Skip to content

Commit

Permalink
Auto-Update: 2024-12-13T03:00:31.440133+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Dec 13, 2024
1 parent cbb46c9 commit ada1935
Show file tree
Hide file tree
Showing 14 changed files with 879 additions and 106 deletions.
100 changes: 95 additions & 5 deletions CVE-2024/CVE-2024-102xx/CVE-2024-10240.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2024-10240",
"sourceIdentifier": "[email protected]",
"published": "2024-11-26T20:15:24.487",
"lastModified": "2024-11-26T20:15:24.487",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-13T01:37:16.177",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
Expand Down Expand Up @@ -36,29 +36,119 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-497"
}
]
},
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.7",
"matchCriteriaId": "74E30536-DC70-4B29-9949-A62CD91CFD30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.7",
"matchCriteriaId": "29B62E43-F700-4612-8B62-CCE84B94D47A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.4.0",
"versionEndExcluding": "17.4.4",
"matchCriteriaId": "1F7F4C7C-334F-4015-AC25-74FCE4BAD311"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.4.0",
"versionEndExcluding": "17.4.4",
"matchCriteriaId": "7FF0B7C7-E0BD-4C6C-8938-0082CBE64847"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.5.0",
"versionEndExcluding": "17.5.2",
"matchCriteriaId": "34CDEED3-E7FB-4620-8E07-E4766F9B6593"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.5.0",
"versionEndExcluding": "17.5.2",
"matchCriteriaId": "DA99FF56-0441-464D-B369-CF72EF9EEDC7"
}
]
}
]
}
],
"references": [
{
"url": "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#information-disclosure-through-an-api-endpoint",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/493188",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Broken Link"
]
}
]
}
104 changes: 104 additions & 0 deletions CVE-2024/CVE-2024-122xx/CVE-2024-12212.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
{
"id": "CVE-2024-12212",
"sourceIdentifier": "[email protected]",
"published": "2024-12-13T01:15:05.810",
"lastModified": "2024-12-13T01:15:05.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vulnerability occurs in the parsing of CSP files. The issues result \nfrom the lack of proper validation of user-supplied data, which could \nallow reading past the end of allocated data structures, resulting in \nexecution of arbitrary code."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://hornerautomation.com/cscape-software-free/cscape-software/",
"source": "[email protected]"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-05",
"source": "[email protected]"
}
]
}
98 changes: 94 additions & 4 deletions CVE-2024/CVE-2024-45xx/CVE-2024-4539.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2024-4539",
"sourceIdentifier": "[email protected]",
"published": "2024-05-14T15:44:01.527",
"lastModified": "2024-11-21T09:43:03.950",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-13T01:10:44.940",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
Expand Down Expand Up @@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
Expand All @@ -49,16 +69,86 @@
"value": "CWE-770"
}
]
},
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.4.0",
"versionEndExcluding": "16.9.7",
"matchCriteriaId": "3094F55B-4C1D-48D2-ACD8-1BDC951DABE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.4.0",
"versionEndExcluding": "16.9.7",
"matchCriteriaId": "C52FD6D5-F8B9-404D-ACAE-AF440A5579C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.10.0",
"versionEndExcluding": "16.10.5",
"matchCriteriaId": "356482CA-C9DF-418B-BBDF-C6C09CA8C16D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.10.0",
"versionEndExcluding": "16.10.5",
"matchCriteriaId": "154184A5-A34D-4DB1-85B4-DE47A3723E6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.11.0",
"versionEndExcluding": "16.11.2",
"matchCriteriaId": "9B50E4E6-602E-470D-BB03-774CFB1461B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.11.0",
"versionEndExcluding": "16.11.2",
"matchCriteriaId": "5ACCB718-2ABE-4F1A-AB57-B2D3B4879FAC"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/454815",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Broken Link"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/454815",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
}
]
}
12 changes: 10 additions & 2 deletions CVE-2024/CVE-2024-491xx/CVE-2024-49138.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,17 @@
"id": "CVE-2024-49138",
"sourceIdentifier": "[email protected]",
"published": "2024-12-12T02:04:40.307",
"lastModified": "2024-12-12T02:04:40.307",
"vulnStatus": "Received",
"lastModified": "2024-12-13T02:00:01.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": " Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Common Log File System Driver"
}
],
"metrics": {
Expand All @@ -35,6 +39,10 @@
}
]
},
"cisaExploitAdd": "2024-12-10",
"cisaActionDue": "2024-12-31",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability",
"weaknesses": [
{
"source": "[email protected]",
Expand Down
Loading

0 comments on commit ada1935

Please sign in to comment.