diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json index c208d4d6f5f..a379ee6143a 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json @@ -2,7 +2,7 @@ "id": "CVE-2018-9412", "sourceIdentifier": "security@android.com", "published": "2024-11-19T22:15:18.813", - "lastModified": "2024-12-05T21:15:06.513", + "lastModified": "2024-12-11T15:15:06.777", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -49,16 +49,6 @@ "value": "NVD-CWE-noinfo" } ] - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-770" - } - ] } ], "configurations": [ diff --git a/CVE-2020/CVE-2020-207xx/CVE-2020-20726.json b/CVE-2020/CVE-2020-207xx/CVE-2020-20726.json index 1c60c432a35..8bbde56ea6e 100644 --- a/CVE-2020/CVE-2020-207xx/CVE-2020-20726.json +++ b/CVE-2020/CVE-2020-207xx/CVE-2020-20726.json @@ -2,7 +2,7 @@ "id": "CVE-2020-20726", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-20T15:15:10.720", - "lastModified": "2024-11-21T05:12:15.260", + "lastModified": "2024-12-11T15:15:06.953", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-352" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36787.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36787.json index 1b979d30896..72c3f52c61d 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36787.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36787.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36787", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.030", - "lastModified": "2024-11-21T05:30:18.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:42:29.080", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,152 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: medios: aspeed: corrige la l\u00f3gica de manejo del reloj El motor de video usa eclk y vclk para sus fuentes de reloj y su control de reinicio est\u00e1 acoplado con eclk para que la secuencia de habilitaci\u00f3n del reloj actual funcione como se muestra a continuaci\u00f3n. Habilitar eclk De-assert Video Engine restablece un retraso de 10 ms Habilitar vclk Introduce un reinicio incorrecto en el hardware de Video Engine y eventualmente el hardware genera transferencias de memoria DMA inesperadas que pueden da\u00f1ar la regi\u00f3n de la memoria en patrones aleatorios y espor\u00e1dicos. Este problema se observa muy raramente en algunos SoC AST2500 espec\u00edficos, pero provoca un p\u00e1nico cr\u00edtico en el kernel al crear varias formas de firma, por lo que es extremadamente dif\u00edcil de depurar. Adem\u00e1s, el problema se observa incluso cuando el motor de v\u00eddeo no se utiliza activamente porque udevd enciende el hardware del motor de v\u00eddeo durante un breve periodo de tiempo para realizar una consulta en cada arranque. Para solucionar este problema, esta confirmaci\u00f3n cambia la l\u00f3gica de manejo del reloj para activar la anulaci\u00f3n de reinicio despu\u00e9s de habilitar tanto eclk como vclk. Adem\u00e1s, agrega la llamada clk_unprepare para un caso en el que falla la sonda. clk: ast2600: corrige la configuraci\u00f3n de restablecimiento para eclk y vclk La configuraci\u00f3n de restablecimiento del motor de video debe combinarse con eclk para que coincida con la configuraci\u00f3n de los SoC Aspeed anteriores que se define en clk-aspeed.c, ya que todos los SoC Aspeed comparten un \u00fanico controlador de motor de video. Adem\u00e1s, el bit de reinicio 6 se define como reinicio del 'Motor de video' en la hoja de datos, por lo que debe desactivarse cuando eclk est\u00e1 habilitado. Este commit corrige la configuraci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0", + "versionEndExcluding": "5.4.119", + "matchCriteriaId": "9CE89AEF-FBDF-4C15-B17B-1A7C321B30AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.37", + "matchCriteriaId": "7A4CF5D6-ACBA-4980-ABFD-3D7A53B5BB4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.11.21", + "matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.12", + "versionEndExcluding": "5.12.4", + "matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1dc1d30ac101bb8335d9852de2107af60c2580e7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2964c37563e86cfdc439f217eb3c5a69adfdba6a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3536169f8531c2c5b153921dc7d1ac9fd570cda7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/75321dc8aebe3f30eff226028fe6da340fe0bf02", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a59d01384c80a8a4392665802df57c3df20055f5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1dc1d30ac101bb8335d9852de2107af60c2580e7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2964c37563e86cfdc439f217eb3c5a69adfdba6a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3536169f8531c2c5b153921dc7d1ac9fd570cda7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/75321dc8aebe3f30eff226028fe6da340fe0bf02", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a59d01384c80a8a4392665802df57c3df20055f5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36788.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36788.json index 95a37bebb54..6e25a2cf8a8 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36788.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36788.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36788", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T15:15:11.187", - "lastModified": "2024-11-21T05:30:18.583", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:37:00.320", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,130 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/nouveau: evita un use after free cuando falla BO init nouveau_bo_init() est\u00e1 respaldado por ttm_bo_init() y env\u00eda su c\u00f3digo de retorno de regreso a la persona que llama. En caso de falla, ttm_bo_init() invoca el destructor proporcionado que deber\u00eda desinicializar y liberar la memoria. Por lo tanto, cuando nouveau_bo_init() devuelve un error, el objeto gema ya ha sido liberado y la memoria ha sido liberada por nouveau_bo_del_ttm()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4", + "versionEndExcluding": "5.10.73", + "matchCriteriaId": "F2853AFB-F99A-4AE7-9B1A-05B0CCC8CC67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.14.12", + "matchCriteriaId": "20EB962C-32DC-448F-A900-BCF9A726F9EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", + "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", + "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*", + "matchCriteriaId": "AF55383D-4DF2-45DC-93F7-571F4F978EAB" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/548f2ff8ea5e0ce767ae3418d1ec5308990be87d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bcf34aa5082ee2343574bc3f4d1c126030913e54", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f86e19d918a85492ad1a01fcdc0ad5ecbdac6f96", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/548f2ff8ea5e0ce767ae3418d1ec5308990be87d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bcf34aa5082ee2343574bc3f4d1c126030913e54", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f86e19d918a85492ad1a01fcdc0ad5ecbdac6f96", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46963.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46963.json index 01d11207f0d..c212bd094fc 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46963.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46963.json @@ -2,8 +2,8 @@ "id": "CVE-2021-46963", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-27T19:04:07.000", - "lastModified": "2024-11-21T06:35:02.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:12:08.920", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,55 +15,173 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Soluciona falla en qla2xxx_mqueuecommand() RIP: 0010:kmem_cache_free+0xfa/0x1b0 Rastreo de llamadas: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_try_issue_ directamente+0x128 /0x1d0 blk_mq_request_issue_directly+0x4e/0xb0 Se corrigi\u00f3 la llamada incorrecta para liberar srb en qla2xxx_mqueuecommand(), ya que srb ahora est\u00e1 asignado por capas superiores. Esto corrige la advertencia de srb gratuito no deseado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19.90", + "versionEndExcluding": "4.19.191", + "matchCriteriaId": "1C1792E3-BD7B-4733-81A5-F79162C0EA71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4.4", + "versionEndExcluding": "5.4.118", + "matchCriteriaId": "7B313B32-AE64-494C-B030-CF55049F40AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.36", + "matchCriteriaId": "003E22D0-CA29-4338-8B35-0754C740074F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.11.20", + "matchCriteriaId": "EEC03413-9760-46D4-AC1D-EB084A1D4111" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.12", + "versionEndExcluding": "5.12.3", + "matchCriteriaId": "F9D6B2DE-7E4A-4B3B-9AEE-3A2C5F23DA32" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-389xx/CVE-2022-38946.json b/CVE-2022/CVE-2022-389xx/CVE-2022-38946.json index c9916a55f0e..4602061ce11 100644 --- a/CVE-2022/CVE-2022-389xx/CVE-2022-38946.json +++ b/CVE-2022/CVE-2022-389xx/CVE-2022-38946.json @@ -2,16 +2,55 @@ "id": "CVE-2022-38946", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T17:15:05.280", - "lastModified": "2024-12-09T17:15:05.280", - "vulnStatus": "Received", + "lastModified": "2024-12-11T16:15:05.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code." + }, + { + "lang": "es", + "value": "Vulnerabilidad de carga arbitraria de archivos en Doctor-Appointment versi\u00f3n 1.0 en /Frontend/signup_com.php, permite a los atacantes ejecutar c\u00f3digo arbitrario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Cosemz/CVE/blob/main/Doctor-Appointment.md", diff --git a/CVE-2022/CVE-2022-389xx/CVE-2022-38947.json b/CVE-2022/CVE-2022-389xx/CVE-2022-38947.json index 2d526a56bcd..ffe25c42c25 100644 --- a/CVE-2022/CVE-2022-389xx/CVE-2022-38947.json +++ b/CVE-2022/CVE-2022-389xx/CVE-2022-38947.json @@ -2,16 +2,55 @@ "id": "CVE-2022-38947", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T16:15:18.667", - "lastModified": "2024-12-09T16:15:18.667", - "vulnStatus": "Received", + "lastModified": "2024-12-11T16:15:08.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en Flipkart-Clone-PHP versi\u00f3n 1.0 en entry.php en el par\u00e1metro product_title, permite a los atacantes ejecutar c\u00f3digo arbitrario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Cosemz/CVE/blob/main/Flipkart-Clone-PHP/Flipkart-Clone-PHP.md", diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25747.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25747.json index e8ebcf585d8..a1c2ec60f1d 100644 --- a/CVE-2023/CVE-2023-257xx/CVE-2023-25747.json +++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25747.json @@ -2,7 +2,7 @@ "id": "CVE-2023-25747", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T11:15:09.753", - "lastModified": "2024-11-21T07:50:04.140", + "lastModified": "2024-12-11T16:15:08.497", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29531.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29531.json index 992fba11691..bef93b1167e 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29531.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29531.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29531", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T10:15:09.373", - "lastModified": "2024-11-21T07:57:14.610", + "lastModified": "2024-12-11T16:15:08.690", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29532.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29532.json index dfc8aed2f34..ee3a6f8121f 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29532.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29532.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29532", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T10:15:09.430", - "lastModified": "2024-11-21T07:57:14.750", + "lastModified": "2024-12-11T16:15:08.880", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29534.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29534.json index 0e8118dbe80..9da5efcce6e 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29534.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29534.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29534", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T11:15:09.797", - "lastModified": "2024-11-21T07:57:15.000", + "lastModified": "2024-12-11T16:15:09.060", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.2 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 } ] }, diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29542.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29542.json index 69280ae8607..711281dea7d 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29542.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29542.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29542", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T11:15:09.847", - "lastModified": "2024-11-21T07:57:15.927", + "lastModified": "2024-12-11T16:15:09.237", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29545.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29545.json index 9b869da2d7c..40c0dadc5f8 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29545.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29545.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29545", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T11:15:09.890", - "lastModified": "2024-11-21T07:57:16.260", + "lastModified": "2024-12-11T16:15:09.403", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52504.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52504.json index fdb54d4e5b6..6d6657cf93d 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52504.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52504.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52504", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:47.300", - "lastModified": "2024-11-21T08:39:55.