15:10.727", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,11 +14,50 @@ "value": "Una vulnerabilidad de inyecci\u00f3n SQL en la plataforma de integraci\u00f3n de informaci\u00f3n empresarial espacio-temporal de Yonyou v.9.0 y anteriores permite a un atacante obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro gwbhAIM en saveMove.jsp en el directorio hr_position." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], "references": [ { "url": "https://github.com/l8l1/killl.github.io/blob/main/3.md", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/l8l1/killl.github.io/blob/main/3.md", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-260xx/CVE-2024-26019.json b/CVE-2024/CVE-2024-260xx/CVE-2024-26019.json index 22353c5dd7b..18c050e6fed 100644 --- a/CVE-2024/CVE-2024-260xx/CVE-2024-26019.json +++ b/CVE-2024/CVE-2024-260xx/CVE-2024-26019.json @@ -2,9 +2,8 @@ "id": "CVE-2024-26019", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-04-11T03:15:09.767", - "lastModified": "2024-04-11T12:47:44.137", + "lastModified": "2024-11-25T19:15:08.683", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "Ninja Forms anterior a 3.8.1 contiene una vulnerabilidad de cross-site scripting en el procesamiento de env\u00edos. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accede al sitio web utilizando el producto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN50361500/", @@ -28,6 +62,18 @@ { "url": "https://wordpress.org/plugins/ninja-forms/", "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://jvn.jp/en/jp/JVN50361500/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://ninjaforms.com/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://wordpress.org/plugins/ninja-forms/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-264xx/CVE-2024-26465.json b/CVE-2024/CVE-2024-264xx/CVE-2024-26465.json index 927aa5b1817..0cfa89f200d 100644 --- a/CVE-2024/CVE-2024-264xx/CVE-2024-26465.json +++ b/CVE-2024/CVE-2024-264xx/CVE-2024-26465.json @@ -2,9 +2,8 @@ "id": "CVE-2024-26465", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-26T16:27:59.730", - "lastModified": "2024-02-26T16:32:25.577", + "lastModified": "2024-11-25T19:15:08.960", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,11 +14,50 @@ "value": "Una vulnerabilidad de cross-site scripting (XSS) basada en DOM en el componente /beep/Beep.Instrument.js de stewdio beep.js antes de el commit ef22ad7 permite a los atacantes ejecutar Javascript arbitrario mediante el env\u00edo de una URL manipulada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/cd80/89527424f733b2b82de876e02d163150", "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/cd80/89527424f733b2b82de876e02d163150", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-291xx/CVE-2024-29166.json b/CVE-2024/CVE-2024-291xx/CVE-2024-29166.json index 368aed873a6..7eb24c5a55b 100644 --- a/CVE-2024/CVE-2024-291xx/CVE-2024-29166.json +++ b/CVE-2024/CVE-2024-291xx/CVE-2024-29166.json @@ -2,9 +2,8 @@ "id": "CVE-2024-29166", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-14T15:15:33.513", - "lastModified": "2024-05-14T16:13:02.773", + "lastModified": "2024-11-25T18:15:10.983", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,11 +14,50 @@ "value": "HDF5 hasta 1.14.3 contiene un desbordamiento del b\u00fafer en H5O__linfo_decode, lo que provoca la corrupci\u00f3n del puntero de instrucci\u00f3n y provoca denegaci\u00f3n de servicio o posible ejecuci\u00f3n de c\u00f3digo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], "references": [ { "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "source": "cve@mitre.org" + }, + { + "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30122.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30122.json index 64505b90133..0bb1bc983bf 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30122.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30122.json @@ -2,9 +2,8 @@ "id": "CVE-2024-30122", "sourceIdentifier": "psirt@hcl.com", "published": "2024-10-23T15:15:30.390", - "lastModified": "2024-11-06T22:33:46.797", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2024-11-25T18:15:11.213", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,32 +16,14 @@ ], "metrics": { "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" - }, - "exploitabilityScore": 3.9, - "impactScore": 1.4 - }, { "source": "psirt@hcl.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -50,12 +31,30 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "LOW", - "baseScore": 5.8, - "baseSeverity": "MEDIUM" + "availabilityImpact": "LOW" }, "exploitabilityScore": 1.6, "impactScore": 3.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, @@ -69,6 +68,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-922" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-324xx/CVE-2024-32468.json b/CVE-2024/CVE-2024-324xx/CVE-2024-32468.json new file mode 100644 index 00000000000..b447994b1e0 --- /dev/null +++ b/CVE-2024/CVE-2024-324xx/CVE-2024-32468.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-32468", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-25T19:15:09.510", + "lastModified": "2024-11-25T19:15:09.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated `search_index.js`, `deno_doc` outputs a JavaScript file for searching. However, the generated file used `innerHTML` on unsanitzed HTML input. 2.) XSS via property, method and enum names, `deno_doc` did not sanitize property names, method names and enum names. The first XSS most likely didn't have an impact since `deno doc --html` is expected to be used locally with own packages." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/denoland/deno/security/advisories/GHSA-qqwr-j9mm-fhw6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/denoland/deno_doc/blob/dc556c848831d7ae48f3eff2ababc6e75eb6b73e/src/html/templates/pages/search.js#L120-L144", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-336xx/CVE-2024-33667.json b/CVE-2024/CVE-2024-336xx/CVE-2024-33667.json index 71141d423bd..da3a8c24b78 100644 --- a/CVE-2024/CVE-2024-336xx/CVE-2024-33667.json +++ b/CVE-2024/CVE-2024-336xx/CVE-2024-33667.json @@ -2,9 +2,8 @@ "id": "CVE-2024-33667", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-26T01:15:46.250", - "lastModified": "2024-04-26T12:58:17.720", + "lastModified": "2024-11-25T19:15:09.713", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,11 +14,50 @@ "value": "Se descubri\u00f3 un problema en Zammad antes de la versi\u00f3n 6.3.0. Un agente autenticado podr\u00eda realizar un ataque remoto de denegaci\u00f3n de servicio llamando a un endpoint que acepte un nombre de m\u00e9todo gen\u00e9rico, que no se haya sanitizado adecuadamente con una lista de permitidos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "references": [ { "url": "https://zammad.com/en/advisories/zaa-2024-03", "source": "cve@mitre.org" + }, + { + "url": "https://zammad.com/en/advisories/zaa-2024-03", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-338xx/CVE-2024-33876.json b/CVE-2024/CVE-2024-338xx/CVE-2024-33876.json index 086d13c5446..d2fbacb2f08 100644 --- a/CVE-2024/CVE-2024-338xx/CVE-2024-33876.json +++ b/CVE-2024/CVE-2024-338xx/CVE-2024-33876.json @@ -2,9 +2,8 @@ "id": "CVE-2024-33876", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-14T15:38:10.250", - "lastModified": "2024-05-14T16:12:23.490", + "lastModified": "2024-11-25T18:15:11.537", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,11 +14,50 @@ "value": "La librer\u00eda HDF5 hasta 1.14.3 tiene un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en H5S__point_deserialize en H5Spoint.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], "references": [ { "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "source": "cve@mitre.org" + }, + { + "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-345xx/CVE-2024-34535.json b/CVE-2024/CVE-2024-345xx/CVE-2024-34535.json index d73b12c550a..a7644f1cb68 100644 --- a/CVE-2024/CVE-2024-345xx/CVE-2024-34535.json +++ b/CVE-2024/CVE-2024-345xx/CVE-2024-34535.json @@ -2,9 +2,8 @@ "id": "CVE-2024-34535", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-03T18:15:04.693", - "lastModified": "2024-10-04T13:50:43.727", + "lastModified": "2024-11-25T18:15:11.763", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "En Mastodon 4.1.6, la limitaci\u00f3n de velocidad del endpoint de la API se puede evitar configurando un encabezado de solicitud HTTP manipulado espec\u00edficamente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-444" + } + ] + } + ], "references": [ { "url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-q3rg-xx5v-4mxh", diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34742.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34742.json index dfe754e6b36..4d4df166a0f 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34742.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34742.json @@ -2,9 +2,8 @@ "id": "CVE-2024-34742", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.890", - "lastModified": "2024-08-19T13:00:23.117", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T18:15:11.980", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -15,15 +14,104 @@ "value": " En shouldWrite de OwnersData.java, existe un posible caso l\u00edmite que impide que las pol\u00edticas de MDM persistan debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/688e5c3012eb0a4ea88361588cf5026c10e4a42c", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2024-08-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36043.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36043.json index 175eb1023ce..036c295d478 100644 --- a/CVE-2024/CVE-2024-360xx/CVE-2024-36043.json +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36043.json @@ -2,9 +2,8 @@ "id": "CVE-2024-36043", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-18T20:15:15.903", - "lastModified": "2024-05-20T13:00:04.957", + "lastModified": "2024-11-25T18:15:12.213", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": " question_image.ts en SurveyJS Form Library anterior a 1.10.4 permite contentMode=youtube XSS a trav\u00e9s de la propiedad imageLink." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://github.com/surveyjs/survey-library/commit/b25fbf0efd4486dc55f836240bebc2305803b96d", @@ -24,6 +58,14 @@ { "url": "https://github.com/surveyjs/survey-library/issues/8286", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/surveyjs/survey-library/commit/b25fbf0efd4486dc55f836240bebc2305803b96d", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://github.com/surveyjs/survey-library/issues/8286", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36387.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36387.json index ee7b760b782..0db1d6c9868 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36387.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36387.json @@ -2,9 +2,8 @@ "id": "CVE-2024-36387", "sourceIdentifier": "security@apache.org", "published": "2024-07-01T19:15:03.497", - "lastModified": "2024-07-12T14:15:11.670", + "lastModified": "2024-11-25T18:15:12.440", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,11 +14,34 @@ "value": "Ofrecer actualizaciones del protocolo WebSocket a trav\u00e9s de una conexi\u00f3n HTTP/2 podr\u00eda provocar una desreferencia del puntero nulo, lo que provocar\u00eda una falla del proceso del servidor y degradar\u00eda el rendimiento." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -36,6 +58,18 @@ { "url": "https://security.netapp.com/advisory/ntap-20240712-0001/", "source": "security@apache.org" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/01/4", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://httpd.apache.org/security/vulnerabilities_24.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240712-0001/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37125.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37125.json index b3a47e9f07f..78dfb4a5e13 100644 --- a/CVE-2024/CVE-2024-371xx/CVE-2024-37125.json +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37125.json @@ -2,9 +2,8 @@ "id": "CVE-2024-37125", "sourceIdentifier": "security_alert@emc.com", "published": "2024-09-26T17:15:03.400", - "lastModified": "2024-09-30T12:46:20.237", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T18:30:46.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, - "baseSeverity": "HIGH" + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 @@ -42,19 +61,72 @@ "weaknesses": [ { "source": "security_alert@emc.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-400" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.5.3.0", + "versionEndExcluding": "10.5.3.11", + "matchCriteriaId": "0FD48013-CCE5-4E3C-ADA5-D00A72C2E599" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.5.4.0", + "versionEndExcluding": "10.5.4.12", + "matchCriteriaId": "6885B762-E718-4691-8E09-2A7FC2B6B454" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.5.5.0", + "versionEndExcluding": "10.5.5.11", + "matchCriteriaId": "47A5BFE6-63B4-441B-95AD-D53CEAD638C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.5.6.0", + "versionEndExcluding": "10.5.6.4", + "matchCriteriaId": "7863BC08-9CB1-4269-A490-717834BD3B40" + } + ] + } + ] } ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000228976/dsa-2024-274-security-update-for-dell-networking-os10-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38305.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38305.json index 64420f136e1..a7b3afb0a60 100644 --- a/CVE-2024/CVE-2024-383xx/CVE-2024-38305.json +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38305.json @@ -2,9 +2,8 @@ "id": "CVE-2024-38305", "sourceIdentifier": "security_alert@emc.com", "published": "2024-08-21T03:15:05.020", - "lastModified": "2024-08-21T12:30:33.697", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T18:16:27.450", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.3, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +31,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.3, - "baseSeverity": "HIGH" + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.3, "impactScore": 5.9 @@ -42,7 +61,7 @@ "weaknesses": [ { "source": "security_alert@emc.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +70,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:supportassist_for_home_pcs:4.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "E7575841-D1CE-43F7-9687-28F9C1C5E70C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000227899/dsa-2024-312-security-update-for-dell-supportassist-for-home-pcs-installer-file-local-privilege-escalation-vulnerability", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-394xx/CVE-2024-39490.json b/CVE-2024/CVE-2024-394xx/CVE-2024-39490.json index c357c1fb8e4..33e421b036d 100644 --- a/CVE-2024/CVE-2024-394xx/CVE-2024-39490.json +++ b/CVE-2024/CVE-2024-394xx/CVE-2024-39490.json @@ -2,9 +2,8 @@ "id": "CVE-2024-39490", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-10T08:15:11.203", - "lastModified": "2024-07-11T13:05:54.930", + "lastModified": "2024-11-25T20:15:06.600", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ipv6: sr: corrige la versi\u00f3n faltante de sk_buff en seg6_input_core La funci\u00f3n seg6_input() es responsable de agregar el SRH a un paquete, delegando la operaci\u00f3n al seg6_input_core(). Esta funci\u00f3n utiliza skb_cow_head() para garantizar que haya suficiente espacio libre en sk_buff para acomodar el encabezado de la capa de enlace. En caso de que la funci\u00f3n skb_cow_header() falle, seg6_input_core() detecta el error pero no libera sk_buff, lo que provocar\u00e1 una p\u00e9rdida de memoria. Este problema se introdujo en el commit af3b5158b89d (\"ipv6: sr: corrige el ERROR debido a un espacio libre demasiado peque\u00f1o despu\u00e9s de la inserci\u00f3n de SRH\") y persiste incluso despu\u00e9s de el commit 7a3f5b0de364 (\"netfilter: agregue enlaces de netfilter al plano de datos SRv6\"), donde todo el seg6_input( ) el c\u00f3digo fue refactorizado para lidiar con los ganchos de netfilter. El parche propuesto aborda la p\u00e9rdida de memoria identificada al requerir que la funci\u00f3n seg6_input_core() libere sk_buff en caso de que skb_cow_head() falle." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/5447f9708d9e4c17a647b16a9cb29e9e02820bd9", @@ -36,6 +70,26 @@ { "url": "https://git.kernel.org/stable/c/f5fec1588642e415a3d72e02140160661b303940", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5447f9708d9e4c17a647b16a9cb29e9e02820bd9", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://git.kernel.org/stable/c/8f1fc3b86eaea70be6abcae2e9aa7e7b99453864", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://git.kernel.org/stable/c/e8688218e38111ace457509d8f0cad75f79c1a7a", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://git.kernel.org/stable/c/f4df8c7670a73752201cbde215254598efdf6ce8", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://git.kernel.org/stable/c/f5fec1588642e415a3d72e02140160661b303940", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39577.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39577.json index 471467d5cd6..1168b98fec4 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39577.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39577.json @@ -2,9 +2,8 @@ "id": "CVE-2024-39577", "sourceIdentifier": "security_alert@emc.com", "published": "2024-09-26T18:15:05.717", - "lastModified": "2024-09-30T12:46:20.237", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T18:20:36.807", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", @@ -30,19 +31,37 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.1, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "security_alert@emc.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +70,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.5.3.0", + "versionEndExcluding": "10.5.3.11", + "matchCriteriaId": "0FD48013-CCE5-4E3C-ADA5-D00A72C2E599" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.5.4.0", + "versionEndExcluding": "10.5.4.12", + "matchCriteriaId": "6885B762-E718-4691-8E09-2A7FC2B6B454" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.5.5.0", + "versionEndExcluding": "10.5.5.11", + "matchCriteriaId": "47A5BFE6-63B4-441B-95AD-D53CEAD638C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.5.6.0", + "versionEndExcluding": "10.5.6.4", + "matchCriteriaId": "7863BC08-9CB1-4269-A490-717834BD3B40" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000228976/dsa-2024-274-security-update-for-dell-networking-os10-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40404.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40404.json index 64f7ae46544..2f9fefe7cdb 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40404.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40404.json @@ -2,9 +2,8 @@ "id": "CVE-2024-40404", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-13T23:15:03.867", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-25T20:15:06.890", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "Se descubri\u00f3 que Cybele Software Thinfinity Workspace anterior a v7.0.2.113 conten\u00eda un problema de control de acceso en el endpoint de API donde se establecen las conexiones Web Sockets." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], "references": [ { "url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/", diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40405.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40405.json index 01bc49572bd..6bdf0fd0065 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40405.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40405.json @@ -2,9 +2,8 @@ "id": "CVE-2024-40405", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-13T23:15:03.930", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-25T20:15:07.150", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "El control de acceso incorrecto en Cybele Software Thinfinity Workspace anterior a v7.0.3.109 permite a los atacantes obtener acceso a un agente secundario a trav\u00e9s de una solicitud manipulada espec\u00edficamente para ello." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], "references": [ { "url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/", diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40407.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40407.json index 0f5785fff2f..6dc5241cb87 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40407.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40407.json @@ -2,9 +2,8 @@ "id": "CVE-2024-40407", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-13T23:15:03.993", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-25T20:15:07.383", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,30 @@ "value": "Una divulgaci\u00f3n de ruta completa en Cybele Software Thinfinity Workspace anterior a v7.0.2.113 permite a los atacantes obtener la ruta ra\u00edz de la aplicaci\u00f3n a trav\u00e9s de vectores no especificados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/", diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40408.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40408.json index ef06694811c..87b7aa58592 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40408.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40408.json @@ -2,9 +2,8 @@ "id": "CVE-2024-40408", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-13T23:15:04.060", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-25T20:15:07.617", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "Se descubri\u00f3 que la versi\u00f3n anterior a v7.0.2.113 de Cybele Software Thinfinity Workspace conten\u00eda un problema de control de acceso en la secci\u00f3n Crear perfil. Esta vulnerabilidad permite a los atacantes crear perfiles de usuario arbitrarios con privilegios elevados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], "references": [ { "url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/", diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40410.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40410.json index 5e5cf0068ca..76f6e3d79d8 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40410.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40410.json @@ -2,9 +2,8 @@ "id": "CVE-2024-40410", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-13T23:15:04.137", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-25T20:15:07.830", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "Se descubri\u00f3 que Cybele Software Thinfinity Workspace anterior a v7.0.2.113 conten\u00eda una clave criptogr\u00e1fica codificada utilizada para el cifrado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], "references": [ { "url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/", diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44575.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44575.json index a98d3531a7b..9e7c4f63cc1 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44575.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44575.json @@ -2,9 +2,8 @@ "id": "CVE-2024-44575", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-11T17:15:13.820", - "lastModified": "2024-09-12T12:35:54.013", + "lastModified": "2024-11-25T18:15:12.667", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "RELY-PCIe v22.2.1 a v23.1.0 no establece el atributo Seguro para cookies confidenciales en sesiones HTTPS, lo que podr\u00eda provocar que el agente de usuario env\u00ede esas cookies en texto plano a trav\u00e9s de una sesi\u00f3n HTTP." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 3.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], "references": [ { "url": "http://system-on-chip.com", diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45201.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45201.json index a6913f7046a..0dda0780b52 100644 --- a/CVE-2024/CVE-2024-452xx/CVE-2024-45201.json +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45201.json @@ -2,9 +2,8 @@ "id": "CVE-2024-45201", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-22T20:15:10.063", - "lastModified": "2024-08-23T16:18:28.547", + "lastModified": "2024-11-25T19:15:10.473", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "Se descubri\u00f3 un problema en llama_index antes del 0.10.38. download/integration.py incluye una llamada ejecutiva para importar {cls_name}." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], "references": [ { "url": "https://github.com/run-llama/llama_index/compare/v0.10.37...v0.10.38", diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45348.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45348.json index a1419ba3b4d..c8b57535069 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45348.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45348.json @@ -2,9 +2,8 @@ "id": "CVE-2024-45348", "sourceIdentifier": "security@xiaomi.com", "published": "2024-09-23T09:15:02.960", - "lastModified": "2024-09-26T13:32:55.343", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T17:14:11.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", @@ -30,12 +31,30 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 6.4, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 0.5, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,12 +68,55 @@ "value": "CWE-77" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mi:ax9000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0.174", + "matchCriteriaId": "7688CC6F-000D-4B68-B806-EBDF2ABDCF61" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mi:ax9000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A5F71A5A-A7D4-4218-B371-25BE040BB320" + } + ] + } + ] } ], "references": [ { "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=547", - "source": "security@xiaomi.com" + "source": "security@xiaomi.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45751.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45751.json index 93cb9e06755..9b066bccedf 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45751.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45751.json @@ -2,9 +2,8 @@ "id": "CVE-2024-45751", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-06T05:15:13.840", - "lastModified": "2024-09-10T12:15:01.857", + "lastModified": "2024-11-25T20:15:08.047", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "tgt (tambi\u00e9n conocido como Linux Target Framework) antes de la versi\u00f3n 1.0.93 intenta lograr entrop\u00eda llamando a rand sin srand. La semilla PRNG siempre es 1 y, por lo tanto, la secuencia de desaf\u00edos siempre es id\u00e9ntica." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-338" + } + ] + } + ], "references": [ { "url": "https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93", @@ -28,6 +62,10 @@ { "url": "https://www.openwall.com/lists/oss-security/2024/09/07/2", "source": "cve@mitre.org" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/09/07/2", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45755.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45755.json new file mode 100644 index 00000000000..e5a2b8a1134 --- /dev/null +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45755.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-45755", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-25T17:15:12.293", + "lastModified": "2024-11-25T17:15:12.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploitation is only accessible to authenticated users with high-privileged access." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/centreon/centreon/releases", + "source": "cve@mitre.org" + }, + { + "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-45755-centreon-dsm-high-severity-4066", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45756.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45756.json new file mode 100644 index 00000000000..1f0cd241810 --- /dev/null +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45756.