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:05:44.313", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,63 +15,219 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86/alternatives: deshabilite KASAN en apply_alternatives() Fei ha informado que KASAN se activa durante apply_alternatives() en una m\u00e1quina de paginaci\u00f3n de 5 niveles: ERROR: KASAN: fuera de los l\u00edmites en rcu_is_watching() Lectura de tama\u00f1o 4 en la direcci\u00f3n ff110003ee6419a0 mediante task swapper/0/0 ... __asan_load4() rcu_is_watching() trace_hardirqs_on() text_poke_early() apply_alternatives() ... En m\u00e1quinas con paginaci\u00f3n de 5 niveles, cpu_feature_enabled(X86_FEATURE_LA57) se parchea. Incluye c\u00f3digo KASAN, donde KASAN_SHADOW_START depende de __VIRTUAL_MASK_SHIFT, que se define con cpu_feature_enabled(). KASAN se confunde cuando apply_alternatives() parchea a los usuarios de KASAN_SHADOW_START. Un parche de prueba que hace que KASAN_SHADOW_START sea est\u00e1tico, reemplazando __VIRTUAL_MASK_SHIFT con 56, soluciona el problema. Solucionelo de verdad deshabilitando KASAN mientras el kernel parchea alternativas. [mingo: actualiz\u00f3 el registro de cambios]" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.17", + "versionEndExcluding": "4.19.297", + "matchCriteriaId": "36E806CC-0D9B-4BE5-AE02-7DE3A11E3D15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.270", + "matchCriteriaId": "5D8044B1-C7E8-44A4-9F03-A4D7BCDB1721" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.199", + "matchCriteriaId": "8D886A8D-A6CD-44FA-ACF5-DD260ECA7A1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.136", + "matchCriteriaId": "B1FA5161-3AC0-44DF-B1F7-93A070F2B1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.59", + "matchCriteriaId": "96EA633C-1F3E-41C5-A13A-155C55A1F273" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.8", + "matchCriteriaId": "AD4E15B4-2591-4A3A-B2A2-7FEAECD5027D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*", + "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52509.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52509.json index 87505942f68..b18be4bcc36 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52509.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52509.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52509", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:47.540", - "lastModified": "2024-11-21T08:39:55.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:07:32.760", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,55 +15,198 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ravb: soluciona el problema de Use After Free en ravb_tx_timeout_work(). Ravb_stop() deber\u00eda llamar a cancel_work_sync(). De lo contrario, ravb_tx_timeout_work() es posible usar el privilegio liberado despu\u00e9s de que se llam\u00f3 a ravb_remove() como se muestra a continuaci\u00f3n: CPU0 CPU1 ravb_tx_timeout() ravb_remove() unregister_netdev() free_netdev(ndev) // priv libre ravb_tx_timeout_work() // usa priv unregister_netdev() llamar\u00e1 a .ndo_stop() para que se llame a ravb_stop(). Y, despu\u00e9s de llamar a phy_stop(), tambi\u00e9n se llama a netif_carrier_off(). De modo que .ndo_tx_timeout() no ser\u00e1 llamado despu\u00e9s de phy_stop()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2", + "versionEndExcluding": "5.4.259", + "matchCriteriaId": "CEBD0EE2-6EC6-4E58-BB7B-7080FE1E0152" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.199", + "matchCriteriaId": "8D886A8D-A6CD-44FA-ACF5-DD260ECA7A1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.136", + "matchCriteriaId": "B1FA5161-3AC0-44DF-B1F7-93A070F2B1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.59", + "matchCriteriaId": "96EA633C-1F3E-41C5-A13A-155C55A1F273" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.8", + "matchCriteriaId": "AD4E15B4-2591-4A3A-B2A2-7FEAECD5027D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*", + "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/105abd68ad8f781985113aee2e92e0702b133705", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3971442870713de527684398416970cf025b4f89", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/616761cf9df9af838c0a1a1232a69322a9eb67e6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/65d34cfd4e347054eb4193bc95d9da7eaa72dee5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6f6fa8061f756aedb93af12a8a5d3cf659127965", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/db9aafa19547833240f58c2998aed7baf414dc82", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/105abd68ad8f781985113aee2e92e0702b133705", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3971442870713de527684398416970cf025b4f89", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/616761cf9df9af838c0a1a1232a69322a9eb67e6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/65d34cfd4e347054eb4193bc95d9da7eaa72dee5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6f6fa8061f756aedb93af12a8a5d3cf659127965", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/db9aafa19547833240f58c2998aed7baf414dc82", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52510.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52510.json index 7061d470903..9b68c9f01b2 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52510.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52510.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52510", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:47.587", - "lastModified": "2024-11-21T08:39:55.950", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:11:16.133", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,71 +15,240 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ieee802154: ca8210: solucione un UAF potencial en ca8210_probe Si of_clk_add_provider() falla en ca8210_register_ext_clock(), llama a clk_unregister() para liberar priv->clk y devuelve un error. Sin embargo, la persona que llama ca8210_probe() luego llama a ca8210_remove(), donde priv->clk se libera nuevamente en ca8210_unregister_ext_clock(). En este caso, puede ocurrir un Use After Free la segunda vez que llamamos a clk_unregister(). Solucione este problema eliminando el primer clk_unregister(). Adem\u00e1s, priv->clk podr\u00eda ser un c\u00f3digo de error en caso de falla de clk_register_fixed_rate(). Utilice IS_ERR_OR_NULL para detectar este caso en ca8210_unregister_ext_clock()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.12", + "versionEndExcluding": "4.14.328", + "matchCriteriaId": "489582DC-774C-4BB6-BEA5-2ED2860A3901" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.297", + "matchCriteriaId": "02978144-891F-40EF-83B8-59063740AEF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.259", + "matchCriteriaId": "E9F46843-24C9-4AC7-B6BB-1EF101D05435" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.199", + "matchCriteriaId": "8D886A8D-A6CD-44FA-ACF5-DD260ECA7A1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.136", + "matchCriteriaId": "B1FA5161-3AC0-44DF-B1F7-93A070F2B1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.59", + "matchCriteriaId": "96EA633C-1F3E-41C5-A13A-155C55A1F273" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.8", + "matchCriteriaId": "AD4E15B4-2591-4A3A-B2A2-7FEAECD5027D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*", + "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52513.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52513.json index fd7a57eef08..8ac62bfeb59 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52513.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52513.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52513", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:47.730", - "lastModified": "2024-11-21T08:39:56.530", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:12:45.753", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,55 +15,193 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/siw: soluciona el manejo de fallas de conexi\u00f3n En caso de que falle el procesamiento inmediato de la solicitud MPA, el endpoint reci\u00e9n creado desvincula el endpoint de escucha y est\u00e1 listo para ser descartado. Este caso especial no fue manejado correctamente por el c\u00f3digo que maneja el cierre posterior del socket TCP, lo que provoc\u00f3 un bloqueo de desreferencia NULL en siw_cm_work_handler() al desreferenciar un oyente NULL. Ahora tambi\u00e9n cancelamos el tiempo de espera in\u00fatil de MPA, si falla el procesamiento inmediato de la solicitud de MPA. Este parche adem\u00e1s simplifica el procesamiento MPA en general: la programaci\u00f3n de una lectura de socket TCP in\u00fatil en la llamada ascendente sk_data_ready() ahora se suprime, si el socket ya se ha movido fuera del estado TCP_ESTABLISHED." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.3", + "versionEndExcluding": "5.4.258", + "matchCriteriaId": "CF26BF0D-ECCD-4314-A773-76DC9A15EA98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.198", + "matchCriteriaId": "66D916C3-4087-44FF-9CD9-D2826BCC9E3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.135", + "matchCriteriaId": "53447712-3158-498E-A077-9FA1898E6464" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.57", + "matchCriteriaId": "8629E5D1-351D-4D4B-8D05-E10BD4A1CFD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.7", + "matchCriteriaId": "830A824C-F212-4FDC-ADEF-0EBEC6B2365B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0d520cdb0cd095eac5d00078dfd318408c9b5eed", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/53a3f777049771496f791504e7dc8ef017cba590", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5cf38e638e5d01b68f9133968a85e8b3fd1ecf2f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6e26812e289b374c17677d238164a5a8f5770594", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/81b7bf367eea795d259d0261710c6a89f548844d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/eeafc50a77f6a783c2c44e7ec3674a7b693e06f8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0d520cdb0cd095eac5d00078dfd318408c9b5eed", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/53a3f777049771496f791504e7dc8ef017cba590", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5cf38e638e5d01b68f9133968a85e8b3fd1ecf2f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6e26812e289b374c17677d238164a5a8f5770594", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/81b7bf367eea795d259d0261710c6a89f548844d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/eeafc50a77f6a783c2c44e7ec3674a7b693e06f8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52515.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52515.json index 4a06708a38f..a34a928482f 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52515.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52515.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52515", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:47.823", - "lastModified": "2024-11-21T08:39:56.663", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:41:11.770", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,172 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/srp: No llamar a scsi_done() desde srp_abort() Despu\u00e9s de que scmd_eh_abort_handler() haya llamado a la devoluci\u00f3n de llamada SCSI LLD eh_abort_handler, realiza una de las siguientes acciones: * Llamar a scsi_queue_insert( ). * Llame a scsi_finish_command(). * Llame a scsi_eh_scmd_add(). Por lo tanto, los controladores de abortos SCSI no deben llamar a scsi_done(). De lo contrario, todas las acciones anteriores desencadenar\u00edan un Use After Free. Por lo tanto, elimine la llamada scsi_done() de srp_abort(). Mantenga la llamada srp_free_req() antes de devolver SUCCESS porque es posible que no veamos el comando nuevamente si se devuelve SUCCESS." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.7", + "versionEndExcluding": "5.10.199", + "matchCriteriaId": "82480FAE-E3F8-4E1D-AE32-3EC355B1D261" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.136", + "matchCriteriaId": "B1FA5161-3AC0-44DF-B1F7-93A070F2B1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.57", + "matchCriteriaId": "8629E5D1-351D-4D4B-8D05-E10BD4A1CFD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.7", + "matchCriteriaId": "830A824C-F212-4FDC-ADEF-0EBEC6B2365B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/05a10b316adaac1f322007ca9a0383b410d759cc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/26788a5b48d9d5cd3283d777d238631c8cd7495a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2b298f9181582270d5e95774e5a6c7a7fb5b1206", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b9bdffb3f9aaeff8379c83f5449c6b42cb71c2b5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e193b7955dfad68035b983a0011f4ef3590c85eb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/05a10b316adaac1f322007ca9a0383b410d759cc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/26788a5b48d9d5cd3283d777d238631c8cd7495a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2b298f9181582270d5e95774e5a6c7a7fb5b1206", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b9bdffb3f9aaeff8379c83f5449c6b42cb71c2b5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e193b7955dfad68035b983a0011f4ef3590c85eb", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52516.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52516.json index b75daf9a817..3436d1bd438 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52516.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52516.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52516", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:47.870", - "lastModified": "2024-11-21T08:39:56.780", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:34:41.590", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,151 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dma-debug: no llame a __dma_entry_alloc_check_leak() bajo free_entries_lock __dma_entry_alloc_check_leak() llama a printk -> salida de consola serie (qcom geni) y toma puerto->bloqueo bajo free_entries_lock spin lock , que es una cadena de dependencia de bloqueo inverso, ya que el controlador IRQ qcom_geni puede llamar al c\u00f3digo dma-debug y capturar free_entries_lock en port->lock. Mueva la llamada __dma_entry_alloc_check_leak() fuera del alcance de free_entries_lock para que no adquiramos el puerto serie de la consola->bloqueo debajo de ella. S\u00edmbolo de bloqueo recortado: la cadena de dependencia existente (en orden inverso) es: -> #2 (free_entries_lock){-.-.}-{2:2}: _raw_spin_lock_irqsave+0x60/0x80 dma_entry_alloc+0x38/0x110 debug_dma_map_page+0x60 /0xf8 dma_map_page_attrs+0x1e0/0x230 dma_map_single_attrs.constprop.0+0x6c/0xc8 geni_se_rx_dma_prep+0x40/0xcc qcom_geni_serial_isr+0x310/0x510 __handle_irq_event_percpu+0x110/0x24 4 handle_irq_event_percpu+0x20/0x54 handle_irq_event+0x50/0x88 handle_fasteoi_irq+0xa4/0xcc handle_irq_desc+0x28/ 0x40 generic_handle_domain_irq+0x24/0x30 gic_handle_irq+0xc4/0x148 do_interrupt_handler+0xa4/0xb0 el1_interrupt+0x34/0x64 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x64/0x68 arch_local_irq_en capaz+0x4/0x8 ____do_softirq+0x18/0x24 ... -> #1 (&port_lock_key ){-.-.}-{2:2}: _raw_spin_lock_irqsave+0x60/0x80 qcom_geni_serial_console_write+0x184/0x1dc console_flush_all+0x344/0x454 console_unlock+0x94/0xf0 vprintk_emit+0x238/0x24c vprintk_default+0x3c/ 0x48 vprintk+0xb4/0xbc _printk +0x68/0x90 Register_console+0x230/0x38c uart_add_one_port+0x338/0x494 qcom_geni_serial_probe+0x390/0x424 platform_probe+0x70/0xc0 very_probe+0x148/0x280 __driver_probe_device+0xfc/0x114 driver_probe _device+0x44/0x100 __device_attach_driver+0x64/0xdc bus_for_each_drv+0xb0/0xd8 __device_attach +0xe4/0x140 sonda_inicial_dispositivo+0x1c/0x28 sonda_bus_dispositivo+0x44/0xb0 dispositivo_add+0x538/0x668 of_device_add+0x44/0x50 of_platform_device_create_pdata+0x94/0xc8 of_platform_bus_create+0x270/0x304 of_ plataforma_populate+0xac/0xc4 devm_of_platform_populate+0x60/0xac geni_se_probe+0x154/0x160 plataforma_probe +0x70/0xc0... -> #0 (propietario_consola){-...}-{0:0}: __lock_acquire+0xdf8/0x109c lock_acquire+0x234/0x284 console_flush_all+0x330/0x454 console_unlock+0x94/0xf0 vprintk_emit+0x238 /0x24c vprintk_default+0x3c/0x48 vprintk+0xb4/0xbc _printk+0x68/0x90 dma_entry_alloc+0xb4/0x110 debug_dma_map_sg+0xdc/0x2f8 __dma_map_sg_attrs+0xac/0xe4 dma_map_sgtable+0x30/ 0x4c get_pages+0x1d4/0x1e4 [msm] msm_gem_pin_pages_locked+0x38/0xac [msm] msm_gem_pin_vma_locked+0x58/0x88 [msm] msm_ioctl_gem_submit+0xde4/0x13ac [msm] drm_ioctl_kernel+0xe0/0x15c drm_ioctl+0x2e8/0x3f4 vfs_ioctl+0x30/0x50 ... Existe cadena de: console_owner --> &port_lock_key --> free_entries_lock Posible escenario de bloqueo inseguro: CPU0 CPU1 ---- ---- lock(free_entries_lock); bloquear(&port_lock_key); bloquear(free_entries_lock); bloquear (propietario_consola); *** DEADLOCK *** Rastreo de llamadas: dump_backtrace+0xb4/0xf0 show_stack+0x20/0x30 dump_stack_lvl+0x60/0x84 dump_stack+0x18/0x24 print_circular_bug+0x1cc/0x234 check_noncircular+0x78/0xac __lock_acquire+0xdf8/0x109c lock_ac solicitar+0x234/0x284 console_flush_all+0x330/0x454 consol ---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-667" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.198", + "matchCriteriaId": "71BA73D5-437E-41B7-8F92-323BFBC81366" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.134", + "matchCriteriaId": "346A7B1E-5048-460C-9640-5EFA2075158B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.56", + "matchCriteriaId": "5EA89569-DD45-4A69-BB4D-8356FA9386BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.6", + "matchCriteriaId": "870FC772-173A-4A0F-B1AF-7976AD6057D3" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/ac0d068099349cbca3d93f2e3b15bb329364b08c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/be8f49029eca3efbad0d74dbff3cb9129994ffab", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c79300599923daaa30f417c75555d5566b3d31ae", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fb5a4315591dae307a65fc246ca80b5159d296e1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fe2b811a02c3244ebf6059039e4a9e715e26a9e3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ac0d068099349cbca3d93f2e3b15bb329364b08c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/be8f49029eca3efbad0d74dbff3cb9129994ffab", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c79300599923daaa30f417c75555d5566b3d31ae", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fb5a4315591dae307a65fc246ca80b5159d296e1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fe2b811a02c3244ebf6059039e4a9e715e26a9e3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52520.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52520.json index ce9fc98f56f..f627ea88278 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52520.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52520.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52520", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:48.080", - "lastModified": "2024-11-21T08:39:57.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:16:55.293", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,151 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: plataforma/x86: think-lmi: corregir fuga de referencia Si se encuentra un atributo duplicado usando kset_find_obj(), se devuelve una referencia a ese atributo que debe eliminarse en consecuencia usando kobject_put( ). Mueva la validaci\u00f3n del nombre de la configuraci\u00f3n a una funci\u00f3n separada para permitir este cambio sin tener que duplicar el c\u00f3digo de limpieza para esta configuraci\u00f3n. Como nota al margen, se solucion\u00f3 un error muy similar en el commit 7295a996fdab (\"plataforma/x86: dell-sysman: corregir fuga de referencia\"), por lo que parece que el error se copi\u00f3 de ese controlador. Compilaci\u00f3n probada \u00fanicamente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.14", + "versionEndExcluding": "5.15.136", + "matchCriteriaId": "27F5DD86-F290-4838-80ED-653ACD48278D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.59", + "matchCriteriaId": "96EA633C-1F3E-41C5-A13A-155C55A1F273" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.8", + "matchCriteriaId": "AD4E15B4-2591-4A3A-B2A2-7FEAECD5027D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/124cf0ea4b82e1444ec8c7420af4e7db5558c293", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/af21c9119a37cecb7ff27ce0c2f3cf721e9d0ec4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c6e3023579de8d33256771ac0745239029e81106", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/124cf0ea4b82e1444ec8c7420af4e7db5558c293", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/af21c9119a37cecb7ff27ce0c2f3cf721e9d0ec4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c6e3023579de8d33256771ac0745239029e81106", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52526.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52526.json index 7b6787f10ef..71bcdd084b1 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52526.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52526.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52526", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:48.360", - "lastModified": "2024-11-21T08:39:58.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:19:11.407", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,130 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: erofs: corrige la p\u00e9rdida de memoria de la deduplicaci\u00f3n comprimida global LZMA Al estresar las im\u00e1genes microLZMA EROFS con la nueva funci\u00f3n de deduplicaci\u00f3n comprimida global habilitada (`-Ededupe`), encontr\u00e9 algunas p\u00e1ginas temporales de corta duraci\u00f3n no se publicaron correctamente, lo que podr\u00eda causar OOM inesperados horas m\u00e1s tarde. Solucion\u00e9moslo ahora (LZ4 y DEFLATE no tienen este problema)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1", + "versionEndExcluding": "6.1.57", + "matchCriteriaId": "B8F162B2-4FA0-4B04-B738-46FC68746E46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.7", + "matchCriteriaId": "830A824C-F212-4FDC-ADEF-0EBEC6B2365B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/6a5a8f0a9740f865693d5aa97a42cc4504538e18", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/75a5221630fe5aa3fedba7a06be618db0f79ba1e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c955751cbf864cf2055117dd3fe7f780d2a57b56", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6a5a8f0a9740f865693d5aa97a42cc4504538e18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/75a5221630fe5aa3fedba7a06be618db0f79ba1e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c955751cbf864cf2055117dd3fe7f780d2a57b56", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52528.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52528.json index 27543fb101e..07669a60a05 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52528.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52528.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52528", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:48.463", - "lastModified": "2024-11-21T08:39:58.307", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:27:49.277", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,71 +15,235 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: usb: smsc75xx: corrigi\u00f3 el acceso a valores uninit en __smsc75xx_read_reg syzbot inform\u00f3 el siguiente problema de acceso a valores uninit: =============== ====================================== ERROR: KMSAN: valor uninit en controladores smsc75xx_wait_ready/net /usb/smsc75xx.c:975 [en l\u00ednea] ERROR: KMSAN: valor uninit en smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482 CPU: 0 PID: 8696 Comm: kworker/0:3 No contaminado 5.8.0-rc5-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Cola de trabajo: usb_hub_wq hub_event Seguimiento de llamadas: __dump_stack lib/dump_stack.c:77 [en l\u00ednea] dump_stack+0x21c/ 0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [en l\u00ednea ] smsc75xx_bind+0x5c9/0x11e0 controladores/net/usb/smsc75xx.c:1482 usbnet_probe+0x1152/0x3f90 controladores/net/usb/usbnet.c:1737 usb_probe_interface+0xece/0x1550 controladores/usb/core/driver.c:374 very_probe +0xf20/0x20b0 controladores/base/dd.c:529 driver_probe_device+0x293/0x390 controladores/base/dd.c:701 __device_attach_driver+0x63f/0x830 controladores/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 controladores/base/ bus.c:431 __device_attach+0x4e2/0x7f0 controladores/base/dd.c:873 dispositivo_initial_probe+0x4a/0x60 controladores/base/dd.c:920 bus_probe_device+0x177/0x3d0 controladores/base/bus.c:491 dispositivo_add+0x3b0e /0x40d0 controladores/base/core.c:2680 usb_set_configuration+0x380f/0x3f10 controladores/usb/core/message.c:2032 usb_generic_driver_probe+0x138/0x300 controladores/usb/core/generic.c:241 usb_probe_device+0x311/0x490 controladores/ usb/core/driver.c:272 Actually_probe+0xf20/0x20b0 controladores/base/dd.c:529 driver_probe_device+0x293/0x390 controladores/base/dd.c:701 __device_attach_driver+0x63f/0x830 controladores/base/dd.c: 807 bus_for_each_drv+0x2ca/0x3f0 controladores/base/bus.c:431 __device_attach+0x4e2/0x7f0 controladores/base/dd.c:873 device_initial_probe+0x4a/0x60 controladores/base/dd.c:920 bus_probe_device+0x177/0x3d0 controladores/ base/bus.c:491 dispositivos_add+0x3b0e/0x40d0 controladores/base/core.c:2680 usb_new_device+0x1bd4/0x2a30 controladores/usb/core/hub.c:2554 hub_port_connect controladores/usb/core/hub.c:5208 [ en l\u00ednea] hub_port_connect_change drivers/usb/core/hub.c:5348 [en l\u00ednea] port_event drivers/usb/core/hub.c:5494 [en l\u00ednea] hub_event+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576 Process_one_work+ 0x1688/0x2140 kernel/workqueue.c:2269 trabajador_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 Variable local ----buf.i87@smsc75xx_bind creada en: __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [en l\u00ednea] smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [en l\u00ednea] smsc75xx_bind+0x485/0x11e0 drivers /net/usb/smsc75xx.c:1482 __smsc75xx_read_reg controladores/net/usb/smsc75xx.c:83 [en l\u00ednea] smsc75xx_wait_ready controladores/net/usb/smsc75xx.c:968 [en l\u00ednea] smsc75xx_bind+0x485/0x11e0 controladores/net/usb /smsc75xx.c:1482 Este problema se debe a que usbnet_read_cmd() lee menos bytes de los solicitados (cero bytes en el reproductor). En este caso, 'buf' no se completa correctamente. Este parche soluciona el problema devolviendo -ENODATA si usbnet_read_cmd() lee menos bytes de los solicitados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.34", + "versionEndExcluding": "4.14.327", + "matchCriteriaId": "F8AFEC1A-335A-4E7A-9E59-AC6B72BDD3DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.296", + "matchCriteriaId": "78DAD65C-4893-461B-91B2-F4E7C212F140" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.258", + "matchCriteriaId": "1208C905-CEAA-49F2-B357-72A5185B2656" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.198", + "matchCriteriaId": "66D916C3-4087-44FF-9CD9-D2826BCC9E3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.135", + "matchCriteriaId": "53447712-3158-498E-A077-9FA1898E6464" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.57", + "matchCriteriaId": "8629E5D1-351D-4D4B-8D05-E10BD4A1CFD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.7", + "matchCriteriaId": "830A824C-F212-4FDC-ADEF-0EBEC6B2365B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52530.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52530.json index 6e6727d23ad..156c7d962c4 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52530.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52530.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52530", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:48.567", - "lastModified": "2024-11-21T08:39:58.