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-45756", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-25T18:15:12.907", + "lastModified": "2024-11-25T19:15:10.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to create a ticket. Exploitation is only accessible to authenticated users with high-privileged access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/centreon/centreon/release", + "source": "cve@mitre.org" + }, + { + "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-45756-centreon-open-tickets-high-severity-4064", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-464xx/CVE-2024-46462.json b/CVE-2024/CVE-2024-464xx/CVE-2024-46462.json index 4d74d765806..5738df2e7cb 100644 --- a/CVE-2024/CVE-2024-464xx/CVE-2024-46462.json +++ b/CVE-2024/CVE-2024-464xx/CVE-2024-46462.json @@ -2,9 +2,8 @@ "id": "CVE-2024-46462", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-15T18:15:28.053", - "lastModified": "2024-11-18T17:11:56.587", + "lastModified": "2024-11-25T20:15:08.323", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "De forma predeterminada, otros usuarios pueden acceder a las carpetas dedicadas de ZEDMAIL para Windows hasta la versi\u00f3n 2024.3 para hacer un uso indebido de los archivos t\u00e9cnicos y obligarlos a realizar tareas con mayores privilegios. Es necesario modificar la configuraci\u00f3n de ZEDMAIL para evitar esta vulnerabilidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], "references": [ { "url": "https://www.primx.eu/en/bulletins/security-bulletin-24931936/", diff --git a/CVE-2024/CVE-2024-464xx/CVE-2024-46463.json b/CVE-2024/CVE-2024-464xx/CVE-2024-46463.json index 366d68d4cda..4dbc5559bcf 100644 --- a/CVE-2024/CVE-2024-464xx/CVE-2024-46463.json +++ b/CVE-2024/CVE-2024-464xx/CVE-2024-46463.json @@ -2,9 +2,8 @@ "id": "CVE-2024-46463", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-15T18:15:28.140", - "lastModified": "2024-11-18T17:11:56.587", + "lastModified": "2024-11-25T20:15:08.563", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "De forma predeterminada, otros usuarios pueden acceder a las carpetas dedicadas de ORIZON para Windows hasta la versi\u00f3n 2024.3 para hacer un uso indebido de los archivos t\u00e9cnicos y obligarlos a realizar tareas con mayores privilegios. Es necesario modificar la configuraci\u00f3n de ORIZON para evitar esta vulnerabilidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], "references": [ { "url": "https://www.primx.eu/en/bulletins/security-bulletin-24932297/", diff --git a/CVE-2024/CVE-2024-464xx/CVE-2024-46465.json b/CVE-2024/CVE-2024-464xx/CVE-2024-46465.json index 6c5a39a269e..53c955e3b00 100644 --- a/CVE-2024/CVE-2024-464xx/CVE-2024-46465.json +++ b/CVE-2024/CVE-2024-464xx/CVE-2024-46465.json @@ -2,9 +2,8 @@ "id": "CVE-2024-46465", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-15T18:15:28.220", - "lastModified": "2024-11-18T17:11:56.587", + "lastModified": "2024-11-25T20:15:08.760", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "De forma predeterminada, otros usuarios pueden acceder a las carpetas dedicadas de CRYHOD para Windows hasta la versi\u00f3n 2024.3 para hacer un uso indebido de los archivos t\u00e9cnicos y obligarlos a realizar tareas con mayores privilegios. Es necesario modificar la configuraci\u00f3n de CRYHOD para evitar esta vulnerabilidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], "references": [ { "url": "https://www.primx.eu/en/bulletins/security-bulletin-24932296/", diff --git a/CVE-2024/CVE-2024-464xx/CVE-2024-46466.json b/CVE-2024/CVE-2024-464xx/CVE-2024-46466.json index efa50bfb32b..839ed7ac91e 100644 --- a/CVE-2024/CVE-2024-464xx/CVE-2024-46466.json +++ b/CVE-2024/CVE-2024-464xx/CVE-2024-46466.json @@ -2,9 +2,8 @@ "id": "CVE-2024-46466", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-15T18:15:28.297", - "lastModified": "2024-11-18T17:11:56.587", + "lastModified": "2024-11-25T20:15:08.957", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "De forma predeterminada, otros usuarios pueden acceder a las carpetas dedicadas de ZONECENTRAL para Windows hasta la versi\u00f3n 2024.3 o hasta la versi\u00f3n Q.2021.2 (env\u00edo de calificaci\u00f3n ANSSI) para hacer un uso indebido de los archivos t\u00e9cnicos y obligarlos a realizar tareas con mayores privilegios. Se debe modificar la configuraci\u00f3n de ZONECENTRAL para evitar esta vulnerabilidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], "references": [ { "url": "https://www.primx.eu/en/bulletins/security-bulletin-24931934/", diff --git a/CVE-2024/CVE-2024-464xx/CVE-2024-46467.json b/CVE-2024/CVE-2024-464xx/CVE-2024-46467.json index e362635a145..164ac88b673 100644 --- a/CVE-2024/CVE-2024-464xx/CVE-2024-46467.json +++ b/CVE-2024/CVE-2024-464xx/CVE-2024-46467.json @@ -2,9 +2,8 @@ "id": "CVE-2024-46467", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-15T18:15:28.377", - "lastModified": "2024-11-18T17:11:56.587", + "lastModified": "2024-11-25T20:15:09.170", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "De forma predeterminada, otros usuarios pueden acceder a las carpetas dedicadas de ZONEPOINT para Windows hasta la versi\u00f3n 2024.1 para hacer un uso indebido de los archivos t\u00e9cnicos y obligarlos a realizar tareas con mayores privilegios. Es necesario modificar la configuraci\u00f3n de ZONEPOINT para evitar esta vulnerabilidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], "references": [ { "url": "https://www.primx.eu/en/bulletins/security-bulletin-24932299/", diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47804.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47804.json index 6ef997728d7..f5187cf93da 100644 --- a/CVE-2024/CVE-2024-478xx/CVE-2024-47804.json +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47804.json @@ -2,9 +2,8 @@ "id": "CVE-2024-47804", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2024-10-02T16:15:10.697", - "lastModified": "2024-11-13T17:28:49.420", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2024-11-25T19:15:10.873", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 @@ -49,6 +48,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47863.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47863.json index 967acdd81c3..75764933723 100644 --- a/CVE-2024/CVE-2024-478xx/CVE-2024-47863.json +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47863.json @@ -2,12 +2,16 @@ "id": "CVE-2024-47863", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-22T20:15:09.060", - "lastModified": "2024-11-22T21:15:18.290", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:15:13.063", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in Centreon Web through 24.10. A stored XSS was found in the user configuration contact name field. This form is only accessible to authenticated users with high-privilege access." + "value": "An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the user configuration contact name field. This form is only accessible to authenticated users with high-privilege access." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Centreon Web hasta la versi\u00f3n 24.10. Se encontr\u00f3 un XSS almacenado en el campo de nombre de contacto de configuraci\u00f3n de usuario. Solo los usuarios autenticados con acceso con privilegios elevados pueden acceder a este formulario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50956.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50956.json index 84688b6b9d8..de352740893 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50956.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50956.json @@ -2,9 +2,8 @@ "id": "CVE-2024-50956", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-13T22:15:15.773", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-25T20:15:09.383", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "Un desbordamiento de b\u00fafer en la funci\u00f3n RecvSocketData de Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0 y HCPLC_AM403-CPU1608TN 81.38.0.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje Modbus manipulado espec\u00edficamente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], "references": [ { "url": "https://github.com/Curator-Kim/Vulnerability-mining/blob/master/INOVANCE%20AM400%20Series%20Modbus%20buffer%20overflow/INOVANCE%20AM400%20Series%20Modbus%20buffer%20overflow.md", diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51027.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51027.json index 5bd9b00b7ab..f36fb34eeed 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51027.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51027.json @@ -2,9 +2,8 @@ "id": "CVE-2024-51027", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-13T22:15:15.823", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-25T20:15:09.607", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -15,7 +14,42 @@ "value": "La puerta de enlace Ruijie NBR800G NBR_RGOS_11.1(6)B4P9 es vulnerable a la ejecuci\u00f3n de comandos en /itbox_pi/networksafe.php a trav\u00e9s del par\u00e1metro de provincia." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/zty-1995/29464500cd474f70a78e23ca68791cdd", diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51072.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51072.json index b6aaaab66d5..f3c94fb516b 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51072.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51072.json @@ -2,12 +2,16 @@ "id": "CVE-2024-51072", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-22T16:15:33.603", - "lastModified": "2024-11-22T16:15:33.603", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:15:13.240", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 allows attackers to cause a Denial of Service (DoS)." + "value": "An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service." + }, + { + "lang": "es", + "value": "Un problema en Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51073.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51073.json index e63911ddc85..dca41b844c3 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51073.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51073.json @@ -2,12 +2,16 @@ "id": "CVE-2024-51073", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-22T16:15:33.730", - "lastModified": "2024-11-22T16:15:33.730", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:15:13.370", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 allows attackers to disrupt communications between the Instrument cluster and CAN bus." + "value": "An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus." + }, + { + "lang": "es", + "value": "Un problema en Cluster KIA Seltos Software v1.0, Hardware v1.0 permite a los atacantes interrumpir las comunicaciones entre el grupo de instrumentos y el bus CAN." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51074.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51074.json index 6796cbbf68a..5fb46cbcfe3 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51074.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51074.json @@ -2,12 +2,16 @@ "id": "CVE-2024-51074", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-22T16:15:33.860", - "lastModified": "2024-11-22T16:15:33.860", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:15:13.480", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Incorrect access control in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle." + "value": "Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through the unsecured CAN network." + }, + { + "lang": "es", + "value": "Control de acceso incorrecto en Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 permite a atacantes cambiar arbitrariamente las lecturas del od\u00f3metro en el veh\u00edculo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51723.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51723.json new file mode 100644 index 00000000000..5f7a3932d85 --- /dev/null +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51723.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-51723", + "sourceIdentifier": "secure@blackberry.com", + "published": "2024-11-25T19:15:11.050", + "lastModified": "2024-11-25T19:15:11.050", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's session." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@blackberry.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "secure@blackberry.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://support.blackberry.com/pkb/s/article/140250", + "source": "secure@blackberry.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52529.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52529.json new file mode 100644 index 00000000000..868c0eb63f4 --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52529.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-52529", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-25T19:15:11.373", + "lastModified": "2024-11-25T19:15:11.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy's range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium's port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cilium/cilium/pull/35150", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-527xx/CVE-2024-52787.json b/CVE-2024/CVE-2024-527xx/CVE-2024-52787.json new file mode 100644 index 00000000000..7bdd714c234 --- /dev/null +++ b/CVE-2024/CVE-2024-527xx/CVE-2024-52787.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-52787", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-25T18:15:13.597", + "lastModified": "2024-11-25T18:15:13.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/jxfzzzt/276a6e8cfbc54d2c2711bb51d8d3dff3", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/vemonet/libre-chat/commit/dbb8e3400e5258112179783d74c9cc54310cb72b", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/vemonet/libre-chat/issues/10", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/vemonet/libre-chat/pull/9", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-528xx/CVE-2024-52811.json b/CVE-2024/CVE-2024-528xx/CVE-2024-52811.json new file mode 100644 index 00000000000..8965fbecedc --- /dev/null +++ b/CVE-2024/CVE-2024-528xx/CVE-2024-52811.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-52811", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-25T19:15:11.567", + "lastModified": "2024-11-25T19:15:11.567", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In `ngtcp2_conn::conn_recv_pkt` for an ACK, there was new logic that got added to skip `conn_recv_ack` if an ack has already been processed in the payload. However, this causes us to also skip `ngtcp2_pkt_validate_ack`. The ack which was skipped still got written to qlog. The bug occurs in `ngtcp2_qlog::write_ack_frame`. It is now possible to reach this code with an invalid ack, suppose `largest_ack=0` and `first_ack_range=15`. Subtracting `largest_ack - first_ack_range` will lead to an integer underflow which is 20 chars long. However, the ngtcp2 qlog code assumes the number written is a signed integer and only accounts for 19 characters of overhead (see `NGTCP2_QLOG_ACK_FRAME_RANGE_OVERHEAD`). Therefore, we overwrite the buffer causing a heap overflow. This is high priority and could potentially impact many users if they enable qlog. qlog is disabled by default. Due to its overhead, it is most likely used for debugging purpose, but the actual use is unknown. ngtcp2 v1.9.1 fixes the bug and users are advised to upgrade. Users unable to upgrade should not turn on qlog." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-670" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ngtcp2/ngtcp2/commit/44b662bd139c23fee1703bf256c13349e2e624a1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ngtcp2/ngtcp2/commit/e550c1a414318d0f3f01fca1a621ae0b0428ca15", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ngtcp2/ngtcp2/security/advisories/GHSA-4gmv-gf46-r4g5", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53066.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53066.json index 787fed2432b..dc461609569 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53066.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53066.json @@ -2,48 +2,201 @@ "id": "CVE-2024-53066", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T18:15:26.413", - "lastModified": "2024-11-19T21:56:45.533", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T21:03:09.620", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Fix KMSAN warning in decode_getfattr_attrs()\n\nFix the following KMSAN warning:\n\nCPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B\nTainted: [B]=BAD_PAGE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n=====================================================\n=====================================================\nBUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_generic+0x806/0xb00\n nfs4_xdr_dec_getattr+0x1de/0x240\n rpcauth_unwrap_resp_decode+0xab/0x100\n rpcauth_unwrap_resp+0x95/0xc0\n call_decode+0x4ff/0xb50\n __rpc_execute+0x57b/0x19d0\n rpc_execute+0x368/0x5e0\n rpc_run_task+0xcfe/0xee0\n nfs4_proc_getattr+0x5b5/0x990\n __nfs_revalidate_inode+0x477/0xd00\n nfs_access_get_cached+0x1021/0x1cc0\n nfs_do_access+0x9f/0xae0\n nfs_permission+0x1e4/0x8c0\n inode_permission+0x356/0x6c0\n link_path_walk+0x958/0x1330\n path_lookupat+0xce/0x6b0\n filename_lookup+0x23e/0x770\n vfs_statx+0xe7/0x970\n vfs_fstatat+0x1f2/0x2c0\n __se_sys_newfstatat+0x67/0x880\n __x64_sys_newfstatat+0xbd/0x120\n x64_sys_call+0x1826/0x3cf0\n do_syscall_64+0xd0/0x1b0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe KMSAN warning is triggered in decode_getfattr_attrs(), when calling\ndecode_attr_mdsthreshold(). It appears that fattr->mdsthreshold is not\ninitialized.\n\nFix the issue by initializing fattr->mdsthreshold to NULL in\nnfs_fattr_init()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfs: Corrige la advertencia de KMSAN en decode_getfattr_attrs() Corrige la siguiente advertencia de KMSAN: CPU: 1 UID: 0 PID: 7651 Comm: cp Contaminado: GB Contaminado: [B]=BAD_PAGE Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009) ====================================================== ============================================================= ERROR: KMSAN: valor no inicializado en decodificar_getfattr_attrs+0x2d6d/0x2f90 decodificar_getfattr_attrs+0x2d6d/0x2f90 decodificar_getfattr_generic+0x806/0xb00 nfs4_xdr_dec_getattr+0x1de/0x240 rpcauth_unwrap_resp_decode+0xab/0x100 rpcauth_unwrap_resp+0x95/0xc0 llamar_decodificar+0x4ff/0xb50 __rpc_execute+0x57b/0x19d0 rpc_execute+0x368/0x5e0 rpc_run_task+0xcfe/0xee0 nfs4_proc_getattr+0x5b5/0x990 __nfs_revalidate_inode+0x477/0xd00 nfs_access_get_cached+0x1021/0x1cc0 nfs_do_access+0x9f/0xae0 nfs_permission+0x1e4/0x8c0 inode_permission+0x356/0x6c0 link_path_walk+0x958/0x1330 path_lookupat+0xce/0x6b0 filename_lookup+0x23e/0x770 vfs_statx+0xe7/0x970 vfs_fstatat+0x1f2/0x2c0 __se_sys_newfstatat+0x67/0x880 __x64_sys_newfstatat+0xbd/0x120 La advertencia de KMSAN se activa en decode_getfattr_attrs(), al llamar a decode_attr_mdsthreshold(). Parece que fattr->mdsthreshold no est\u00e1 inicializado. Solucione el problema inicializando fattr->mdsthreshold en NULL en nfs_fattr_init()." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.5", + "versionEndExcluding": "4.19.324", + "matchCriteriaId": "7B410561-116A-45C0-9C91-7630DC593A21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.286", + "matchCriteriaId": "9952C897-8A61-4D4B-9D6D-7D063E9EA15E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.230", + "matchCriteriaId": "BF5B32D0-72C9-41C3-A0BB-D4946153C134" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.172", + "matchCriteriaId": "88812664-4296-42AC-AE0F-ED71086C1BB1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.117", + "matchCriteriaId": "0DD7F755-2F6B-4707-8973-78496AD5AA8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.61", + "matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.8", + "matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", + "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", + "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/25ffd294fef81a7f3cd9528adf21560c04d98747", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8fc5ea9231af9122d227c9c13f5e578fca48d2e3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9b453e8b108a5a93a6e348cf2ba4c9c138314a00", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9be0a21ae52b3b822d0eec4d14e909ab394f8a92", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bbfcd261cc068fe1cd02a4e871275074a0daa4e2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dc270d7159699ad6d11decadfce9633f0f71c1db", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f6b2b2b981af8e7d7c62d34143acefa4e1edfe8b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f749cb60a01f8391c760a1d6ecd938cadacf9549", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53067.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53067.json index 3c33e0b4b02..0700a2b416c 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53067.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53067.json @@ -2,24 +2,117 @@ "id": "CVE-2024-53067", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T18:15:26.490", - "lastModified": "2024-11-19T21:56:45.533", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T21:00:06.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Start the RTC update work later\n\nThe RTC update work involves runtime resuming the UFS controller. Hence,\nonly start the RTC update work after runtime power management in the UFS\ndriver has been fully initialized. This patch fixes the following kernel\ncrash:\n\nInternal error: Oops: 0000000096000006 [#1] PREEMPT SMP\nWorkqueue: events ufshcd_rtc_work\nCall trace:\n _raw_spin_lock_irqsave+0x34/0x8c (P)\n pm_runtime_get_if_active+0x24/0x9c (L)\n pm_runtime_get_if_active+0x24/0x9c\n ufshcd_rtc_work+0x138/0x1b4\n process_one_work+0x148/0x288\n worker_thread+0x2cc/0x3d4\n kthread+0x110/0x114\n ret_from_fork+0x10/0x20" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: ufs: core: Iniciar el trabajo de actualizaci\u00f3n de RTC m\u00e1s tarde El trabajo de actualizaci\u00f3n de RTC implica que el tiempo de ejecuci\u00f3n reanude el controlador UFS. Por lo tanto, solo inicie el trabajo de actualizaci\u00f3n de RTC despu\u00e9s de que se haya inicializado por completo la administraci\u00f3n de energ\u00eda en tiempo de ejecuci\u00f3n en el controlador UFS. Este parche corrige el siguiente fallo del kernel: Error interno: Oops: 0000000096000006 [#1] PREEMPT SMP Workqueue: eventos ufshcd_rtc_work Seguimiento de llamadas: _raw_spin_lock_irqsave+0x34/0x8c (P) pm_runtime_get_if_active+0x24/0x9c (L) pm_runtime_get_if_active+0x24/0x9c ufshcd_rtc_work+0x138/0x1b4 process_one_work+0x148/0x288 worker_thread+0x2cc/0x3d4 kthread+0x110/0x114 ret_from_fork+0x10/0x20" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.11.8", + "matchCriteriaId": "24AB354E-701F-4D6C-8B18-A0BBA5C21C30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", + "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", + "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/4c25f784fba81227e0437337f962d34380d1c250", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/54c814c8b23bc7617be3d46abdb896937695dbfa", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53070.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53070.json index d70754da917..4330b1f80fe 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53070.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53070.json @@ -2,36 +2,129 @@ "id": "CVE-2024-53070", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T18:15:26.700", - "lastModified": "2024-11-19T21:56:45.533", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T20:53:55.200", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: fix fault at system suspend if device was already runtime suspended\n\nIf the device was already runtime suspended then during system suspend\nwe cannot access the device registers else it will crash.\n\nAlso we cannot access any registers after dwc3_core_exit() on some\nplatforms so move the dwc3_enable_susphy() call to the top." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc3: se corrige un error en la suspensi\u00f3n del sistema si el dispositivo ya estaba suspendido en tiempo de ejecuci\u00f3n. Si el dispositivo ya estaba suspendido en tiempo de ejecuci\u00f3n, durante la suspensi\u00f3n del sistema no podemos acceder a los registros del dispositivo, de lo contrario, se bloquear\u00e1. Adem\u00e1s, no podemos acceder a ning\u00fan registro despu\u00e9s de dwc3_core_exit() en algunas plataformas, por lo que movemos la llamada dwc3_enable_susphy() al principio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.170", + "versionEndExcluding": "5.15.172", + "matchCriteriaId": "5CC09466-A4C0-4FE6-AC81-F620B65EC4AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.115", + "versionEndExcluding": "6.1.117", + "matchCriteriaId": "CACEF6C4-89D7-488E-8023-41C8325AA271" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6.59", + "versionEndExcluding": "6.6.61", + "matchCriteriaId": "962E4D7B-164B-4604-A273-17BDEBC12DA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11.5", + "versionEndExcluding": "6.11.8", + "matchCriteriaId": "744A9D07-6FE7-48A4-BA82-4A599235CEC6" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/06b98197b69e2f2af9cb1991ee0b1c876edf7b86", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4abc5ee334fe4aba50461c45fdaaa4c5e5c57789", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/562804b1561cc248cc37746a1c96c83cab1d7209", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9cfb31e4c89d200d8ab7cb1e0bb9e6e8d621ca0b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d9e65d461a9de037e7c9d584776d025cfce6d86d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53072.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53072.json index 1b7ac9d5ea8..273beb62047 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53072.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53072.json @@ -2,32 +2,145 @@ "id": "CVE-2024-53072", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T18:15:26.877", - "lastModified": "2024-11-19T21:56:45.533", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T20:43:08.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/pmc: Detect when STB is not available\n\nLoading the amd_pmc module as:\n\n amd_pmc enable_stb=1\n\n...can result in the following messages in the kernel ring buffer:\n\n amd_pmc AMDI0009:00: SMU cmd failed. err: 0xff\n ioremap on RAM at 0x0000000000000000 - 0x0000000000ffffff\n WARNING: CPU: 10 PID: 2151 at arch/x86/mm/ioremap.c:217 __ioremap_caller+0x2cd/0x340\n\nFurther debugging reveals that this occurs when the requests for\nS2D_PHYS_ADDR_LOW and S2D_PHYS_ADDR_HIGH return a value of 0,\nindicating that the STB is inaccessible. To prevent the ioremap\nwarning and provide clarity to the user, handle the invalid address\nand display an error message." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: platform/x86/amd/pmc: Detectar cuando STB no est\u00e1 disponible Cargar el m\u00f3dulo amd_pmc como: amd_pmc enable_stb=1 ...puede generar los siguientes mensajes en el b\u00fafer de anillo del kernel: amd_pmc AMDI0009:00: Error en el comando SMU. err: 0xff ioremap en RAM en 0x000000000000000 - 0x0000000000ffffff ADVERTENCIA: CPU: 10 PID: 2151 en arch/x86/mm/ioremap.c:217 __ioremap_caller+0x2cd/0x340 Una depuraci\u00f3n adicional revela que esto ocurre cuando las solicitudes de S2D_PHYS_ADDR_LOW y S2D_PHYS_ADDR_HIGH devuelven un valor de 0, lo que indica que el STB es inaccesible. Para evitar la advertencia de ioremap y proporcionar claridad al usuario, controle la direcci\u00f3n no v\u00e1lida y muestre un mensaje de error." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.18", + "versionEndExcluding": "6.1.117", + "matchCriteriaId": "FB7AE9B5-378F-4E62-AEBB-184A62F4C6A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.61", + "matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.8", + "matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", + "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", + "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/67ff30e24a0466bdd5be1d0b84385ec3c85fdacd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7a3ed3f125292bc3398e04d10108124250892e3f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a50863dd1f92d43c975ab2ecc3476617fe98a66e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bceec87a73804bb4c33b9a6c96e2d27cd893a801", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53073.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53073.json index 7f99a4f4600..67109629bd9 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53073.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53073.json @@ -2,24 +2,87 @@ "id": "CVE-2024-53073", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T18:15:26.950", - "lastModified": "2024-11-19T21:56:45.533", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T20:43:59.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Never decrement pending_async_copies on error\n\nThe error flow in nfsd4_copy() calls cleanup_async_copy(), which\nalready decrements nn->pending_async_copies." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSD: Nunca decremente pending_async_copies en caso de error El flujo de error en nfsd4_copy() llama a cleanup_async_copy(), que ya decrementa nn->pending_async_copies." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11.3", + "versionEndExcluding": "6.11.7", + "matchCriteriaId": "BE92E684-8AEB-4596-990F-4EF87604710B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/1421883aa30c5d26bc3370e2d19cb350f0d5ca28", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8286f8b622990194207df9ab852e0f87c60d35e9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53077.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53077.json index fe62856241b..db55fa70116 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53077.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53077.json @@ -2,24 +2,112 @@ "id": "CVE-2024-53077", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T18:15:27.213", - "lastModified": "2024-11-19T21:56:45.533", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T20:41:41.093", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpcrdma: Always release the rpcrdma_device's xa_array\n\nDai pointed out that the xa_init_flags() in rpcrdma_add_one() needs\nto have a matching xa_destroy() in rpcrdma_remove_one() to release\nunderlying memory that the xarray might have accrued during\noperation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rpcrdma: Siempre liberar el xa_array de rpcrdma_device Dai se\u00f1al\u00f3 que xa_init_flags() en rpcrdma_add_one() debe tener un xa_destroy() coincidente en rpcrdma_remove_one() para liberar la memoria subyacente que el xarray podr\u00eda haber acumulado durante la operaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.7", + "matchCriteriaId": "386941FE-51A4-4893-9EC3-054AD3863E8D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", + "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/36b7f5a4f300d038270324640ff7c1399245159d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/63a81588cd2025e75fbaf30b65930b76825c456f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53255.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53255.json new file mode 100644 index 00000000000..80eb8a682cb --- /dev/null +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53255.json @@ -0,0 +1,81 @@ +{ + "id": "CVE-2024-53255", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-25T19:15:11.760", + "lastModified": "2024-11-25T19:15:11.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting (XSS) vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to inject arbitrary JavaScript code. This code could be used to steal the user's session cookie, perform phishing attacks, or deface the website. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/BoidCMS/BoidCMS/commit/42f4d703a87f5199bbd701b3495a26c91b9cfab7", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/BoidCMS/BoidCMS/security/advisories/GHSA-7q7m-cgw8-px4r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53258.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53258.json new file mode 100644 index 00000000000..8f921465fe1 --- /dev/null +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53258.json @@ -0,0 +1,85 @@ +{ + "id": "CVE-2024-53258", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-25T20:15:10.030", + "lastModified": "2024-11-25T20:15:10.030", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit `1aa4c769` which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-359" + }, + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/autolab/Autolab/commit/1aa4c7690892fb458d2c61ff86739f368e34769d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/autolab/Autolab/security/advisories/GHSA-84qc-7773-2gg3", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53261.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53261.json new file mode 100644 index 00000000000..03712b39647 --- /dev/null +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53261.json @@ -0,0 +1,81 @@ +{ + "id": "CVE-2024-53261", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-25T20:15:10.217", + "lastModified": "2024-11-25T20:15:10.217", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. \"Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\" The files `packages/kit/src/exports/vite/dev/index.js` and `packages/kit/src/exports/vite/utils.js` both contain user controllable data which under specific conditions may flow to dev mode pages. There is little to no expected impact. The Vite development is not exposed to the network by default and even if someone were able to trick a developer into executing an XSS against themselves, a development database should not have any sensitive data. None the less this issue has been addressed in version 2.8.3 and all users are advised to upgrade." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.0, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sveltejs/kit/commit/d338d4635a7fd947ba5112df6ee632c4a0979438", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/sveltejs/kit/security/advisories/GHSA-rjjv-87mx-6x3h", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53262.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53262.json new file mode 100644 index 00000000000..fc5a371cde8 --- /dev/null +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53262.json @@ -0,0 +1,85 @@ +{ + "id": "CVE-2024-53262", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-25T20:15:10.423", + "lastModified": "2024-11-25T20:15:10.423", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contain the following placeholders: %sveltekit.status% \u2014 the HTTP status, and %sveltekit.error.message% \u2014 the error message. This leads to possible injection if an app explicitly creates an error with a message that contains user controlled content. Only applications where user provided input is used in the `Error` message will be vulnerable, so the vast majority of applications will not be vulnerable This issue has been addressed in version 2.8.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.0, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sveltejs/kit/commit/134e36343ef57ed7e6e2b3bb9e7f05ad37865794", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/sveltejs/kit/security/advisories/GHSA-mh2x-fcqh-fmqv", + "source": "security-advisories@github.com" + }, + { + "url": "https://kit.svelte.dev/docs/errors", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53268.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53268.json new file mode 100644 index 00000000000..d6adb2c5aa9 --- /dev/null +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53268.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-53268", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-25T20:15:10.583", + "lastModified": "2024-11-25T20:15:10.583", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.6, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/laurent22/joplin/security/advisories/GHSA-pc5v-xp44-5mgv", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53599.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53599.json new file mode 100644 index 00000000000..74a5ceb9acf --- /dev/null +++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53599.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-53599", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-25T19:15:11.957", + "lastModified": "2024-11-25T19:15:11.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/NoPurposeInLife/vulnerability_research/tree/main/CVE-2024-53599", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-68xx/CVE-2024-6811.json b/CVE-2024/CVE-2024-68xx/CVE-2024-6811.json index 01c1282e6e6..36ee7904706 100644 --- a/CVE-2024/CVE-2024-68xx/CVE-2024-6811.json +++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6811.json @@ -2,9 +2,8 @@ "id": "CVE-2024-6811", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-08-21T16:15:08.783", - "lastModified": "2024-08-23T16:27:10.317", + "lastModified": "2024-11-25T17:17:22.273", "vulnStatus": "Analyzed", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -45,6 +44,8 @@ "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -52,9 +53,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -64,7 +63,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -82,8 +81,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x32:*", - "matchCriteriaId": "5A6F92E7-FD00-4E90-9E69-EEF0A7CD7EA4" + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" }, { "vulnerable": true, diff --git a/CVE-2024/CVE-2024-68xx/CVE-2024-6812.json b/CVE-2024/CVE-2024-68xx/CVE-2024-6812.json index cdfae035eb2..363b3981863 100644 --- a/CVE-2024/CVE-2024-68xx/CVE-2024-6812.json +++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6812.json @@ -2,9 +2,8 @@ "id": "CVE-2024-6812", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-08-21T16:15:08.970", - "lastModified": "2024-08-23T16:29:39.737", + "lastModified": "2024-11-25T17:17:07.970", "vulnStatus": "Analyzed", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -45,6 +44,8 @@ "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -52,9 +53,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -64,7 +63,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -82,8 +81,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x32:*", - "matchCriteriaId": "5A6F92E7-FD00-4E90-9E69-EEF0A7CD7EA4" + "criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*", + "matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98" }, { "vulnerable": true, diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7915.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7915.json new file mode 100644 index 00000000000..b5a0452db56 --- /dev/null +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7915.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-7915", + "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a", + "published": "2024-11-25T18:15:14.530", + "lastModified": "2024-11-25T18:15:14.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root\u00a0user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading extensions, among other actions.\n\n\nThe vulnerable module\u00a0org.cindori.SenseiHelper\u00a0can be contacted via XPC. While the module performs client validation, it relies on the client's PID\u00a0obtained through the public processIdentifier\u00a0property of the NSXPCConnection\u00a0class. This approach makes the module susceptible to a PID Reuse Attack, enabling an attacker to impersonate a legitimate client and send crafted XPC messages to invoke arbitrary methods exposed by the HelperProtocol\u00a0interface." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "41c37e40-543d-43a2-b660-2fee83ea851a", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "41c37e40-543d-43a2-b660-2fee83ea851a", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://pentraze.com/vulnerability-reports", + "source": "41c37e40-543d-43a2-b660-2fee83ea851a" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8272.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8272.json new file mode 100644 index 00000000000..b5092d03832 --- /dev/null +++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8272.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-8272", + "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a", + "published": "2024-11-25T18:15:14.673", + "lastModified": "2024-11-25T18:15:14.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The com.uaudio.bsd.helper\u00a0service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "41c37e40-543d-43a2-b660-2fee83ea851a", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "41c37e40-543d-43a2-b660-2fee83ea851a", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://pentraze.com/vulnerability-reports", + "source": "41c37e40-543d-43a2-b660-2fee83ea851a" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9258.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9258.json index b4ad1ec9f91..93aa5fb86f5 100644 --- a/CVE-2024/CVE-2024-92xx/CVE-2024-9258.json +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9258.json @@ -2,15 +2,41 @@ "id": "CVE-2024-9258", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T22:15:22.033", - "lastModified": "2024-11-22T22:15:22.033", - "vulnStatus": "Received", + "lastModified": "2024-11-25T17:15:32.283", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView SID File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SID files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23276." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo mediante puntero no inicializado en el an\u00e1lisis de archivos SID de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos SID. El problema es el resultado de la falta de inicializaci\u00f3n adecuada de un puntero antes de acceder a \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-23276." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -37,7 +63,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +72,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.66:*:*:*:*:*:x64:*", + "matchCriteriaId": "AAEB167F-E1EF-4B14-990E-C2CE05C1BEB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1370/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9259.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9259.json index eadd5379437..e08b6a3f336 100644 --- a/CVE-2024/CVE-2024-92xx/CVE-2024-9259.json +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9259.json @@ -2,15 +2,41 @@ "id": "CVE-2024-9259", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T22:15:22.153", - "lastModified": "2024-11-22T22:15:22.153", - "vulnStatus": "Received", + "lastModified": "2024-11-25T17:13:49.060", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23278." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos SID de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos SID. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-23278." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -37,7 +63,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +72,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.66:*:*:*:*:*:x64:*", + "matchCriteriaId": "AAEB167F-E1EF-4B14-990E-C2CE05C1BEB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1372/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9260.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9260.json index e4366ed504c..d7583f28e32 100644 --- a/CVE-2024/CVE-2024-92xx/CVE-2024-9260.json +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9260.json @@ -2,15 +2,41 @@ "id": "CVE-2024-9260", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T22:15:22.277", - "lastModified": "2024-11-22T22:15:22.277", - "vulnStatus": "Received", + "lastModified": "2024-11-25T17:16:40.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23280." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de l\u00edmites en el an\u00e1lisis de archivos SID de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos SID. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-23280." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -37,7 +63,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +72,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.66:*:*:*:*:*:x64:*", + "matchCriteriaId": "AAEB167F-E1EF-4B14-990E-C2CE05C1BEB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1373/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9261.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9261.json index 60c9b027b50..661cea595fa 100644 --- a/CVE-2024/CVE-2024-92xx/CVE-2024-9261.json +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9261.json @@ -2,15 +2,41 @@ "id": "CVE-2024-9261", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T22:15:22.397", - "lastModified": "2024-11-22T22:15:22.397", - "vulnStatus": "Received", + "lastModified": "2024-11-25T17:17:17.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IrfanView SID File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23283." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en pila de an\u00e1lisis de archivos SID de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos SID. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en pila. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-23283." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -37,19 +63,49 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-121" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:irfanview:irfanview:4.66:*:*:*:*:*:x64:*", + "matchCriteriaId": "AAEB167F-E1EF-4B14-990E-C2CE05C1BEB3" + } + ] + } + ] } ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1374/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9671.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9671.json index d666c502d1c..ca4ba694ed8 100644 --- a/CVE-2024/CVE-2024-96xx/CVE-2024-9671.json +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9671.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9671", "sourceIdentifier": "secalert@redhat.com", "published": "2024-10-09T15:15:17.513", - "lastModified": "2024-10-10T12:51:56.987", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T18:17:11.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 1.4 @@ -42,23 +41,57 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-538" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "653A5B08-0D02-4362-A8B1-D00B24C6C6F2" + } + ] + } + ] } ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2024-9671", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317449", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9676.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9676.json index 047b9d3aa1e..9b7df3ae315 100644 --- a/CVE-2024/CVE-2024-96xx/CVE-2024-9676.json +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9676.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9676", "sourceIdentifier": "secalert@redhat.com", "published": "2024-10-15T16:15:06.933", - "lastModified": "2024-11-24T20:15:05.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-25T20:21:59.140", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -50,66 +70,303 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "40449571-22F8-44FA-B57B-B43F71AB25E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*", + "matchCriteriaId": "1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*", + "matchCriteriaId": "486B3F69-1551-4F8B-B25B-A5864248811B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*", + "matchCriteriaId": "4716808D-67EB-4E14-9910-B248A500FAFA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*", + "matchCriteriaId": "0EBB38E1-4161-402D-8A37-74D92891AAC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*", + "matchCriteriaId": "F4B66318-326A-43E4-AF14-015768296E4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "E52D8667-D64B-4E4D-972F-089A2D834C34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:*:*:*:*:*:*:*", + "matchCriteriaId": "226AD7DB-D8CB-45A3-97AE-3FE79774133E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:*:*:*:*:*:*:*", + "matchCriteriaId": "1B361729-2847-4FE1-9503-BF9FA81307C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:*:*:*:*:*:*:*", + "matchCriteriaId": "FA5959A2-F48B-449B-89AD-ECDE9E5418E6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:*:*:*:*:*:*:*", + "matchCriteriaId": "D3056B67-E5C4-40A0-86BF-1D9E6637B13F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "352D5845-975E-4B7F-A44D-4F99D43450BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:*:*:*:*:*:*:*", + "matchCriteriaId": "08B9C7A4-4D65-4771-B92D-914C9C9A6C4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:*:*:*:*:*:*:*", + "matchCriteriaId": "99ADC66F-3B19-4767-B876-67BA1C8D195B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:*:*:*:*:*:*:*", + "matchCriteriaId": "E4F24706-3DF4-49D0-870D-39D4FC02CF4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.16:*:*:*:*:*:*:*", + "matchCriteriaId": "F1C47559-7265-4185-84B5-D8D2B177E08A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "1E5E9340-DD85-4B10-9A1D-9021C95229A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:*:*:*:*:*:*:*", + "matchCriteriaId": "BDD2E6ED-9BDE-404B-AD0D-F78D69B13B34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:*:*:*:*:*:*:*", + "matchCriteriaId": "065C13FF-588E-42F5-B3C9-3302082E6524" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:*:*:*:*:*:*:*", + "matchCriteriaId": "C1E0DF9A-C358-48A0-911F-0A17E1982E4B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.16:*:*:*:*:*:*:*", + "matchCriteriaId": "ABEED453-F241-4841-A5AE-8BFFA587119F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "2127E592-F973-4244-9793-680736EC5313" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:*:*:*:*:*:*:*", + "matchCriteriaId": "8FF27781-22D9-4283-959D-951C76429EF5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:*:*:*:*:*:*:*", + "matchCriteriaId": "F68F84F5-7671-4778-AE48-5CF243B62D88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:*:*:*:*:*:*:*", + "matchCriteriaId": "33D2A2D4-A006-422D-AA0C-8E764FB104C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:*:*:*:*:*:*:*", + "matchCriteriaId": "0EC48A26-5827-4EC0-BE90-EA25F0A9B56C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", + "matchCriteriaId": "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "01363FFA-F7A6-43FC-8D47-E67F95410095" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "F843B777-5C64-4CAE-80D6-89DC2C9515B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", + "matchCriteriaId": "39D345D3-108A-4551-A112-5EE51991411A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "3C30F155-DF7D-4195-92D9-A5B80407228D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2024:8418", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:8428", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:8437", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:8686", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:8690", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:8694", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:8700", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:8984", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:9051", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:9454", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:9459", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:9926", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2024-9676", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317467", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/advisories/GHSA-wq2p-5pc6-wpgf", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9681.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9681.json index 51a76d087e9..e943d9b91d1 100644 --- a/CVE-2024/CVE-2024-96xx/CVE-2024-9681.json +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9681.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9681", "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9", "published": "2024-11-06T08:15:03.740", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T19:52:56.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,12 +16,34 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 4.2 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -30,27 +51,78 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.9, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.2, "impactScore": 3.6 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-697" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.74.0", + "versionEndExcluding": "8.11.0", + "matchCriteriaId": "D26CBA59-021E-46CB-A1A0-5AD682F6685E" + } + ] + } + ] + } + ], "references": [ { "url": "https://curl.se/docs/CVE-2024-9681.html", - "source": "2499f714-1537-4658-8207-48ae4bb9eae9" + "source": "2499f714-1537-4658-8207-48ae4bb9eae9", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://curl.se/docs/CVE-2024-9681.json", - "source": "2499f714-1537-4658-8207-48ae4bb9eae9" + "source": "2499f714-1537-4658-8207-48ae4bb9eae9", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2764830", - "source": "2499f714-1537-4658-8207-48ae4bb9eae9" + "source": "2499f714-1537-4658-8207-48ae4bb9eae9", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9696.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9696.json index 9d651228f84..8e87e9c84d0 100644 --- a/CVE-2024/CVE-2024-96xx/CVE-2024-9696.json +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9696.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9696", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-12T09:15:03.590", - "lastModified": "2024-10-15T12:57:46.880", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T20:42:32.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -19,10 +18,12 @@ "cvssMetricV31": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,12 +31,30 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.4, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -51,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rescuethemes:rescue_shortcodes:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.9", + "matchCriteriaId": "293CB6B8-A96C-4114-AC76-D47257334F55" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3167329%40rescue-shortcodes&new=3167329%40rescue-shortcodes&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9517db1f-1704-4f25-9b02-795da3c4c067?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9700.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9700.json index a856da64085..3b2217d8b14 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9700.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9700.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9700", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-31T06:15:05.350", - "lastModified": "2024-11-01T12:57:03.417", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T19:57:41.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -19,10 +18,12 @@ "cvssMetricV31": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 1.4 @@ -42,7 +41,7 @@ "weaknesses": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,18 +50,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmudev:forminator_forms:*:*:*:*:free:wordpress:*:*", + "versionEndExcluding": "1.36.1", + "matchCriteriaId": "020D991A-049F-4FA8-876F-B832FFD2F83F" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/forminator/tags/1.35.1/library/modules/quizzes/front/front-action.php#L548", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3172942", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fbed35ca-1630-46a4-8b1f-60cc7216f294?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9704.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9704.json index 3e8bad6de9a..69cf05a62ac 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9704.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9704.