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:26:57.617", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,43 +15,172 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: soluciona el posible Use After Free de la clave Cuando ieee80211_key_link() es llamado por ieee80211_gtk_rekey_add() pero devuelve 0 debido a la protecci\u00f3n KRACK (reinstalaci\u00f3n de clave id\u00e9ntica), ieee80211_gtk_rekey_add() a\u00fan devolver\u00e1 un puntero a la clave, en un posible Use After Free. Esto normalmente no sucede ya que iwlwifi solo lo llama en caso de descarga de recodificaci\u00f3n de WoWLAN, que tiene su propia protecci\u00f3n KRACK, pero a\u00fan es mejor solucionarlo, h\u00e1galo devolviendo un c\u00f3digo de error y convirti\u00e9ndolo en exitoso solo en el l\u00edmite cfg80211, dejando el error para personas que llaman mal de ieee80211_gtk_rekey_add()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.14", + "versionEndExcluding": "5.4.285", + "matchCriteriaId": "3DF14889-9C7C-4838-BC5F-95C61573BF58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.288", + "matchCriteriaId": "F39ABFAE-F845-49CA-BA9D-67206E6DD28F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.169", + "matchCriteriaId": "18BEDAD6-86F8-457C-952F-C35698B3D07F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.57", + "matchCriteriaId": "8629E5D1-351D-4D4B-8D05-E10BD4A1CFD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.7", + "matchCriteriaId": "830A824C-F212-4FDC-ADEF-0EBEC6B2365B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52531.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52531.json index 776ef648fc4..e385c56f0a2 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52531.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52531.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52531", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:48.613", - "lastModified": "2024-11-21T08:39:58.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:28:47.893", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,151 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mvm: soluciona un problema de corrupci\u00f3n de memoria Unas pocas l\u00edneas arriba, se kzalloc()'ed espacio para: sizeof(struct iwl_nvm_data) + sizeof(struct ieee80211_channel) + sizeof (struct ieee80211_rate) 'mvm->nvm_data' es una 'struct iwl_nvm_data', por lo que est\u00e1 bien. Al final de esta estructura, se encuentra la matriz flexible de 'canales'. Cada elemento es de tipo 'struct ieee80211_channel'. Entonces solo se asigna 1 elemento en esta matriz. Al hacer: mvm->nvm_data->bands[0].channels = mvm->nvm_data->channels; Apuntamos al primer elemento de la matriz flexible 'canales'. Entonces esto est\u00e1 bien. Sin embargo, al hacer: mvm->nvm_data->bands[0].bitrates = (void *)((u8 *)mvm->nvm_data->channels + 1); debido a la conversi\u00f3n \"(u8 *)\", agregamos solo 1 a la direcci\u00f3n del comienzo de la matriz flexible. Es probable que queramos apuntar a la 'estructura ieee80211_rate' asignada justo despu\u00e9s. Retire la fundici\u00f3n espuria para que la aritm\u00e9tica del puntero funcione como se esperaba." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.9", + "versionEndExcluding": "5.15.135", + "matchCriteriaId": "FA1C2331-7851-4FAC-B2E1-436FC160FDC2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.57", + "matchCriteriaId": "8629E5D1-351D-4D4B-8D05-E10BD4A1CFD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.7", + "matchCriteriaId": "830A824C-F212-4FDC-ADEF-0EBEC6B2365B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/6b3223449c959a8be94a1f042288059e40fcccb0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7c8faa31080342aec4903c9acb20caf82fcca1ef", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8ba438ef3cacc4808a63ed0ce24d4f0942cfe55d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f06cdd8d4ba5252986f51f80cc30263636397128", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6b3223449c959a8be94a1f042288059e40fcccb0", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7c8faa31080342aec4903c9acb20caf82fcca1ef", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8ba438ef3cacc4808a63ed0ce24d4f0942cfe55d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f06cdd8d4ba5252986f51f80cc30263636397128", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52560.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52560.json index 56cd8d01462..9885d9473fc 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52560.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52560.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52560", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:48.750", - "lastModified": "2024-11-21T08:40:03.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:24:15.463", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,125 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm/damon/vaddr-test: corrige la p\u00e9rdida de memoria en damon_do_test_apply_tres_regions() Cuando CONFIG_DAMON_VADDR_KUNIT_TEST=y y se hace CONFIG_DEBUG_KMEMLEAK=y y CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, se detecta la siguiente p\u00e9rdida de memoria. Desde el commit 9f86d624292c (\"mm/damon/vaddr-test: eliminar variables innecesarias\"), damon_destroy_ctx() se elimina, pero a\u00fan se llama a damon_new_target() y damon_new_region(), la damon_region asignada por kmem_cache_alloc() en damon_new_region() y el damon_target asignado por kmalloc en damon_new_target() no se libera. Y el damon_region que est\u00e1 asignado en damon_new_region() en damon_set_regions() tampoco se libera. Entonces use damon_destroy_target para liberar todos los damon_regions y damon_target. objeto sin referencia 0xffff888107c9a940 (tama\u00f1o 64): comm \"kunit_try_catch\", pid 1069, jiffies 4294670592 (edad 732,761 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b... .........kkkk 60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff `................. backtrace: [] kmalloc_trace +0x27/0xa0 [] damon_new_target+0x3f/0x1b0 [] damon_do_test_apply_tres_regiones.constprop.0+0x95/0x3e0 [] damon_test_apply_tres_regiones1+0x21e/ 0x260 [] kunit_generic_run_threadfn_adapter+0x4a/0x90 [< ffffffff81237cf6>] kthread+0x2b6/0x380 [] ret_from_fork+0x2d/0x70 [] ret_from_fork_asm+0x11/0x20 objeto sin referencia 0xffff8881079cc740 (tama\u00f1o 56): comm \"kunit_try_catch\", pid 1069, santiam\u00e9n 4294670592 (edad 732,761 s ) volcado hexadecimal (primeros 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk retroceso: [] damon_new_region+0x22/0x1c0 [] damon_do_test_apply_tres_regiones.constprop.0+0xd1/0x3e0 [] damon_test_apply_tres_regiones1+0x21e/0x260 [ ] kunit_generic_run_threadfn_adapter+0x4a/0x90 [] kthread+0x2b6/0x380 [] ret_from_fork+0x2d/0x70 [] ret_from_ fork_asm+0x11/0x20 objeto sin referencia 0xffff888107c9ac40 (tama\u00f1o 64): comm \"kunit_try_catch \", pid 1071, santiam\u00e9n 4294670595 (edad 732,843 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk a0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff ........xv.... rastreo: [] kmalloc_trace+0x27/0xa0 [] damon_new_target+0x3f/0x1b0 [] damon_do_test_apply_tres_regiones.constprop.0+0x95/0x3e0 [] damon_test_apply_tres_regiones2+0x21e/0x260 [] kunit_generic_run_threadfn_adapter+0x4 a/0x90 [] kthread+0x2b6/0x380 [] ret_from_fork +0x2d/0x70 [] ret_from_fork_asm+0x11/0x20 objeto sin referencia 0xffff8881079ccc80 (tama\u00f1o 56): comm \"kunit_try_catch\", pid 1071, jiffies 4294670595 (edad 732.843 s) volcado hexadecimal (primero 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk retroceso : [] damon_new_region+0x22/0x1c0 [] damon_do_test_apply_tres_regiones.constprop.0+0xd1/0x3e0 [] damon_test_apply_tres_regiones2+0x21e/0x260 [] kunit_generic_run_threadfn_adapter+0x4a/0x90 [] kthread+0x2b6/0x380 [] ret_from_fork+0x2d/0x70 [" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.56", + "matchCriteriaId": "5EA89569-DD45-4A69-BB4D-8356FA9386BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.6", + "matchCriteriaId": "870FC772-173A-4A0F-B1AF-7976AD6057D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/45120b15743fa7c0aa53d5db6dfb4c8f87be4abd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6b522001693aa113d97a985abc5f6932972e8e86", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9a4fe81a8644b717d57d81ce5849e16583b13fe8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/45120b15743fa7c0aa53d5db6dfb4c8f87be4abd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6b522001693aa113d97a985abc5f6932972e8e86", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9a4fe81a8644b717d57d81ce5849e16583b13fe8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52563.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52563.json index b20049b6292..b2777e4960e 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52563.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52563.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52563", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:48.890", - "lastModified": "2024-11-21T08:40:04.200", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:23:23.317", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,141 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/meson: corrige la p\u00e9rdida de memoria en ->hpd_notify callback El EDID devuelto por drm_bridge_get_edid() debe liberarse." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.61", + "versionEndExcluding": "5.15.134", + "matchCriteriaId": "B5730F71-5EEC-4F3F-9C76-68FD99523C7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.17", + "versionEndExcluding": "6.1.56", + "matchCriteriaId": "80928A45-42B8-4768-83F3-31FFF3C8594D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.6", + "matchCriteriaId": "870FC772-173A-4A0F-B1AF-7976AD6057D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/099f0af9d98231bb74956ce92508e87cbcb896be", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/43b63e088887a8b82750e16762f77100ffa76cba", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/66cb6d74f5a1b6eafe3370b56bf2cb575a91acbc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ee335e0094add7fc2c7034e0534e1920d61d2078", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/099f0af9d98231bb74956ce92508e87cbcb896be", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/43b63e088887a8b82750e16762f77100ffa76cba", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/66cb6d74f5a1b6eafe3370b56bf2cb575a91acbc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ee335e0094add7fc2c7034e0534e1920d61d2078", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52565.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52565.json index 68819f6abd1..f5beb5e9033 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52565.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52565.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52565", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:48.980", - "lastModified": "2024-11-21T08:40:04.447", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:22:29.917", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,120 @@ "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: media: uvcvideo: Fix OOB read Si el \u00edndice proporcionado por el usuario es mayor que el tama\u00f1o de la m\u00e1scara, podr\u00edamos hacer una lectura fuera de los l\u00edmites." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.16", + "versionEndExcluding": "6.1.56", + "matchCriteriaId": "54E05760-AFBD-4E0C-831C-B6763F72A8D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3", + "versionEndExcluding": "6.5.6", + "matchCriteriaId": "61846CB1-F7E4-4C66-BA05-7D732274A120" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52567.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52567.json index 4bed9a4657c..be9f6a05549 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52567.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52567.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52567", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:49.073", - "lastModified": "2024-11-21T08:40:04.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:26:16.023", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,71 +15,230 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: 8250_port: verifique los datos IRQ antes de usarlos. En caso de que el controlador hoja quiera usar el sondeo IRQ (irq = 0) y el registro IIR muestre que ocurri\u00f3 una interrupci\u00f3n en el hardware 8250, el IRQ los datos pueden ser NULL. En tal caso, debemos omitir el evento de activaci\u00f3n, ya que llegamos a este camino desde la interrupci\u00f3n del temporizador y es muy probable que el sistema ya est\u00e9 despierto. Sin esta soluci\u00f3n, tenemos un Ups: serial8250: ttyS0 en E/S 0x3f8 (irq = 0, base_baud = 115200) es un 16550A... ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 00000000000000010 RIP: 0010:serial8250_handle_irq+0x7c/ 0x240 Seguimiento de llamadas: ? serial8250_handle_irq+0x7c/0x240? __pfx_serial8250_timeout+0x10/0x10" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.14.315", + "versionEndExcluding": "4.14.327", + "matchCriteriaId": "E2E9DE56-0F61-4A8B-9FF0-4D7E29F6B0CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19.283", + "versionEndExcluding": "4.19.296", + "matchCriteriaId": "B1729C6A-DB56-4B8F-B4DA-A2D5BEC4A04B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4.243", + "versionEndExcluding": "5.4.258", + "matchCriteriaId": "A86237AD-7726-4F3C-8A27-DD721615097A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10.180", + "versionEndExcluding": "5.10.198", + "matchCriteriaId": "2313CA47-BD6B-4E6F-9DD6-A65989C4A196" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.111", + "versionEndExcluding": "5.15.134", + "matchCriteriaId": "5052A1B6-DA2F-4EF6-9AEA-1D9BAAD72016" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.28", + "versionEndExcluding": "6.1.56", + "matchCriteriaId": "19090EE6-1348-4171-ACA3-684095E30217" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4", + "versionEndExcluding": "6.5.6", + "matchCriteriaId": "220EAEE9-2C66-435C-A761-F38E9BA43A2C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2b837f13a818f96304736453ac53b66a70aaa4f2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3345cc5f02f1fb4c4dcb114706f2210d879ab933", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bf3c728e3692cc6d998874f0f27d433117348742", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c334650150c29234b0923476f51573ae1b2f252a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cce7fc8b29961b64fadb1ce398dc5ff32a79643b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e14afa4450cb7e4cf93e993a765801203d41d014", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e14f68a48fd445a083ac0750fafcb064df5f18f7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ee5732caaffba3a37e753fdb89b4958db9a61847", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2b837f13a818f96304736453ac53b66a70aaa4f2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3345cc5f02f1fb4c4dcb114706f2210d879ab933", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bf3c728e3692cc6d998874f0f27d433117348742", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c334650150c29234b0923476f51573ae1b2f252a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cce7fc8b29961b64fadb1ce398dc5ff32a79643b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e14afa4450cb7e4cf93e993a765801203d41d014", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e14f68a48fd445a083ac0750fafcb064df5f18f7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ee5732caaffba3a37e753fdb89b4958db9a61847", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52568.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52568.json index 9c8d7eba83d..6fe23117f0e 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52568.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52568.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52568", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:49.120", - "lastModified": "2024-11-21T08:40:05.380", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:23:49.080", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,125 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/sgx: Resuelve reclamaci\u00f3n SECS versus error de p\u00e1gina para la ejecuci\u00f3n EAUG. El recuperador SGX EPC (ksgxd) puede reclamar la p\u00e1gina SECS EPC para un enclave y establecer secs.epc_page en NULL. La p\u00e1gina SECS se utiliza para EAUG y ELDU en el controlador de fallas de la p\u00e1gina SGX. Sin embargo, la verificaci\u00f3n NULL para secs.epc_page solo se realiza para ELDU, no para EAUG, antes de usarse. Solucione este problema haciendo la misma verificaci\u00f3n NULL y recargando la p\u00e1gina SECS seg\u00fan sea necesario tanto para EAUG como para ELDU. La p\u00e1gina SECS contiene metadatos del enclave global. Solo se puede reclamar cuando no quedan otras p\u00e1ginas del enclave. En ese punto, pr\u00e1cticamente no se puede hacer nada con el enclave hasta que se vuelva a paginar la p\u00e1gina SECS. Un enclave no puede ejecutarse ni generar errores de p\u00e1gina sin una p\u00e1gina SECS residente. Pero a\u00fan es posible que un #PF para una p\u00e1gina que no es SECS se compita con la paginaci\u00f3n de la p\u00e1gina SECS: cuando la \u00faltima p\u00e1gina A residente que no es SECS activa un #PF en una p\u00e1gina B no residente, y luego la p\u00e1gina A y Ambos SECS se paginan antes de que se maneje el #PF en B. Para solucionar este error es necesario que la ejecuci\u00f3n se active con un #PF para EAUG. A continuaci\u00f3n se muestra un rastro de cuando sucede. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000000 RIP: 0010:sgx_encl_eaug_page+0xc7/0x210 Seguimiento de llamadas:? __kmem_cache_alloc_node+0x16a/0x440 ? xa_load+0x6e/0xa0 sgx_vma_fault+0x119/0x230 __do_fault+0x36/0x140 do_fault+0x12f/0x400 __handle_mm_fault+0x728/0x1110 handle_mm_fault+0x105/0x310 do_user_addr_fault+0x1ee/ 0x750? __this_cpu_preempt_check+0x13/0x20 exc_page_fault+0x76/0x180 asm_exc_page_fault+0x27/0x30" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0", + "versionEndExcluding": "6.1.56", + "matchCriteriaId": "88CD6F0B-B968-414C-86CA-2E442AEA0EA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.6", + "matchCriteriaId": "870FC772-173A-4A0F-B1AF-7976AD6057D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1348f7f15d7c7798456856bee74a4235c2da994e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/811ba2ef0cb6402672e64ba1419d6ef95aa3405d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c6c2adcba50c2622ed25ba5d5e7f05f584711358", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1348f7f15d7c7798456856bee74a4235c2da994e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/811ba2ef0cb6402672e64ba1419d6ef95aa3405d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c6c2adcba50c2622ed25ba5d5e7f05f584711358", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52570.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52570.json index c584930b0b7..a70fb39e3ac 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52570.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52570.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52570", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:49.210", - "lastModified": "2024-11-21T08:40:05.627", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:21:44.063", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,125 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vfio/mdev: corrige un error null-ptr-deref para mdev_unregister_parent() Inyecta el fallo al sondear mdpy.ko, si kstrdup() de create_dir() falla en kobject_add_internal() en kobject_init_and_add() en mdev_type_add() en parent_create_sysfs_files(), devolver\u00e1 0 y sondear\u00e1 exitosamente. Y cuando rmmod mdpy.ko, mdpy_dev_exit() llamar\u00e1 a mdev_unregister_parent(), mdev_type_remove() puede atravesar tipos padre->[i] no inicializados en parent_remove_sysfs_files(), y provocar\u00e1 debajo de null-ptr-deref. Si mdev_type_add() falla, devuelva el c\u00f3digo de error y kset_unregister() para solucionar el problema. falla de protecci\u00f3n general, probablemente para direcci\u00f3n no can\u00f3nica 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref en rango [0x0000000000000010-0x00000000000000017] CPU: 2 PID: 10215 Comm: rmmod Tainted: GW N 6.6.0- rc2+ #20 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.15.0-1 01/04/2014 RIP: 0010:__kobject_del+0x62/0x1c0 C\u00f3digo: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 28 48 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 24 01 00 00 48 8b 7 5 10 48 89 gl 48 8d 6b 3c e8 RSP: 0018:ffff88810695fd30 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffffffffa0270268 RCX: 00000000000000000 RDX: 0000000000000000 2 RSI: 0000000000000004 RDI: 00000000000000010 RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10233a4ef1 R10: ffff888119d2778b R11: 00 00000063666572 R12: 0000000000000000 R13 : ffffbfff404e2d4 R14: dffffc0000000000 R15: fffffffa0271660 FS: 00007fbc81981540(0000) GS:ffff888119d00000(0000) knlGS:0000000000000000 CS: 0010 DS : 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc14a142dc0 CR3: 0000000110a62003 CR4: 0000000000770ee0 DR0: ffffffff8fb0bce8 DR1: ffffffff8fb0bce9 DR2: ffffffff8fb0bcea DR3: ffffffff8fb0bceb DR6: 00000000fffe0ff0 DR7: 0000000000000600 PKRU: 55555554 Seguimiento de llamadas: ? die_addr+0x3d/0xa0? exc_general_protection+0x144/0x220? asm_exc_general_protection+0x22/0x30? __kobject_del+0x62/0x1c0 kobject_del+0x32/0x50 parent_remove_sysfs_files+0xd6/0x170 [mdev] mdev_unregister_parent+0xfb/0x190 [mdev] ? mdev_register_parent+0x270/0x270 [mdev] ? find_module_all+0x9d/0xe0 mdpy_dev_exit+0x17/0x63 [mdpy] __do_sys_delete_module.constprop.0+0x2fa/0x4b0 ? module_flags+0x300/0x300? __fput+0x4e7/0xa00 do_syscall_64+0x35/0x80 Entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7fbc813221b7 C\u00f3digo: 73 01 c3 48 8b 0d d1 8c 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 8c 2c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffe780e0648 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 RAX : ffffffffffffffda RBX: 00007ffe780e06a8 RCX: 00007fbc813221b7 RDX: 000000000000000a RSI: 00000000000000800 RDI: 000055e214df9b58 RBP: 000055e214d f9af0 R08: 00007ffe780df5c1 R09: 00000000000000000 R10: 00007fbc8139ecc0 R11: 0000000000000206 R12: 00007ffe780e0870 R13: 00007ffe780e0ed0 R14: 000055e214df9260 R15: 000055e214df9af0 M\u00f3dulos vinculados en: mdpy(-) mdev vfio_iommu_type1 vfio [\u00faltima descarga: mdpy] Dumping ftrace buffer: (ftrace buffer vac\u00edo) ---[ end trace 0000000000000000 ]--- RIP: 0010:__kobject_del+0x62/0x1c0 C\u00f3digo: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 28 48 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 24 01 00 00 48 8b 75 10 48 89 df 48 8d 6b 3c e8 RSP: 0018:ffff88810695fd30 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: fffffffa0270268 RCX: 00000000000000000 RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000010 RBP: 0000000000000000 R08: 00000000000000001 R09: ffffed10233a4ef1 R10: ff ff888119d2778b R11: 0000000063666572 R12: 00000000000000000 R13: ffffbfff404e2d4 R14: dffffc0000000000 R15: ffffffffa0271660 FS: 00007fbc81981540(0000) GS:ffff88 8119d00000(000 ---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1", + "versionEndExcluding": "6.1.56", + "matchCriteriaId": "C2C03A0E-8445-400B-B2DC-D296CF060FB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.6", + "matchCriteriaId": "870FC772-173A-4A0F-B1AF-7976AD6057D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/52093779b1830ac184a23848d971f06404cf513e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c01b2e0ee22ef8b4dd7509a93aecc0ac0826bae4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c777b11d34e0f47dbbc4b018ef65ad030f2b283a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/52093779b1830ac184a23848d971f06404cf513e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c01b2e0ee22ef8b4dd7509a93aecc0ac0826bae4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c777b11d34e0f47dbbc4b018ef65ad030f2b283a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52572.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52572.json index 4baa2713fb4..46b17805665 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52572.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52572.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52572", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:49.300", - "lastModified": "2024-11-21T08:40:05.943", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:22:46.453", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,120 @@ "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: cifs: Reparar UAF en cifs_demultiplex_thread() Hay un UAF cuando xfstests en cifs: ERROR: KASAN: use-after-free en smb2_is_network_name_deleted+0x27/0x160 Lectura de tama\u00f1o 4 en addr ffff888810103fc08 por tarea cifsd/923 cpu: 1 pid: 923 com: cifsd no contaminado 6.1.0-rc4+ #45 ... llamar a la llamada: dump_stack_lvl+0x34/0x44 print_report+0x171/0x472 kasan_raport+0xad/0x130 kasan_range_range_range_range_range_range_mad/0xad/0xad/0xad/0xad/0xad/0xad/0xad/0xad/0xad/0xad/0xad/0xad/0xy 0x145/0x1a0 smb2_is_network_name_deleted+0x27/0x160 cifs_demultiplex_thread.cold+0x172/0x5a4 kthread+0x165/0x1a0 ret_from_fork+0x1f/0x30 Asignado por la tarea 923: kasan_save_stack+0x1e/ 0x40 kasan_set_track+0x21/0x30 __kasan_slab_alloc+0x54/0x60 kmem_cache_alloc +0x147/0x320 mempool_alloc+0xe1/0x260 cifs_small_buf_get+0x24/0x60 allocate_buffers+0xa1/0x1c0 cifs_demultiplex_thread+0x199/0x10d0 kthread+0x165/0x1a0 ret_from_fork+0x1f/0x30 Liberado por tarea 921: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info +0x2a/0x40 ____kasan_slab_free+0x143/0x1b0 kmem_cache_free+0xe3/0x4d0 cifs_small_buf_release+0x29/0x90 SMB2_negotiate+0x8b7/0x1c60 smb2_negotiate+0x51/0x70 cifs_negotiate_protocol+0xf 0/0x160 cifs_get_smb_ses+0x5fa/0x13c0 mount_get_conns+0x7a/0x750 cifs_mount+0x103/0xd00 cifs_smb3_do_mount +0x1dd/0xcb0 smb3_get_tree+0x1d5/0x300 vfs_get_tree+0x41/0xf0 path_mount+0x9b3/0xdd0 __x64_sys_mount+0x190/0x1d0 do_syscall_64+0x35/0x80 Entry_SYSCALL_64_after_hwframe+0x46/0 xb0 La UAF es porque: mount(pid: 921) | cifsd(pid: 923) -------------------------------|------------ ------------------- | cifs_demultiplex_thread SMB2_negotiate | cifs_send_recv | compuesto_send_recv | smb_send_rqst | esperar_para_respuesta | esperar_event_state [1] | | recepci\u00f3n_est\u00e1ndar3 | cifs_handle_standard | manejar_mid | mid->resp_buf = buf; [2] | dequeue_mid [3] MATAR el proceso [4] | resp_iov[i].iov_base = buf | free_rsp_buf [5] | | is_network_name_eliminado [6] | devoluci\u00f3n de llamada 1. Despu\u00e9s de enviar la solicitud al servidor, espere la respuesta hasta mid->mid_state != ENVIADO; 2. Reciba la respuesta del servidor y config\u00farelo en medio; 3. Establezca el estado medio en RECIBIDO; 4. Finalice el proceso, el estado medio ya RECIBIDO, obtenga 0; 5. Manejar y liberar la respuesta de negociaci\u00f3n; 6. UAF. Se puede reproducir f\u00e1cilmente agregando algo de retraso en [3] - [6]. Solo la llamada de sincronizaci\u00f3n tiene el problema ya que la devoluci\u00f3n de llamada de la llamada as\u00edncrona se ejecuta en el proceso cifsd. Agregue un estado adicional para marcar el estado medio como LISTO antes de despertar al camarero, luego podr\u00e1 obtener la respuesta de manera segura." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.16", + "versionEndExcluding": "6.1.56", + "matchCriteriaId": "FB37BD4C-9B5A-4A44-904B-0D5D51AC7AE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.6", + "matchCriteriaId": "870FC772-173A-4A0F-B1AF-7976AD6057D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/76569e3819e0bb59fc19b1b8688b017e627c268a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/908b3b5e97d25e879de3d1f172a255665491c2c3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d527f51331cace562393a8038d870b3e9916686f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/76569e3819e0bb59fc19b1b8688b017e627c268a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/908b3b5e97d25e879de3d1f172a255665491c2c3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d527f51331cace562393a8038d870b3e9916686f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52573.