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9704", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-12T07:15:02.570", - "lastModified": "2024-10-15T12:57:46.880", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T19:19:22.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -19,10 +18,12 @@ "cvssMetricV31": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,12 +31,30 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.4, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -51,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibericode:social_sharing:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.3.8", + "matchCriteriaId": "B418A36A-0302-4AFE-8B67-8EA60A6F4A63" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3167056%40dvk-social-sharing&new=3167056%40dvk-social-sharing&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/619ca4b6-95bb-4c87-b8db-78e6d6b79384?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9707.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9707.json index 8e8e1fa531e..9a2e8506c0d 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9707.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9707.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9707", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-11T13:15:21.233", - "lastModified": "2024-10-15T12:58:51.050", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T18:50:39.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -19,10 +18,12 @@ "cvssMetricV31": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 @@ -42,7 +41,7 @@ "weaknesses": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,22 +50,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themehunk:hunk_companion:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.8.5", + "matchCriteriaId": "E4E5B956-35DC-429A-8360-E0F17071B801" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/WordPressBugBounty/plugins-hunk-companion/blob/5a3cedc7b3d35d407b210e691c53c6cb400e4051/hunk-companion/import/app/app.php#L46", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3166501%40hunk-companion&new=3166501%40hunk-companion&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://wordpress.org/plugins/hunk-companion/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c101fca-037c-4bed-9dc7-baa021a8b59c?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9708.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9708.json index 3e15e32da4e..ad0e55fdab6 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9708.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9708.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9708", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-31T03:15:02.737", - "lastModified": "2024-11-01T12:57:03.417", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T19:59:31.110", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -19,10 +18,12 @@ "cvssMetricV31": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,12 +31,30 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.4, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -51,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:delowerhossain:easy_svg_upload:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "469268A6-871A-4D76-8C56-028741FB27CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://wordpress.org/plugins/easy-svg-upload/#developers", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49a9ade1-fca7-48c1-bb87-75fc3528e234?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9749.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9749.json index 8f395542172..7c8f247b5e0 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9749.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9749.json @@ -2,15 +2,41 @@ "id": "CVE-2024-9749", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:28.850", - "lastModified": "2024-11-22T21:15:28.850", - "vulnStatus": "Received", + "lastModified": "2024-11-25T18:58:36.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24465." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos PDF de Tungsten Automation Power PDF. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas de Tungsten Automation Power PDF. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PDF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24465." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +72,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tungstenautomation:power_pdf:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.1", + "matchCriteriaId": "07AF31C9-62C2-4FCA-975B-EEFCF34B8C78" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1340/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9756.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9756.json index 00ba33fc270..5c2636cabd0 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9756.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9756.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9756", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-12T07:15:02.820", - "lastModified": "2024-10-15T12:57:46.880", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T20:49:23.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 @@ -49,24 +48,65 @@ "value": "CWE-862" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:directsoftware:order_attachments_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionStartIncluding": "2.0", + "versionEndExcluding": "2.5.0", + "matchCriteriaId": "11E458FB-3933-409D-B905-ECE2E6DA453C" + } + ] + } + ] } ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/order-attachments-for-woocommerce/tags/2.4.0/src/WCOA/Attachments/Attachment.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/order-attachments-for-woocommerce/tags/2.4.0/src/WCOA/Utils/Ajax.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3167136%40order-attachments-for-woocommerce&new=3167136%40order-attachments-for-woocommerce&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0dfc8957-78b8-4c55-ba95-52d95b086341?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9772.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9772.json index 03b275bc166..bbb6a6ca45e 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9772.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9772.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9772", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-26T10:15:10.747", - "lastModified": "2024-10-28T13:58:09.230", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T20:03:01.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -19,10 +18,12 @@ "cvssMetricV31": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, - "baseSeverity": "HIGH" + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" }, "exploitabilityScore": 3.9, "impactScore": 3.4 @@ -49,20 +68,57 @@ "value": "CWE-94" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:uiux:uix_shortcodes:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.9.9", + "matchCriteriaId": "CEFD90B2-A40F-458D-9DD9-964C12700345" + } + ] + } + ] } ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/uix-shortcodes/trunk/shortcodes/templates/default/frontpage-init.php#L9", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://wordpress.org/plugins/uix-shortcodes/#developers", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3000758d-68e0-46a6-aef0-e2407a828168?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9776.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9776.json index 70b5843f64a..06282d207e2 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9776.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9776.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9776", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-12T06:15:03.640", - "lastModified": "2024-10-15T12:57:46.880", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T18:45:54.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -19,10 +18,12 @@ "cvssMetricV31": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", @@ -30,12 +31,30 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 4.4, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.3, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ] }, @@ -51,18 +70,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getbutterfly:imagepress:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.3.0", + "matchCriteriaId": "BB90E471-4BC7-4D8A-B41D-755AB51B711A" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/page-settings.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3167164/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/655c08e6-4ef2-438e-b381-1bc3748c3771?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9778.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9778.json index 8eeafaa6ac3..aab204d3e1d 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9778.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9778.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9778", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-12T06:15:03.930", - "lastModified": "2024-10-15T12:57:46.880", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T19:20:37.163", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 @@ -51,34 +70,73 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getbutterfly:imagepress:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.3.0", + "matchCriteriaId": "BB90E471-4BC7-4D8A-B41D-755AB51B711A" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/page-settings.php#L106", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/page-settings.php#L2", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/page-settings.php#L267", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/page-settings.php#L380", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/page-settings.php#L461", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3167164/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/200b3446-6107-434b-b46d-2078461f3f94?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9781.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9781.json index 2500def5359..f14bf18d793 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9781.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9781.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9781", "sourceIdentifier": "cve@gitlab.com", "published": "2024-10-10T07:15:04.100", - "lastModified": "2024-10-10T12:51:56.987", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T18:09:33.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,12 +31,30 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,16 +68,56 @@ "value": "CWE-230" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndExcluding": "4.2.8", + "matchCriteriaId": "CEEEB07E-F484-45D2-AD9F-3F25907DAB4D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wireshark:wireshark:4.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "662044CC-EE04-4410-A391-33B612CD1C3E" + } + ] + } + ] } ], "references": [ { "url": "https://gitlab.com/wireshark/wireshark/-/issues/20114", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wireshark.org/security/wnpa-sec-2024-13.html", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9787.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9787.json index 6063a88c9f4..22ad7b8cf7b 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9787.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9787.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9787", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-10T14:15:06.243", - "lastModified": "2024-10-15T12:58:51.050", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T17:39:02.310", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", @@ -54,9 +55,7 @@ "recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", - "providerUrgency": "NOT_DEFINED", - "baseScore": 6.9, - "baseSeverity": "MEDIUM" + "providerUrgency": "NOT_DEFINED" } } ], @@ -67,6 +66,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -74,9 +75,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" }, "exploitabilityScore": 3.9, "impactScore": 1.4 @@ -89,13 +108,13 @@ "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "PARTIAL", - "baseScore": 5.0 + "availabilityImpact": "PARTIAL" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, @@ -111,31 +130,82 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-404" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ccontrols:basrouter_bacnet_basrt-b_firmware:2.7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "0A032161-508F-4134-87D2-F80F41FB1E40" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ccontrols:basrouter_bacnet_basrt-b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BEC9FBAA-AF84-4332-9A8F-DDE2A9F374D8" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/isZzzz/BASRT-B_BriefDoS_Document/blob/main/report.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.279939", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.279939", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.414499", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9792.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9792.json index a8830526fc8..88a3a08be25 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9792.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9792.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9792", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-10T15:15:15.710", - "lastModified": "2024-10-15T12:58:51.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-25T19:02:48.587", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", @@ -30,6 +30,8 @@ "cvssData": { "version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", @@ -61,9 +63,7 @@ "recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", - "providerUrgency": "NOT_DEFINED", - "baseScore": 5.1, - "baseSeverity": "MEDIUM" + "providerUrgency": "NOT_DEFINED" } } ], @@ -74,6 +74,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -81,12 +83,30 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 2.4, - "baseSeverity": "LOW" + "availabilityImpact": "NONE" }, "exploitabilityScore": 0.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -96,13 +116,13 @@ "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", - "availabilityImpact": "NONE", - "baseScore": 3.3 + "availabilityImpact": "NONE" }, "baseSeverity": "LOW", "exploitabilityScore": 6.4, @@ -127,22 +147,63 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dsl-2750u_firmware:r5b017:*:*:*:*:*:*:*", + "matchCriteriaId": "91864D20-4644-4FD9-8E02-2D5A3662E2FE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E5A7A48A-C126-4EF2-91F8-A8D9987525FF" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.279945", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.279945", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.415532", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.dlink.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9798.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9798.json index aafe5dddde8..42888dc2b12 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9798.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9798.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9798", "sourceIdentifier": "zowe-security@lists.openmainframeproject.org", "published": "2024-10-10T08:15:04.207", - "lastModified": "2024-10-10T15:35:16.493", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T18:00:47.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.0, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -30,16 +31,44 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.0, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.2, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:api_mediation_layer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "1.28.8", + "matchCriteriaId": "8B9B17C8-D7CB-4E68-8FCB-DB748815328C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:api_mediation_layer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.18.0", + "matchCriteriaId": "AE047C55-2406-49E6-A84D-29FC747A3C2B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zowe/api-layer", - "source": "zowe-security@lists.openmainframeproject.org" + "source": "zowe-security@lists.openmainframeproject.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9802.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9802.json index 0bfd9b5194b..1c2beee086f 100644 --- a/CVE-2024/CVE-2024-98xx/CVE-2024-9802.json +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9802.json @@ -2,9 +2,8 @@ "id": "CVE-2024-9802", "sourceIdentifier": "zowe-security@lists.openmainframeproject.org", "published": "2024-10-10T08:15:04.387", - "lastModified": "2024-10-10T15:35:17.230", - "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "lastModified": "2024-11-25T17:56:58.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 1.4 @@ -40,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:api_mediation_layer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.11.0", + "versionEndExcluding": "2.17.0", + "matchCriteriaId": "9968ABF2-0BD5-41D7-AA9A-66FD32E21C6D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zowe/api-layer", - "source": "zowe-security@lists.openmainframeproject.org" + "source": "zowe-security@lists.openmainframeproject.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index a544bc9e9b3..fb0abc29a57 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-25T17:04:15.383492+00:00 +2024-11-25T21:04:53.213664+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-25T16:58:48.337000+00:00 +2024-11-25T21:03:09.620000+00:00 ``` ### Last Data Feed Release @@ -33,50 +33,61 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -271254 +271271 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` - -- [CVE-2023-26280](CVE-2023/CVE-2023-262xx/CVE-2023-26280.json) (`2024-11-25T16:15:06.243`) -- [CVE-2023-45181](CVE-2023/CVE-2023-451xx/CVE-2023-45181.json) (`2024-11-25T16:15:11.273`) -- [CVE-2024-11670](CVE-2024/CVE-2024-116xx/CVE-2024-11670.json) (`2024-11-25T15:15:05.557`) -- [CVE-2024-11671](CVE-2024/CVE-2024-116xx/CVE-2024-11671.json) (`2024-11-25T15:15:07.040`) -- [CVE-2024-11672](CVE-2024/CVE-2024-116xx/CVE-2024-11672.json) (`2024-11-25T15:15:07.180`) -- [CVE-2024-7130](CVE-2024/CVE-2024-71xx/CVE-2024-7130.json) (`2024-11-21T14:15:19.023`) +Recently added CVEs: `17` + +- [CVE-2017-9711](CVE-2017/CVE-2017-97xx/CVE-2017-9711.json) (`2024-11-22T10:15:03.387`) +- [CVE-2021-30299](CVE-2021/CVE-2021-302xx/CVE-2021-30299.json) (`2024-11-22T10:15:04.703`) +- [CVE-2024-32468](CVE-2024/CVE-2024-324xx/CVE-2024-32468.json) (`2024-11-25T19:15:09.510`) +- [CVE-2024-45755](CVE-2024/CVE-2024-457xx/CVE-2024-45755.json) (`2024-11-25T17:15:12.293`) +- [CVE-2024-45756](CVE-2024/CVE-2024-457xx/CVE-2024-45756.json) (`2024-11-25T18:15:12.907`) +- [CVE-2024-51723](CVE-2024/CVE-2024-517xx/CVE-2024-51723.json) (`2024-11-25T19:15:11.050`) +- [CVE-2024-52529](CVE-2024/CVE-2024-525xx/CVE-2024-52529.json) (`2024-11-25T19:15:11.373`) +- [CVE-2024-52787](CVE-2024/CVE-2024-527xx/CVE-2024-52787.json) (`2024-11-25T18:15:13.597`) +- [CVE-2024-52811](CVE-2024/CVE-2024-528xx/CVE-2024-52811.json) (`2024-11-25T19:15:11.567`) +- [CVE-2024-53255](CVE-2024/CVE-2024-532xx/CVE-2024-53255.json) (`2024-11-25T19:15:11.760`) +- [CVE-2024-53258](CVE-2024/CVE-2024-532xx/CVE-2024-53258.json) (`2024-11-25T20:15:10.030`) +- [CVE-2024-53261](CVE-2024/CVE-2024-532xx/CVE-2024-53261.json) (`2024-11-25T20:15:10.217`) +- [CVE-2024-53262](CVE-2024/CVE-2024-532xx/CVE-2024-53262.json) (`2024-11-25T20:15:10.423`) +- [CVE-2024-53268](CVE-2024/CVE-2024-532xx/CVE-2024-53268.json) (`2024-11-25T20:15:10.583`) +- [CVE-2024-53599](CVE-2024/CVE-2024-535xx/CVE-2024-53599.json) (`2024-11-25T19:15:11.957`) +- [CVE-2024-7915](CVE-2024/CVE-2024-79xx/CVE-2024-7915.json) (`2024-11-25T18:15:14.530`) +- [CVE-2024-8272](CVE-2024/CVE-2024-82xx/CVE-2024-8272.json) (`2024-11-25T18:15:14.673`) ### CVEs modified in the last Commit -Recently modified CVEs: `44` - -- [CVE-2024-11649](CVE-2024/CVE-2024-116xx/CVE-2024-11649.json) (`2024-11-25T16:48:37.237`) -- [CVE-2024-27231](CVE-2024/CVE-2024-272xx/CVE-2024-27231.json) (`2024-11-25T16:15:12.423`) -- [CVE-2024-27312](CVE-2024/CVE-2024-273xx/CVE-2024-27312.json) (`2024-11-25T15:14:53.217`) -- [CVE-2024-27906](CVE-2024/CVE-2024-279xx/CVE-2024-27906.json) (`2024-11-25T16:15:12.653`) -- [CVE-2024-30424](CVE-2024/CVE-2024-304xx/CVE-2024-30424.json) (`2024-11-25T15:07:22.740`) -- [CVE-2024-30851](CVE-2024/CVE-2024-308xx/CVE-2024-30851.json) (`2024-11-25T16:15:12.930`) -- [CVE-2024-35401](CVE-2024/CVE-2024-354xx/CVE-2024-35401.json) (`2024-11-25T16:15:13.167`) -- [CVE-2024-50066](CVE-2024/CVE-2024-500xx/CVE-2024-50066.json) (`2024-11-25T15:15:07.570`) -- [CVE-2024-9732](CVE-2024/CVE-2024-97xx/CVE-2024-9732.json) (`2024-11-25T16:12:03.470`) -- [CVE-2024-9733](CVE-2024/CVE-2024-97xx/CVE-2024-9733.json) (`2024-11-25T16:46:02.380`) -- [CVE-2024-9734](CVE-2024/CVE-2024-97xx/CVE-2024-9734.json) (`2024-11-25T16:45:50.453`) -- [CVE-2024-9735](CVE-2024/CVE-2024-97xx/CVE-2024-9735.json) (`2024-11-25T16:45:37.677`) -- [CVE-2024-9736](CVE-2024/CVE-2024-97xx/CVE-2024-9736.json) (`2024-11-25T16:45:21.567`) -- [CVE-2024-9737](CVE-2024/CVE-2024-97xx/CVE-2024-9737.json) (`2024-11-25T16:45:11.627`) -- [CVE-2024-9738](CVE-2024/CVE-2024-97xx/CVE-2024-9738.json) (`2024-11-25T16:44:57.730`) -- [CVE-2024-9739](CVE-2024/CVE-2024-97xx/CVE-2024-9739.json) (`2024-11-25T16:44:41.507`) -- [CVE-2024-9740](CVE-2024/CVE-2024-97xx/CVE-2024-9740.json) (`2024-11-25T16:44:27.720`) -- [CVE-2024-9741](CVE-2024/CVE-2024-97xx/CVE-2024-9741.json) (`2024-11-25T16:44:15.387`) -- [CVE-2024-9742](CVE-2024/CVE-2024-97xx/CVE-2024-9742.json) (`2024-11-25T16:43:58.023`) -- [CVE-2024-9743](CVE-2024/CVE-2024-97xx/CVE-2024-9743.json) (`2024-11-25T16:43:27.847`) -- [CVE-2024-9744](CVE-2024/CVE-2024-97xx/CVE-2024-9744.json) (`2024-11-25T16:43:10.790`) -- [CVE-2024-9745](CVE-2024/CVE-2024-97xx/CVE-2024-9745.json) (`2024-11-25T16:18:31.170`) -- [CVE-2024-9746](CVE-2024/CVE-2024-97xx/CVE-2024-9746.json) (`2024-11-25T16:18:17.007`) -- [CVE-2024-9747](CVE-2024/CVE-2024-97xx/CVE-2024-9747.json) (`2024-11-25T16:17:27.573`) -- [CVE-2024-9748](CVE-2024/CVE-2024-97xx/CVE-2024-9748.json) (`2024-11-25T16:16:04.847`) +Recently modified CVEs: `139` + +- [CVE-2024-53077](CVE-2024/CVE-2024-530xx/CVE-2024-53077.json) (`2024-11-25T20:41:41.093`) +- [CVE-2024-6811](CVE-2024/CVE-2024-68xx/CVE-2024-6811.json) (`2024-11-25T17:17:22.273`) +- [CVE-2024-6812](CVE-2024/CVE-2024-68xx/CVE-2024-6812.json) (`2024-11-25T17:17:07.970`) +- [CVE-2024-9258](CVE-2024/CVE-2024-92xx/CVE-2024-9258.json) (`2024-11-25T17:15:32.283`) +- [CVE-2024-9259](CVE-2024/CVE-2024-92xx/CVE-2024-9259.json) (`2024-11-25T17:13:49.060`) +- [CVE-2024-9260](CVE-2024/CVE-2024-92xx/CVE-2024-9260.json) (`2024-11-25T17:16:40.663`) +- [CVE-2024-9261](CVE-2024/CVE-2024-92xx/CVE-2024-9261.json) (`2024-11-25T17:17:17.177`) +- [CVE-2024-9671](CVE-2024/CVE-2024-96xx/CVE-2024-9671.json) (`2024-11-25T18:17:11.960`) +- [CVE-2024-9676](CVE-2024/CVE-2024-96xx/CVE-2024-9676.json) (`2024-11-25T20:21:59.140`) +- [CVE-2024-9681](CVE-2024/CVE-2024-96xx/CVE-2024-9681.json) (`2024-11-25T19:52:56.417`) +- [CVE-2024-9696](CVE-2024/CVE-2024-96xx/CVE-2024-9696.json) (`2024-11-25T20:42:32.327`) +- [CVE-2024-9700](CVE-2024/CVE-2024-97xx/CVE-2024-9700.json) (`2024-11-25T19:57:41.387`) +- [CVE-2024-9704](CVE-2024/CVE-2024-97xx/CVE-2024-9704.json) (`2024-11-25T19:19:22.113`) +- [CVE-2024-9707](CVE-2024/CVE-2024-97xx/CVE-2024-9707.json) (`2024-11-25T18:50:39.867`) +- [CVE-2024-9708](CVE-2024/CVE-2024-97xx/CVE-2024-9708.json) (`2024-11-25T19:59:31.110`) +- [CVE-2024-9749](CVE-2024/CVE-2024-97xx/CVE-2024-9749.json) (`2024-11-25T18:58:36.077`) +- [CVE-2024-9756](CVE-2024/CVE-2024-97xx/CVE-2024-9756.json) (`2024-11-25T20:49:23.220`) +- [CVE-2024-9772](CVE-2024/CVE-2024-97xx/CVE-2024-9772.json) (`2024-11-25T20:03:01.613`) +- [CVE-2024-9776](CVE-2024/CVE-2024-97xx/CVE-2024-9776.json) (`2024-11-25T18:45:54.377`) +- [CVE-2024-9778](CVE-2024/CVE-2024-97xx/CVE-2024-9778.json) (`2024-11-25T19:20:37.163`) +- [CVE-2024-9781](CVE-2024/CVE-2024-97xx/CVE-2024-9781.json) (`2024-11-25T18:09:33.853`) +- [CVE-2024-9787](CVE-2024/CVE-2024-97xx/CVE-2024-9787.json) (`2024-11-25T17:39:02.310`) +- [CVE-2024-9792](CVE-2024/CVE-2024-97xx/CVE-2024-9792.json) (`2024-11-25T19:02:48.587`) +- [CVE-2024-9798](CVE-2024/CVE-2024-97xx/CVE-2024-9798.json) (`2024-11-25T18:00:47.637`) +- [CVE-2024-9802](CVE-2024/CVE-2024-98xx/CVE-2024-9802.json) (`2024-11-25T17:56:58.937`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e5aefab4808..08ec5430003 100644 --- a/_state.csv +++ b/_state.csv @@ -70934,7 +70934,7 @@ CVE-2014-7139,0,0,7f6dfe9137a9a986b5d655fac15fb058bacda4fc4cc5c1baa9b401b022fa1f CVE-2014-7140,0,0,c53419d017c46fad8ed912ed8e480fe6803a48644e411e1686687a30bde5d417,2024-11-21T02:16:24.370000 CVE-2014-7141,0,0,ad54a186f858df850bd59756c764aa3986450ab7168d45ca7edc10716543b701,2024-11-21T02:16:24.517000 CVE-2014-7142,0,0,2ef09ee430e5c5b886e1136af52d5af252c9da63c1648a603a89c92b19b27a6a,2024-11-21T02:16:24.693000 -CVE-2014-7143,0,0,3fa85a7ba53724cb81adfeec507dc25153b50297b36961e9a9e3f7f711b2358a,2019-11-14T14:45:50.167000 +CVE-2014-7143,0,1,2c5ccdc96d628446ea83911469cbc765c6e585031b2a234c80dc6a685896f094,2024-11-25T18:12:24.673000 CVE-2014-7144,0,0,7f82bef635d9cc0252ffcc221b85914a43ed52fc0a51bf034e9c70d98bb58e4e,2024-11-21T02:16:25.030000 CVE-2014-7145,0,0,5ca0668d9d4336811df389abed8dce1a62052b789f655dc50ac4507b0099ccb3,2024-11-21T02:16:25.200000 CVE-2014-7146,0,0,75978059921d8560374196ed7e4200f97dda2c78768b8d67184dc26cc796139a,2024-11-21T02:16:25.370000 @@ -83224,7 +83224,7 @@ CVE-2016-1000107,0,0,dd71b6385b2eb1d733188f19b87037280d6ea62907de253de33ab6321d8 CVE-2016-1000108,0,0,f98d288c233274f9c80e1960d4d3fb07f96afdca8fae18b64baa31c957691d21,2020-08-18T15:05:57.937000 CVE-2016-1000109,0,0,3d0318cfb8893ba07dbedf207448cc9ddf3439762d444459a16a23bbe0a5d662,2020-03-06T18:45:52.123000 CVE-2016-1000110,0,0,f9a85bae09ba738b8e65d6cd2309a67f52c07325920a11ef065637ba1f69c6d1,2023-11-07T02:29:26.210000 -CVE-2016-1000111,0,0,3d1243a9b0ecddbed4fbc20d1329497c80c3babe5640cb7f4573b30d52701440,2020-03-13T20:04:35.520000 +CVE-2016-1000111,0,1,8f9bd4652a7850e14649644d397e7cdde4b186b7e9dcc701472bd3e71d573508,2024-11-25T18:12:24.673000 CVE-2016-1000112,0,0,2dd1070967a1489002e07d0dec88ceaeb7fba595f35e04588766798c914d8152,2020-04-29T13:35:09.837000 CVE-2016-1000113,0,0,a9920377376a13be725eda648a1b2a601e477814858fc1ceb4190ed354c3512b,2019-12-19T14:57:56.673000 CVE-2016-1000114,0,0,23e7d6c6cbb971963a44933621ccee4d6ea1f30ddd2323987ef68e4d41318674,2019-12-19T14:57:21.640000 @@ -109503,6 +109503,7 @@ CVE-2017-9706,0,0,176f78f769c5ce1942919829c540d0203fcd6eb2ac25eceeb44e0243d11466 CVE-2017-9708,0,0,52289796798827b5c3d11b2c71bd5dbae8a4655975ab100cfc5cde779c7ff0e7,2024-11-21T03:36:40.897000 CVE-2017-9709,0,0,511879d864da9401b4506954ecc3f0c6cdf812f123fa13220110c60f64c6cc6b,2024-11-21T03:36:41 CVE-2017-9710,0,0,4b1702bfb826595d695fb358774b5771c6741aa539c51d3f2fd078939b1cb6e0,2024-11-21T03:36:41.107000 +CVE-2017-9711,1,1,182c607857dcd09d26126d6f64148e9fb7a13cf374265821741d46b1e335f602,2024-11-25T19:10:02.253000 CVE-2017-9712,0,0,18d93755cd2aa7b7ce05d85b857891baeee992c7b58d32144de70144e97404e1,2024-11-21T03:36:41.213000 CVE-2017-9714,0,0,ba6b7c758b8b9103d27f83f7d8b0cc851921ef0d98d0e96f761f506e7ed03bb5,2024-11-21T03:36:41.313000 CVE-2017-9715,0,0,c24e4e9f2a9aa4043629fa29a514303856ff3ec8e436ef7aa775554bf50c193d,2024-11-21T03:36:41.420000 @@ -130544,7 +130545,7 @@ CVE-2019-12383,0,0,19170dea2dc238f67611d31aa8848218effe35c743ec52c4f57514eec2987 CVE-2019-12384,0,0,019c41ceaee13513b247dda2be288bbc2cd8f987fb89efcf197d1fa499764770,2024-11-21T04:22:43.350000 CVE-2019-12385,0,0,ab6c39aa9388571250bad969f41f816e6e88b9ae3a044e39bb48a7f61286ba00,2024-11-21T04:22:43.613000 CVE-2019-12386,0,0,edcb2827be33ea50c73880e00bb11811e04f162a229c582cf55e6dc0d3d6ff44,2024-11-21T04:22:43.763000 -CVE-2019-12387,0,0,c2c89955a24c1cb751a8ce46e57c783d3bdf53f5a2c81cb1bb5a9d0c38be8d87,2024-11-21T04:22:43.900000 +CVE-2019-12387,0,1,5eab19fc3e2c3865fd003488f2b4cbde57bf7725321c694c7aefcdbb45430a20,2024-11-25T18:12:24.673000 