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52573.json index 15cd3224a08..e1aea4a5667 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52573.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52573.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52573", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:49.350", - "lastModified": "2024-11-21T08:40:06.067", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:20:48.023", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,55 +15,183 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: rds: corrige la posible desreferencia del puntero NULL. En rds_rdma_cm_event_handler_cmn(), verifique si el puntero de conexi\u00f3n existe antes de desreferenciarlo como argumento rdma_set_service_type() Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.1", + "versionEndExcluding": "5.4.258", + "matchCriteriaId": "7AEFBEC5-749F-422D-94EC-B6720CD8959A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.198", + "matchCriteriaId": "66D916C3-4087-44FF-9CD9-D2826BCC9E3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.134", + "matchCriteriaId": "346A7B1E-5048-460C-9640-5EFA2075158B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.56", + "matchCriteriaId": "5EA89569-DD45-4A69-BB4D-8356FA9386BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.6", + "matchCriteriaId": "870FC772-173A-4A0F-B1AF-7976AD6057D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/069ac51c37a6f07a51f7134d8c34289075786a35", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/51fa66024a5eabf270164f2dc82a48ffb35a12e9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/812da2a08dc5cc75fb71e29083ea20904510ac7a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ea82139e6e3561100d38d14401d57c0ea93fc07e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f1d95df0f31048f1c59092648997686e3f7d9478", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f515112e833791001aaa8ab886af3ca78503617f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/069ac51c37a6f07a51f7134d8c34289075786a35", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/51fa66024a5eabf270164f2dc82a48ffb35a12e9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/812da2a08dc5cc75fb71e29083ea20904510ac7a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ea82139e6e3561100d38d14401d57c0ea93fc07e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f1d95df0f31048f1c59092648997686e3f7d9478", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f515112e833791001aaa8ab886af3ca78503617f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52574.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52574.json index ceceed5b69d..a1003a08793 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52574.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52574.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52574", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:49.393", - "lastModified": "2024-11-21T08:40:06.193", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:30:26.120", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,71 +15,225 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: equipo: corrige null-ptr-deref cuando se cambia el tipo de dispositivo del equipo. Obtiene un error null-ptr-deref de la siguiente manera con el reproductor [1]. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000228... RIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q]... Seguimiento de llamadas: ? __morir+0x24/0x70 ? page_fault_oops+0x82/0x150? exc_page_fault+0x69/0x150? asm_exc_page_fault+0x26/0x30? vlan_dev_hard_header+0x35/0x140 [8021q] ? vlan_dev_hard_header+0x8e/0x140 [8021q] neigh_connected_output+0xb2/0x100 ip6_finish_output2+0x1cb/0x520 ? nf_hook_slow+0x43/0xc0? ip6_mtu+0x46/0x80 ip6_finish_output+0x2a/0xb0 mld_sendpack+0x18f/0x250 mld_ifc_work+0x39/0x160 Process_one_work+0x1e6/0x3f0 trabajador_thread+0x4d/0x2f0? __pfx_worker_thread+0x10/0x10 kthread+0xe5/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 [1] $ teamd -t team0 -d -c '{\"runner\": {\"name\": \"loadbalance\"}}' $ enlace ip agregar nombre t-dummy tipo dummy $ enlace ip agregar enlace t-dummy nombre t-dummy.100 tipo vlan id 100 $ enlace ip agregar nombre t-nlmon tipo nlmon $ conjunto de enlaces ip t-nlmon master team0 $ conjunto de enlaces ip t-nlmon nomaster $ conjunto de enlaces ip t- dummy up $ ip link set team0 up $ ip link set t-dummy.100 down $ ip link set t-dummy.100 master team0 Cuando se esclaviza un dispositivo VLAN a un dispositivo de equipo y el tipo de dispositivo de equipo se cambia de no ether a ether, header_ops del dispositivo del equipo se cambia a vlan_header_ops. Eso es incorrecto y activar\u00e1 null-ptr-deref para vlan->real_dev en vlan_dev_hard_header() porque el dispositivo del equipo no es un dispositivo vlan. Almacene en cach\u00e9 eth_header_ops en team_setup(), luego asigne header_ops almacenados en cach\u00e9 a header_ops del dispositivo team net cuando su tipo cambie de no ether a ether para corregir el error." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.7", + "versionEndExcluding": "4.14.327", + "matchCriteriaId": "D4AE9BE2-7150-4CEF-8D32-E40A032774FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.296", + "matchCriteriaId": "78DAD65C-4893-461B-91B2-F4E7C212F140" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.258", + "matchCriteriaId": "1208C905-CEAA-49F2-B357-72A5185B2656" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.198", + "matchCriteriaId": "66D916C3-4087-44FF-9CD9-D2826BCC9E3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.134", + "matchCriteriaId": "346A7B1E-5048-460C-9640-5EFA2075158B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.56", + "matchCriteriaId": "5EA89569-DD45-4A69-BB4D-8356FA9386BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.6", + "matchCriteriaId": "870FC772-173A-4A0F-B1AF-7976AD6057D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1779eb51b9cc628cee551f252701a85a2a50a457", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2f0acb0736ecc3eb85dc80ad2790d634dcb10b58", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/492032760127251e5540a5716a70996bacf2a3fd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a7fb47b9711101d2405b0eb1276fb1f9b9b270c7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b44dd92e2afd89eb6e9d27616858e72a67bdc1a7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c5f6478686bb45f453031594ae19b6c9723a780d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cac50d9f5d876be32cb9aa21c74018468900284d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cd05eec2ee0cc396813a32ef675634e403748255", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1779eb51b9cc628cee551f252701a85a2a50a457", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2f0acb0736ecc3eb85dc80ad2790d634dcb10b58", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/492032760127251e5540a5716a70996bacf2a3fd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a7fb47b9711101d2405b0eb1276fb1f9b9b270c7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b44dd92e2afd89eb6e9d27616858e72a67bdc1a7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c5f6478686bb45f453031594ae19b6c9723a780d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cac50d9f5d876be32cb9aa21c74018468900284d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cd05eec2ee0cc396813a32ef675634e403748255", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52577.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52577.json index bba9c427b84..c709cbe0bae 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52577.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52577.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52577", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:49.537", - "lastModified": "2024-11-21T08:40:06.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:21:49.573", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,71 +15,209 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dccp: corrija dccp_v4_err()/dccp_v6_err() nuevamente dh->dccph_x es el noveno byte (desplazamiento 8) en \"struct dccp_hdr\", no en el \"byte 7\" como Jann reclamado. Necesitamos asegurarnos de que los mensajes ICMP sean lo suficientemente grandes, utilizando formas m\u00e1s est\u00e1ndar (sin m\u00e1s suposiciones). syzbot inform\u00f3: ERROR: KMSAN: valor uninit en pskb_may_pull_reason include/linux/skbuff.h:2667 [en l\u00ednea] ERROR: KMSAN: valor uninit en pskb_may_pull include/linux/skbuff.h:2681 [en l\u00ednea] ERROR: KMSAN: uninit -valor en dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94 pskb_may_pull_reason include/linux/skbuff.h:2667 [en l\u00ednea] pskb_may_pull include/linux/skbuff.h:2681 [en l\u00ednea] dccp_v6_err+0x426/0x1aa0 net/ dccp/ipv6.c:94 icmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867 icmpv6_rcv+0x19d5/0x30d0 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6 /ip6_input.c:483 [en l\u00ednea] NF_HOOK include/linux/netfilter.h:304 [en l\u00ednea] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst .h:468 [en l\u00ednea] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:304 [en l\u00ednea] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net /core/dev.c:5523 [en l\u00ednea] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637 netif_receive_skb_internal net/core/dev.c:5723 [en l\u00ednea] netif_receive_skb+0x58/0x660 net/core/dev.c :5782 tun_rx_batched+0x83b/0x920 tun_get_user+0x564c/0x6940 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:1985 [en l\u00ednea] new_sync_write fs /read_write.c:491 [en l\u00ednea] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [en l\u00ednea] __se_sys_write fs/read_write.c :646 [en l\u00ednea] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+ 0x63/0xcd Uninit se cre\u00f3 en: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [en l\u00ednea] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4 a0 neto/ core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [en l\u00ednea] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313 sock_alloc_send_pskb+ 0xa80/0xbf0 net/core/sock.c:2795 controladores tun_alloc_skb/net/tun.c:1531 [en l\u00ednea] tun_get_user+0x23cf/0x6940 controladores/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 controladores/net/tun. c:2048 call_write_iter include/linux/fs.h:1985 [en l\u00ednea] new_sync_write fs/read_write.c:491 [en l\u00ednea] vfs_write+0x8ef/0x15c0 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c: 637 __do_sys_write fs/read_write.c:649 [en l\u00ednea] __se_sys_write fs/read_write.c:646 [en l\u00ednea] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd CPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/08/2023" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10.195", + "versionEndExcluding": "5.10.198", + "matchCriteriaId": "473AE17D-E000-42E4-8762-8669D7D816A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.132", + "versionEndExcluding": "5.15.134", + "matchCriteriaId": "F47152A2-8AFC-4C71-981D-980B1763D7DD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.53", + "versionEndExcluding": "6.1.56", + "matchCriteriaId": "D8B05106-E093-4EE4-86F3-EE7AD5802CDD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5.3", + "versionEndExcluding": "6.5.6", + "matchCriteriaId": "073850EA-45D9-42D3-93E5-C527A7732405" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:4.14.326:*:*:*:*:*:*:*", + "matchCriteriaId": "7D69FD12-238F-4D96-8520-4C77E2B6FB85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:4.19.295:*:*:*:*:*:*:*", + "matchCriteriaId": "67A9EA15-10FD-4821-99DA-139F28267AF1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.4.257:*:*:*:*:*:*:*", + "matchCriteriaId": "66DC852D-D687-42FE-B337-455473C3ADFB" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1512d8f45d3c5d0b5baa00bd8e600492fa569f40", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/26df9ab5de308caa1503d937533c56c35793018d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4600beae416d754a3cedbb1ecea8181ec05073b6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/60d73c62e3e4464f375758b6f2459c13d46465b6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/62c218124fe58372e0e1f60d5b634d21c264b337", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6af289746a636f71f4c0535a9801774118486c7a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/73be49248a04746096339a48a33fa2f03bd85969", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a6f4d582e25d512c9b492670b6608436694357b3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-529xx/CVE-2023-52921.json b/CVE-2023/CVE-2023-529xx/CVE-2023-52921.json index d3eeb7bd8ae..e29b8d4b7ce 100644 --- a/CVE-2023/CVE-2023-529xx/CVE-2023-52921.json +++ b/CVE-2023/CVE-2023-529xx/CVE-2023-52921.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52921", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:15:09.310", - "lastModified": "2024-11-21T20:49:54.030", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:07.307", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-529xx/CVE-2023-52922.json b/CVE-2023/CVE-2023-529xx/CVE-2023-52922.json index 251a1ac170a..f0f4d225bee 100644 --- a/CVE-2023/CVE-2023-529xx/CVE-2023-52922.json +++ b/CVE-2023/CVE-2023-529xx/CVE-2023-52922.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52922", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-28T15:15:17.260", - "lastModified": "2024-11-28T15:15:17.260", + "lastModified": "2024-12-11T15:15:07.500", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: bcm: Fix UAF en bcm_proc_show() BUG: KASAN: slab-use-after-free en bcm_proc_show+0x969/0xa80 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff888155846230 por la tarea cat/7862 CPU: 1 PID: 7862 Comm: cat No contaminado 6.5.0-rc1-00153-gc8746099c197 #230 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Seguimiento de llamadas: dump_stack_lvl+0xd5/0x150 print_report+0xc1/0x5e0 Asignado por la tarea 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x9e/0xa0 bcm_sendmsg+0x264b/0x44e0 sock_sendmsg+0xda/0x180 ____sys_sendmsg+0x735/0x920 ___sys_sendmsg+0x11d/0x1b0 __sys_sendmsg+0xfa/0x1d0 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Liberado por la tarea 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 ____kasan_slab_free+0x161/0x1c0 slab_free_freelist_hook+0x119/0x220 __kmem_cache_free+0xb4/0x2e0 rcu_core+0x809/0x1bd0 bcm_op se libera antes de que se elimine la entrada procfs en bcm_release(), esto lleva a que bcm_proc_show() pueda leer el bcm_op liberado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/11b8e27ed448baa385d90154a141466bd5e92f18", diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11053.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11053.json index b4b2f372641..c2e96030a15 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11053.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11053.json @@ -2,7 +2,7 @@ "id": "CVE-2024-11053", "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9", "published": "2024-12-11T08:15:05.307", - "lastModified": "2024-12-11T10:15:05.397", + "lastModified": "2024-12-11T15:15:07.783", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, "references": [ { "url": "https://curl.se/docs/CVE-2024-11053.html", diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25142.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25142.json index 74748bbf18a..9ce292d4886 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25142.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25142.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25142", "sourceIdentifier": "security@apache.org", "published": "2024-06-14T09:15:09.103", - "lastModified": "2024-11-21T09:00:20.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:37:21.737", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,7 +15,30 @@ "value": "Uso de la vulnerabilidad de cach\u00e9 del navegador web que contiene informaci\u00f3n confidencial en Apache Airflow. Airflow no devolvi\u00f3 el encabezado \"Cache-Control\" para contenido din\u00e1mico, lo que en el caso de algunos navegadores podr\u00eda resultar en el almacenamiento de datos confidenciales en la cach\u00e9 local del navegador. Este problema afecta a Apache Airflow: antes de 2.9.2. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.9.2, que soluciona el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -26,28 +49,74 @@ "value": "CWE-525" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.9.2", + "matchCriteriaId": "AA4BA634-5B90-46CC-8219-669CA3867C9C" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/apache/airflow/pull/39550", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Patch" + ] }, { "url": "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/06/13/1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://github.com/apache/airflow/pull/39550", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28139.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28139.json new file mode 100644 index 00000000000..a0fe279748a --- /dev/null +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28139.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-28139", + "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", + "published": "2024-12-11T16:15:09.930", + "lastModified": "2024-12-11T16:15:09.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-250" + } + ] + } + ], + "references": [ + { + "url": "https://r.sec-consult.com/imageaccess", + "source": "551230f0-3615-47bd-b7cc-93e92e730bbf" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28140.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28140.json new file mode 100644 index 00000000000..df05deacdb8 --- /dev/null +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28140.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-28140", + "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", + "published": "2024-12-11T16:15:10.050", + "lastModified": "2024-12-11T16:15:10.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user.\u00a0This can be confirmed by running \"ps aux\" as the root user and observing the output." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-250" + } + ] + } + ], + "references": [ + { + "url": "https://r.sec-consult.com/imageaccess", + "source": "551230f0-3615-47bd-b7cc-93e92e730bbf" + }, + { + "url": "https://www.imageaccess.de/?page=SupportPortal&lang=en", + "source": "551230f0-3615-47bd-b7cc-93e92e730bbf" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28141.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28141.json new file mode 100644 index 00000000000..69e7922b117 --- /dev/null +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28141.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-28141", + "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", + "published": "2024-12-11T16:15:10.160", + "lastModified": "2024-12-11T16:15:10.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacker can forge malicious links to reset the admin password or create new users." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://r.sec-consult.com/imageaccess", + "source": "551230f0-3615-47bd-b7cc-93e92e730bbf" + }, + { + "url": "https://www.imageaccess.de/?page=SupportPortal&lang=en", + "source": "551230f0-3615-47bd-b7cc-93e92e730bbf" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28746.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28746.json index 4b15ceb28a0..aec62b48e35 100644 --- a/CVE-2024/CVE-2024-287xx/CVE-2024-28746.json +++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28746.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28746", "sourceIdentifier": "security@apache.org", "published": "2024-03-14T09:15:47.577", - "lastModified": "2024-11-21T09:06:52.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:42:56.887", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,7 +15,30 @@ "value": "Apache Airflow, versiones 2.8.0 a 2.8.2, tiene una vulnerabilidad que permite a un usuario autenticado con permisos limitados acceder a recursos como variables, conexiones, etc. desde la interfaz de usuario a la que no tiene permiso para acceder. Se recomienda a los usuarios de Apache Airflow actualizar a la versi\u00f3n 2.8.3 o posterior para mitigar el riesgo asociado con esta vulnerabilidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -28,30 +51,71 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.8.0", + "versionEndExcluding": "2.8.3", + "matchCriteriaId": "53B425B5-D83E-4A41-85DF-51DFCFD935E9" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/03/13/5", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://github.com/apache/airflow/pull/37881", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Patch" + ] }, { "url": "https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/13/5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://github.com/apache/airflow/pull/37881", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-320xx/CVE-2024-32077.json b/CVE-2024/CVE-2024-320xx/CVE-2024-32077.json index b6454fd48aa..b595d09b613 100644 --- a/CVE-2024/CVE-2024-320xx/CVE-2024-32077.json +++ b/CVE-2024/CVE-2024-320xx/CVE-2024-32077.json @@ -2,8 +2,8 @@ "id": "CVE-2024-32077", "sourceIdentifier": "security@apache.org", "published": "2024-05-14T16:17:01.970", - "lastModified": "2024-11-21T09:14:25.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:34:18.077", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,7 +15,30 @@ "value": "Apache Airflow versi\u00f3n 2.9.0 tiene una vulnerabilidad que permite a un atacante autenticado inyectar datos maliciosos en los registros de instancias de tareas. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.9.1, que soluciona este problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -28,30 +51,96 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:airflow:2.9.0:-:*:*:*:*:*:*", + "matchCriteriaId": "67713622-C581-4BC0-B7B1-0FE3DD3A55C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:airflow:2.9.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "6B4F89EF-D541-4D17-89EC-DBC97A3399AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:airflow:2.9.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "ADBE102C-D1FE-4D57-9E00-C9A851515063" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:airflow:2.9.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "3186E514-8CA2-48E3-8B2B-3CD4D34447F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:airflow:2.9.0:rc2:*:*:*:*:*:*", + "matchCriteriaId": "62AA6481-91E2-43C6-BE9A-B809E2A723D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:airflow:2.9.0:rc3:*:*:*:*:*:*", + "matchCriteriaId": "7F748994-9CDA-4ACE-A7DC-7EF6D1896082" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/05/14/1", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://github.com/apache/airflow/pull/38882", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/14/1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://github.com/apache/airflow/pull/38882", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-329xx/CVE-2024-32989.json b/CVE-2024/CVE-2024-329xx/CVE-2024-32989.json index a7c7be9d09b..f18d80da2d9 100644 --- a/CVE-2024/CVE-2024-329xx/CVE-2024-32989.json +++ b/CVE-2024/CVE-2024-329xx/CVE-2024-32989.json @@ -2,8 +2,8 @@ "id": "CVE-2024-32989", "sourceIdentifier": "psirt@huawei.com", "published": "2024-05-14T15:37:21.000", - "lastModified": "2024-11-21T09:16:10.950", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:08:50.860", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,32 +69,97 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "32FBF39A-164F-4F98-AB49-28C50A430C36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2401DE15-9DBF-4645-A261-8C24D57C6342" + } + ] + } + ] } ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/5/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://consumer.huawei.com/en/support/bulletin/2024/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://consumer.huawei.com/en/support/bulletin/2024/5/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://consumer.huawei.com/en/support/bulletin/2024/6/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-329xx/CVE-2024-32990.json b/CVE-2024/CVE-2024-329xx/CVE-2024-32990.json index d73a8b9b75a..ded08bc7767 100644 --- a/CVE-2024/CVE-2024-329xx/CVE-2024-32990.json +++ b/CVE-2024/CVE-2024-329xx/CVE-2024-32990.json @@ -2,8 +2,8 @@ "id": "CVE-2024-32990", "sourceIdentifier": "psirt@huawei.com", "published": "2024-05-14T15:37:21.587", - "lastModified": "2024-11-21T09:16:11.090", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:06:37.710", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 4.2 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,32 +69,117 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "32FBF39A-164F-4F98-AB49-28C50A430C36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2401DE15-9DBF-4645-A261-8C24D57C6342" + } + ] + } + ] } ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/5/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://consumer.huawei.com/en/support/bulletin/2024/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://consumer.huawei.com/en/support/bulletin/2024/5/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://consumer.huawei.com/en/support/bulletin/2024/6/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-329xx/CVE-2024-32991.json b/CVE-2024/CVE-2024-329xx/CVE-2024-32991.json index 3764af09f00..38873f5ff0e 100644 --- a/CVE-2024/CVE-2024-329xx/CVE-2024-32991.json +++ b/CVE-2024/CVE-2024-329xx/CVE-2024-32991.json @@ -2,8 +2,8 @@ "id": "CVE-2024-32991", "sourceIdentifier": "psirt@huawei.com", "published": "2024-05-14T15:37:22.117", - "lastModified": "2024-11-21T09:16:11.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:04:09.287", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,24 +69,103 @@ "value": "CWE-16" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "32FBF39A-164F-4F98-AB49-28C50A430C36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2401DE15-9DBF-4645-A261-8C24D57C6342" + } + ] + } + ] } ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/5/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://consumer.huawei.com/en/support/bulletin/2024/5/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-329xx/CVE-2024-32992.json b/CVE-2024/CVE-2024-329xx/CVE-2024-32992.json index b85d4a5b6b0..513b7f385f8 100644 --- a/CVE-2024/CVE-2024-329xx/CVE-2024-32992.json +++ b/CVE-2024/CVE-2024-329xx/CVE-2024-32992.json @@ -2,8 +2,8 @@ "id": "CVE-2024-32992", "sourceIdentifier": "psirt@huawei.com", "published": "2024-05-14T15:37:22.653", - "lastModified": "2024-11-21T09:16:11.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:01:09.173", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,24 +69,98 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "32FBF39A-164F-4F98-AB49-28C50A430C36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2401DE15-9DBF-4645-A261-8C24D57C6342" + } + ] + } + ] } ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/5/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://consumer.huawei.com/en/support/bulletin/2024/5/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-329xx/CVE-2024-32993.json b/CVE-2024/CVE-2024-329xx/CVE-2024-32993.json index 891a2a7b124..33957784d8d 100644 --- a/CVE-2024/CVE-2024-329xx/CVE-2024-32993.json +++ b/CVE-2024/CVE-2024-329xx/CVE-2024-32993.json @@ -2,8 +2,8 @@ "id": "CVE-2024-32993", "sourceIdentifier": "psirt@huawei.com", "published": "2024-05-14T15:37:23.127", - "lastModified": "2024-11-21T09:16:11.490", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:47:44.163", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.3, "impactScore": 4.2 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,24 +69,103 @@ "value": "CWE-362" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "32FBF39A-164F-4F98-AB49-28C50A430C36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2401DE15-9DBF-4645-A261-8C24D57C6342" + } + ] + } + ] } ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/5/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://consumer.huawei.com/en/support/bulletin/2024/5/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-329xx/CVE-2024-32995.json b/CVE-2024/CVE-2024-329xx/CVE-2024-32995.json index 57d4a795867..b5de6c83c46 100644 --- a/CVE-2024/CVE-2024-329xx/CVE-2024-32995.json +++ b/CVE-2024/CVE-2024-329xx/CVE-2024-32995.json @@ -2,8 +2,8 @@ "id": "CVE-2024-32995", "sourceIdentifier": "psirt@huawei.com", "published": "2024-05-14T15:37:23.667", - "lastModified": "2024-11-21T09:16:11.