CVE-2019-12388,0,0,b247b107621fc6688d67887316c6313a23eadf6274211632d63d80ffd97d64b0,2024-11-21T04:22:44.097000 CVE-2019-12389,0,0,a47ea76aba6ecf3048704cd1806c5fae8323dc6f69ee8641bfb19d23a9b041ab,2024-11-21T04:22:44.237000 CVE-2019-1239,0,0,16af5201aa3dace6a7da9c63acb67ced6b2ac0b4635fffc282aadc057bef47b0,2024-11-21T04:36:18.667000 @@ -130993,7 +130994,7 @@ CVE-2019-12850,0,0,b2118722ba7515e1908380269271c6cb8d900398b4ac39d3757105bc7f2e2 CVE-2019-12851,0,0,054e3d0f435dbd568490552eccac41222e4b44772f8daeff7a66bcf350fdf4a0,2024-11-21T04:23:43.087000 CVE-2019-12852,0,0,8628062b7925af2b77ac5395c688ecc28a47ae10b1c233a84e1bfd95ac50874e,2024-11-21T04:23:43.240000 CVE-2019-12854,0,0,cb4418780eff6835f782b3b9d06dedd33bab1a274802e95e31434043fffec92b,2024-11-21T04:23:43.380000 -CVE-2019-12855,0,0,e615f3729dc9d135cb4de9b7ecc82351c0306d8bb65bfbfca51765215adeda4d,2024-11-21T04:23:43.553000 +CVE-2019-12855,0,1,765f1c4bdbc5ac22a59fa89392c7ee094f14695029bee3e86038441b87084a6d,2024-11-25T18:12:24.673000 CVE-2019-1286,0,0,3829b36f4bc2109b4c29fbf9c5666adfc7c7b6bfbeee5e39eb055689c0bbb98a,2024-11-21T04:36:24.177000 CVE-2019-12863,0,0,e79261e5ba07dda02abde75795b3c429c17e0715ec6291761413661d41de5378,2020-08-24T17:37:01.140000 CVE-2019-12864,0,0,ceead207cd9300f3492cf8526962fa5361f57fea124f0ae5f129a613432a5575,2021-07-21T11:39:23.747000 @@ -137921,7 +137922,7 @@ CVE-2019-20918,0,0,f79c1693e6e30492aacfa4150834c3e1fa04f1fcbfb67e00f04b2bbb035f7 CVE-2019-20919,0,0,79a7cdd3e709292de1a5a46c6eea2bb94500f3b61571245396c8b244c025ee5f,2023-11-07T03:09:14.467000 CVE-2019-2092,0,0,3042e54aa1531dd4c8a2de8dbfe9d7ed88393a2737e3556a4c8657a4adb26259,2024-11-21T04:40:12.950000 CVE-2019-20920,0,0,256f6a2077bf59c41eb60f9bad68129a2d3ae0dd1bf9cd731dab8cba687fdbde,2020-10-15T17:35:59.813000 -CVE-2019-20921,0,0,767ede6112f53771c1064366b3864e03a01b41aef73c02ecc69500a05dc8fa46,2020-10-05T16:49:06.507000 +CVE-2019-20921,0,1,41bf86ccb85740c8d6918b094b8cbe48f3e14ce18e5b2b1edddfee8870d92921,2024-11-25T18:15:06.253000 CVE-2019-20922,0,0,5b0ac7f7547e92f25e7a7a638c9656b3b66068454e73d322d4da72ef44e384eb,2021-07-21T11:39:23.747000 CVE-2019-20923,0,0,00a06d927eb7495078cf7ae27f9351634d05d64bdc86eb40b6a07cfdc713956f,2024-09-16T17:15:44.540000 CVE-2019-20924,0,0,eb9b100eb2ee8cfcdb3847ea8aba01e6cc64fa8a045fee49718729939192b592,2024-09-16T21:15:33.403000 @@ -145274,8 +145275,8 @@ CVE-2020-10104,0,0,2b1fa557607c13d2950e5d19ac270da392fd92b947d58cf1403f8fcaca3c0 CVE-2020-10105,0,0,23ad6ce33febff7a22260eb89e88a657aefaf985bf6a8017698558086bd15d93,2024-11-21T04:54:49.440000 CVE-2020-10106,0,0,9f2df9450c934138e3773f1d7f595ce7fa097b334907792de8399c11733e18a5,2024-11-21T04:54:49.587000 CVE-2020-10107,0,0,0923b1713c6ea47e3002deb35ec0837d93bcab4003e79083585e5c084471fc19,2024-11-21T04:54:49.733000 -CVE-2020-10108,0,0,090f57a6de0b5a8bf6f6f243bbb83b7dc9d9b3373e14f2b88eba00a834873233,2024-11-21T04:54:49.883000 -CVE-2020-10109,0,0,15f87b373f78dc216cbbf27fc7cbe66cdbc6fa229c8156ada8de81ec94917928,2024-11-21T04:54:50.063000 +CVE-2020-10108,0,1,d495882d5cc97a5573218785ef1c596d4963625a15c4e7c4c48d171cd27127f6,2024-11-25T18:12:24.673000 +CVE-2020-10109,0,1,e2247288073db6fa4387a09199c49a61180f85667c3a11c4a02d27241f65e31a,2024-11-25T18:12:24.673000 CVE-2020-1011,0,0,61d59c5e3eb40fa19038be51ab7619a0ae83ceb71d0286cc8f92ea798088c9a3,2024-11-21T05:09:33.220000 CVE-2020-10110,0,0,03b21fa505f8e3805099d2351f579dd29b9a305eb8dcfb8f8ff0aff4eb6916e2,2024-11-21T04:54:50.223000 CVE-2020-10111,0,0,1df395700ccbcac5990d63dc1e6ffabca8c972d957a0a28edb2fe5b04c1dd4c6,2024-11-21T04:54:50.380000 @@ -153292,7 +153293,7 @@ CVE-2020-2214,0,0,64c9ac0856f45533a60895885713e4bc39648b4a97f9010ee613ccf6798ea3 CVE-2020-22148,0,0,4457fe1a192291dc9be25303503e9b6c0506348aa5960c0663e6e2b2e0075f9d,2021-07-29T15:36:04.567000 CVE-2020-2215,0,0,afb566e10136eea1c25eb048d42f987b5fbbfd466981c43c487ee929de3f65ca,2024-11-21T05:24:58.937000 CVE-2020-22150,0,0,b71b3e57d8f34670909e431e94981ea09444316b09ad552d9845e4d2ca2df515,2021-07-29T15:29:58.057000 -CVE-2020-22151,0,0,98e79e90e3cab0db1d4592cd713e6a65b8681f18566b6c750c1c7209c1b22439,2023-07-11T15:51:07.247000 +CVE-2020-22151,0,1,d9e5411121ffb81e5c51efa6b8dbf7143cb7cf9ce62a07d76aeea3806e04bc71,2024-11-25T19:15:04.760000 CVE-2020-22152,0,0,54bb12a15b36a137b44b72793ec57d7b0818aeef2f545d35913a4ad88e5ca8ba,2023-07-11T17:23:22.650000 CVE-2020-22153,0,0,76aa9c9f344129f6592e9e891da45aa76bccd55a2177bab6a22b6e68b8e47704,2023-07-11T15:21:49.513000 CVE-2020-22158,0,0,86d283f10cccb10c03b162bee3f4479812db7480a3b03b9623dc251145eb7045,2024-11-21T05:13:07.630000 @@ -170143,7 +170144,7 @@ CVE-2021-24168,0,0,9ffd1d11393e7892f78db2bbcdbbdf91a3fb185fcfbdf7421b2d6645e97b3 CVE-2021-24169,0,0,677a62b1d06271f40840aeab51c5c0422799e65298f12bbbeb4e792f2dcdcb9f,2024-11-20T12:45:36.293000 CVE-2021-2417,0,0,e64e51808263b781ee5f2732a8dd7f73478d6d7a77a36de892782836dc00cab8,2021-07-26T17:32:02.827000 CVE-2021-24170,0,0,e9b9a25144017b8f8b095e0ea80aa86cf42dc21bde9e6f79b6b176f26edb6841,2021-04-09T19:34:59.337000 -CVE-2021-24171,0,0,e70ce2cc69da6df5d1dcc971c230874a8172e79495d937703f0b55a7dcd0f3e5,2022-10-24T17:15:39.613000 +CVE-2021-24171,0,1,ad476240b674b0eed6e9fbe3b9ee9b112015d6b5186f36bef8316fc093dd4998,2024-11-25T18:14:49.230000 CVE-2021-24172,0,0,6b9dd41c63cf440dc36c22af7785f33f26ae1681e0ab973e897cb8adcd2a527b,2021-04-09T17:52:12.307000 CVE-2021-24173,0,0,25f1530bc0af3328322549439603b10242134f511bcbe720fd676446abe3f795,2021-04-09T19:18:38.627000 CVE-2021-24174,0,0,37c6e21b7ecd10a5e222e2d17bda809bd5995829c5bb144729146e586260e01e,2021-12-03T18:31:46.167000 @@ -174606,6 +174607,7 @@ CVE-2021-30294,0,0,f3a5de700e0def5b6f90ab74e53a9b700f69a73cd2502a1eeb9ca67fa3be0 CVE-2021-30295,0,0,1fb61e8d3e3e02bee1a6b0027db77e2b96b9881165e0a92908f2e4887413c320,2021-09-15T20:32:16.817000 CVE-2021-30297,0,0,06c1adae88da7d258b236a1ff8fb67f621fa559b7a1392fa73054bedbf25c54a,2021-10-26T18:44:51.597000 CVE-2021-30298,0,0,db31b5e7b2bea74952286765a7b114a21730bebe2d62dc128f467f879e27622e,2022-01-12T15:41:57.967000 +CVE-2021-30299,1,1,2caaf8f092817d36b5ecdee14a0c4518bc8fb7aa81d114a1429c8dc8e1d6e246,2024-11-25T19:11:21.280000 CVE-2021-30300,0,0,7bd5d447fdab6d400e5cb78b376a570ecc6c0b9b2748c8e6c9709d26548b5f31,2023-04-19T17:10:55.030000 CVE-2021-30301,0,0,4659e015390ee8ab3e9acc4c291cb7354ef329831a579c9dee03dd21d63e80cc,2023-04-19T17:10:55.030000 CVE-2021-30302,0,0,fde65992a90aec1863b5970e59181d73f3a55e92ea951427aeb5327c94e2241a,2021-10-26T18:45:33.893000 @@ -191241,10 +191243,10 @@ CVE-2022-21708,0,0,5c62598539df16ad1f6eee0ebe7451d6d1dc794bb27b2aab96a99c220774d CVE-2022-2171,0,0,4279be5ecbdbed52e50041f6d2a7b2da72a15e39c67bbee691ba87779b443595,2022-08-05T18:56:45 CVE-2022-21710,0,0,03e31f46eb9f6540a8a8f818bbbe37b8803f7d2ad983fdc82bd7cebbe6cfec7e,2024-11-21T06:45:17.037000 CVE-2022-21711,0,0,1120cacba982ff66b72300ecef7fb5b16a455af77ce87a81b8d5598b17abe89a,2024-11-21T06:45:17.170000 -CVE-2022-21712,0,0,2b6c09590bf36d02f79b1a6c7a84849eb8c54a78068efc1bd8b0d5df43d1d976,2024-11-21T06:45:17.317000 +CVE-2022-21712,0,1,02762a65992bd481b80794138fd1ff894dd29afa9cfe95a54e06c319b4a900e4,2024-11-25T18:12:24.673000 CVE-2022-21713,0,0,27e4760113b92e65e6b8e11d302c79e5bb3f1ef09542b4131d71cb97d634f957,2024-11-21T06:45:17.460000 CVE-2022-21715,0,0,99cca66d0e3eda0ad1f63664be12b39e685c9ae5813cd3149d229a274fbc6764,2024-11-21T06:45:17.603000 -CVE-2022-21716,0,0,1b582c009c1614732a4b1e3ddf6a86d40c21dd8985093bc69bd670ce3c359996,2024-11-21T06:45:17.730000 +CVE-2022-21716,0,1,2c55a5e4061e886359560617bf366cc6c819a5a2c6be762fa14316870f98a516,2024-11-25T18:12:24.673000 CVE-2022-21718,0,0,75f60ad800cef0d3dd1f6b6b52cd28ba547c78315d4fc6b264418142319d050f,2024-11-21T06:45:17.913000 CVE-2022-21719,0,0,d5ce130e1e8d0b75fd30fff224ee108ce1359c51d7f881290d6898623d61d01e,2024-11-21T06:45:18.053000 CVE-2022-2172,0,0,b62df461f203fd7c365e41d5b4b1c23a13d126a28ebde164c896fb71fe550500,2022-08-25T02:42:50.340000 @@ -194075,7 +194077,7 @@ CVE-2022-24798,0,0,a3ca0dbcb3c73d9ce512e5bc90602f3908234dae09d801bf6776ef0301db6 CVE-2022-24799,0,0,8e696fb1f9905683f4101a3c5f990ece3df8d445c17f70402f8d9c618aadd03a,2024-11-21T06:51:07.400000 CVE-2022-2480,0,0,9eb58cdfd0edf2eed04dbb67aba8191d634555a5d08031ea6d038684a0c0892c,2023-11-07T03:46:36.773000 CVE-2022-24800,0,0,6d1d498ca0f07e55938e9aed505eedd20329ce0fee84d7f4ca473e8f4046dbb4,2022-07-20T11:40:29.320000 -CVE-2022-24801,0,0,4f0d158d389c407106e24856a42c8fac9b6590fde67fc8eb475c0a87ea90bbc9,2024-11-21T06:51:07.710000 +CVE-2022-24801,0,1,62a658600cd08685e655f78cdb7a65f330e9a6c12b0a274424238eac7dbd9c75,2024-11-25T18:12:24.673000 CVE-2022-24802,0,0,de2a8e6f7d71cd0e5e84f46230e903fe79cc6edb55a672ca86114905ea3f6f77,2024-11-21T06:51:07.880000 CVE-2022-24803,0,0,de4447eb57f255841ea234e8e23af03af258da23e1302a285555d65486a4e091,2024-11-21T06:51:08.023000 CVE-2022-24804,0,0,51e8907de242c14b5ed6aabd826136f001a10339cc960f516909fd8b61785fed,2024-11-21T06:51:08.150000 @@ -205837,7 +205839,7 @@ CVE-2022-39344,0,0,3ffa27705a93272d5e285c4fe891363dba6684ea3f043c033a0593125be39 CVE-2022-39345,0,0,0c2843b537aac53bbe33932a1359117008bc7e795f22ca1be2a06cd73b58e1ff,2022-10-26T00:54:06.953000 CVE-2022-39346,0,0,16f04ba36a399b7f23c577ae7582533195c4f52e410e4f536aa085506da4e1b0,2023-11-07T03:50:27.250000 CVE-2022-39347,0,0,6e2903841638b0e72d7ea003b33ff1c3b632932dc8e879110e38735116712f8f,2024-01-12T13:15:09.620000 -CVE-2022-39348,0,0,c3b873dfba7f9c24acabba40a757ee480f870c54852f2ed9de0d08641e2891ec,2023-03-08T01:07:01.430000 +CVE-2022-39348,0,1,9a836e72da3de58b83cc9130356930f2fa79dc07e8874e46f5815351429355f2,2024-11-25T18:12:24.673000 CVE-2022-39349,0,0,84c56cc8b81e0945723331d560acc2f0e4191697cfec4df236904f18d4ba4926,2022-10-28T19:25:24.847000 CVE-2022-3935,0,0,01e1a68e751b9a348d7c1c7095a5fe41f2214c2f78ae2628e15fdd80e274c0c7,2023-11-07T03:51:59.260000 CVE-2022-39350,0,0,cf57a6f0de1d056fb3f56144a95e6afda95358fa68fc0a079e54151adfa63c00,2023-11-07T03:50:27.623000 @@ -214743,7 +214745,7 @@ CVE-2023-1891,0,0,8e7da7c1154f02152549e3810fbad519cba58e65acff895cec88f3cd56d17d CVE-2023-1892,0,0,b9655c41e67b454848b5d3384e972dfcfa096b6ccc3a47a56d96446ca95330d1,2023-06-09T18:07:41.737000 CVE-2023-1893,0,0,f011b671643c04c9ac9f1286dfb03fb4f35c1fae2e4d678bcdc5bdf40e1212f1,2023-11-07T04:05:17.737000 CVE-2023-1894,0,0,8b9224659fd62b54c94603c0e6692dab8b1fd389e2f68d8b4ca71eba3bed7861,2023-11-07T04:05:17.950000 -CVE-2023-1895,0,1,7ae055c6e9dc2a1e93e805cc7783c11e49bde3249c3a295fdd4245b61174021a,2024-11-25T16:47:33.943000 +CVE-2023-1895,0,0,7ae055c6e9dc2a1e93e805cc7783c11e49bde3249c3a295fdd4245b61174021a,2024-11-25T16:47:33.943000 CVE-2023-1897,0,0,652a211d4eea651573656f2ed7231dc7401ef5aa8c7e9688005e398ac2513414,2023-11-07T04:05:18.483000 CVE-2023-1898,0,0,b285cb4104be23af5faaf14b40f41770a2edf56ca500c542472d1e858c5284b5,2023-11-07T04:05:18.720000 CVE-2023-1899,0,0,29bbda37ef28f951f02bffe709083a2aa1accb0aa0fc3ad1452c8012ed5ce948,2023-11-07T04:05:18.940000 @@ -214756,7 +214758,7 @@ CVE-2023-1905,0,0,a7cda20dfe6217359b5ea5692f7971f066752b84da39a1520ace365b70249a CVE-2023-1906,0,0,4fe6a845d023429d576d5c9ee37419c94c5ec3e17250bbc753d7cc66058645c0,2023-11-07T04:05:19.457000 CVE-2023-1908,0,0,701db6a99cc57a3a029c78d7ec8458962a34ea7d03647039f803af06632639cc,2024-05-17T02:18:32.610000 CVE-2023-1909,0,0,ff665604221b113a1a9a16dba9aa47c093d5d4e7fe8694c1fb4e6a158b1a06d8,2024-05-17T02:18:32.727000 -CVE-2023-1910,0,1,54a7b8eed688025513c34f40615bd93024dd6eff9755e33761c39d87b4af5c5d,2024-11-25T16:47:33.943000 +CVE-2023-1910,0,0,54a7b8eed688025513c34f40615bd93024dd6eff9755e33761c39d87b4af5c5d,2024-11-25T16:47:33.943000 CVE-2023-1911,0,0,48ba49f8eb7751c9133e2e90c7d957069cf9547898cb5bf89d33a4a1b27cf2e7,2023-11-07T04:05:21.117000 CVE-2023-1912,0,0,2d10dd59c89e72ce8bbf4827d67e3a87c4c3f8fcd7240b75dafacb371e4307c8,2023-11-07T04:05:21.317000 CVE-2023-1913,0,0,15dbc19ad1f8463ca52916646a2403ac8f8c54a4630bbb160ab0586b6e1a2951,2023-11-07T04:05:21.563000 @@ -220088,7 +220090,7 @@ CVE-2023-26277,0,0,95498aef87c5021a1b7e30367bd3bb97878a14ee98abe842b2410786d5f45 CVE-2023-26278,0,0,bbd6fcfc7d7e5c2779044a810f0df62dc3eaa063b4cc469d2ec9a09171bb7bed,2023-06-07T18:12:56.727000 CVE-2023-26279,0,0,57fc86b7d4a1528638516613687d33ccd8293cca63436652accb62c13c411e7d,2023-11-30T04:57:02.920000 CVE-2023-2628,0,0,685fa3b4ad9d590242699f5bfa24f3ff35199bdf1e36b8e87a158d172105c813,2023-11-07T04:12:59.463000 -CVE-2023-26280,1,1,a33dd5dc837a8df8882320d68b362df98c73b35ca8898a7ba1090e089dc6dd34,2024-11-25T16:15:06.243000 +CVE-2023-26280,0,1,3164d429faa890c4d80312be2c09943bd2591ee37576877bd544627eb72eec78,2024-11-25T19:15:06.987000 CVE-2023-26281,0,0,49c4a0509c6b8aa5933927528e8998034faff7b114a65ecfeac6c0da5d0c2f4d,2023-11-07T04:09:33.057000 CVE-2023-26282,0,0,872397b1a416ff1fce13ab136c1efd273022907b2617d95653478f6389617bd4,2024-03-06T15:18:08.093000 CVE-2023-26283,0,0,e2064453ef2858146e69fe81df96344f4104450fa7f97beea6cf1e61b0996cc2,2023-11-07T04:09:33.137000 @@ -221849,7 +221851,7 @@ CVE-2023-28458,0,0,ef73a1fa781dc427433a4344f064cf2c5d295719475229911a534302acd48 CVE-2023-28459,0,0,ff6d9b0d2a61636a2216f5ca3eebb22b60bf4cdf2177e93c8efd3097129af8b8,2023-05-04T12:38:31.430000 CVE-2023-2846,0,0,9aab683976373505e029cb617089a2ec5cce34a049b1b52d471de12eae663bf2,2023-07-10T18:51:01.550000 CVE-2023-28460,0,0,946c7b43c3c7b583cdd2cc158d5075c41f481cca09d32fe7ede01d078026a4ac,2023-03-24T14:57:49.207000 -CVE-2023-28461,0,1,cdb7df662931ddcfc218678780d0ee5b5dbff11c1dcf1d160d42f4ab9672482f,2024-11-25T16:15:07.803000 +CVE-2023-28461,0,1,e402f85a274dee9d063e2a4d88bdec0f1c116dcec347d147b7095e8e4f1c0e91,2024-11-25T18:15:09.090000 CVE-2023-28462,0,0,2e19120130c69bbcf347fab95b0e8c139f8b88e9e8bf09f2cd8f0d3aa1bc78bf,2023-04-07T17:19:22.730000 CVE-2023-28464,0,0,cb3ff9a13e0f593237f005a371ce64a52ab72b86a221c83df504e264520ebe96,2023-12-22T21:04:49.027000 CVE-2023-28465,0,0,06c8e63c2eb4a5851617744052850dfe59bf346dbe17e85c1e39e4479aeba7f3,2023-12-15T16:35:16.623000 @@ -232861,7 +232863,7 @@ CVE-2023-42884,0,0,bed7198535b5cba9276d20f66ff616d2faf4f0a5887d3d5dd42b85360bafc CVE-2023-42886,0,0,faa2fe35ca8d8aee7429d5275a743bca80950675c9b4a574a1f22f2be135e149,2023-12-13T18:14:03.663000 CVE-2023-42887,0,0,6a183a6bbbb784cf3ff7a27ca6dc2d91b7b7c3f3cb1bda7867c2939a5f6180bd,2024-01-26T20:51:20.893000 CVE-2023-42888,0,0,b067218531e45be7cc34fa1275d3c2b57f0925c26eb93740839a000d9953633b,2024-01-26T20:53:27.637000 -CVE-2023-42889,0,1,49fa37f2dfa32d26e6ee6ce67b641ea912ea5a03dcc0438db897091bb965b5fb,2024-11-25T16:15:09.197000 +CVE-2023-42889,0,0,49fa37f2dfa32d26e6ee6ce67b641ea912ea5a03dcc0438db897091bb965b5fb,2024-11-25T16:15:09.197000 CVE-2023-4289,0,0,97e9dbfb002f991c9b0c7bb56513ad2ad7a34e2cc2f1908f40b15808fc4c7b13,2023-11-07T04:22:25.410000 CVE-2023-42890,0,0,53f9bd40d8d0f96f9f6543dcc5925d3ff1f33138300a4d36e7353088fc83c101,2024-08-28T15:35:01.817000 CVE-2023-42891,0,0,9e832a9c79650ad0321f807def388413064ff2ab68c6ecbf9bb18e2496c75004,2023-12-13T17:46:10.560000 @@ -234286,7 +234288,7 @@ CVE-2023-45176,0,0,a61dfa2d9b85c4035ee4f53a67472362d3029b10806406b738df8f3c6e710 CVE-2023-45177,0,0,1522899346cd3c131fcde5459531cd4721deaffbfa71f019f9aa738a0039cadd,2024-03-21T12:58:51.093000 CVE-2023-45178,0,0,ca1b903491707040a9504676f79a0721406442bf8af2b195c6625a81aa8f9d09,2024-01-12T14:15:48.183000 CVE-2023-4518,0,0,43f4e0122a02971ba0d3d5eb018e77f4bc79eab555e88cc8f0b831d351817e75,2024-09-23T13:15:04.467000 -CVE-2023-45181,1,1,55ef708296f82ff856862879993427f746561e37ac2495035df298356a45ab93,2024-11-25T16:15:11.273000 +CVE-2023-45181,0,0,55ef708296f82ff856862879993427f746561e37ac2495035df298356a45ab93,2024-11-25T16:15:11.273000 CVE-2023-45182,0,0,459ff8fb1f8eace3111477735ae0f4d7a053a5d052e1583355cb1b367dc6d92c,2023-12-18T19:40:38.003000 CVE-2023-45184,0,0,b3e47d92bcab0547069a2333689b3af7ab83805d314b57779db786e493b5ee7e,2023-12-19T01:52:29.017000 CVE-2023-45185,0,0,8c1f4adb8456f325126fdde0688910b38cd7029ac25cfdbabafd5ab2c845b263,2024-04-30T15:15:50.887000 @@ -234967,7 +234969,7 @@ CVE-2023-46133,0,0,8eab00c940c8d8f91bb04e0e3d644cca8c162bc5560e1251c86a91dccb270 CVE-2023-46134,0,0,1473b3f4b43e1cb40c6c6fcf572d05be0d47658c0168cd594280258ab9a99376,2023-11-06T17:14:17.363000 CVE-2023-46135,0,0,cf644fdffbf7fd42a5ce8c104ef691cf7d35f83af10f0829da97a09b42742ee9,2023-11-01T16:24:12.157000 CVE-2023-46136,0,0,05dd009850075425a23ca2a764d374b30ccce85acf9aedaa51c6b7e2710e9355,2024-01-10T18:58:41.083000 -CVE-2023-46137,0,0,5fcf4b7d8255092d8ccbd06c119681e33c566bfbb908218be0d9dcafd5063021,2023-11-02T15:57:53.777000 +CVE-2023-46137,0,1,623ad045ad288c7133e2906412f01e528e15d035000abee5c3271bf767957b86,2024-11-25T18:12:24.673000 CVE-2023-46138,0,0,4d3f15cddc1d92adc33ebd3059b325f6faf7d73ac1a66ce21c0c54319ffc20cb,2023-11-08T18:41:09.540000 CVE-2023-46139,0,0,5547eb2c37a73a3ca31f786582083b2c6ed88acecee3ff38ffba943beeeec072,2023-11-14T19:59:07.563000 CVE-2023-4614,0,0,48582db52caa833023c22becbfe97b66601953ec6bd1ee30a7b5e9ca1820d112,2023-09-08T14:14:50.043000 @@ -238223,7 +238225,7 @@ CVE-2023-5079,0,0,bfc2ec8a0b13f58240a31ff53e9efdd5860ac1c14419b874e37b25eb37d0f7 CVE-2023-5080,0,0,e74b710ac5ce55c8b64e5a605db4534fb958b292680076cb58f4eecbcfdcbd8a,2024-09-16T15:15:15.590000 CVE-2023-50803,0,0,39b8457e6689f19cf0cfb42bf6f8f9bc85c44a7256b507e6e2e5e4502e82fde8,2024-06-25T21:15:51.453000 CVE-2023-50804,0,0,39f75e54eac34ee2309659a8b63ea3ce44f3663e0d436459f4acb23eb679f665,2024-06-27T16:42:15.310000 -CVE-2023-50805,0,1,e4a7b77c782a7eb27b6729443616103c49071e1ec2325233f5e283c2dac6bca9,2024-11-25T16:15:11.600000 +CVE-2023-50805,0,0,e4a7b77c782a7eb27b6729443616103c49071e1ec2325233f5e283c2dac6bca9,2024-11-25T16:15:11.600000 CVE-2023-50806,0,0,ecfb4db274c5901b7304546aec7b66276cb9bab5714351e0c4fb60a29c3cf84b,2024-10-25T18:35:02.050000 CVE-2023-50807,0,0,49d7ddd672f2ace5a4bacad8e9a69ecb67c1f752bb20673689176d58cf559602,2024-07-11T15:05:15.990000 CVE-2023-50808,0,0,eb111853188ca06e9540385134be25115b61d3ae24652382189ac577efef0822,2024-10-17T14:35:01.797000 @@ -238790,7 +238792,7 @@ CVE-2023-5161,0,0,54d57d98bc24ce673ce185f8db8385951ab5c099ea08d75b47219a1ada967f CVE-2023-51610,0,0,f6fbb4fa4f462d37842170b4ae9d42bef08e33bf28abf73e11d435d73b1367c8,2024-09-18T19:15:40.517000 CVE-2023-51611,0,0,86b9ce3eaf5bb17ab2ddd11cefc4563208b6c30e764a746a5dc695a36b8a4e58,2024-05-03T12:48:41.067000 CVE-2023-51612,0,0,ea5662e82a12149baea659e83b27fef3f60e97d21160cc1b1b1a0b032c4da17c,2024-05-03T12:48:41.067000 -CVE-2023-51613,0,1,204964b6b01aa2fae016f1d2778bf8bfc6567feacf26693205f81edbf8067eaa,2024-11-25T16:58:48.337000 +CVE-2023-51613,0,0,204964b6b01aa2fae016f1d2778bf8bfc6567feacf26693205f81edbf8067eaa,2024-11-25T16:58:48.337000 CVE-2023-51614,0,0,b0fd1aad102a9f618f5c0f51ce8c8cbb8e4bdf3779b3bccd2c05fe2ea006702c,2024-11-22T21:33:25.047000 CVE-2023-51615,0,0,5e231501476cddd4b20f203f23cc88ecf7cd08634ee659c6cc1e0689ad468df2,2024-11-22T21:33:38.363000 CVE-2023-51616,0,0,eb0f682cd2e626370ad2dc72983b82c0c4d6c10224e010e7ac08e8bffecacc29,2024-11-22T21:33:56.320000 @@ -238802,10 +238804,10 @@ CVE-2023-51620,0,0,ba4721ea00f5e054eef2ede05701e5529f144bd917b754a955d02da4268c9 CVE-2023-51621,0,0,9abb3a5f398d9948c94df626e38e6b0272fd6bd21ef0e5a3d796c19be62a8e4f,2024-11-22T21:35:14.677000 CVE-2023-51622,0,0,8c0a23155c10d22d2b68cc9c5515a72196b8109df68c01d81250a6ea1eabc4ac,2024-11-22T21:35:25.933000 CVE-2023-51623,0,0,10786ab31b32248bfcd1001db811c190df89693e43860ff71dd71f2d8e1b50a0,2024-11-22T21:35:38.853000 -CVE-2023-51624,0,1,4e39f6de29513e4c1632ada86d248ac7a85442e07e0407bea248caba652f02da,2024-11-25T16:43:13.800000 -CVE-2023-51625,0,1,c9cd0ba9ae994713ff364355e6769cae0af511ae9d4a1a3389f2a6838ab1e3a7,2024-11-25T15:26:34.007000 -CVE-2023-51626,0,1,2f7334db1c59339493983e7dcc6872fd93065109ec3c8216937479e529cee2f1,2024-11-25T15:20:40.707000 -CVE-2023-51627,0,1,545bf186ea33742285a7c220db9d75812525c0421797ce402a32bf6a16529977,2024-11-25T15:05:46.023000 +CVE-2023-51624,0,0,4e39f6de29513e4c1632ada86d248ac7a85442e07e0407bea248caba652f02da,2024-11-25T16:43:13.800000 +CVE-2023-51625,0,0,c9cd0ba9ae994713ff364355e6769cae0af511ae9d4a1a3389f2a6838ab1e3a7,2024-11-25T15:26:34.007000 +CVE-2023-51626,0,0,2f7334db1c59339493983e7dcc6872fd93065109ec3c8216937479e529cee2f1,2024-11-25T15:20:40.707000 +CVE-2023-51627,0,0,545bf186ea33742285a7c220db9d75812525c0421797ce402a32bf6a16529977,2024-11-25T15:05:46.023000 CVE-2023-51628,0,0,0247cbc18bc596bc611dc7e5285e36e06a9420995fff780bc74ad1299db0fe35,2024-11-25T14:56:30.943000 CVE-2023-51629,0,0,8502b59116121aea1595a3360ddf2c62ec993bdef5c84cf8574877b52fcab99f,2024-11-25T14:39:27.587000 CVE-2023-5163,0,0,32f802f2d81cce00d8030983d09b355a4727156443c4195e1059ca6c8c9f301e,2023-11-27T22:10:37.123000 @@ -240624,7 +240626,7 @@ CVE-2023-6037,0,0,64f4ad52fb4acc00baed6bbfdf7dce01bf4ebf4db6912c1d3649458f97d661 CVE-2023-6038,0,0,8768be36e71173b4770cb92877d06dafed621d93624a0b2767e2ef05fc8e0bd9,2024-04-16T12:15:08.780000 CVE-2023-6039,0,0,cb40afc45334b480f355050d0c59c160d8a64ca923211ef3163e81949e123561,2023-11-16T17:59:48.420000 CVE-2023-6040,0,0,bf1fb6f83f2a47a3ec4f6dba46af90a4c091065cdd225020a20fe7495d7adb0a,2024-08-27T15:15:30.177000 -CVE-2023-6042,0,1,39f35d33fdb8d6e553345209af0ca7af4cc9a006092c5015698c7c8f033b5ee1,2024-11-25T16:47:33.943000 +CVE-2023-6042,0,0,39f35d33fdb8d6e553345209af0ca7af4cc9a006092c5015698c7c8f033b5ee1,2024-11-25T16:47:33.943000 CVE-2023-6043,0,0,8d8887811eaceb1320ad09920d820a72afab16f49f3194f4a1f0a45a8b1f039f,2024-01-26T16:03:21.607000 CVE-2023-6044,0,0,f48871ebaaf45238c34428d45492bdeca4439fb21a1fde867542c6d14f4bcb20,2024-01-26T15:56:47.883000 CVE-2023-6045,0,0,82200279cc60c9e26d51c5aef1ea92064cc2cd961452454410cd1d7c55d0e09c,2024-09-09T12:21:53.383000 @@ -240913,7 +240915,7 @@ CVE-2023-6359,0,0,dc4b31625771af30b850afd13facd80e96ad5b76727dda84977b54cd8dc4af CVE-2023-6360,0,0,7ebf7a0996aa604ca0e37b1bb629610295b5e95328fe4cc64d0814601832e864,2023-12-06T00:38:20.297000 CVE-2023-6361,0,0,ee900d0ce76697bb59e695ff10ea4bef0771a3dfdb43509bf5623d1c20a8d15c,2024-10-07T17:47:48.410000 CVE-2023-6362,0,0,952f92f7ee9c9218f22bb36f646b048cbe71b70d0278457c0315e26fc4a1ce45,2024-10-07T17:47:48.410000 -CVE-2023-6363,0,0,280f7fd322588c4a8af5263265a4a7e3ed4a2ebc1337e66c7614bdfc34527529,2024-05-03T14:17:53.690000 +CVE-2023-6363,0,1,a6c18d3b9afe7b3f7d116f76d4914f3743eae5a84abb306714d2496a7122cec3,2024-11-25T18:15:09.670000 CVE-2023-6364,0,0,fba4607731a6fbc78b4193d2d92ff3c3c10642250022df3b4c2b27e59e7cabbd,2023-12-19T15:25:57.190000 CVE-2023-6365,0,0,adfc971ce1542cf6b6b567819af477b3d1939f8ac3b728778258d524fc18b9de,2023-12-19T16:52:31.667000 CVE-2023-6366,0,0,a90661065572d79c101158308fe089b72abce2e5997d868a6480cd1c64aa03fa,2023-12-19T17:30:45.493000 @@ -241428,11 +241430,11 @@ CVE-2023-6955,0,0,420440748656e126e770528f4f21acf39271d7ccbc4fe920c15d66b4294a7e CVE-2023-6956,0,0,ebab8c4d5b24405f0d58e5a99fa9a736eda2c65adad9bc90f9186d3a4f452f2e,2024-07-18T15:59:12.007000 CVE-2023-6957,0,0,07959fb3f32e925a62f4301abfce36bb0dff388d72f0d4f67e8b6a8fe0020487,2024-03-13T18:16:18.563000 CVE-2023-6958,0,0,dfa9f23d52119de772dd91366d6bc1b2e70ca715d55949e74432bb3d34dda7cd,2024-01-24T20:47:14.900000 -CVE-2023-6959,0,1,20ccafff48302194f7fd5f772fce706a89fb15489c7f7265b4f1dd1f6f4ea96c,2024-11-25T16:47:33.943000 +CVE-2023-6959,0,0,20ccafff48302194f7fd5f772fce706a89fb15489c7f7265b4f1dd1f6f4ea96c,2024-11-25T16:47:33.943000 CVE-2023-6960,0,0,888cf22446dd7655a6247c88ca2ff27fead22d6d6ecc0c6c10ab9a0c1723c39d,2024-08-01T13:45:49.250000 CVE-2023-6961,0,0,43d4b56c87de087240bd914171c41ee9cfc77338524ac0adf913d00076762fe6,2024-05-02T18:00:37.360000 CVE-2023-6962,0,0,986479cdf0104030985cc73b8c5cd922aed26e09aac7f4f0ca21a4d53b3d6646,2024-05-02T18:00:37.360000 -CVE-2023-6963,0,1,0c819b75531b4e70bc2e9de5294f139d5654ff9e8c914723eed35e2343fb8db7,2024-11-25T16:47:33.943000 +CVE-2023-6963,0,0,0c819b75531b4e70bc2e9de5294f139d5654ff9e8c914723eed35e2343fb8db7,2024-11-25T16:47:33.943000 CVE-2023-6964,0,0,6b353abfee4e0f60ba07ed53b519d8cdcc5c6e3e583c876cd6af699df966c5a5,2024-04-10T13:24:00.070000 CVE-2023-6965,0,0,f49ac78940fe244c72647e51516e80a6e573f5fa400fc7065d825c4c692cabcd,2024-04-10T13:24:00.070000 CVE-2023-6966,0,0,9a012b06da86b8f395f403fc3c8f5013317bd371eadeddb21759c85700f73992,2024-07-15T18:55:57.513000 @@ -241476,7 +241478,7 @@ CVE-2023-7009,0,0,5ad483dc163b1d2a4bd5b4eb8d25614aa3b39d41eb8c4920232403e1e86251 CVE-2023-7010,0,0,cd158f29b2c7149d1830cd2f20f16ce1ea838d74d4dcc2619187c2c912c36474,2024-08-01T13:45:49.523000 CVE-2023-7011,0,0,5479a1bc0d015e17b6f3ef6f0339f44a1c082d026b873ec2affbb8aad427236c,2024-08-01T13:45:50.333000 CVE-2023-7012,0,0,620dc45a3ed63b83dcd1d3f918e32b2704bfbaa7d6dfdf613d6128a81864b9c7,2024-08-01T13:45:51.243000 -CVE-2023-7013,0,0,080d1432333bd90adc63825f54ed043e091fe07f3ab314feb92a1e90e53930bf,2024-11-05T15:57:00.397000 +CVE-2023-7013,0,1,cd353cc73654c1b2a1b2f3ab9a4dd719f99d86adb7d8482fb0762ff23e278009,2024-11-25T19:15:07.563000 CVE-2023-7014,0,0,343f60c0c60318ab32b52871ee4d7ec4b33f7cbb001a30f4e8bb917247b8186a,2024-02-15T15:07:55.347000 CVE-2023-7015,0,0,f6191da82f2fc008d6b0296c01ac7c77ae2915d456ba40916209a6adb4acf55a,2024-03-13T18:16:18.563000 CVE-2023-7016,0,0,010884b21a27fa66d833a70681dd186e397f473cbb0b90536483fba7b0d7269d,2024-02-27T14:19:41.650000 @@ -242020,7 +242022,7 @@ CVE-2024-0349,0,0,5ad42f87085218dc69b719df6bb8c9aa4bf523c9a56885daed74fd4a46dfb5 CVE-2024-0350,0,0,e941d42704ea168f3f59beaf15668c410c64d49a2494756f98a59fca67299c76,2024-05-17T02:34:32.873000 CVE-2024-0351,0,0,d104c12df7b89d4c7d488d384fbb0a0a907266e7569db6394c92ffe8d819068d,2024-05-17T02:34:32.980000 CVE-2024-0352,0,0,4882bb5b2fa2813503cc036295b2c15823acceeca7985705376c72ec6e1c8446,2024-05-17T02:34:33.087000 -CVE-2024-0353,0,0,e5e4a458d4de0cb85c805e27561bfb72dd7a69e88b3923b33fe8629bddfce2ec,2024-02-15T14:28:31.380000 +CVE-2024-0353,0,1,b599cee2b0e1a7fd240b33cfe43b9f49961e1f1dd6a705ea1f9d96566785c852,2024-11-25T19:15:07.917000 CVE-2024-0354,0,0,ee2e8514780493c5819cb099b8228abc0e638bffe2ce19679804183f1c4abdf4,2024-05-17T02:34:33.227000 CVE-2024-0355,0,0,505fc07339341eb8f914496ed3c42b022080be5246603f018635a48e4c42fabd,2024-05-17T02:34:33.343000 CVE-2024-0356,0,0,979ae09907d25daa228895b349c1ac7b6fc1f46c6d6f00d9301185df033cf7b5,2024-05-17T02:34:33.457000 @@ -243130,7 +243132,7 @@ CVE-2024-10701,0,0,53baafb789e17d3adca0638e17c429a583b20f9faed929ac230c13977cad3 CVE-2024-10702,0,0,1494650cf24141bf55e997b208eb307166b880baeab6c7ba81f17c35396d74f0,2024-11-05T16:52:11.193000 CVE-2024-10709,0,0,286b64da464730ec634efc1bdcfc8b5f10df2b34328ca06f5e437d144cce4ace,2024-11-25T06:15:04.573000 CVE-2024-1071,0,0,203dd69d50b387b330a57560d4e66e827311506680b4f1e4c4b62b6aa394169c,2024-03-13T18:16:18.563000 -CVE-2024-10710,0,0,938f8307e5bfb9d09dea1a8387052816614618a43b3cc39e3e825587958e12eb,2024-11-25T06:15:05.960000 +CVE-2024-10710,0,1,5e7c2f6f8d036436e8970bbc3c9b61158d8fb2052d5ec036090fdb11e7558d66,2024-11-25T17:15:11.747000 CVE-2024-10711,0,0,667b67eedaf55d76b13f0d67159b73016c214e768164f9d0df569a4659871c82,2024-11-07T17:04:37.663000 CVE-2024-10715,0,0,a0586864202123c788b39c9152d7bb58a990061badde7177b34380925db28d59,2024-11-08T20:25:37.380000 CVE-2024-10717,0,0,15bf585ae057ebcf6ec6298dedd5d0b0b84d2a3f7b0625f84537e2f339a063a0,2024-11-13T17:01:16.850000 @@ -243513,7 +243515,7 @@ CVE-2024-11393,0,0,bb5cf4b536c1929831f7187a9de9dcd6cddda5d9feab9b5dc675b1046c1bf CVE-2024-11394,0,0,a51438d64c72e0e16d73fd06d60be4810cb98d4da7680e7c092afb2b22e578c4,2024-11-22T22:15:07.223000 CVE-2024-11395,0,0,e97b88024677a483ae4a42afe9a8440978faa48e4e721bb1c822953f8252b946,2024-11-19T21:56:45.533000 CVE-2024-1140,0,0,346c2ed0aaabc419b4aefe2cf8513b81b972566618f29982168bc7166c832ab2,2024-02-27T19:17:32.253000 -CVE-2024-11400,0,1,2b6a39a96cf5696646b5b9e32fab47bfc23a160a64905ed162280ce11db7d350,2024-11-25T15:02:53.013000 +CVE-2024-11400,0,0,2b6a39a96cf5696646b5b9e32fab47bfc23a160a64905ed162280ce11db7d350,2024-11-25T15:02:53.013000 CVE-2024-11403,0,0,aa2618a7b6d3af70c8c76936e7400798cb8fc2bbb8402d3422568e8b944ad335,2024-11-25T14:15:06.310000 CVE-2024-11404,0,0,525efe85caba48797a4f541c0d9d8e5e1135b7d4afff8a5c0abba9ca32591f5c,2024-11-20T14:15:17.750000 CVE-2024-11406,0,0,d4abbee85b1f77460ba170fa7cbcf81435244eeb65babfc1772879a68307a74f,2024-11-20T12:15:18.890000 @@ -243556,53 +243558,53 @@ CVE-2024-11510,0,0,ffe33a1c531077f4fae7c4b7c7c7d55f315a1583911fdad78c236d3caa10f CVE-2024-11511,0,0,b16a1b757781bfacc24a799d35e8cae90f6541006f0982074557f3f4a6bef1fe,2024-11-22T21:15:09.363000 CVE-2024-11512,0,0,1e98f48385ff14fb1bd53853b7f8286dcb742a90b7274d179b99b48a4b3343a3,2024-11-22T21:15:09.477000 CVE-2024-11513,0,0,2ab575a6bab312db381589e786e3bcf011a932cccd48e9d88c7978a6067fc071,2024-11-22T21:15:09.590000 -CVE-2024-11514,0,0,30b2440e5f0d258548987f96b26cdfc6c3e1d775dbaff80ae962ae106e86d508,2024-11-22T21:15:09.693000 -CVE-2024-11515,0,0,3885ed74c6bda952906914ce2c82447891b6291621688823d770a4f7cf276fbf,2024-11-22T21:15:09.803000 -CVE-2024-11516,0,0,c9a73a2912e76d562b9df98753802a83355510a06202f38ee271380c861a3990,2024-11-22T21:15:09.910000 -CVE-2024-11517,0,0,45429b99f393ded08ce7b115fa01e905a68654d31bf9348b84ed21fcead9f952,2024-11-22T21:15:10.020000 -CVE-2024-11518,0,0,87e8b9bba2be9d418278982c544787500b4f8e292bb9962191ef8d30adf1bdcc,2024-11-22T21:15:10.130000 +CVE-2024-11514,0,1,40e43052b3444c860eef3e3b558fa76c07292f5deab8bca3b61b112665b889c2,2024-11-25T18:57:28.103000 +CVE-2024-11515,0,1,9f620e91147a51ac8d0e9648505744c40db486a9d2b3ba2b9bfaa8ff1b3b9008,2024-11-25T18:57:23.373000 +CVE-2024-11516,0,1,2d45e772cd143aa841e0911c6324f232dd5316d927191938a3093a22684d4be9,2024-11-25T18:57:19.670000 +CVE-2024-11517,0,1,735a961be52a6bea8052661fc20cfe55e152eebc7eaea944afa707d4bb584ef4,2024-11-25T18:57:16.330000 +CVE-2024-11518,0,1,ce3c2fd500536f595e5a69ed3981df1ad2b903322ac7cb638c260323c1dabdd3,2024-11-25T18:57:12.937000 CVE-2024-11519,0,0,f33bf5659185905191e8dab67583a21fc051b1a0a195846a61be5269a8d0db56,2024-11-22T21:15:10.243000 -CVE-2024-11520,0,0,ba240ca3d886503a1d8299111b57117a055ff7495d780887cb64b42979dcf412,2024-11-22T21:15:10.360000 -CVE-2024-11521,0,0,cafc919e6e147ce31407c7e186e38506d132a686ef1e90f2984f4eedffeaa2fa,2024-11-22T21:15:10.480000 -CVE-2024-11522,0,0,b09f6db18c93cd93fb3011ed1fb3c090d988e67d1a68f53fb24a7d72707d2ec3,2024-11-22T21:15:10.597000 -CVE-2024-11523,0,0,2adb04833f3fbbacb2b961f5d65745ca65173fa50715a1545e9c47353047c986,2024-11-22T21:15:10.710000 -CVE-2024-11524,0,0,cdb78a5118ac84b366e165a4f4fc9fafbeb6191df7c829273f3c1cd713eaf5b5,2024-11-22T21:15:10.817000 -CVE-2024-11525,0,0,d42cbda2b6ace4d4d95f92cb1f4e02dd2f1885081e91d81ec78e9a7c9028f4b6,2024-11-22T21:15:10.923000 -CVE-2024-11526,0,0,fe375be65a0f9e9f217ba85893e6f0854f38d6bbcf36d8747727b81f1568164e,2024-11-22T21:15:11.033000 -CVE-2024-11527,0,0,4c99d68b338bd521f8450b1b586bfdb714e2fe577ad783f8d910705c75abf898,2024-11-22T21:15:11.140000 +CVE-2024-11520,0,1,6d11a52c3d48b510631895d705fcd9ee72fad54df07608e0937611ba46065f07,2024-11-25T18:57:06.950000 +CVE-2024-11521,0,1,6c664e429868c249646ae9d3731c6ea172b3102a76d78ecfa41bcdbe4fce5da4,2024-11-25T18:57:04.637000 +CVE-2024-11522,0,1,edcd0c12a353633564f417eece27cdc54a32166837025ac7b77207ce9f47ab3a,2024-11-25T18:57:02.447000 +CVE-2024-11523,0,1,e7ae340871b5ae667fc3a033352cccf647ac36c89d9cb4ae9728d91f93eecb2f,2024-11-25T18:56:56.057000 +CVE-2024-11524,0,1,3ec8cd85143a979fd87471e142d51dcead7e9667445926dce6fbd9a1c1a02134,2024-11-25T18:56:54.067000 +CVE-2024-11525,0,1,8a20d7861b20e92c72d3eca44e792f6d0eecbcdde3254c01f82cb6ffb8efc528,2024-11-25T18:56:51.587000 +CVE-2024-11526,0,1,d1e3f1b5346a87281bbb859058320f1f045d2812f873212734eb58c59430f297,2024-11-25T18:56:47.030000 +CVE-2024-11527,0,1,9e1f6adf96843fbe52b8df2904446d5d05bb5a1831908975bff609731e03d906,2024-11-25T18:56:40.680000 CVE-2024-11528,0,0,082d681920fe8f3d36e26600195c55a68cabec9baca5dfe9fd1da46792a40acb,2024-11-22T21:15:11.250000 -CVE-2024-11529,0,0,80d8ec316175d0a06b39a868d06bb0c5acefe4fae1524de69458ffaa97d004d5,2024-11-22T21:15:11.360000 +CVE-2024-11529,0,1,a738a75fb061e2285caff81029ff864f37dfb87ffcabbb87d2331f5908c6404f,2024-11-25T18:56:38.437000 CVE-2024-1153,0,0,ef044a07a9d08d9e4b985a54be5b7192d28514cd606cdbcd1ece01d4ab3f4a43,2024-09-16T17:39:45.023000 -CVE-2024-11530,0,0,2e4130878a04e916bbf7b633e41b4903eef119bdd8949209ac5bfbfcaa19f6b0,2024-11-22T21:15:11.470000 -CVE-2024-11531,0,0,c8bad941c2364cda01784c712823aca2f6ff0ad3ae14624b79d6a903c294688f,2024-11-22T21:15:11.580000 -CVE-2024-11532,0,0,e6d0377538d4f09d593750c22c847890b644a0e3d515e980c30979cdb9162af9,2024-11-22T21:15:11.690000 -CVE-2024-11533,0,0,0154390beedcc05714c5bb66453173ab40f2cbfbbaf63ec402e2e24f1c6f50b0,2024-11-22T21:15:11.800000 -CVE-2024-11534,0,0,8785569314c35284ded11a271b54c9692fa91da632a02e32253fef406e34044e,2024-11-22T21:15:11.903000 -CVE-2024-11535,0,0,0f97f0a073458469f3b71e385366c463ec64b9215f42225ef8abfd260d26a5d7,2024-11-22T21:15:12.017000 -CVE-2024-11536,0,0,0516ae716316d3ff6a53cba8cf82c09491eaf1ace919a89b9df78cf97c768c55,2024-11-22T21:15:12.127000 -CVE-2024-11537,0,0,d27f851c878dc1524710eaa61c5e8904faeeb95ecaf4dc81f1763ef55c05fc3a,2024-11-22T21:15:12.243000 -CVE-2024-11538,0,0,e5f890abe0f6301400557a1a54b7e8177551e854bc2624062d0a9c196ca071c6,2024-11-22T21:15:12.353000 -CVE-2024-11539,0,0,67445e91a617d5a022d51d363b3f11659450c66580bd076257b63d728c506848,2024-11-22T21:15:12.463000 -CVE-2024-11540,0,0,4b387f0a48484e86ff46b7752e18ff416369151ba44509292d7075cdf7f0a45c,2024-11-22T21:15:12.583000 -CVE-2024-11541,0,0,a9e873c45e5fb64dcbd15a581f0b877c96b59599d2f1fa9274fd7562346dc81b,2024-11-22T21:15:12.697000 -CVE-2024-11542,0,0,ba5ef407a9352adfa9ff317490e437578696ac2a2d1803d2db5d92aa5d36c1f8,2024-11-22T21:15:12.810000 -CVE-2024-11543,0,0,c1c7a0360b2c99feac9554e265721e6025e000fec484e2a9d04299cce2dd371e,2024-11-22T21:15:12.927000 -CVE-2024-11544,0,0,2ef8c70d8c2c1cdb4188fe06e719c52a536ea44774971eafba8c16bf49749b4e,2024-11-22T21:15:13.047000 -CVE-2024-11545,0,0,21ccfeb39dd95d4283a24b6846f0167033c04213d62e8c934db7ac839edcfd79,2024-11-22T21:15:13.183000 -CVE-2024-11546,0,0,27f0e5f272e944679034451b23c80827de1896945afac0d26c71e4651937d86a,2024-11-22T21:15:13.310000 -CVE-2024-11547,0,0,4468e82c88fdbe5c2eee9ccb59c89a1a75725547f600d212d82dfba886768095,2024-11-22T21:15:13.420000 -CVE-2024-11548,0,0,6d8b423b42f70e0680482f6d502edbe8774a7b65de1037f9e271ad4cb7b5923a,2024-11-22T21:15:13.537000 -CVE-2024-11549,0,0,b24a013adb9eae7644ebe3c132f156bf6d68a02ca3bb36910178467a70a6008d,2024-11-22T21:15:13.647000 +CVE-2024-11530,0,1,a9bbadbb9905eee2c30c3d912b1bfa6a78d76a36143757bc18ff2aa9c811097b,2024-11-25T18:56:27.503000 +CVE-2024-11531,0,1,335268a0a7bc12759d8b14cbb90feee62c88c26ad06b3cdcdfc59ff16ca0c0fa,2024-11-25T18:56:20.460000 +CVE-2024-11532,0,1,f300a21a30c6956ab1a0236bafcaaed14022a5db50d8d629de89b5625fbf1d32,2024-11-25T18:49:00.830000 +CVE-2024-11533,0,1,0932c607196745d8100f21175eaaecc6fcf8a7a62626678e9df7dcac729779db,2024-11-25T18:48:20.877000 +CVE-2024-11534,0,1,ec36a9005375843d837ab8b7bb64b28629461c3db168d058869ad19471af69e9,2024-11-25T18:48:13.973000 +CVE-2024-11535,0,1,be3f5ca74810ecf6bd52f299f045fb2bb43ae01de5fc62360ff02ddd0fac90e5,2024-11-25T18:48:00.143000 +CVE-2024-11536,0,1,c818661c111dcbf5cb62ceda40c5fd042fb2df6454c745eb2a5591795cf5b395,2024-11-25T18:47:55.503000 +CVE-2024-11537,0,1,d69e1556886740315e0eb49981387e0459331ef5d6234857bb57b2b7408c7a5b,2024-11-25T18:47:49.387000 +CVE-2024-11538,0,1,c6564ca381de07a0cd900d411058a7631fb6d4334bb2cce596f534ee383077db,2024-11-25T18:47:23.300000 +CVE-2024-11539,0,1,2621dab14251a379e8095ab8e0292134a9b00a99c63162961c3d4bac5e22cf8a,2024-11-25T18:46:33.847000 +CVE-2024-11540,0,1,4b8ba98366951b3769fa5013f1e95712548fa0e1fa72f92a318dc68287c72d08,2024-11-25T18:46:13.237000 +CVE-2024-11541,0,1,aa32ad0310ab9a9743cc3cc834cf6603d8eca85accbcda29b37faa489db3cd0d,2024-11-25T18:46:03.037000 +CVE-2024-11542,0,1,6046e3b7670b1230551d7d10ef18a4259031a77da7b073dc667815d76e9ce900,2024-11-25T18:45:57.473000 +CVE-2024-11543,0,1,25016e376b36b98e637189d079b68a269a6f7bcc7618a3bf62d44a4c37203030,2024-11-25T18:44:09.843000 +CVE-2024-11544,0,1,29a863d49171bb829af8134a95ff026bf795a6a78d54bb8c17ef490a0b78163a,2024-11-25T18:44:03.563000 +CVE-2024-11545,0,1,d9b0e0d6708201d7e57d9a04876174fa7e831a2df992192bb378dad027e5b6b5,2024-11-25T18:43:57.310000 +CVE-2024-11546,0,1,7b2d7a4a065d4abbe56df127d586036c4f118ea1405186e5af15743e17075c4e,2024-11-25T18:43:36.980000 +CVE-2024-11547,0,1,b5bf492a1dc38b9024c1e3fa8249dd3e2a306495b4c98984c8ca9187be10d44a,2024-11-25T18:43:31.837000 +CVE-2024-11548,0,1,8a6f6d90333cf9d11f738f5dd947dd0daf9fbbaadb9242e6202dc9733bf9c1fb,2024-11-25T18:43:25.887000 +CVE-2024-11549,0,1,86c54cdcd41d3223cfe33bec8f3db32e7220b693cbe1be131634d868831662b5,2024-11-25T18:43:19.760000 CVE-2024-1155,0,0,d758d36f3a75477090d9513d8ce1d0fb91b0226929e863bd461e737f3d8138d1,2024-02-20T19:50:53.960000 -CVE-2024-11550,0,0,b430848ba789dcf098c3e934a2f64fb92c559bf2e49c675ba90f5bafecd0b25b,2024-11-22T21:15:13.763000 -CVE-2024-11551,0,0,3e3c234e08f394479fd8e2e166c4e1d5e89cd78c6a0d059bf8dbd20a4333fedc,2024-11-22T21:15:13.877000 -CVE-2024-11552,0,0,7dc43e52e9762aa70ebb06e97db16cc73c8ff220f460c26c041aa9952680e40a,2024-11-22T21:15:13.980000 -CVE-2024-11553,0,0,a4b0e64c560b850fb663765ee6412d7b5fdaab808f0cc9d28c7ee921893fb98a,2024-11-22T21:15:14.087000 -CVE-2024-11554,0,0,a31dfbe9b71f3bd12c69a31ea0ce4738b9ab8f0478a113cbdeb24c3e6a7b261d,2024-11-22T21:15:14.197000 -CVE-2024-11555,0,0,9a83f9080eaf5497e2af6d00378d76a76f051054f696cb264c6657d409f83979,2024-11-22T21:15:14.330000 -CVE-2024-11556,0,0,9c894bdd4d468f50621834db1c73f097dd2dd1643a2990d9565d098655445c7e,2024-11-22T21:15:14.470000 -CVE-2024-11557,0,0,1c753d65127eddc09c83c6f22e2d2bce9e7dc5410c14c2f7657d3de4db9cddb6,2024-11-22T21:15:14.593000 -CVE-2024-11558,0,0,bb544fe24a50281d72dcbbdfcc628195df5c8e44a16997c70d9f970263df98e8,2024-11-22T21:15:14.700000 +CVE-2024-11550,0,1,fe1826370f7893faa85eb99da773206dc836ba25ba7484ed106c77885135b86e,2024-11-25T18:43:04.463000 +CVE-2024-11551,0,1,772be78f224892d3d6ab8e748ea9163af61a882954195584c0924c2908191081,2024-11-25T18:42:58.463000 +CVE-2024-11552,0,1,d1abf19740f946db347f4ad77698a656aa1b30ebee2431c2037fd3eb51dbb281,2024-11-25T18:42:53.387000 +CVE-2024-11553,0,1,0773ee2578c71be52bd75e9bf46aa9e6389cba0a38aad318f181f338452d6e21,2024-11-25T18:46:34.697000 +CVE-2024-11554,0,1,d7df9a39faa3ecba7b8ce8a37d662a70ebaf88c7cac4c7537e019f9ac76ce968,2024-11-25T18:41:46.223000 +CVE-2024-11555,0,1,3cf2c7177d53f6b2ab1e7f3fbab64983d135fc5614d8005be772569f43b88ee3,2024-11-25T18:41:43.713000 +CVE-2024-11556,0,1,fde18f12404fc5a51e49bd804749a276e1e26e019cb0c2a05b0ffed0ec803c76,2024-11-25T18:16:55.420000 +CVE-2024-11557,0,1,b7bfad0bc64d77fd58f867e0333ee0e631511f684fb4096ba69ab953fe9c4137,2024-11-25T18:51:46.153000 +CVE-2024-11558,0,1,58bd811cda6b3caaf42f933c2a1ae42cb5d2c1031ecf91a43b8341c0fb620445,2024-11-25T18:52:29.450000 CVE-2024-11559,0,0,f88f34a42d20539ad459d52cde23e11e6d8bd94c0e04f443c3e1915b42ee7a6a,2024-11-22T21:15:14.820000 CVE-2024-1156,0,0,d72992d03594c16afadbf16a64f145c65aa8548416754605a40b83a0941682ae,2024-02-20T19:50:53.960000 CVE-2024-11560,0,0,6ade25d86e7ec8181d51a69f9fa24990d79fdfaec7c5544f50b99cd079e69334,2024-11-22T21:15:14.933000 @@ -243610,18 +243612,18 @@ CVE-2024-11561,0,0,c5bd43633e9c04768f75ad4244dcf8b9d39d9c3f0174b7dfd809527098e31 CVE-2024-11562,0,0,eae20f9cb2c51c2bd5129ae60942c1b8219eaf7555abb75659f1c3416fdeb86b,2024-11-22T21:15:15.160000 CVE-2024-11563,0,0,bc4314fde344556fd9f5cd68669e467fa2d0210afd07f113db846e1f8ac36782,2024-11-22T21:15:15.263000 CVE-2024-11564,0,0,10cf2657f500e03cff7e87487b901119675023b7a87c7a871120660ca4300b80,2024-11-22T21:15:15.373000 -CVE-2024-11565,0,0,5ccb05084bcc0b4459213a60d1c9f89fa869c31834f210fa9c386921d604454c,2024-11-22T21:15:15.483000 +CVE-2024-11565,0,1,3fc206fd3a94927ea63b05e034284ac0e7d80b5c9f97fd16a6e175f5fb4a1a8c,2024-11-25T18:50:52.400000 CVE-2024-11566,0,0,77cd2e7e8f001a18616999fc6ebdd468eac783ae420917fe8828c99b0ba729bf,2024-11-22T21:15:15.597000 CVE-2024-11567,0,0,852f1e38e0be9a1cbb7ee4e4a4675da79fd461f1a1ecd994adc0fa04ce88c2e0,2024-11-22T21:15:15.700000 CVE-2024-11568,0,0,5a65aeea47179f15dc8ed802c9791d1a2fe543ba27acbbbdda2bc05a056110fe,2024-11-22T21:15:15.807000 CVE-2024-11569,0,0,e273dca017ad00bf0ab99d042044998dd039384ddd935adbbbf19b5a66fe1265,2024-11-22T21:15:15.917000 CVE-2024-1157,0,0,b2a4c38395c259edc9de63be3363f457cdfc3ed23febeb4ceb3c18d34f71a1ae,2024-10-09T15:20:50.540000 CVE-2024-11570,0,0,811dc82428ee006b84cb089a49b1423459ffd160c1a6e81b2af866797817128d,2024-11-22T21:15:16.027000 -CVE-2024-11571,0,0,a30403f0a67a5f2966b9ee3c7db3808bf2de442766635fd075dd0ac513794b77,2024-11-22T21:15:16.133000 -CVE-2024-11572,0,0,86675bf8b1b48694d6fcf28461c10597ca325f53cef06df4ed30868d3610ce64,2024-11-22T21:15:16.247000 -CVE-2024-11573,0,0,0c7289984b89f8eb0c97b1d5a69696502be01bd31945178697c4b2180d269ef3,2024-11-22T21:15:16.360000 -CVE-2024-11574,0,0,f9fbab40373433498e3b05bdc57e0e7af2e41d850c8494a0484fb95b6f311316,2024-11-22T21:15:16.470000 -CVE-2024-11575,0,0,65a8b0edf8793042e37ed472fcd27e9ce9dedb043d3c5267c0e749464e93a77a,2024-11-22T21:15:16.587000 +CVE-2024-11571,0,1,abe038812fba5459969813e524450e614fe0dbfd84990479b5a90d64aa6ab80d,2024-11-25T18:53:28.710000 +CVE-2024-11572,0,1,fc11235ab3b14fd619f1a0b00897d854eedb62bdcac8fe59842ec11dbd195d32,2024-11-25T18:53:24.493000 +CVE-2024-11573,0,1,f2af87e723c612dde047a5fb1fdf0094bdc07d8a61129046507fcf330341f051,2024-11-25T18:53:19.637000 +CVE-2024-11574,0,1,fa1eeb9db93aaa586e420f829f9c771727341786ba9ccdd385b964c8b22b3f66,2024-11-25T18:53:09.717000 +CVE-2024-11575,0,1,7ea843ebc70906dd0895ac9c2e2c9dc7ce788c2f48558c5897189cf0ad8ab30d,2024-11-25T18:52:56.080000 CVE-2024-11576,0,0,15b95ae87585a1e2db96405be719e6c6ae25e35a2737cc5a1ab3adc970f3e296,2024-11-22T21:15:16.693000 CVE-2024-11577,0,0,7f8a108f819c04bb40216c73fd42a224a25249d3a09be28970eee3ab91cd6c59,2024-11-22T21:15:16.810000 CVE-2024-11578,0,0,b778d208c109fc5834408ff1c2b87d2c603b94e3fe9078afbf70f6e133f6fcf4,2024-11-22T21:15:16.920000 @@ -243629,7 +243631,7 @@ CVE-2024-11579,0,0,7fb9e4fe2baff2fb6647b473faf8a6c357600e54b9fec9fbf9a44d6a6097d CVE-2024-1158,0,0,3f0844fda5c657ec14fc878f4ca458f05346302835336ebfa8e7bba85b29f7d9,2024-03-13T18:16:18.563000 CVE-2024-11580,0,0,1533093b10721a5a9d087be9fd055f274a9f73f281e8c826ac88fc7550ab2dad,2024-11-22T21:15:17.133000 CVE-2024-11581,0,0,542160d1be89c3da845f4d24bd4022bd60afa8df929836d85949b351ae8fb0a5,2024-11-22T21:15:17.257000 -CVE-2024-11586,0,0,99d9409c303d7c13b89442ad512af115297fb36295ddef79ec6f9d04f0991d56,2024-11-23T03:15:07.740000 +CVE-2024-11586,0,1,e5108ab65d70608787de70c3e510f85ce33e95747e983d47cc258456bc62f44e,2024-11-25T18:15:10.123000 CVE-2024-11587,0,0,da366856f804e85e70745473ffd836e0a1a145660e1cb2bd604db9460e7f0d03,2024-11-22T21:15:27.747000 CVE-2024-11588,0,0,08d454ed1206ff32bb2bf5c765516083d1abb53c857b8252091f3b93bd106bb6,2024-11-22T21:02:06.303000 CVE-2024-11589,0,0,3170acb65b71c8fd2a04ce505dabd6df44667cf95fc2d1e7b9e2886d75ccb49c,2024-11-22T22:02:50.957000 @@ -243643,13 +243645,13 @@ CVE-2024-11619,0,0,a4838d434b8c8bb61e21ea750aab44437d9c4068a035e504d5209865637cd CVE-2024-1162,0,0,6517ec14e6db831ee5a33abab5e0e4729a77c306548683589462e3183aa8cdb4,2024-02-08T14:22:37.180000 CVE-2024-1163,0,0,23d47391c7884329270abc739e0d42e17852ac69017fc11ff4fa38853ad7cf71,2024-11-03T19:15:04.143000 CVE-2024-11630,0,0,124823e79cad8f52614d45dfbfa425539f468c43cf02153ebcf347d478214259,2024-11-22T22:15:13.637000 -CVE-2024-11631,0,1,570ceb0c85d63bd361de89b3e02d09184658915631c383aecab754524c3a2fca,2024-11-25T16:54:46.333000 -CVE-2024-11632,0,1,8edb73f8418ace86236ba956d8491424810c23a2e18945d058b1e1e3e75bf17a,2024-11-25T16:50:43.257000 +CVE-2024-11631,0,0,570ceb0c85d63bd361de89b3e02d09184658915631c383aecab754524c3a2fca,2024-11-25T16:54:46.333000 +CVE-2024-11632,0,0,8edb73f8418ace86236ba956d8491424810c23a2e18945d058b1e1e3e75bf17a,2024-11-25T16:50:43.257000 CVE-2024-1164,0,0,ccdaeeda02ae302b7582e035c96145e342a579b2b0fb5245fe0e2c3517f4c5b6,2024-06-11T17:14:02.340000 -CVE-2024-11646,0,1,b2891164a39c25d2fa53a65f4b329cb1c73caac3a31639e7b4bbc1c59b376703,2024-11-25T16:49:56.377000 -CVE-2024-11647,0,1,5fef3a2788feb739ecc5043b64bfcdcd72f581cff57eecbc508436bf5d08eb70,2024-11-25T16:49:24.083000 -CVE-2024-11648,0,1,ec8d331f7da601df15f7ee6f28e6911e13e4712baf3a7f8d3e7582c3b9dd2b55,2024-11-25T16:49:02.417000 -CVE-2024-11649,0,1,3b1fddc050c08a5b08022eb64a44287283ef6ca99ffd88a2d2e2d5a03e9e1e12,2024-11-25T16:48:37.237000 +CVE-2024-11646,0,0,b2891164a39c25d2fa53a65f4b329cb1c73caac3a31639e7b4bbc1c59b376703,2024-11-25T16:49:56.377000 +CVE-2024-11647,0,0,5fef3a2788feb739ecc5043b64bfcdcd72f581cff57eecbc508436bf5d08eb70,2024-11-25T16:49:24.083000 +CVE-2024-11648,0,0,ec8d331f7da601df15f7ee6f28e6911e13e4712baf3a7f8d3e7582c3b9dd2b55,2024-11-25T16:49:02.417000 +CVE-2024-11649,0,0,3b1fddc050c08a5b08022eb64a44287283ef6ca99ffd88a2d2e2d5a03e9e1e12,2024-11-25T16:48:37.237000 CVE-2024-1165,0,0,4c65f8011ae90263b8016fe4b3c081ae16e06c35df8b6a0c8887bb2b34e5f4fb,2024-02-26T16:32:25.577000 CVE-2024-11650,0,0,a19ff6244bafe8da49623d3f6c9494917d32382199f9c9df21bc1a8b68eb25f1,2024-11-25T03:15:06.707000 CVE-2024-11651,0,0,a7063f71fb443dbc88a86942922fb99e879b1c44522ad7f0d5b12db0f9744596,2024-11-25T03:15:07.973000 @@ -243670,9 +243672,9 @@ CVE-2024-11664,0,0,f7e3e3893aefbf47475119b5cc15d35a6bf3fef30ce727b8b58d082d35066 CVE-2024-11665,0,0,432484acd0139af98341fd7fe90b0662197ea5956295af2989047d68fc0277cd,2024-11-25T00:15:03.957000 CVE-2024-11666,0,0,2250b20e698d0c0188636489287d2b59448a3bc6ff2a33a1b94eca03d876ba25,2024-11-25T00:15:04.040000 CVE-2024-1167,0,0,ed50fa0852f2fbdcdff47243517d528056863b720fcd10bdada66efed3504e8a,2024-02-09T20:20:51.900000 -CVE-2024-11670,1,1,da97a331b546adbf73f2b38147c185b1f7045c13e5878ca1de4e9a941cf83c83,2024-11-25T16:15:12.173000 -CVE-2024-11671,1,1,2a848a6848b80400aa90b2c3b0c7ecb0e441d08b7c46c02bce24a9db5fb40c2c,2024-11-25T15:15:07.040000 -CVE-2024-11672,1,1,fec61fa755cf3a8eb093f92ea0e0800a792cba8a001d7c9836b12057beb752ba,2024-11-25T15:15:07.180000 +CVE-2024-11670,0,0,da97a331b546adbf73f2b38147c185b1f7045c13e5878ca1de4e9a941cf83c83,2024-11-25T16:15:12.173000 +CVE-2024-11671,0,1,2615e6d984f10785804bed1195d17e9edea1f659c624af4ab21f00fc47d133cf,2024-11-25T17:15:11.930000 +CVE-2024-11672,0,1,04cbb60e58825873c0969626d23fdfedf7389ea5e4e3e844c45f4fa741c93da1,2024-11-25T17:15:12.110000 CVE-2024-1168,0,0,b74b0b0c267c02c66f0f474186eac7335d29517290a9638a292d9de8edcd7c5d,2024-07-11T02:52:36.687000 CVE-2024-1169,0,0,a43d6b50f47e310e039f1575550f9d1fe159a31a77f5a57027ebd3dc489ff540,2024-03-07T13:52:27.110000 CVE-2024-1170,0,0,ef14266ea2026fd1e77d96d081d12f376a313e532bfd85bbf7562d8a6e990ca2,2024-03-07T13:52:27.110000 @@ -247433,7 +247435,7 @@ CVE-2024-23783,0,0,ef980d6e659836434833911abb6ccbd0387d322b4628c9c61f1ee37ae942b CVE-2024-23784,0,0,80aa18ae4c60aca1ea03b0124ca5d85ae97f52b7c01fa2c2dd6f4722131fd623,2024-10-17T15:14:57.060000 CVE-2024-23785,0,0,3c4c5ea02bf1a3133e4525a79a6b954407721253c39b3ff8b64ff5c5aaabba5a,2024-10-27T14:35:06.580000 CVE-2024-23786,0,0,6ae4fe60ce393a411ea48b9876215e539a050978e709da57dec7a256f24287a3,2024-10-17T15:16:39.213000 -CVE-2024-23787,0,0,7a8ddce6195bf931c799fcf4083a75cf1b9842febd9c3da44a75515daf822e08,2024-08-13T14:35:10.747000 +CVE-2024-23787,0,1,f27d41f0c9d6f87ceb9aba4ee8cbad65615f445b915cfc6d8e3de6ddcba3ca2e,2024-11-25T18:54:34.530000 CVE-2024-23788,0,0,64abbc30839e8d16e55707492265880e002ac43878f4aa04dd4b122fd59c9c73,2024-08-09T16:35:04.550000 CVE-2024-23789,0,0,ebe69de329ce3066ddae75bf202509726e55e928e26b7120b9a03b158a88c139,2024-08-14T19:35:20.280000 CVE-2024-2379,0,0,bf50084b0f6625e9f2f932a65a78a5f1b45a21762f6b47e6f1c8cee00bfd1e05,2024-11-14T20:35:22.613000 @@ -247726,7 +247728,7 @@ CVE-2024-24246,0,0,66df927313dfb2fe51ec7b1761b0f9876821113027121d655169e20e29fad CVE-2024-2425,0,0,5244503cb81f1535e5c26158f97c8ff5a0be1d108c008e859e8897a136ecd780,2024-03-26T12:55:05.010000 CVE-2024-24254,0,0,aa3e1e0113c1afb51d7c9ea40615c9f0ca117924787150a26ed63a73b49e27db,2024-02-15T18:46:57.737000 CVE-2024-24255,0,0,e76da96580c60a9eda41d1841209285ca4cff39dd4bb1ea645c35657b9851939,2024-02-15T18:46:41.247000 -CVE-2024-24256,0,0,fcdfa612c3f1867287942ad18dfc81885197768fb299b50a1e03fe4abbe75856,2024-02-15T14:28:31.380000 +CVE-2024-24256,0,1,fe20b132f20800628865b416d00a9147f8b1e3bb289d3c951e66e359ebfc807e,2024-11-25T18:15:10.727000 CVE-2024-24257,0,0,be1ad47bd4d795f252422bc7418137262b954311599ce561f29c104d0afa01eb,2024-08-01T13:47:24.290000 CVE-2024-24258,0,0,b6889ab8117d84f2b926a30d9ca7e037f41ed41c51b57e24ece8c5f1f0d35cca,2024-02-21T03:15:09.043000 CVE-2024-24259,0,0,27500963c89a35e88885dfebaf6906d578facbf79a9197c97e367a82d6750a09,2024-02-21T03:15:09.110000 @@ -248915,7 +248917,7 @@ CVE-2024-26015,0,0,eda3ef05e78350dbdf4bafb3ceec1e42a75ece53c103b8d65ceafa6973308 CVE-2024-26016,0,0,53e5a707ce7137aca290d896e582e8d2a49565424594d76b59ea5a9464cdabc2,2024-02-28T15:15:09.320000 CVE-2024-26017,0,0,29b69c6327ca7e9581060ad10131cb64e7089e27b058bc4b558a5897a14d5b73,2024-11-15T14:00:09.720000 CVE-2024-26018,0,0,3b204ab00ea9e5a4e89dbbd72602f66cfac87fb0fd92b5110c31c614c83a90a6,2024-10-31T18:35:08.353000 -CVE-2024-26019,0,0,c8f3817ebef24fc08c083645b2146c067190c6ce99f258e914d83a748ccfa09f,2024-04-11T12:47:44.137000 +CVE-2024-26019,0,1,0df98f7200ad7d46543b2c20a940bc440f5954454399f583c78af8a359e4b12a,2024-11-25T19:15:08.683000 CVE-2024-2602,0,0,68545756683921883a71e009514104eaecb0a76db274a20107afd513be41a06e,2024-07-12T16:39:51.080000 CVE-2024-26020,0,0,72caf6bcbf6e85532315d41141700a256acdb0b9130ff5b3cf9c47d5b4a216d7,2024-09-11T14:53:51.013000 CVE-2024-26022,0,0,a26ae471637132c4dd9ca0e595e7538384876862971be53dda4b80cd7b3fdc6d,2024-09-06T20:16:27.330000 @@ -249256,7 +249258,7 @@ CVE-2024-2646,0,0,ee46ce874cc14b8f1b3378e14871fd20ec8fc831984d94fc396d6a2b62dd02 CVE-2024-26461,0,0,0b892c8bcbbbf8814ae786a53ca82ff2dc0971c3ced34bcc3c4cddb340bd0150,2024-08-14T16:35:10.207000 CVE-2024-26462,0,0,26de7b444e254c213d77640f77662b5b241a0427363fa56252d8a7b7165832f1,2024-05-14T15:09:01.053000 CVE-2024-26464,0,0,4ab3cf87be607a3f2e4c00e75552541f89691b136bdc5e46f36bd1de5e4f294e,2024-02-28T15:15:09.390000 -CVE-2024-26465,0,0,3a896709d200549d8e79b89e1e93cd3f7afbd9ee26478bdb4b85743140b25407,2024-02-26T16:32:25.577000 +CVE-2024-26465,0,1,2da9a8da14eb7ad2ae1e44833aaff4b7a90cbaefc41a17a4f9b407a5541f6d80,2024-11-25T19:15:08.960000 CVE-2024-26466,0,0,6709258f243577bc1f93e1c54519a7b66e4e3ffda1e209724abca2cbfec5238f,2024-10-30T20:35:12.827000 CVE-2024-26467,0,0,c79919be511844338d780cb29a83d8434b9e819bf896bf804be060a155284c12,2024-10-31T15:35:29.323000 CVE-2024-26468,0,0,888c1400596629f642930ce1dfab915bb89a161094e6e25fcf42a7aafbb78e0f,2024-11-06T15:35:12.710000 @@ -250007,7 +250009,7 @@ CVE-2024-27228,0,0,5262c725eb223b05821eaec558c5d806b0071760b0a14d4556c2fbb1a42bc CVE-2024-27229,0,0,b8b459ee0fc242831e7e68eb1fe9ed70ba0320038a180145828d0bdce79101e7,2024-03-12T12:40:13.500000 CVE-2024-2723,0,0,a5d6e6fcb13799b6bac3165664e5b326db07e4b162d1f25e3d1dd5f10681ec04,2024-03-22T15:34:43.663000 CVE-2024-27230,0,0,88b39cd1454faf6416d3a6ba7200a6d0a1063eefbd9e9f88e3222f1d6afdc5db,2024-11-14T21:35:04.697000 -CVE-2024-27231,0,1,d8b2d97e5660ff4673b72a0d9d6ef48029433941ff7be081ddb1db8348a72ddf,2024-11-25T16:15:12.423000 +CVE-2024-27231,0,0,d8b2d97e5660ff4673b72a0d9d6ef48029433941ff7be081ddb1db8348a72ddf,2024-11-25T16:15:12.423000 CVE-2024-27232,0,0,64ecd9a830c9b30b766707b244dd77aa970adc2152fb16fddd12d23820aced02,2024-04-08T18:49:25.863000 CVE-2024-27233,0,0,4f805b66de1371a2d4417bd116c04ac1324a59b0f4fedad25c9d0195537442f4,2024-08-05T18:35:11.120000 CVE-2024-27234,0,0,1b0ad16da90d4d5fdb81d47fff8f9573f537fbee16c19c1920ac4110156ba7b1,2024-11-04T17:35:12.957000 @@ -250077,7 +250079,7 @@ CVE-2024-27309,0,0,18416b733d6ac4edeb2af296593281a1b6deae1e8a8956ba324c7cabf7f2e CVE-2024-2731,0,0,e2947075d94f67fb0f516acc3c39fdd257b6a53a447028317b4bd1e85304e9ee,2024-04-10T19:49:51.183000 CVE-2024-27310,0,0,571965cb3265e429f2057ff75976d47193fff880bf258b625e085a3f07ad7b3c,2024-10-07T20:15:04.920000 CVE-2024-27311,0,0,3441ff0e665052a7fb86a3589fae526973b499df9f488dcbbb9db7b9aaef9973,2024-07-18T14:09:40.923000 -CVE-2024-27312,0,1,44ad9df6373c37d335fa110f1ccf73e3064c9d69081ddac9cedf52edbde67366,2024-11-25T15:14:53.217000 +CVE-2024-27312,0,0,44ad9df6373c37d335fa110f1ccf73e3064c9d69081ddac9cedf52edbde67366,2024-11-25T15:14:53.217000 CVE-2024-27313,0,0,f9f7791913eb1885e62d83245c35ccba6d007456c7c99efcf6385be05af20927,2024-06-07T09:15:11.917000 CVE-2024-27314,0,0,507bfabf98c061d8de81cbc1d95b3b58842135d25b3a81edb36b7651b27ac69f,2024-07-03T01:50:30.720000 CVE-2024-27315,0,0,db9af09723fb011b8182b6b5bab4f2fc859959fe0ca51aeffec2764eb351e8f1,2024-10-03T13:15:14.710000 @@ -250499,7 +250501,7 @@ CVE-2024-27901,0,0,7b06fae9467006c18ceee57d1cb054462f92404e00919c92c5179777cfbbb CVE-2024-27902,0,0,cf303beda4f8d4d9a07f999c75e97958c265bcde9b8d48f8f915bd30d541f272,2024-03-12T12:40:13.500000 CVE-2024-27903,0,0,7a16b56caf0aadbdfc143727319a91c26c6417220b554521d1e591b4babb7dec,2024-07-11T14:46:26.300000 CVE-2024-27905,0,0,b007cbbd0683fb72ec6a5db786c9c4d47fcb6048ae5dcb8851d46b1a89439247,2024-08-02T01:15:42.030000 -CVE-2024-27906,0,1,4cb1bf03d4362bb82f27c3fc5616e325b1f5b0c074bb55a94886eb6f57770429,2024-11-25T16:15:12.653000 +CVE-2024-27906,0,0,4cb1bf03d4362bb82f27c3fc5616e325b1f5b0c074bb55a94886eb6f57770429,2024-11-25T16:15:12.653000 CVE-2024-27907,0,0,665becf063e38021c77d8567eafb4cfde9012aa9e5f2ff52b45354cada16677a,2024-03-12T12:40:13.500000 CVE-2024-27908,0,0,3241ca39ccff4fff26d10715dd0c806c47f3e26d7e3304c90e96bb32bb0598ea,2024-04-08T18:49:25.863000 CVE-2024-27909,0,0,b075bf844a7dd1fa40f47f9a0d3299d09d1738685b413b6873dcfe65df7f7f03,2024-04-08T18:49:25.863000 @@ -251409,7 +251411,7 @@ CVE-2024-29162,0,0,b1942e5218b9199d8b3f133e6f6ae0185975e4e85dad3209f496d8fff4251 CVE-2024-29163,0,0,17ffb72bd5e136d8bfcfddc39b6fc15b69108962b9f846734ed6aeb051a0131d,2024-07-03T01:52:12.290000 CVE-2024-29164,0,0,0241c9be23a80d6ab3dceadfce1b9b19b6d47bdd0ac74b2f2c9ae593533e395b,2024-07-03T01:52:13.070000 CVE-2024-29165,0,0,3c479a3372b122f69415807cf18990c87c6bdd2637a3e4ef28a1d60fed2086fd,2024-07-03T01:52:13.840000 -CVE-2024-29166,0,0,725e6e590aa1d0d5293ed901f6d18ab0cb031637e03d15f947737ac3607357bd,2024-05-14T16:13:02.773000 +CVE-2024-29166,0,1,12e2164b1ad3a112107fa72d771285f7dceb7d115ecfc3ccd5d15dac51e15c22,2024-11-25T18:15:10.983000 CVE-2024-29167,0,0,f6346485e6d8e35e008aa46a11a860f615ad785e3c3267fd5e0337b56e2b8115,2024-08-12T21:35:05.960000 CVE-2024-29168,0,0,4b03610f0e9707b91f6d4ca8302add5e9446f332d0532287451d81854b8e8e49,2024-08-06T15:28:10.527000 CVE-2024-29169,0,0,46ae3e5e128a47a51f9060fa5b406a480b0436c4fa2b267a42e0503161231bfe,2024-07-03T01:52:14.690000 @@ -252040,7 +252042,7 @@ CVE-2024-30118,0,0,a600cbc3312207feafbf7858618a61f6dd2c38296d39ec303171804559f68 CVE-2024-30119,0,0,4baed8c508a821c818525782701105249753896feab644ba3efffba269f578b9,2024-07-03T01:53:51.120000 CVE-2024-3012,0,0,ae30314159430e25e9f2b09f2e0a440cd8bb99b7d72b62fa4eb73b4affe20188,2024-05-17T02:39:40.620000 CVE-2024-30120,0,0,f704816cf356d01bbdb53903a0b14bef34a589a7c9185030672ca3a1f14e4a1c,2024-06-17T12:42:04.623000 -CVE-2024-30122,0,0,9f485dd65437a7051ea4a1c20434d3eb51730baba0c509d8f2633bcd688cd79c,2024-11-06T22:33:46.797000 +CVE-2024-30122,0,1,e8c36fe55c23724cada8e0cda590d8e925c511ba8a812570d2aee609eea4a123,2024-11-25T18:15:11.213000 CVE-2024-30124,0,0,40a4254bc1bc6d9de977773d0f614d8309c4c262777ba96571bd84dac137cd34,2024-10-29T15:35:22.230000 CVE-2024-30125,0,0,967c3bfd100afb2f9224f4a02a5fadb13adf29c3b227e11d52a6e3184d1fe4c3,2024-11-12T21:35:19.700000 CVE-2024-30126,0,0,6fc62f044a7f0651037fa78da0350df1d81591508f3d5a2909dd34802958ba70,2024-10-30T17:35:02.160000 @@ -252324,7 +252326,7 @@ CVE-2024-30420,0,0,c7aa765232ba482242d297cfff54623d69e480ef9ec026f910cf7643167f5 CVE-2024-30421,0,0,38d079b732a725b98c99fa6075b2f70c78aac1ea39a1e592d0f5fa7cadf0ec52,2024-03-28T12:42:56.150000 CVE-2024-30422,0,0,60be97e329a95b7adfcb5b64dd5d4834eb184c7233f1129ee8af63f3e0f95146,2024-03-28T12:42:56.150000 CVE-2024-30423,0,0,5c329ade542241c2bfb9bb711657fe27dfedc75940bf241818dd0c4f5202f245,2024-04-01T01:12:59.077000 -CVE-2024-30424,0,1,f07332c15d30bcad6579234e680b6c6593791bcaa134e3b11f35d474de23157c,2024-11-25T15:07:22.740000 +CVE-2024-30424,0,0,f07332c15d30bcad6579234e680b6c6593791bcaa134e3b11f35d474de23157c,2024-11-25T15:07:22.740000 CVE-2024-30425,0,0,0537847ee1841fbbd816251fa4aa21db1a543942bd18d73e2e4033f3b5a951c9,2024-04-01T01:12:59.077000 CVE-2024-30426,0,0,99f7bfcbe721282099eef96c34e9ad1f438d16bedf0a7b71582b3d2abe26d362,2024-04-01T01:12:59.077000 CVE-2024-30427,0,0,b7cece5c261a0e1a32a230e535252a83f52728fdb6359760af120ee9a1b0f4ae,2024-04-01T01:12:59.077000 @@ -252630,7 +252632,7 @@ CVE-2024-30848,0,0,e520fc03d7d120883158934b80667a2b4d6398e475b39bea0f39a4affc9e9 CVE-2024-30849,0,0,4b2a4ccd593d26ef45288147032dbc711b9bbef7de8ea7827855efca75655daa,2024-08-01T13:50:28.983000 CVE-2024-3085,0,0,509209dfddf53f9b46075ed419de44cbb1f67edbb1a1b964fb67c8391adf6753,2024-05-17T02:39:42.607000 CVE-2024-30850,0,0,c1ef257dd5e33e880b36cd35ccee098b89832c161bbe3dd2489cb767eeacade1,2024-08-21T20:35:03.010000 -CVE-2024-30851,0,1,a111cfdd82ec7fab436b2f15be443767a1daff9511cf9277daf0bc5ef623dcfb,2024-11-25T16:15:12.930000 +CVE-2024-30851,0,0,a111cfdd82ec7fab436b2f15be443767a1daff9511cf9277daf0bc5ef623dcfb,2024-11-25T16:15:12.930000 CVE-2024-30858,0,0,93e0a53927efd0637571ec0f8079f664a09ad42dbc1f395dcf941f97a4b21575,2024-08-01T13:50:29.850000 CVE-2024-30859,0,0,cb3a05b13bb3d557f99196539489ef40266ca1d1884c327caec647dd84413ea6,2024-08-16T19:35:10.010000 CVE-2024-3086,0,0,bf4cb4e0e77596531b4d2ac34fc073ac688bdd0873b18b3978dd0f7954009022,2024-05-17T02:39:42.693000 @@ -253745,6 +253747,7 @@ CVE-2024-32464,0,0,0d11a546e2c271fc0afdeed2fa69714d9b5f84ca5d7bc429f0de3583c1b4a CVE-2024-32465,0,0,7f7730b7863e1b1ab6f4f0e9ed5951cc2498c0f43612f46412186c2ad9411d67,2024-06-26T10:15:12.280000 CVE-2024-32466,0,0,ec6043800c838c8c522daffd1e449b8d51ad254f8e96898e669970687ad3422d,2024-04-18T18:25:55.267000 CVE-2024-32467,0,0,165728eebf3c65f303f09df477c1b36c8acf80b7d71a76e238a98ecb9526f64c,2024-04-25T17:24:59.967000 +CVE-2024-32468,1,1,ad1763a5d577089bbdd32abc055f6dd956b6d8af680f82127698a6000c3e9448,2024-11-25T19:15:09.510000 CVE-2024-32469,0,0,a9e5def06e4db8472decc90b984fed9339b3fda0e27ed47a28dbd2f3e4aaa483,2024-07-11T13:05:54.930000 CVE-2024-3247,0,0,fcdfb02c88d9b1508cf800ba9d574ce87f33b399da1f96cd338d73277a1cf2a4,2024-04-03T12:38:04.840000 CVE-2024-32470,0,0,d5237f47bf052884f2f87007b27838db2dcb0d619cdf0dc0669aa7e69b9c0051,2024-04-18T18:25:55.267000 @@ -254693,7 +254696,7 @@ CVE-2024-33663,0,0,e1e5e3bf2bfb6f84f42175dcb29cc9799e837d7e631a8436167d9acbf72c8 CVE-2024-33664,0,0,fa102b47e0b0f78985d310d8b8074ad26f7b0a8f6e346244359d7ca87f4b731d,2024-09-05T16:15:07.570000 CVE-2024-33665,0,0,59e0b75ee124fb21ebe68d182006f79532e937bc2c2e651e38a1d465cbb309a7,2024-10-29T21:35:08.080000 CVE-2024-33666,0,0,8e982c6a0c03f8b5d1cbd58e6d45d8ee40f43b5fb9ebc6cbaefdef7cc6467b9d,2024-07-03T01:58:33.837000 -CVE-2024-33667,0,0,d9a60490b5a47ab58d6800af0e868d69fb5acbd4454834ffe597651ec1e47cdb,2024-04-26T12:58:17.720000 +CVE-2024-33667,0,1,30bdfce3cd6522c6ca207e5f39975912239858b3253d1ad3721e006a7391fe88,2024-11-25T19:15:09.713000 CVE-2024-33668,0,0,1057e9899f3d071fbe9469ff4d64f06b263f71484eb3414fb82aad54f0a342bc,2024-07-03T01:58:34.653000 CVE-2024-33669,0,0,9f9e4923b29b77e4df7ed4bfab7ff189f9617396636ad12f3335720e7b3f148c,2024-07-03T01:58:35.420000 CVE-2024-3367,0,0,3b87f70833bb8ccf4c6d89027b50770ba7c3694c19e37821dd6ef423c5078200,2024-08-26T10:15:05.743000 @@ -254817,7 +254820,7 @@ CVE-2024-33872,0,0,1d431ee562aada863536cfe9f8a510d77a4e7e9b56e0c5a0629ef96f2e0cb CVE-2024-33873,0,0,6ea1274dbe138465702444faa4e98a829d2dcf26c68796f03309e9049cdfe9b0,2024-07-03T01:59:05.293000 CVE-2024-33874,0,0,d26fda7bcde0c687055ecb7e8a711b7b405c2f58134eb500396c86a8ce6f97a1,2024-07-03T01:59:06.100000 CVE-2024-33875,0,0,60ecedb94db7f414fe8b0e42f25ed226800cb87efe94a21898c76155402b05c9,2024-11-05T17:35:12.700000 -CVE-2024-33876,0,0,a3d9f2af701b9fefafa7b2161278e52edc6d2a1278c90424e3c359f2aed0dd44,2024-05-14T16:12:23.490000 +CVE-2024-33876,0,1,dc9d7bdb713f4d35767476f7647274f550c5fc8867d80cf80823e576cb9f517c,2024-11-25T18:15:11.537000 CVE-2024-33877,0,0,b4f1b95444f84dfcef907af7774009cf66d9af779662daf465f9739beafd3f6d,2024-07-03T01:59:06.870000 CVE-2024-33878,0,0,feb8ae1feff70622d1e1a8722fc435816940bd9a5d61c3251757968e032c5925,2024-05-14T15:38:10.657000 CVE-2024-33879,0,0,a2e90836d222ca0b4ef7793d35cdf806e54f0108df2e23c18454cd2727a93dd8,2024-08-01T13:52:10.267000 @@ -255336,7 +255339,7 @@ CVE-2024-34529,0,0,d8133b9a4ea4710432fb31a4132ab39e712c33d1c820f137246e054dc4fb1 CVE-2024-34532,0,0,dcb761bea457268d59c0be9416083baced4fef01729f53184cc4673fe1957bbe,2024-07-03T02:00:31.917000 CVE-2024-34533,0,0,8566d0e8dbd9cd4017bd3a534ac0fd9822a90bf76d2b3f6401a871fd79682bfc,2024-07-03T02:00:33.137000 CVE-2024-34534,0,0,bc0f446d96fd1bff04cb40a3d47d7cedb5384511135e58f39b13d3fecfe87cc4,2024-07-03T02:00:34.370000 -CVE-2024-34535,0,0,83aae08bc421f9eef8621f242b24214806a581d0b260711ffa707015c3215f8f,2024-10-04T13:50:43.727000 +CVE-2024-34535,0,1,f05f2cbbe3f16c7162e57286b6a67330cb9b43ec2392a7719f06ad041a0ee27b,2024-11-25T18:15:11.763000 CVE-2024-34537,0,0,aa8d887b54254363340bc9478cf814aad60caefe8559038d897113fab5bc7ce3,2024-10-31T17:15:12.903000 CVE-2024-34538,0,0,feba2430cb16511882082bb58c8b82ea01c0b09af4d84fa976b42058411470a6,2024-07-03T02:00:35.197000 CVE-2024-34539,0,0,9ef63927e8927d2fb2816c186d7e6407d6365bb9385ba11a715c86bc1697a83f,2024-07-03T02:00:36.057000 @@ -255547,7 +255550,7 @@ CVE-2024-34739,0,0,f6e54c0f32331bd01c690dd8be038509007e00bfc399df14c98e74d18ccd5 CVE-2024-3474,0,0,f8fe69ded09f8f3335cb0a291c0ff93be246183a89b6f2a9db60adabf1ff9a0d,2024-05-02T13:27:25.103000 CVE-2024-34740,0,0,cd68171e55105c9a184cdc72c371579137a9ca2bcc91416cae3d7556d14ecb22,2024-08-19T13:00:23.117000 CVE-2024-34741,0,0,92c683bbe77a7f293c2037090a232d821770d81c7905215e3ef6319cf6b5adba,2024-08-19T13:00:23.117000 -CVE-2024-34742,0,0,ae7622882d0f2f3d011507be8bcb7493359b0ef6aaca92f56d7280395d35123c,2024-08-19T13:00:23.117000 +CVE-2024-34742,0,1,2188fe9a2261d48e70273283bd8cf6330a32142746ba90309fa422806d010009,2024-11-25T18:15:11.980000 CVE-2024-34743,0,0,9a08509f1ceb4bbb716866bb59161611c0588d77430a21c15b6c1621568bccf5,2024-08-19T20:35:16.253000 CVE-2024-34747,0,0,54274e9091b3a0011b2ff0803398b57f8823e3a645921a5eb6d9ebe2e1bb8c96,2024-11-15T22:35:09.927000 CVE-2024-34749,0,0,048a4718a6adf63bcc95dd588dc6297f930a23113bd2619e190eb8b7852c3de9,2024-08-02T03:15:45.390000 @@ -255956,7 +255959,7 @@ CVE-2024-35398,0,0,a491584c9df6e11fdb2efbaa9a24ed323ffdfc3c73ef67e6f6aad4d4001ef CVE-2024-35399,0,0,2798c646f651db550053d76944a2539fc365c03ae0c3f02c62b58f01dbc5e617,2024-08-01T13:52:39.410000 CVE-2024-3540,0,0,186925567bcf9baf46d3085185099882e7fa1b9d0d70f71c95c65e0aa39f03d3,2024-05-17T02:40:00.280000 CVE-2024-35400,0,0,97d7d19e3adccff63ccd0444ae15a57d17e947877cac30747756fdc9f28e68e8,2024-11-07T21:35:08.720000 -CVE-2024-35401,0,1,d29d759087db1fab80b9b2bcd20c7eda418ffa2910aebd184ed756295a523506,2024-11-25T16:15:13.167000 +CVE-2024-35401,0,0,d29d759087db1fab80b9b2bcd20c7eda418ffa2910aebd184ed756295a523506,2024-11-25T16:15:13.167000 CVE-2024-35403,0,0,4d9a98843a184aa3f7fed28ea2e26cfcf04b1cff379a69b2f7e72017e9a927ab,2024-07-03T02:01:44.377000 CVE-2024-35409,0,0,c1e09f17fc040d1a54c6ca919b4e6df91e3a03195ff96673036c48a4d8f8f539,2024-08-20T15:35:15.637000 CVE-2024-3541,0,0,14abae851d976e531eb89e36d00e68f1b4222a58cf78e09467f8f13cc823ff73,2024-05-17T02:40:00.373000 @@ -256502,7 +256505,7 @@ CVE-2024-36039,0,0,d5f6bc43648106f8c0710f8301f59ed0f37eac1af0c9c7b161995113609db CVE-2024-3604,0,0,2f82d9621c7da51111c7599a59e672098e964c892eb2588f225c0e98c5e45cbd,2024-08-01T17:39:33.907000 CVE-2024-36041,0,0,d88899430b8465bd9e7ec84eb791ba971452eec022e6c65dc6ad08436f1e4123,2024-07-09T16:22:37.687000 CVE-2024-36042,0,0,5e54aecb20c44082aa92fd61c0f8a58aa5121675b55d97309cf9a5aaaf11ac5e,2024-07-03T02:02:42.150000 -CVE-2024-36043,0,0,3bd225f8561cef578aaa027f6bceef70b4450bc22a2e5dc039a9b76782f71691,2024-05-20T13:00:04.957000 +CVE-2024-36043,0,1,e7d2271ad4212bc10f9dc860169ebb186d9278667f67ad96839bebaa1d0c2ca2,2024-11-25T18:15:12.213000 CVE-2024-36048,0,0,5a5a6da2bab77110717de4a83cf2fd38c948b3573f3cee73605d8d6a5534fd54,2024-08-08T15:35:13.937000 CVE-2024-36049,0,0,16195e94e554c9cc2e1c5fb6b057cc3b79bc050cdc5b42034b6e0554be23efca,2024-08-26T16:35:09.153000 CVE-2024-3605,0,0,905473bba2f4b1f833e3696e0eb3a1556acdfbc79f67c22a9c6f82f499950cc7,2024-07-15T17:12:36.967000 @@ -256758,7 +256761,7 @@ CVE-2024-36378,0,0,ca258e9b594af616c42b58f8248851951bbd7b3ba86b1f4eba271688d3b21 CVE-2024-3638,0,0,620fdccfcdbef1110695fe5f4df8efef5a2f6320fb9175c618899b2ed73206f0,2024-07-05T17:14:22.140000 CVE-2024-36383,0,0,2c9cf4016aaf0711836c59164d1d46e4509eac95f6ae137d172050d33955d4ae,2024-11-04T17:35:18.540000 CVE-2024-36384,0,0,ea1f3393e518093680ec693139bc0d228506adc5bd8809766b74b272d1bb08de,2024-11-19T22:35:08.610000 -CVE-2024-36387,0,0,a2bf37a0e64575b7db49c720ef2f1af1931a4f978873dbf393d59870fa3eb3f3,2024-07-12T14:15:11.670000 +CVE-2024-36387,0,1,5944204c3b638262c6df5c0299cc2ea33b76830b0d9dfa7f4d3cf2f432d1b535,2024-11-25T18:15:12.440000 CVE-2024-36388,0,0,e13152636423c6e93176d03b27ba8c5b0397bbb97d42aaccd55001a4d2861e72,2024-06-03T14:46:24.250000 CVE-2024-36389,0,0,d82860a88b070b35d5db5b5f1ca93be5cc187cf6335f9f77cd891e2c4188c207,2024-06-03T14:46:24.250000 CVE-2024-3639,0,0,3825ec646e59832bb04bcf2ca3ea29324db47c6b5904b78d5f1a541ade617b5c,2024-07-05T17:14:37.093000 @@ -257259,7 +257262,7 @@ CVE-2024-37121,0,0,f38dd3795bb34ab592f0837185cc69e5390fe6be6ea0a7f8fed8aebfe54c3 CVE-2024-37122,0,0,b311939d15bf048863cce658485cfe0a8e332201062bbe989c7fc9c6113ec98e,2024-07-25T19:28:05.110000 CVE-2024-37123,0,0,328c8b42797a7e1aefb8f62555a88a31230bb1f4b153ee44b8fd5cd675cf7937,2024-11-01T20:24:53.730000 CVE-2024-37124,0,0,36b2aea5b40210d79bc623ba24647826a1125982402ceccf247fbf8a08ffdaed,2024-07-03T02:04:07.457000 -CVE-2024-37125,0,0,c3a964a559ab27819f31020b758acab28f92a62819c1ba1ac4d044bd4955ee74,2024-09-30T12:46:20.237000 +CVE-2024-37125,0,1,ad424b9dfeb67e33386545a4a38a37f4774ab71491140a757f27303a2f3a60f8,2024-11-25T18:30:46.117000 CVE-2024-37126,0,0,1f6046db51cdcb2727f4678a45f9e51ce9aa79ec8b1a1ad373e1661d9aaf1cda,2024-07-03T18:00:57.573000 CVE-2024-37127,0,0,d9e870bed45357108f05b43be573ea51c7d15f5150f07ef26a707da9d896bb8b,2024-08-27T15:23:21.370000 CVE-2024-37129,0,0,1bda6b021f1f7698674c595a8a84e9d380a54f5551f6ad0383f5d9c8c50d327f,2024-08-13T15:26:46.890000 @@ -258200,7 +258203,7 @@ CVE-2024-38301,0,0,0aaba53899fa63c6f65cba4d5faa4104f18194e9cd1a78452f451bbbdb780 CVE-2024-38302,0,0,e77ca3bd1f42a6aa7992c70d7c2a8c98c0238a3f11a590553b92597fb717d1f6,2024-07-19T13:01:44.567000 CVE-2024-38303,0,0,028afe1755065337ff24d15854e1a09f4321a858b56f8ecffef2fc2440540b16,2024-08-29T13:25:27.537000 CVE-2024-38304,0,0,c9c5e31995efec3c1031188bcbced9384b5bd23fcd1002d4307a7715d8d36271,2024-08-29T13:25:27.537000 -CVE-2024-38305,0,0,ee5caad84873fbd92352a0446fe4dbaa8294a3e8c08e38b564114b506da289eb,2024-08-21T12:30:33.697000 +CVE-2024-38305,0,1,8b2a25f772813217d648083a791c87824d2ddecf111410c1e83c757aac9fac81,2024-11-25T18:16:27.450000 CVE-2024-38306,0,0,302c251894cd8175c95dcaa248535d0e8a6962400e46ca01099390440f888d26,2024-06-25T18:50:42.040000 CVE-2024-38308,0,0,fe139b0ba6074f0e39f21bcc0d3b2863f88a6047b3a5a779d5f8bedf5488475c,2024-10-07T15:24:34.517000 CVE-2024-3831,0,0,50e818929dc56e84afc0dd8fe8fae7a8b323529f272034386ddae5543191124f,2024-05-14T16:11:39.510000 @@ -259046,7 +259049,7 @@ CVE-2024-39486,0,0,53993c58f90918b7c97876ffca7dc269893e47fb56c6e517d9e82dcf2f998 CVE-2024-39487,0,0,07f5386c1bdf0075b39a52e9355dbebed54d46b5a78637d307e6a04462c33cf2,2024-08-21T17:18:01.117000 CVE-2024-39488,0,0,23685677cb72fbb43ef99f190181df9d9e8c31ec0d3e18867ab50491586a3910,2024-07-11T13:05:54.930000 CVE-2024-39489,0,0,c63175d29bd941720feca94efc3f3a1164cbdc8d8d5c1251ffb632e82e90379f,2024-07-31T14:50:26.330000 -CVE-2024-39490,0,0,3a7cfe69ff3072a0b714a0d11ffcf616850cc2417c5fe88da248bebd02107b67,2024-07-11T13:05:54.930000 +CVE-2024-39490,0,1,bb2525f8bdea5ea98a8ecd939fb733bc8da41a2d00234fb0e8dec30b7fc35804,2024-11-25T20:15:06.600000 CVE-2024-39491,0,0,af25979e19919d2c32f2a4545b8f16aa1b2a079fea20c3993dde8a730fddf96f,2024-07-11T13:05:54.930000 CVE-2024-39492,0,0,61700a334a3b229fec417915f64a5a7f087e170c95a01499eeb909ca8b8d8efb,2024-10-30T21:35:04.003000 CVE-2024-39493,0,0,1e9db7e81ec34cee90fac11925a12057887fa787e4909a68e8233bca0ebf86c1,2024-07-31T15:38:54.880000 @@ -259135,7 +259138,7 @@ CVE-2024-39571,0,0,b35a4f00350faa538c88f4f6d224a7df8752eca1297d346f418e4963a4c09 CVE-2024-39573,0,0,66fc7feceb0e35a8b2e536fb0fe145ff47c70fa679791c05a2dafe67c9ad9e6e,2024-07-12T14:15:16.400000 CVE-2024-39574,0,0,19f7903aaa2fe3131935c172a6b15d77efbdb8c9899ed2e523d65e46645a7e43,2024-09-16T15:59:10.653000 CVE-2024-39576,0,0,b954c37b27403600557da0d261dd953de929a61b04f025c8697cd0d77090d715,2024-08-22T12:48:02.790000 -CVE-2024-39577,0,0,a29f5fe5fe8f1b2ad43af1c8556f3cdf1a9d04c0f6fa260150fa000f3fc74f1b,2024-09-30T12:46:20.237000 +CVE-2024-39577,0,1,d04d10a10e5d8b8491ab50484278d3d71eaa9b5c56f3ce3e15aea13d8aa84a66,2024-11-25T18:20:36.807000 CVE-2024-39578,0,0,c57c67d60ebbfbb439cb464fedeceb835967a7da09b4f182842457f0862047f9,2024-09-03T20:56:11.277000 CVE-2024-39579,0,0,3b10efac241247907da1969516918327fdf07736fefefce9e8f33c60526e18a1,2024-09-03T20:57:32.607000 CVE-2024-3958,0,0,d5a5e3b155f3063c251dfec6027d4759e62e1ec9e2382396e782467b23eef014,2024-08-29T15:50:33.257000 @@ -259527,12 +259530,12 @@ CVE-2024-40395,0,0,3ba6dbce46079967e0577ccca7056038a218abcb260e702c86d066887bd84 CVE-2024-4040,0,0,4c2ad1f11d479d0071ddbaeb3523edde6a0cd9c4e74c065c69d4bb5c9b1ac029,2024-04-26T15:25:47.270000 CVE-2024-40400,0,0,aec60b9f9f600363c457f651ff723a62cac6ef548b5399a3264322f4567e7220,2024-08-01T13:57:15.850000 CVE-2024-40402,0,0,8f3b56ab0ece8779de55d2a1e01ca402786b5a92667e8e6ee5b5e922914d1480,2024-08-01T13:57:16.643000 -CVE-2024-40404,0,0,09c3b53abfd0e91392f863ace73d4bf792a3d39fa8ece0e52b239a44c680b5dd,2024-11-15T13:58:08.913000 -CVE-2024-40405,0,0,b6fe3ee9d74cb7dadbfaf01b71937c8526639bef219e5b271ae83c0ede768c3e,2024-11-15T13:58:08.913000 -CVE-2024-40407,0,0,cfdde6cfd1ec4997a6be04496533e6e3ba493fdb86485e1df9b448f4cdb421be,2024-11-15T13:58:08.913000 -CVE-2024-40408,0,0,f2a4bf811588bd6549be4495047343b805bc51122bf3c331b3657e08be80af16,2024-11-15T13:58:08.913000 +CVE-2024-40404,0,1,445285f90ab03fa1d6867f5ef77507dac62e682f808907e572ced02db9de2e5f,2024-11-25T20:15:06.890000 +CVE-2024-40405,0,1,480d2782a03dda8ab967dd8fe975a5efa4bf8df1f15583f14708be53b883149c,2024-11-25T20:15:07.150000 +CVE-2024-40407,0,1,c0e80793ff0a6477e7fafff17f097335d7930c7a8a4d58b941b1ea974c664682,2024-11-25T20:15:07.383000 +CVE-2024-40408,0,1,c9cbf7b38776a669b8179ec724976179708b2cd349fa4044903fc0e8b9d501ca,2024-11-25T20:15:07.617000 CVE-2024-4041,0,0,bd71d95aba274d30d448ad146bc23c848b8a3b9576dc252f709372f143cb7780,2024-05-14T16:11:39.510000 -CVE-2024-40410,0,0,df61a951d33ce95e69a8770a86879c0ecb50cd8e184ef90b585d3c5705171ad7,2024-11-15T13:58:08.913000 +CVE-2024-40410,0,1,da2ccbf844d4798872a7cb3614d6e1ebb23de5a77ebc7dab2d6e8b6d87973974,2024-11-25T20:15:07.830000 CVE-2024-40412,0,0,6bec7f774fa3844522b88a2194ef0a518564be0031f950daee4cc3a1d2af5bc7,2024-08-01T13:57:17.453000 CVE-2024-40414,0,0,cce4bc45b3fd958899493947d8b56ef56455ed7c491dfa2b8588a84925be9f13,2024-08-07T22:13:50.937000 CVE-2024-40415,0,0,97b6ea5de4ca3bbb8d7d817518418a144fefb721c0a2cb8a92df0a8cba71dbba,2024-08-07T22:13:41.720000 @@ -262497,7 +262500,7 @@ CVE-2024-44571,0,0,6ef20a14725bae57f9a567f27cd564fd830fef7d5d8219a7373f1812eb1e3 CVE-2024-44572,0,0,1fb641294c45b891575d0c3a1b41047f1bbad864be426defb5572f6f38bcfd4a,2024-09-12T12:35:54.013000 CVE-2024-44573,0,0,249f071b191a92f2ff5a0bdc93d8f57eeaa3495a59036eb24a231b76634d2746,2024-11-01T19:35:27.177000 CVE-2024-44574,0,0,cfb193c0fdfb56729a274c91dd51261fc44a3306d91c3856efba426d2348d691,2024-09-12T12:35:54.013000 -CVE-2024-44575,0,0,201a6ca7c7ab73c1cf72eb94fa46c058ee5fb2f214506723411e1243ae73df24,2024-09-12T12:35:54.013000 +CVE-2024-44575,0,1,8e6afa406b092fc97403bf18c894169ec34279244dffaf9d373a5db4a6bca366,2024-11-25T18:15:12.667000 CVE-2024-44577,0,0,f23b5398825615b1e4c9cdd4a9ee17debd24c87e40c16b163c6e9227921995f9,2024-09-12T12:35:54.013000 CVE-2024-4458,0,0,0a429f9bf96fae3ee6bbb1cf09933ff34e8fcd6340740204bd4095a557c4fb2e,2024-07-24T20:23:12.307000 CVE-2024-44587,0,0,df65b03ef618d179da9d66b0f4fc4c4e495ab75863a2207f1a4d99901686f98d,2024-09-05T17:44:56.007000 @@ -262873,7 +262876,7 @@ CVE-2024-45193,0,0,aad683d38855495998b9aca0a814babde19e695a0d6614e90cdeda08f7f96 CVE-2024-45195,0,0,6ffd475ceaf8128f565ed8b5cb0ab8e8ef23a6c0d5b146527899f5211dfb9259,2024-09-06T15:35:05.483000 CVE-2024-4520,0,0,b2949348c863aeabf77cf8262dadc8a1301ac645ed88723ebde503df8cb28e51,2024-06-11T17:02:16.967000 CVE-2024-45200,0,0,c755ac93f1b17cd8efb21d298d911a4f5dcab9011db4f75e5e04cf5d33a0f2e5,2024-09-30T18:35:06.983000 -CVE-2024-45201,0,0,83db05d7484ca5c2638e18e64e3b5c06d28a9caaae332ad6d01f844ea902b04a,2024-08-23T16:18:28.547000 +CVE-2024-45201,0,1,92b8bd132a22a911d082c4796a5c2704cf98ba27382f9f8c2bc815a661909645,2024-11-25T19:15:10.473000 CVE-2024-45203,0,0,0a34ec3cf21e7526a71f11433fb5593e3ea52ee9638fd0c30ca94a57eb961782,2024-09-16T13:27:19.190000 CVE-2024-4521,0,0,a1d240438f25322e21494c2ddd2f5ee26b23410f012534bc2c27a0a49b09a860,2024-06-04T19:20:41.223000 CVE-2024-45216,0,0,b5d4ad361df623d2747c2e3dcc354f4583c0440162a6f21fa826489a75df8c0b,2024-10-16T17:35:02.523000 @@ -262981,7 +262984,7 @@ CVE-2024-45334,0,0,fbd6312b35c8dfb00b7b9cd224a77361e6b346b18836cc30a53c0b55e9ac4 CVE-2024-45335,0,0,b274212e48083a12503af1b1ddd8aa59b1b69e860bfecb2e94b0f481925a580c,2024-10-25T14:37:39.387000 CVE-2024-4534,0,0,527a3127a7586bdf18d80cd2b5b17fe74ac5ed6a2aa4ee562148173cc1d9d3e9,2024-08-09T19:35:09.923000 CVE-2024-45346,0,0,2f7f906fa8e830e09f5dc1994b30102df77aeab36a86b7c31755a212ce377dbe,2024-08-29T03:15:05.247000 -CVE-2024-45348,0,0,f8397568e636cad274a96a56fcdbc01af3feb6775d5986faa9442985588b0658,2024-09-26T13:32:55.343000 +CVE-2024-45348,0,1,bc98fa80249f38a70998adac3e692307a7b693d0d2c59147b57b1bd3bcbd8953,2024-11-25T17:14:11.713000 CVE-2024-4535,0,0,87b4b5e0787ea182ddd9c6fa8e26c59b6c616e4e57e592ee0d6f169678ff9b64,2024-05-28T12:39:28.377000 CVE-2024-4536,0,0,7a5702ddadcf7f48c7c82ca09978f30e343a6d4f259e12cc6fa88068d1723500,2024-05-07T13:39:32.710000 CVE-2024-45366,0,0,66b88cd12e7b55bd127ef7ca0df825eb8a10e1eaef38a8fce322ba7e6ff8cdf6,2024-11-05T22:35:10.920000 @@ -263202,9 +263205,11 @@ CVE-2024-45745,0,0,095415295fb9e908dbd1bbbd24ecc8e41cf81936c17bbb0aa6290e6785ab2 CVE-2024-45746,0,0,7abeeb28473d4d90b0f40fa029a9f40cc62f9f19130bf135cc7a0a985dde62f8,2024-10-11T21:36:34.350000 CVE-2024-4575,0,0,9d22d248e877183fb374174504fab6bfc500414f16c234b88b687abe10cd48be,2024-05-24T01:15:30.977000 CVE-2024-45750,0,0,f86fce6cd4045728a00882dd42402a213a9d23f5fcb44064e442c5967c556b92,2024-09-26T19:35:17.850000 -CVE-2024-45751,0,0,cc5d68fd09f5f304456a6be90ad821b34bc4a7f1a983b99ed7260cdb2141f184,2024-09-10T12:15:01.857000 +CVE-2024-45751,0,1,a77f37e4ea9f9cb9a24bf925f3f2164ba340c3e11435309a55bc717109619c08,2024-11-25T20:15:08.047000 CVE-2024-45752,0,0,c56d2e99daff13fa264a8e02ee453ba88231a536487b9dd847b13fefb0df4a91,2024-09-25T16:54:27.520000 CVE-2024-45754,0,0,27881b9f8c3e60f9d5e35efd217ea03a3a53beb79b5679c0a5048b58d7f60f46,2024-10-15T16:35:07.827000 +CVE-2024-45755,1,1,214acbe9890f2a732448290139edf5942230569a0469dfa5778b57aca487e490,2024-11-25T17:15:12.293000 +CVE-2024-45756,1,1,c88c00192e21176f6155758efe042517d130d9b657618b8f3b05bd3fe303bdeb,2024-11-25T19:15:10.673000 CVE-2024-45758,0,0,e058696ef4ee1e11dde5d7f4a1626a6964f9190aeabab6642796a352a4a3c2cd,2024-09-06T18:35:13.043000 CVE-2024-45759,0,0,f59b470dfad0907ca734d4ff5b2320a0c753f38413ab3a3988ccb60d03e5f11c,2024-11-08T19:01:03.880000 CVE-2024-4576,0,0,d47b5037987d3332638a14c0dba5a2bae073fe818289e35d14fa9c3b2b647939,2024-10-27T22:35:08.450000 @@ -263472,11 +263477,11 @@ CVE-2024-46451,0,0,d3a56959d528545e5d37d75143f0c1e0141235a2bd503adf0162594e2e188 CVE-2024-46453,0,0,f2e65264e0b1a5c3ff7f710d8d23db018673f8328ef08ecc489a300ea4d9bf1f,2024-10-07T13:53:04.767000 CVE-2024-4646,0,0,368f6c8b75aa07d035e1b1b12d3ee4faeb304323401bbcc5aa2596217dc42f5b,2024-06-04T19:20:44.390000 CVE-2024-46461,0,0,cc86f5c42464c26c4a36c6d59fbb4ac13932ea21683a14dbd86ef949d78638fc,2024-09-26T13:32:02.803000 -CVE-2024-46462,0,0,b06fad07fa5dbe3b633d70853ae0dbca187c9454d2e508658e090b1bebb5299e,2024-11-18T17:11:56.587000 -CVE-2024-46463,0,0,d6fa67a7ed86e38cf1c592e3c3e7511cc9d5b86ce13d6dcdff016465adf2c804,2024-11-18T17:11:56.587000 -CVE-2024-46465,0,0,21070ef390839acce8b5d58dbfb4d3b934a46f4be9e45b21f54fbcf0be2a0756,2024-11-18T17:11:56.587000 -CVE-2024-46466,0,0,94c6fa5344898c2b907ac22c8282c36e4cdf76cd06bec6e69295ea455c2ef066,2024-11-18T17:11:56.587000 -CVE-2024-46467,0,0,183daba65906dede29b13c89d6f316a4235e3b7f00ec7424155fdec9b9cc05f8,2024-11-18T17:11:56.587000 +CVE-2024-46462,0,1,e4a2fb53b33a4f052ac3833f4ac91ba2a67c37ef046470b2e485567755a6bcdc,2024-11-25T20:15:08.323000 +CVE-2024-46463,0,1,0a7a035035d5cd0582187717d294f32f26f2c64d32863a93428234591e876c3e,2024-11-25T20:15:08.563000 +CVE-2024-46465,0,1,fdda6700bbe65dd20aeb74f55d6067ac4d211e513bae7b9ee1a208d093fee6d3,2024-11-25T20:15:08.760000 +CVE-2024-46466,0,1,067e587d17dec2888e824f15c156963ae055c7ed550517114081c62dc17a3436,2024-11-25T20:15:08.957000 +CVE-2024-46467,0,1,edeb76aa2ccb057359ad09d2aae9c70f0e54c1035e057ffebd5fe59c1a614325,2024-11-25T20:15:09.170000 CVE-2024-46468,0,0,d1dabc49a2c8f6666100b3e113a0965ffec605533a3aa178ac1056f150b98c3d,2024-10-15T18:35:14.680000 CVE-2024-4647,0,0,abfff49b4d0bc1323cd8c136d2663c14e45b73cbc22df4c684f6d02301cae0cc,2024-06-04T19:20:44.487000 CVE-2024-46470,0,0,4aeda2c990e579b9008226e62d5cbdc47a22a0fa6603152064e359fb3aa1bf47,2024-09-30T12:45:57.823000 @@ -264493,7 +264498,7 @@ CVE-2024-47799,0,0,de5bae16ec2678599ddf765fb89319547d13abf6f56de5efb31661988db58 CVE-2024-4780,0,0,4aec24b958d50bff73d14c7bd2f67b2a9793d4893d5ddbdba18f0fb02ea18cc9,2024-07-16T13:43:58.773000 CVE-2024-47801,0,0,e103685798e8b2dbc73e6876d080a93ca119ff0fe2d3b72153089026c306290a,2024-11-05T19:34:53.927000 CVE-2024-47803,0,0,f1080efaefb289db3b7c83152c009ece86e24390e0aefc406f78766a0804491c,2024-11-13T17:45:58.903000 -CVE-2024-47804,0,0,3742ae8ad7b15d6ff039d6d8a6c72598778cadbda52009e76dbb63569fce90ab,2024-11-13T17:28:49.420000 +CVE-2024-47804,0,1,10f5812c7d5c82996af69313db42afb28574b27553ea72513b30e7e1371550ff,2024-11-25T19:15:10.873000 CVE-2024-47805,0,0,6c51be7f72537aff5307d773eafe7e7345a2eb485d556a7afc321cd8a12ae6ea,2024-11-13T17:32:51.983000 CVE-2024-47806,0,0,7da0bb8e7fc9c3b1d389ccbc624a09ba22b5eddfdda079b80b993589f773a85c,2024-10-04T13:50:43.727000 CVE-2024-47807,0,0,6f73fcbd170bbcb4214e07d010ddde34567b580923105f0e5418ba9615969635,2024-10-04T13:50:43.727000 @@ -264536,7 +264541,7 @@ CVE-2024-47850,0,0,9d437471ee4f1be7fe8d8f91eb2162f8d4a45526c516c7abe8fcc5930f99b CVE-2024-47854,0,0,cef81393ed48661f146b05190eb5cd22e800b4711975bd0fc685986ac16438cf,2024-11-13T15:25:13.953000 CVE-2024-47855,0,0,55506bc59fb300d34c632b3a5f880b3df3b3b2206fd15f460c6853ba7eb245ef,2024-11-07T20:35:11.733000 CVE-2024-4786,0,0,bbc8c5b9b549878acd4ee1e5896d7add0ba995b55e84e619083dd37cca26f8f1,2024-07-29T14:12:08.783000 -CVE-2024-47863,0,0,10abe083ebf15da5e5a4651c918dbd885dcd0dbfb67f2dbc5a4b95794219eebd,2024-11-22T21:15:18.290000 +CVE-2024-47863,0,1,1709e98bbe195ceb22985b7365edbf4c38348dc3eeb4afeb51d588e87ff0f966,2024-11-25T18:15:13.063000 CVE-2024-47865,0,0,0970b7f6df3012fb0bc3443a9670f4f21476c8c3b81acc6e6b7a63f9648b2853,2024-11-20T08:15:14.890000 CVE-2024-47867,0,0,61f4df5a4a08eee13ad627f16450273fdbebcbdee4534b2d49b7e1adc602b8a3,2024-11-15T16:44:54.783000 CVE-2024-47868,0,0,b1d3ae34e95c1b5cdfd4777e6cf22588fee5fb92f1e32bee19fdee66c93a7d46,2024-10-17T17:04:35.547000 @@ -265702,7 +265707,7 @@ CVE-2024-50062,0,0,fb76c5d17773e9b99ba2a7f2c28322bbec6aca19454d77f6ffd53fa694af6 CVE-2024-50063,0,0,a5c7c4f7c284c069c3c3ba5dc2512cf03b36da5352fce4a1513dd1ca1cffea42,2024-11-22T17:26:31.070000 CVE-2024-50064,0,0,0fbb48f98a0eb4f4ff5ac7ecc0e869de5fbcd36b7eb760b827cf0f646f0d7eab,2024-10-23T21:49:29.423000 CVE-2024-50065,0,0,acca9cf28f900ef40d178c4343451c865da897e4de8fb20ebb290b68db23ec11,2024-11-20T20:07:01.320000 -CVE-2024-50066,0,1,a867e4a9abf96e6fb775bada218d6ea4ffc7e992f59041dc291c8b76ad09def9,2024-11-25T15:15:07.570000 +CVE-2024-50066,0,0,a867e4a9abf96e6fb775bada218d6ea4ffc7e992f59041dc291c8b76ad09def9,2024-11-25T15:15:07.570000 CVE-2024-50067,0,0,cd7f92b058928f9381866d19ee3707f46c9ff67524491021fd1106cc3aa345e8,2024-11-17T15:15:19.113000 CVE-2024-50068,0,0,b357b7d6a2971d612ca74bbd17c1e805d468b220432de66ab123477d4c8a0299,2024-10-30T16:57:35.427000 CVE-2024-50069,0,0,f0efb37fce406b5577ae6affb711463f72093df862fef1ce6ec787e41a622262,2024-10-30T16:58:19.983000 @@ -266306,7 +266311,7 @@ CVE-2024-5093,0,0,13d2e709dd3e7be8048d02a6012bbed004823bd119b45510128e77bb922bb1 CVE-2024-5094,0,0,a6da916325cb7c5c0cbf108ef5f048d7004d52e417cf8850e363484a9b36d59d,2024-06-04T19:20:58.470000 CVE-2024-5095,0,0,1588c0abfc34bbd50f97e7721e8e7ba42bb279c7cb42725ee04b715e36b1b7b7,2024-06-04T19:20:58.577000 CVE-2024-50955,0,0,8157390cc8753ab3c3dc03f615378f98ac2c1983a215bd6243bc7dc27b80318c,2024-11-15T13:58:08.913000 -CVE-2024-50956,0,0,61199958fcf25ae9206f0f8875ee79a0e783a402692b34e9d18c29f4a470b75f,2024-11-15T13:58:08.913000 +CVE-2024-50956,0,1,12124e11e67fab80bf49da8101d4c3d956d958942d16765a9a0238618204ee2c,2024-11-25T20:15:09.383000 CVE-2024-5096,0,0,5ed717834c38883681c6d180e391a0fccee5714f6ff3215bd896b6366e61be87,2024-06-04T19:20:58.687000 CVE-2024-50965,0,0,9bf5d4a724136551579847051cc192021c9ca6821a2f6911f3611ec5301fc7fe,2024-11-22T18:15:17.690000 CVE-2024-50966,0,0,c0f005c4299dd685198e56d1be45ab03ba5dbee734217c81e9ee9426dc60d25f,2024-11-08T19:01:03.880000 @@ -266359,7 +266364,7 @@ CVE-2024-51022,0,0,9c971f391f021663a674f6ebedab01c215349ea525c288aa5349243311884 CVE-2024-51023,0,0,b12f806c39027dd585f6605b170e48144a3513f557c323acb9850f669a22caef,2024-11-05T21:35:11.923000 CVE-2024-51024,0,0,2602616b46cde149e40ad1ec2305c8463ebfa9f137264738865d2534ea931b9c,2024-11-05T20:35:25.253000 CVE-2024-51026,0,0,62fad2f07d50146e8433d063d38894194ce538e71bf191ac14b4c471f5cbc87a,2024-11-12T18:35:32.357000 -CVE-2024-51027,0,0,0df86581863a598d2520a0e997d45372c5b4a9ad62b540c319606898003d1398,2024-11-15T13:58:08.913000 +CVE-2024-51027,0,1,0ed5a060dfaf55a6aeeb1ff31826ca334b77c68fcae973b41bc0e5cff044f75b,2024-11-25T20:15:09.607000 CVE-2024-5103,0,0,aef0baf1fd7c527670ecf099c59b541b0a60e91a3e6b8de1c582546f74d7df46,2024-06-04T19:20:59.297000 CVE-2024-51030,0,0,f2e747039aa1c94bb05e787f4d207222d754db12ded9f6bb6df83cbdf74d7a25,2024-11-13T16:47:16.060000 CVE-2024-51031,0,0,b86b8798942030d83468cd0fee37fbed37248c27fcb27a06dd2e8866d706c425,2024-11-13T19:34:52.990000 @@ -266378,9 +266383,9 @@ CVE-2024-51064,0,0,ece811d6bc4d0a8a39ffb1295a05e98aa14ea4b37a609a0a704291f46ae22 CVE-2024-51065,0,0,13eba658de2ad8a597e121d04159d33db90d11b073dc40f03a99a360d854cd46,2024-11-01T16:35:29.133000 CVE-2024-51066,0,0,43893f00c972f583b870a001430879894062f80987f31522bd1f9ce18500c0dd,2024-11-01T21:35:05.747000 CVE-2024-5107,0,0,f5453befe05d8931f9c9a9c4f41bacf3f3f4a7efb50cfd25019760201fcefc62,2024-06-04T19:20:59.600000 -CVE-2024-51072,0,0,252fb4bae771f42843e86fe88f3c223d233b5b624b3fad6fe23b0ca4caa1feb8,2024-11-22T16:15:33.603000 -CVE-2024-51073,0,0,6d6014f6d39b5c2d95fd9a10e2d40585efe0f82427d43e6309f1bb09f5f59570,2024-11-22T16:15:33.730000 -CVE-2024-51074,0,0,9e175eb527984683596e01e0916ffb783aff37116e00da66818c25b808284823,2024-11-22T16:15:33.860000 +CVE-2024-51072,0,1,e1042d252c1a0624cc3b64189c1cfc6b213ffe54d3f74283f7090f93cb443a94,2024-11-25T18:15:13.240000 +CVE-2024-51073,0,1,013339fd7fa328d3b1c83607a1d82b5d517d62588099cca85ddd21229f0fd8b9,2024-11-25T18:15:13.370000 +CVE-2024-51074,0,1,5340ce385ea99577a9b19a222d958a18e9d0f21977b4789af00373fa693190c8,2024-11-25T18:15:13.480000 CVE-2024-51075,0,0,65ae3c5f839d1343cfe96d616d54dd3277e3aa60c8e36fb4e4a98f4465a848c0,2024-11-04T13:41:29.567000 CVE-2024-51076,0,0,cd339191f7270b925031f2e79ccdef36faac89c073f1d7fece38ee50c55aeb1f,2024-11-04T13:41:48.267000 CVE-2024-5108,0,0,b8eaa0c49e3b7a0772fb8d227eefbcd229b705e71c1ea537a10c0b9ca289502f,2024-06-04T19:20:59.700000 @@ -266732,6 +266737,7 @@ CVE-2024-5172,0,0,b469524ff2309ced9aec08b056578c23e8b8b5248adb8fcea2b38cb214c812 CVE-2024-51720,0,0,d935c89d678e6c2465c73b44d2acf8e765a514a71ed8384e14cba8904616d4c2,2024-11-13T17:01:58.603000 CVE-2024-51721,0,0,180a180febf9a6891635b908522e8114d1418c02626388536e7361dbc23f9485,2024-11-13T17:01:16.850000 CVE-2024-51722,0,0,989ca169c6c454e742dc9963e9f58bdb1051de913d3f85c7e971d36fba8be826,2024-11-13T17:01:16.850000 +CVE-2024-51723,1,1,396a4757f193559d2a6f1b55a74b8b296d1e7f05a9e82fc3b3e447007f68add4,2024-11-25T19:15:11.050000 CVE-2024-5173,0,0,e808cbd0ff507575dfa32503bcc3a2123c9461298f1a4a4ef8cd294367da6464,2024-06-26T12:44:29.693000 CVE-2024-51734,0,0,1cd13d8635d39c437cbb33b350735ec8f4fced2309825670ef2275f584df030b,2024-11-05T20:35:26.167000 CVE-2024-51735,0,0,4d68a755141918a79130284871e942292c9f37924aba0b94103b08a16b1df114,2024-11-06T18:17:17.287000 @@ -267187,6 +267193,7 @@ CVE-2024-52524,0,0,0291fb2989ba5bd963e5ba7b16897e7b20eac1eef7056f852252def8abaaa CVE-2024-52525,0,0,87d8daa94d9c7b3468acdf4310326eea5f93ca728ee9d3040ae0a2505b89ffac,2024-11-18T17:11:56.587000 CVE-2024-52526,0,0,3ff8576252c4638e87e23c9cbf14531bcd7f764e2544e8015e850cb9c0cd5650,2024-11-20T14:39:19.647000 CVE-2024-52528,0,0,357b5377315c119aee7d7f03933ac3191b35ccfd203197b2c4dbf611d4131383,2024-11-18T17:11:56.587000 +CVE-2024-52529,1,1,aed0f6fba939d7e0fc9daf0cf45003636f5fec151d1b04e022b3ac89e63eab4f,2024-11-25T19:15:11.373000 CVE-2024-5253,0,0,73f9562f224a9a11b8b8279a7bf00d920003fa046cb7c88a3a55caf281adabe4,2024-07-19T15:30:34.717000 CVE-2024-52530,0,0,9accb3b51708da4056e1b2d60bf748a8c8f27363e68e7120159317514b4fed53,2024-11-12T19:35:14.927000 CVE-2024-52531,0,0,4a9a627b31c610f608576c39893b61b41c0efeb9f9d97b523937261d20004d52,2024-11-12T19:35:15.807000 @@ -267266,6 +267273,7 @@ CVE-2024-5277,0,0,c22b3e398c55d24f660b1a45a3310a9c6b0abef458e72374f87af318fc0920 CVE-2024-52770,0,0,7aa9649a9670c716ce311ac92684885a9b795e1a2574f48cc59bb70ef562262a,2024-11-20T17:15:20.200000 CVE-2024-52771,0,0,5216faefced1eff97e71e61bc18807aec97654fb9fefe72a0573a6ba693a0484,2024-11-20T17:15:20.637000 CVE-2024-5278,0,0,f0307415163f20adf37f2c92a0ed4578caa6aa4e699bedaa3aae52fa3124b77a,2024-10-17T13:56:49.813000 +CVE-2024-52787,1,1,5cf053b2abc44016dfcc451672fa6172c4f3b8dcb05262e0c71f35e05b29e3fa,2024-11-25T18:15:13.597000 CVE-2024-52788,0,0,4abe1fd7690362e0e6e7183fadbb1999ee1afb82444324d21e730957cf5066a2,2024-11-22T17:15:10.490000 CVE-2024-52789,0,0,f640d56967c5320ac75d58f4ec0e813038d23df15a507a7fb489e9968905a84b,2024-11-22T17:15:10.660000 CVE-2024-5279,0,0,2c6d1e53ece85fba55c2b83835d7abf75ca4da167ddbecc0aa984e59d469dd0e,2024-06-04T19:21:04.240000 @@ -267275,6 +267283,7 @@ CVE-2024-5280,0,0,86594c27d113c80fe7aa0a775d64720f8f3d823c49f62206ae5f1ae12a324b CVE-2024-52802,0,0,ff357ae423b4185f6e8528f29c93636cc2249c9e015517449516a4f8158b5ed5,2024-11-22T16:15:34.283000 CVE-2024-52804,0,0,8f245cf45089b95fdaaac467eb0e4e1eb7afae864da129b7e5bc629b398d8ade,2024-11-22T16:15:34.417000 CVE-2024-5281,0,0,d8e0f0c592f3cfcf36fc66f961b905d6afba3d53af3789e65e13042755c0a3cb,2024-08-01T13:59:43.367000 +CVE-2024-52811,1,1,d732a17bde6f16ede8be31f96ee410aad0e3e114ed23b65cb7e34c8157552b5c,2024-11-25T19:15:11.567000 CVE-2024-52814,0,0,05155b182462de438f0b1b6215658fb7f90ef7f2af8e5a0e3c447f1976037015,2024-11-22T16:15:34.553000 CVE-2024-5282,0,0,d02e51c4b0ee276cbc37162ff12b0d5f63d5cb6622dea90c00e2302f02b5f264,2024-08-01T13:59:43.553000 CVE-2024-5283,0,0,b38d3b6d84c245f47c02c6b1221c64126cc1590c1b6b303a3d39721ab1dfca67,2024-08-01T13:59:43.747000 @@ -267349,19 +267358,19 @@ CVE-2024-53062,0,0,e32700c33557358d5784d1ebd21f16a8e87aef87b2e2617962aff7be3c5d7 CVE-2024-53063,0,0,f035f57ca66a97638de1f9d8f94990b5e4e9ac04ef218bc8be51d04172111a43,2024-11-19T21:56:45.533000 CVE-2024-53064,0,0,3bb033dc6aae86fa2e5ece446a8e8c6ad0cd30bf017ce16ad3ca01b8f35e3442,2024-11-19T21:56:45.533000 CVE-2024-53065,0,0,50051ab04eb529a5f3837615462e27887f9fcc2921e459dafebab73a597de8c7,2024-11-19T21:56:45.533000 -CVE-2024-53066,0,0,4f44670a2729bf575ab701426b4458a092dcdd97055977e93f4e9822063e34e0,2024-11-19T21:56:45.533000 -CVE-2024-53067,0,0,2743b7cc2805b9791996ac1684922bb1283e7ee50839aa254a267908d281096c,2024-11-19T21:56:45.533000 +CVE-2024-53066,0,1,b6df3ccd2e373434ab94736c95ee77d4eee27bd64280c62d525629ef7f7c0422,2024-11-25T21:03:09.620000 +CVE-2024-53067,0,1,9d3bb8c5ae5090d9d88a3b216dfdb09b9af76d19c318be3e7297e5143c6e6055,2024-11-25T21:00:06.237000 CVE-2024-53068,0,0,95394cfc5f32c3da29765a2447a20db757db3b341b809b278465ed9fe936dfb5,2024-11-25T13:43:00.467000 CVE-2024-53069,0,0,f5c3dc08dd85594810e2e234abca83c46f325a99c8b12681eaf3a88411c504ff,2024-11-22T22:26:20.310000 CVE-2024-5307,0,0,9f60aac251e2e03d9552a0394a9c798214f03b8e43e7cbb0dd9de3359653dec5,2024-08-23T15:00:25.687000 -CVE-2024-53070,0,0,1dbda718e453760e461d319055dcae3099cba98c4000aef775158e342ac0b1d5,2024-11-19T21:56:45.533000 +CVE-2024-53070,0,1,fec68d2ee6c35b8e612d089a8a6513f0b9928e3c7c2d12bf0612c0d406c52a1b,2024-11-25T20:53:55.200000 CVE-2024-53071,0,0,33ad5da8002c3a0c9d64e8ddebfeae85f88c55b0cbce70c328e8d7bd3f2534af,2024-11-19T21:56:45.533000 -CVE-2024-53072,0,0,7574f682813daa5c3ceccbe90cee77d4dd2e034f0e74c2f9b2968f1a96236995,2024-11-19T21:56:45.533000 -CVE-2024-53073,0,0,e3aa308560cd3dd6cc47506b206af45b2d1fbdac14a2b750af9e9fe9cfd6eb02,2024-11-19T21:56:45.533000 +CVE-2024-53072,0,1,0332baeadbc05760f2eeadfce70cde9f66b50aa5c32702b265f2b2cdce0b46d5,2024-11-25T20:43:08.187000 +CVE-2024-53073,0,1,c4a124687f16864cea7121ca6ff88c5bd41d1180fe09dd3878043c78bba7a9b6,2024-11-25T20:43:59.833000 CVE-2024-53074,0,0,a5befe099246b6e79e3ccd6574afa6c7cdf657f4d54fbf716c577f3e4ea9a0be,2024-11-25T13:51:28.137000 CVE-2024-53075,0,0,b8a47df9f6008c83b93e2abefdeadbc449d2b3e2a3dcb44f41e184a3b9508346,2024-11-25T13:58:31.503000 CVE-2024-53076,0,0,0be57ac15a64c608a1e52bd99fe58bd7fdd85d1305039bc11b5396e02cea259c,2024-11-22T22:24:24.607000 -CVE-2024-53077,0,0,f28436e3547a098b80bc29c6ba6263f592026da63ae3b3be2bac52a9cd398691,2024-11-19T21:56:45.533000 +CVE-2024-53077,0,1,00b9d8c03b0897577603ba9722b5741dae994d46788395a5ed57813d6fd9f76e,2024-11-25T20:41:41.093000 CVE-2024-53078,0,0,fb4576ab424097abb54c012dfd85f820fb3d67465f92657a79299e53e0dd3ac8,2024-11-25T13:31:57.063000 CVE-2024-53079,0,0,feb4dd4b279da03f1175e573ff936491912f98a2521bb1b4a43e7053521e47ac,2024-11-19T21:56:45.533000 CVE-2024-53080,0,0,4f55f4219302c380e18d9d77a4d8b74dea1e1e7f2dd32de0e9052894f115605c,2024-11-19T21:56:45.533000 @@ -267387,7 +267396,12 @@ CVE-2024-5322,0,0,34d5429047e5a1854ac8faff5145e41fb19a8e0b0a19efc95aa08c4b8fb570 CVE-2024-5324,0,0,68af38ce3b695644cbcf19d3a148fcefd2523c0cdca6a2454fd88f0297edc15c,2024-07-24T17:42:49.020000 CVE-2024-5325,0,0,3161b31796f943a80af27275e8f23d08c58d4d31d567c9aa76aee11dec3e806e,2024-07-12T16:34:58.687000 CVE-2024-53253,0,0,d8774b8b7a52a6828fee68f5032117fca8a6e77570ad308c3ddf9958a04b65eb,2024-11-22T20:15:09.210000 +CVE-2024-53255,1,1,d61a8d7710c40f67983bd99e9267ded1e91d86ea0747c698bd8cab97316873cd,2024-11-25T19:15:11.760000 +CVE-2024-53258,1,1,a915b82637f40f0c10b7fb4e3ffc3bc669fcfe23ea0f5d157743938cb68f10dd,2024-11-25T20:15:10.030000 CVE-2024-5326,0,0,2be4cbe8832da29a051a88af0386c312f2db765fd88a5b2a911937a61354bc30,2024-05-30T13:15:41.297000 +CVE-2024-53261,1,1,26d255de57d248944569dc2de87b17d6f9e71a4446cd8213a8b457b4c29b3a3f,2024-11-25T20:15:10.217000 +CVE-2024-53262,1,1,b58ac4cb966f18ebf91dd1e51ed9015ec986a3fab28fed8c4a716894290c935b,2024-11-25T20:15:10.423000 +CVE-2024-53268,1,1,007aa1474b5fa3204d1321367c5c9ffff4ab0370ad189bb72596a6cd01d88cfa,2024-11-25T20:15:10.583000 CVE-2024-5327,0,0,4827791dbb34368c55d6cd06e5ae60d7938f5b7d8da35d37ecd04c9478388419,2024-05-30T13:15:41.297000 CVE-2024-5328,0,0,389f7ef980e9d16941bc44acc7d327871d53fb707d54ba8870eb280f34f36d8b,2024-07-23T19:41:49.540000 CVE-2024-5329,0,0,455e8737b3d3fdaf4e090dd4445471ebeb638ae4f41003db454e4798dec65f13,2024-10-14T13:43:12.070000 @@ -267421,6 +267435,7 @@ CVE-2024-5356,0,0,85f64e8ba0cebff8187202ea327ca3c906742c5e7d2301ba82b2780a509234 CVE-2024-5357,0,0,3e42587e7af2230be214dc062d75c1c832a73aeee43ae2fc11277198b34ad5c7,2024-06-07T20:15:12.387000 CVE-2024-5358,0,0,fdd72871ebf6d62b075a63baf142931fcf44d230f54a18747bfadc4ddcff1dbe,2024-06-04T19:21:06.077000 CVE-2024-5359,0,0,0dc709734361df5232c8a75ae2b832e7f1398579fd9d2edbd5174e887cf59eee,2024-06-04T19:21:06.183000 +CVE-2024-53599,1,1,67fbbaf563f5264c7c7b7cc504f4be3c03b675a9f95340c37054ca3fa1b35767,2024-11-25T19:15:11.957000 CVE-2024-5360,0,0,9a09bdfd8f70d621de992279dbf64a12a444818faeedf82bbd859ed192a0d3f0,2024-05-28T12:39:42.673000 CVE-2024-5361,0,0,5486d2207143454b44a9225276732f9ee62f5258ee0c41c9fa5501a1b55451e4,2024-05-28T12:39:42.673000 CVE-2024-5362,0,0,5b47523dd74fc943fbc0021df1551e4d13ec69c02c41616d4b2935f18460ef93,2024-06-04T19:21:06.287000 @@ -268729,8 +268744,8 @@ CVE-2024-6805,0,0,3651654a5946ae683f545f40a6b057035965334d6f69d74ec8dde5ec6f9814 CVE-2024-6806,0,0,9e07e4dacc7e195c5559dec5c29b82d20702a0a9f01ec928e67a9b84e15c4ba7,2024-09-17T14:09:15.247000 CVE-2024-6807,0,0,a50f4fae586037aea5e5ca10bbbaba2b046500e28f99e7a4c09fdd0417545b08,2024-09-07T12:56:42.300000 CVE-2024-6808,0,0,2df5a702fa4af6687f0c8dc8e100812ff9b6b346801edb239f41e0ca638c0076,2024-07-19T15:04:43.837000 -CVE-2024-6811,0,0,3783c4b19c44b2b3a4352141b8d7f3cd7a14a6c6285a64de15dc2bfb019618a1,2024-08-23T16:27:10.317000 -CVE-2024-6812,0,0,8e1121952c5aeb16bf1d39eda593e33b37b43c381863d39f50a5660da76ba8d3,2024-08-23T16:29:39.737000 +CVE-2024-6811,0,1,d8ff9215db28d240a97869585172792ca5a219ff11d059722111d97e3a845278,2024-11-25T17:17:22.273000 +CVE-2024-6812,0,1,8a972a69293dd4717cbd82f803b2c22d8c11e37b05ad510585efd0656e99c75d,2024-11-25T17:17:07.970000 CVE-2024-6813,0,0,288fb5f3b41e930aaeda182bc54b653e53d0161372a0e3799ecbdc40b9084de5,2024-08-27T15:01:38.630000 CVE-2024-6814,0,0,de17dadc03a3a7b793b54f2a6cb99adf9aac2d3ddb1fae1587e0c4f510c1fc2e,2024-08-27T15:03:09.817000 CVE-2024-6815,0,0,6507021e6a1c22d5db4cd218e87c50419a6b4cfd9d917ac6233f4e1a335890c3,2024-11-22T20:15:12.130000 @@ -268981,7 +268996,7 @@ CVE-2024-7125,0,0,eeabb5486a5ad2f2094206d4f0142bb635fc7a57bcd2279354b026b1e44628 CVE-2024-7127,0,0,2842be40cd41bba2687b1d2d238a3a521369bfe05553f868496bd1f3f7f4951f,2024-08-23T14:00:59.740000 CVE-2024-7128,0,0,22b40e3236f05da8de2b73f629340b5796a3b45429dedc50864bf862ccb583f9,2024-07-29T14:12:08.783000 CVE-2024-7129,0,0,7be2af5cd46444dfa860a3986fbc878686c2d44c992fb72236870ca711446d78,2024-09-27T18:26:27.560000 -CVE-2024-7130,1,1,df719a75ea5241df27658111f029bd80ed4b26d7cb91d2956e994301c61dc32e,2024-11-25T15:15:08.260000 +CVE-2024-7130,0,0,df719a75ea5241df27658111f029bd80ed4b26d7cb91d2956e994301c61dc32e,2024-11-25T15:15:08.260000 CVE-2024-7132,0,0,34e538992e1db50af40840562cffdd29291c9132a1cfa0259a3c665033fdd179,2024-10-07T15:44:37.107000 CVE-2024-7133,0,0,717bce18b1e84ac850eb1ced68f8178470529ff4827bef90b482d0644c3109d8,2024-09-27T21:27:50.053000 CVE-2024-7134,0,0,c5170ada8be1ea583d3dc92d1c0c20ff0ddcfa0f860d82c947cda0aff2380786,2024-08-21T12:30:33.697000 @@ -269671,6 +269686,7 @@ CVE-2024-7911,0,0,859a4ab2d69fd8051484705c8ccd7b2fca36f9fd16b342bf7a32ac0026ea24 CVE-2024-7912,0,0,d022e995569549791df9628a3255ea9ef44a2cde43358affb6b230c8e7dbab8f,2024-08-19T16:16:10.667000 CVE-2024-7913,0,0,3ca4516cfde0ec40156a2de25faf85d000b43871724e778a5c8d5e9733f2280f,2024-08-19T16:14:30.670000 CVE-2024-7914,0,0,360cef7c15cef40e34b5743ca5d838d36fa6ba30c6337dbb0cc4fd0cdd37714c,2024-08-19T16:12:51.837000 +CVE-2024-7915,1,1,5c47aced80f8cca8fe8d6c9d666f6f7f282dfe0284780f998c20fa39fdce534b,2024-11-25T18:15:14.530000 CVE-2024-7916,0,0,2890180016b54dc9da9d7caa383969ad75f3180954e602dd9178d25d09afddce,2024-08-20T19:38:11.163000 CVE-2024-7917,0,0,1232374447889b44f95a3651db2b7e919b58eb5c9a0d77c398ae62eee2338564,2024-08-21T12:30:34.283000 CVE-2024-7918,0,0,c04f7a29de57a9e48c1dd247a32bf45277bed143c620ae2ac9f6284ba5b1659f,2024-10-07T16:56:28.940000 @@ -269935,6 +269951,7 @@ CVE-2024-8267,0,0,a2c757f79a1be4af3dcdbc6f7c080b05c84634b9f014df0bba5d8d956f6b81 CVE-2024-8268,0,0,5be7ed43bc13c42d107f9505f0e50c5c3da78418e570e46eb634a6a34dba57c1,2024-09-26T16:15:31.053000 CVE-2024-8269,0,0,1cde71886327f84d38bc524bb03f145915447114bd4b7b254fb181f8027e91d6,2024-09-18T15:20:44.553000 CVE-2024-8271,0,0,5caaf7c53ddd5d3d02088dc4ed54b782a6f9790a592df3b53ca1243988b016f0,2024-09-27T16:21:38.463000 +CVE-2024-8272,1,1,d7eb69c7a4d623f87d6728ab3a4cfd8013589291bfba553f20b7287cb73b5bd6,2024-11-25T18:15:14.673000 CVE-2024-8274,0,0,81f15088246893eaf3249a3304ee5d5199071263c8883a7f9f22c293a16a376a,2024-09-03T14:28:06.853000 CVE-2024-8275,0,0,51e1ea7caef25d27b6b41142c09640cebec413599e9a871eb48577f39eda902b,2024-10-02T19:14:54.870000 CVE-2024-8276,0,0,3274d76cbc571327fcfea77f70e01de12a7ccc769cbd3850878973b51b7dc40b,2024-09-13T19:19:42.293000 @@ -270694,10 +270711,10 @@ CVE-2024-9254,0,0,0c155f4dc59bc8496052b19cde5564b87172dd0e88119742318eb533c5663f CVE-2024-9255,0,0,3ce1cafa758f686588c02a69e0a2d164e1bf93282fb8104afc3a6e944b85214d,2024-11-22T22:15:21.773000 CVE-2024-9256,0,0,ca2f34f378c8385554c1c6627c4e221c455b2f960e3ad93b6df3902e7d0eca78,2024-11-22T22:15:21.903000 CVE-2024-9257,0,0,069193eb3884fdef344f93e2f6ac9b78dbf729bbb7402c16ec2baadbb3832947,2024-11-22T21:15:23.787000 -CVE-2024-9258,0,0,ea4408de93bf5bca47ca2c0a44e1519a53f96c02c6b645c66e53a710f3e94cc7,2024-11-22T22:15:22.033000 -CVE-2024-9259,0,0,059a343d1696c3b1a628c62454a10810a88989a2ec21292c627b42cd211b7d15,2024-11-22T22:15:22.153000 -CVE-2024-9260,0,0,d18d0745258245d5c6a7a32516bd1db2d263632567b6202b8ac357aff379375c,2024-11-22T22:15:22.277000 -CVE-2024-9261,0,0,74cb922aebc2ee3860ba03162933e13fa6a699a25ad77650be0031bb1d3f0a4a,2024-11-22T22:15:22.397000 +CVE-2024-9258,0,1,dead427af30f8ff875059650d01008dd6a93625fa5d19061b8e08b64f09006d2,2024-11-25T17:15:32.283000 +CVE-2024-9259,0,1,2cabaa7ed0a6383d684de5974ee246b50557210200ad738850acd35849d59f3e,2024-11-25T17:13:49.060000 +CVE-2024-9260,0,1,2b48e3b38ba22081340c2792e8f8d1a71586a3605d87a113972e2ab9308e173e,2024-11-25T17:16:40.663000 +CVE-2024-9261,0,1,fc7fd8fa9db00a8fe32d000f76af3b335059fdd5fb63f6130b3ff642a3ccee23,2024-11-25T17:17:17.177000 CVE-2024-9262,0,0,0faf581ebb856c33af20ae813ef5903cd96d0da73e2d232fe550d71402d04408,2024-11-12T13:56:24.513000 CVE-2024-9263,0,0,ee4f7b487368511acdd8209efd3b16cc7ea9463265fe8e2495be906cd811a62e,2024-10-18T12:53:04.627000 CVE-2024-9264,0,0,453599246838d2f15e3e7a7864ab2c75c071b729888f2b98b95994ed621e8268,2024-11-01T18:14:31.377000 @@ -270993,13 +271010,13 @@ CVE-2024-9666,0,0,e2a3540bab71afda1dcc140eb145bf53e593e90f0e4c2cb6e0cec9154f378a CVE-2024-9667,0,0,db0574de12822738c38c8016441ce46841c68ee532fe6a4e072cebc9412ff13d,2024-11-08T15:27:25.697000 CVE-2024-9668,0,0,f818a6b8cdaa67cfd4295b3c202a4554201abb8c6b4c20c52c4343e3261d3200,2024-11-19T15:55:00.840000 CVE-2024-9670,0,0,f306c0fbbcbde1e6a65006fd3bdd50d366f02be816ff2a6f00ef3348b3b76328,2024-10-15T12:57:46.880000 -CVE-2024-9671,0,0,421f1b0ad6825ff096efd81ac122f33bafcdf7b21693a85f65613389bca55f89,2024-10-10T12:51:56.987000 +CVE-2024-9671,0,1,dcd055e44b7247318281ffcf463a48411c85db46fb1b3636a2e13ae3cf953bfe,2024-11-25T18:17:11.960000 CVE-2024-9674,0,0,99b8206db3c3741ff50725aa3969c36280edf4a37082b6473da1336e00a39d59,2024-10-22T14:02:50.473000 CVE-2024-9675,0,0,eca475b135003e7e06db8f69f6d2f142dd27c257379e7a0b16967a90dcf42a39,2024-11-13T08:15:03.170000 -CVE-2024-9676,0,0,2d4dfe68dcd6b64ddbe897411bad54b0333159227c305186e59fa47b6d248933,2024-11-24T20:15:05.407000 +CVE-2024-9676,0,1,1b97fd6ac229aa8a8b9c08b52e59425e78fb086ebc3030ac254a462349b65cb9,2024-11-25T20:21:59.140000 CVE-2024-9677,0,0,944e049c847e061867c66e6b586a0cd99260b04bc2e2059d736567bf47cae00c,2024-10-23T15:12:34.673000 CVE-2024-9680,0,0,aade85a65f2f99cc47c2fb834c470dcfc4a6380ab6735d9434c311360504724b,2024-11-19T17:29:12.207000 -CVE-2024-9681,0,0,5184b45d0c5be56c6e66f5f4d21584d3fd220046fb9bac6604ac868b54d81bd8,2024-11-06T18:17:17.287000 +CVE-2024-9681,0,1,8b924b450d4a6dbb27601fbb04f08d88c9285a0a1a67208f21518dfaaa0a72ba,2024-11-25T19:52:56.417000 CVE-2024-9682,0,0,2122d85927443e1998d90f1dfaf0e30f87a59df9f9140f4f34d3cb7460150d67,2024-11-19T15:47:07.517000 CVE-2024-9683,0,0,a648737766df3deb74ddc86e7dcd00883598b7b3c943d9054e11451b5f185407,2024-10-18T12:52:33.507000 CVE-2024-9685,0,0,a93c724a8b2ee6ce4a46c54a35028c939ad55b1fb441a5b479f473edc57de420,2024-10-15T14:30:00.483000 @@ -271008,12 +271025,12 @@ CVE-2024-9687,0,0,ae8c4791dae243694c67044fa0088a221548cce6d43bc08144a537d590a79f CVE-2024-9689,0,0,8f8c579186810d2b61eae71f3a64a7543fcf1895acd4679afad8157c388bec86,2024-11-07T20:35:16.807000 CVE-2024-9692,0,0,6637a78c6a5a322d069f0f0384d674a49925fbfbbf719ba95a3af042d35fdc19,2024-10-25T12:56:07.750000 CVE-2024-9693,0,0,d3ce3af0a6d80dbc98dd50b33c81a1344c9e31c2a5be66350b63da26f2e128f6,2024-11-15T13:58:08.913000 -CVE-2024-9696,0,0,78e7cb06b620e1544d9c6811ae0c44cf981cc195d0067b351c711666292c356e,2024-10-15T12:57:46.880000 -CVE-2024-9700,0,0,ee544a9b692e7ab9f9ab56395ca8011eb3604c34474b906ade007707a048f142,2024-11-01T12:57:03.417000 +CVE-2024-9696,0,1,d30db32e6e91542491621f64f323265f1c350c675c770ec19d03f3299ae1a70c,2024-11-25T20:42:32.327000 +CVE-2024-9700,0,1,44ec8c5b1c72b9ea93133516d058ebd0146b084de37af1e6b9ed3d48584cc0ad,2024-11-25T19:57:41.387000 CVE-2024-9703,0,0,dd5db55cccdddcc3b58f6b494a8ef777447f72688cd0a2c60dac8e42fee7b6a9,2024-10-22T15:25:27.887000 -CVE-2024-9704,0,0,44ebf677ae69495b92126e2eb8d9d17c07544c8235e40f4412f83b24b48e2f3a,2024-10-15T12:57:46.880000 -CVE-2024-9707,0,0,cde0816a76e7682ea9f7dc3a69f12238a4d95599cfec418d205198361a6879cf,2024-10-15T12:58:51.050000 -CVE-2024-9708,0,0,08bc1437568decedc8d133fc5b87f480913bc1f7eb502b0ca93b4d7f941cdca2,2024-11-01T12:57:03.417000 +CVE-2024-9704,0,1,92369527b8063da99abdde67a70ddbdd6e4fcd2e3488ceb190263ec6140f02ae,2024-11-25T19:19:22.113000 +CVE-2024-9707,0,1,c90f2d8626169c06a9c1994156c8d1b566f9edce507a1b3435b11fb610b79fc5,2024-11-25T18:50:39.867000 +CVE-2024-9708,0,1,fb28899552a0c0ade25a514ca2898578f5022c4291bacf5908d8bff46bbb03b1,2024-11-25T19:59:31.110000 CVE-2024-9710,0,0,126960c7f1cfd4e8c0223664f79eaa5f17ef8dbaf20fff748e956f3eb8545d99,2024-11-22T21:15:24.043000 CVE-2024-9712,0,0,d53c48c9aa96cdf2a3ea1ba1e63beada343d01b44021e3baef369e20c7b75eee,2024-11-22T21:15:24.167000 CVE-2024-9713,0,0,d21d278290ff50075ddd640cba87a00a4dac8d26cfe898058cbead19058b8efe,2024-11-22T21:15:24.280000 @@ -271035,31 +271052,31 @@ CVE-2024-9728,0,0,41b00b90dc2575127c06fa90c02650769cd3afe1d58c058f5eafd9850fd2cd CVE-2024-9729,0,0,b7144399658b6122158b240c8009b380dbb643804ea7bde645367f9422c9a6cd,2024-11-22T21:15:26.270000 CVE-2024-9730,0,0,160997d3b401eb40b15b1ebe8fc1bbf584ed14255b2bc8ab797da0de7bf21b31,2024-11-22T21:15:26.383000 CVE-2024-9731,0,0,8fb76e12057f752ef20ab8ff8eb6cd614ca381636a4a9f13a41a9dcf4afc21f1,2024-11-22T21:15:26.497000 -CVE-2024-9732,0,1,75bd8ccbafa1164fb2bc2e904c266ea5b3d4e844ff5a6bf81fa0506add0b3880,2024-11-25T16:12:03.470000 -CVE-2024-9733,0,1,943caa7e6e77cbb776d48ac36e054fad79c8ed0be0147a99afdf96d7c4d02ee4,2024-11-25T16:46:02.380000 -CVE-2024-9734,0,1,838ea6ade4b24efdaa7a8fc28d0795104002a85970ad65a5b9716373ea3c41b0,2024-11-25T16:45:50.453000 -CVE-2024-9735,0,1,af58c415355ad19e6aae8498658ab23a4759debe42aa7adbc41d7b30e595d136,2024-11-25T16:45:37.677000 -CVE-2024-9736,0,1,edc39976efad59bb5e1b9588b7d3f8c7a4b85148eb839065d777ea6d5289d4b4,2024-11-25T16:45:21.567000 -CVE-2024-9737,0,1,940a9692b147e65f2261ffe1afe85ee488e9093dede5a52c4d5946c9b58720b1,2024-11-25T16:45:11.627000 -CVE-2024-9738,0,1,ea947192a696d93537d648632d59407f5af9b435b9dc064342704e75f9c1a269,2024-11-25T16:44:57.730000 -CVE-2024-9739,0,1,f9167538a21275934008a4c3f2d85731818cff4c21bfa8e3ed9b1a0b9fec081d,2024-11-25T16:44:41.507000 -CVE-2024-9740,0,1,8aa43a964b653342da3af1338441ae7bd8382aa2cf7e90776386f103f3f86674,2024-11-25T16:44:27.720000 -CVE-2024-9741,0,1,ea9ab301e47f4a452e059ff9e57094e7a06922939415035c234a626ace6265f8,2024-11-25T16:44:15.387000 -CVE-2024-9742,0,1,d5827b0ec2f496ca5a869c616c0480279936689a28fb789f22b6725ce98b06d2,2024-11-25T16:43:58.023000 -CVE-2024-9743,0,1,4949af9572c68e4a058560077953903a5020b31220d4e950ebf3d3c08d3fea4a,2024-11-25T16:43:27.847000 -CVE-2024-9744,0,1,bc8a145310b9f256b7fac1134fd3963f1240d9b1689520844b4a630f65d22d2c,2024-11-25T16:43:10.790000 -CVE-2024-9745,0,1,6ccaa91421ef09d860a27c137d386ff5d553e01eee158f2e0ba9504deca527e3,2024-11-25T16:18:31.170000 -CVE-2024-9746,0,1,b4f1fa0cc11bdcb820b366461cebc840d4a807a8dfce7fb5abe5ea8a4b560b2e,2024-11-25T16:18:17.007000 -CVE-2024-9747,0,1,fc3d51dc8394edfbc7d16d5783941a46020e3f284171391bbe3e210537b65d27,2024-11-25T16:17:27.573000 -CVE-2024-9748,0,1,f1e93b3eb60a7a8af523dfc1a78d2562ae57bb30b46f9d7831074773fc675812,2024-11-25T16:16:04.847000 -CVE-2024-9749,0,0,0858de91a5ca5972b8efc35c5807ce30db935b14174b2fee417e82fd4465519e,2024-11-22T21:15:28.850000 +CVE-2024-9732,0,0,75bd8ccbafa1164fb2bc2e904c266ea5b3d4e844ff5a6bf81fa0506add0b3880,2024-11-25T16:12:03.470000 +CVE-2024-9733,0,0,943caa7e6e77cbb776d48ac36e054fad79c8ed0be0147a99afdf96d7c4d02ee4,2024-11-25T16:46:02.380000 +CVE-2024-9734,0,0,838ea6ade4b24efdaa7a8fc28d0795104002a85970ad65a5b9716373ea3c41b0,2024-11-25T16:45:50.453000 +CVE-2024-9735,0,0,af58c415355ad19e6aae8498658ab23a4759debe42aa7adbc41d7b30e595d136,2024-11-25T16:45:37.677000 +CVE-2024-9736,0,0,edc39976efad59bb5e1b9588b7d3f8c7a4b85148eb839065d777ea6d5289d4b4,2024-11-25T16:45:21.567000 +CVE-2024-9737,0,0,940a9692b147e65f2261ffe1afe85ee488e9093dede5a52c4d5946c9b58720b1,2024-11-25T16:45:11.627000 +CVE-2024-9738,0,0,ea947192a696d93537d648632d59407f5af9b435b9dc064342704e75f9c1a269,2024-11-25T16:44:57.730000 +CVE-2024-9739,0,0,f9167538a21275934008a4c3f2d85731818cff4c21bfa8e3ed9b1a0b9fec081d,2024-11-25T16:44:41.507000 +CVE-2024-9740,0,0,8aa43a964b653342da3af1338441ae7bd8382aa2cf7e90776386f103f3f86674,2024-11-25T16:44:27.720000 +CVE-2024-9741,0,0,ea9ab301e47f4a452e059ff9e57094e7a06922939415035c234a626ace6265f8,2024-11-25T16:44:15.387000 +CVE-2024-9742,0,0,d5827b0ec2f496ca5a869c616c0480279936689a28fb789f22b6725ce98b06d2,2024-11-25T16:43:58.023000 +CVE-2024-9743,0,0,4949af9572c68e4a058560077953903a5020b31220d4e950ebf3d3c08d3fea4a,2024-11-25T16:43:27.847000 +CVE-2024-9744,0,0,bc8a145310b9f256b7fac1134fd3963f1240d9b1689520844b4a630f65d22d2c,2024-11-25T16:43:10.790000 +CVE-2024-9745,0,0,6ccaa91421ef09d860a27c137d386ff5d553e01eee158f2e0ba9504deca527e3,2024-11-25T16:18:31.170000 +CVE-2024-9746,0,0,b4f1fa0cc11bdcb820b366461cebc840d4a807a8dfce7fb5abe5ea8a4b560b2e,2024-11-25T16:18:17.007000 +CVE-2024-9747,0,0,fc3d51dc8394edfbc7d16d5783941a46020e3f284171391bbe3e210537b65d27,2024-11-25T16:17:27.573000 +CVE-2024-9748,0,0,f1e93b3eb60a7a8af523dfc1a78d2562ae57bb30b46f9d7831074773fc675812,2024-11-25T16:16:04.847000 +CVE-2024-9749,0,1,b4a4cb7a7e2ed29494903739f7dedc0d0b628bc8a0612acc9ffa95655d50faa7,2024-11-25T18:58:36.077000 CVE-2024-9750,0,0,50c566919a51f8be3bc6653478c682f4aff91e0115b1409db9dcdbae4be42fe5,2024-11-22T21:15:28.973000 CVE-2024-9751,0,0,502422101dd37211c529eb60e9460f0029c22d0c958018c6e16b247d2c36a300,2024-11-22T21:15:29.093000 CVE-2024-9752,0,0,cc80b0f6feb087fe11edb9c73f258a4bb12e3d2bf1ebca1be79f3bf3171f8cdb,2024-11-22T21:15:29.213000 CVE-2024-9753,0,0,52d4f3acff895bd7a6ffd6b4d458fdaf3c9580168bf75876b6b1ddb52b7c9e34,2024-11-22T21:15:29.333000 CVE-2024-9754,0,0,869b9ffa73633a8c504e91a8d2a56c0f45b9a730a7bbb5e3e6543cc881637863,2024-11-22T21:15:29.457000 CVE-2024-9755,0,0,53fc5d522b95af24c769bd48676c24c6ff077be761b00a59b6d1087ab13dc0ad,2024-11-22T21:15:29.570000 -CVE-2024-9756,0,0,8173cad728731052b89b4b59f3b4da8665b01e9fe6a8b575d907d967b2da6473,2024-10-15T12:57:46.880000 +CVE-2024-9756,0,1,9148e76585a16c910e97a54325b51f8747273a547943c29c001cb0cc296240e9,2024-11-25T20:49:23.220000 CVE-2024-9757,0,0,d63d1a73eb1226f0ec12ac801319ec47c69cda2abfa1cddcd17208a8b8d87f4f,2024-11-22T21:15:29.683000 CVE-2024-9758,0,0,8012c466870233ab1d14cd5a022d121f3f4b9299e2e1ac356079b5b21375d95a,2024-11-22T21:15:29.813000 CVE-2024-9759,0,0,7bd935b5cd23cdc1a9b3ccdd6323c5442e43e5a5dfdf8e977c62521d83a62491,2024-11-22T21:15:29.927000 @@ -271070,30 +271087,30 @@ CVE-2024-9763,0,0,773a0cffd511db6422d452dc98b5722990978885d04c21ac7b68dcdff9ecc3 CVE-2024-9764,0,0,9cc3bc5866b710f8083fce151aff8948d5bfb29c8b033a45640ae262dd11bd9f,2024-11-22T21:15:30.500000 CVE-2024-9766,0,0,58a9a848a761b7a7389872a2a7b68c3c6cf333af64497b33b286bedd4c7ff978,2024-11-22T21:15:30.623000 CVE-2024-9767,0,0,4ca699d6a3b2186967330ac88b9f14f79524ba910e3d7d02f06998a567a71584,2024-11-22T22:15:22.593000 -CVE-2024-9772,0,0,0d1b30d428fb6796ba367d377c6619e6bf9b25cc03796237a99e8a8d275b84f3,2024-10-28T13:58:09.230000 +CVE-2024-9772,0,1,043bc7caa6859562432d521f3501fd215394ad297fe3470375010095d76d8604,2024-11-25T20:03:01.613000 CVE-2024-9775,0,0,e3916d71ec9dd0d5246614a59a1cb4484a6342794b8a5103a7b8b237fed4d20b,2024-11-12T13:56:24.513000 -CVE-2024-9776,0,0,82a616b68a2c5818c813f35d61772c622935aa1b119f178b9eaa21355bac63d9,2024-10-15T12:57:46.880000 +CVE-2024-9776,0,1,9273f765f44bf9e907460b214d240344a8be5b3a239edcb0f9ffb7d3f96c7d26,2024-11-25T18:45:54.377000 CVE-2024-9777,0,0,1e36961484bf4b33413a224fc6189a86ad1224818320d3b39ec4c80bcb37268f,2024-11-19T21:57:32.967000 -CVE-2024-9778,0,0,0fe7ee5860b89dbc53027fbdd06b191ad5c5e349a3553ba6bc5769975646dd12,2024-10-15T12:57:46.880000 +CVE-2024-9778,0,1,c5789fd51af706bd1104828309e4c0bbf44a70e2aa01bf36b8318a8802f25b3a,2024-11-25T19:20:37.163000 CVE-2024-9780,0,0,82a65b59c0bb0f4aa37b7bc9835ace6b2d8eb95b730adf88705db9589433fda5,2024-10-17T14:18:18.433000 -CVE-2024-9781,0,0,cd6f657ed9ef660338f0d777935f231b52aede3f9edb8681363de05250c2257d,2024-10-10T12:51:56.987000 +CVE-2024-9781,0,1,4766ae4e21ddab4bdbe139c0afc58af6fd761963f021734b932e1a0e147ffb05,2024-11-25T18:09:33.853000 CVE-2024-9782,0,0,e2eb69b6c2b044d22b718569cdb0ebf6964122bc02d92fdf90907280ee9e66c0,2024-10-16T16:44:19.637000 CVE-2024-9783,0,0,596e9c3bfc7b379492d9b169dc85ee1521bf5577471ebe43d2f04808f485ed3a,2024-10-16T16:43:49.053000 CVE-2024-9784,0,0,ee4690bd44afc2da98daa591c06fcd9ef379f757ced30fa65d12d9c28a6966f0,2024-10-16T14:12:35.597000 CVE-2024-9785,0,0,20ed1436a72f0e073efd74a4917d8859909ef12075b835ed6cac997f63b9c265,2024-10-16T16:15:50.720000 CVE-2024-9786,0,0,2263b6cd3d50b9830e0f9e7859f53d9e2b400307608f3f01a1a1cf0a7635a411,2024-10-16T16:15:25.077000 -CVE-2024-9787,0,0,36006c5683023b0a550c9d990c27b32cd453733ae048071aa69db8f35e1b00c1,2024-10-15T12:58:51.050000 +CVE-2024-9787,0,1,dedeba539f3bc78b880862242d70c5ebe7f3822ab4b50d640d63d2e50d7521c2,2024-11-25T17:39:02.310000 CVE-2024-9788,0,0,bb47e288d5e5460abea3a374f5e4cdb4b6cc616a2e520b5bc3d247976f89342a,2024-10-17T14:26:12.120000 CVE-2024-9789,0,0,80ea14a4b839222acb6cf5cbf05a0b4bf6c9c7a6ca9fbe680be5063151c1bd7e,2024-10-17T14:26:19.523000 CVE-2024-9790,0,0,5ca7d35e0149465887d771cb28bd9e6c74a2fa674a3dd1abd82977367f4ff4f8,2024-10-17T14:26:30.160000 -CVE-2024-9792,0,0,d68aca032770f3ab555b174d9c980d2b9c8b7e1f4d87418bf0969c937a5a85c0,2024-10-15T12:58:51.050000 +CVE-2024-9792,0,1,c6fc77027305dc7e546a3e54962c6ad14d4b6e5f062630854dc5fa67d3c90da0,2024-11-25T19:02:48.587000 CVE-2024-9793,0,0,503f1878edc675a043a9f947e1fa9b5d180038b0550ffeb6e16498fc6b8d25cf,2024-11-01T14:36:02.277000 CVE-2024-9794,0,0,2109299c412606589d2d15c7a99f00ade0d69b6b01c343ac91afffa4dccb49fe,2024-10-15T19:12:36.503000 CVE-2024-9796,0,0,e9e2b215bb5f3ccc6d7244ebabf60d89574166678e83498211f5060a11c7c349,2024-10-15T18:46:53.397000 CVE-2024-9797,0,0,76d0d64f17ede2284b5f27cd006706a5a6cf138e624975afba6fbae8df1636b1,2024-10-15T19:14:42.600000 -CVE-2024-9798,0,0,3febb0a28d43e578aad44b3750e6bb700172b4872cbf44fcb44e8e31ee8a3f5a,2024-10-10T15:35:16.493000 +CVE-2024-9798,0,1,ca000cc7da37804a8135a0fed8d030c8d584394ab405b96e570ea7efd4710f96,2024-11-25T18:00:47.637000 CVE-2024-9799,0,0,5fde3673efa2bf6da453b0b33789579d0661998aed6cec1b5812c94c8a3c6b99,2024-10-17T14:32:17.640000 -CVE-2024-9802,0,0,910302f36fb69e8f01391eff3ef481a357455f77408333b222c68051948beb77,2024-10-10T15:35:17.230000 +CVE-2024-9802,0,1,bf7bc615056243c71d22c2e1442b94e0ea585af62d38c7ec11e08e67c4d5effe,2024-11-25T17:56:58.937000 CVE-2024-9803,0,0,c7566d4ea04fade14784a7115a07f09549bf169921869ae21cbf19a869fa7a2f,2024-10-16T16:21:14.933000 CVE-2024-9804,0,0,68f5c7e14739a6361e19dd7d813977d666aa17ad23eace3ce2a17d5ea8fdec35,2024-10-15T19:17:27.083000 CVE-2024-9805,0,0,ee00c11b4d31e847e0ebd53a130c82f569b78de6fc7dd36fd6219e14679cf80b,2024-10-15T19:18:27.987000