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:45:20.090", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.5, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,24 +69,103 @@ "value": "CWE-248" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "32FBF39A-164F-4F98-AB49-28C50A430C36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2401DE15-9DBF-4645-A261-8C24D57C6342" + } + ] + } + ] } ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/5/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://consumer.huawei.com/en/support/bulletin/2024/5/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-330xx/CVE-2024-33036.json b/CVE-2024/CVE-2024-330xx/CVE-2024-33036.json index 23ade6b4ac5..d9a722cb162 100644 --- a/CVE-2024/CVE-2024-330xx/CVE-2024-33036.json +++ b/CVE-2024/CVE-2024-330xx/CVE-2024-33036.json @@ -2,8 +2,8 @@ "id": "CVE-2024-33036", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-12-02T11:15:06.840", - "lastModified": "2024-12-02T11:15:06.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:14:45.250", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,1420 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:c-v2x_9150_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4A725088-FC3B-4439-9189-72AA10954721" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:c-v2x_9150:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B80D6366-4C0C-4C0D-9A38-769C66D62F0F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D89F035A-2388-48FC-AEBB-8429C6880F4A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:fastconnect_6800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA13EF4E-AAE6-45F4-9E41-78310E37CE81" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E670F500-9B71-4BBE-B5DA-221D35803C89" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "638DBC7F-456F-487D-BED2-2214DFF8BEE2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C2D9E281-B382-41AC-84CB-5B1063E5AC51" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "44EBEBD5-98C3-493B-A108-FD4DE6FFBE97" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "83B53119-1B2F-4978-B7F5-33B84BE73B68" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6FEBC0C5-CAA1-475C-96C2-B8D24B2E4536" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A344E78F-D15A-460E-8EF8-7C6FC39F2D5E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8FF5EC23-4884-4C2B-8E77-50B1E8E28A3D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "04F574BC-9AB2-4B83-A466-556ECEBBD3DF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A34D021D-C043-4EFD-9AB3-B2174528CBA3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D527E2B1-2A46-4FBA-9F7A-F5543677C8FB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8374DDB3-D484-4141-AE0C-42333D2721F6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0AE207DB-9770-40ED-961D-FDA75965826F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0E23922D-C37F-476F-A623-4C1458A9156F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FA8F9DA-1386-4961-B9B2-484E4347852A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca8337:-:*:*:*:*:*:*:*", + "matchCriteriaId": "117289C8-7484-4EAE-8F35-A25768F00EED" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "65303C2D-C6BF-47CB-8146-E240CB8BBE42" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcn9074:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A6B03022-497A-4F42-BB4D-5624EA7DF1B9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC43BB27-0516-4750-A4C2-C45298441398" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*", + "matchCriteriaId": "969585DE-93D6-4406-A632-D838ECD4D5AD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E634F59C-6817-4898-A141-082044E66836" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "29762819-EC90-499C-A8C6-1423DE3FE6B9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C194363-7FDE-43C9-B6FE-2BD6B474816F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qsm8250:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8CC9433-6B33-4B9C-8EC3-BBBB43897E5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:video_collaboration_vc1_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C3607443-848D-4334-B5E4-0DC27F28509B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:video_collaboration_vc1_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E8F00DD-C894-4236-8932-7F7FCD15D2A5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD4946C6-778F-4542-AB77-C9B86AF25C05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6F1D604A-4530-42B3-80A0-58A82D658DDD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C66671C1-AE1A-44BE-9DB2-0B09FF4417DB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "74AA3929-3F80-4D54-B13A-9B070D5C03BB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "054F77D6-FC66-4151-9005-DC7ECDB5C722" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8ED3F589-16D9-46A7-A539-C9862473EE0D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A71D74B0-0963-49FD-8E97-148C8993B263" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "910CBFA4-50F7-4C7A-B9B9-B88C8A919827" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "69C1B02F-8D2D-42E7-B70D-41F4D9844FD1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3FEACAA9-C061-4713-9A54-37D8BFC0B00B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51BC0A66-493B-43BE-B51F-640BDF2FF32E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8DA4D12-7ABF-4A04-B44E-E1D68C8E58AB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A19659B-A0C3-44B7-8D54-BA21729873A4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F978041A-CE28-4BDF-A7DB-F0360F1A5F14" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8530p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6107034C-E0B0-43BD-963B-2B558B913537" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8530p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FC1839A1-4B68-468E-8155-F0A53A3C9B94" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8FE8B62D-83B4-4326-8A53-FED5947D5FFE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2D6F8899-136A-4A57-9F02-BD428E1663DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A024AB04-B213-4018-A4C1-FA467C7BA775" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2A8AB7C-5D34-4794-8C06-2193075B323F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "72433485-B229-46A6-BCA4-394AA4EEA683" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "04D40EC4-BF31-4BFD-8D0A-8193F541AF02" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E93FB34B-3674-404D-9687-E092E9A246AB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3FF5A9A-A34A-499C-B6E0-D67B496C5454" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB8FA32F-4690-4C5B-8968-474DA32FD0A4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_8_gen_1_mobile_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "59BD8BEA-725A-4158-84BE-4AFD476ED03D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_865_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9F4285-1F09-40CD-B1AA-84B406FD6A71" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_865_5g_mobile_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8623DD44-DFDD-442D-9789-11A527A450A4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_865\\+_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "22303AD4-779C-45A3-8F33-3864C45E4328" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_865\\+_5g_mobile_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EC440D-D420-4477-8F14-427245B80631" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_870_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41446A77-6EF3-4570-BAD2-4C761A2C4E7F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_870_5g_mobile_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "448C401B-EF07-4385-A7B4-123D7808F64F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_w5\\+_gen_1_wearable_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C455E7D-D256-4240-BE72-2A93273D685A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_w5\\+_gen_1_wearable_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "423E21A1-8F52-46DA-9AC2-77159FEB6001" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_x55_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AAFF2095-4257-40C9-8C48-B38C143159ED" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_x55_5g_modem-rf_system:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FEA2F1D-7D07-4684-BDC1-24224A53A8BC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A129620-8241-4A47-AAC8-CC7E10A09C9C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_xr2_5g_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4CEDD78E-124C-4216-9B57-3B7B53463659" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA1BF9BB-AF11-46A7-A71C-F7D289E76E3F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7B8455D6-287D-4934-8E4D-F4127A9C0449" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB599A9F-0305-4FE4-8623-0F86630FEDCB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EEB883BF-68B2-4C25-84DC-5DA953BFAA2F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9FA3B1-E4E4-4D9B-A99C-7BF958D4B993" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*", + "matchCriteriaId": "95762B01-2762-45BD-8388-5DB77EA6139C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE852339-1CAE-4983-9757-8F00EDEF1141" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D9E96B3-F1BB-46F8-B715-7DF90180F1E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1295D869-F4DD-4766-B4AA-3513752F43B4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B98784DC-3143-4D38-AD28-DBBDCCAB4272" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "70292B01-617F-44AD-AF77-1AFC1450523D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA94C6D6-85DB-4031-AAF4-C399019AE16D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FB37B5DB-2493-4082-B2BF-60385B7E027C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6BCD2FE2-11F2-4B2A-9BD7-EB26718139DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0755F669-6D7E-454A-95DA-D60FA0696FD9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE861CE7-B530-4698-A9BC-43A159647BF2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3FEF2DB6-00F5-4B07-953B-EF58B31267F1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*", + "matchCriteriaId": "120E8F0F-EBEB-4565-9927-2D473F783EF7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9C6E9038-9B18-4958-BE1E-215901C9B4B2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B36D3274-F8D0-49C5-A6D5-95F5DC6D1950" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4BFB25F-013B-48E3-99FF-3E8687F94423" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BF676C5B-838B-446C-A689-6A25AB8A87E2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15307882-7039-43E9-9BA3-035045988B99" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA85B322-E593-4499-829A-CC6D70BAE884" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E839A0B9-64C3-4C7A-82B7-D2AAF65928F8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E870D82-DE3B-4199-A730-C8FB545BAA98" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "11B69595-E488-4590-A150-CE5BE08B5E13" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F80BC68E-7476-4A40-9F48-53722FE9A5BF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html", - "source": "product-security@qualcomm.com" + "source": "product-security@qualcomm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-330xx/CVE-2024-33037.json b/CVE-2024/CVE-2024-330xx/CVE-2024-33037.json index cbaa549b704..f4d1927edf0 100644 --- a/CVE-2024/CVE-2024-330xx/CVE-2024-33037.json +++ b/CVE-2024/CVE-2024-330xx/CVE-2024-33037.json @@ -2,8 +2,8 @@ "id": "CVE-2024-33037", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-12-02T11:15:07.753", - "lastModified": "2024-12-02T11:15:07.753", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:15:14.327", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,1393 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:c-v2x_9150_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4A725088-FC3B-4439-9189-72AA10954721" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:c-v2x_9150:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B80D6366-4C0C-4C0D-9A38-769C66D62F0F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D89F035A-2388-48FC-AEBB-8429C6880F4A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:fastconnect_6800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA13EF4E-AAE6-45F4-9E41-78310E37CE81" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E670F500-9B71-4BBE-B5DA-221D35803C89" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C2D9E281-B382-41AC-84CB-5B1063E5AC51" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "44EBEBD5-98C3-493B-A108-FD4DE6FFBE97" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4FF653D0-15CF-4A10-8D8E-BE56F4DAB890" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C31FA74C-6659-4457-BC32-257624F43C66" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "83B53119-1B2F-4978-B7F5-33B84BE73B68" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6FEBC0C5-CAA1-475C-96C2-B8D24B2E4536" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A344E78F-D15A-460E-8EF8-7C6FC39F2D5E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8FF5EC23-4884-4C2B-8E77-50B1E8E28A3D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "04F574BC-9AB2-4B83-A466-556ECEBBD3DF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A34D021D-C043-4EFD-9AB3-B2174528CBA3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D527E2B1-2A46-4FBA-9F7A-F5543677C8FB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8374DDB3-D484-4141-AE0C-42333D2721F6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0AE207DB-9770-40ED-961D-FDA75965826F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0E23922D-C37F-476F-A623-4C1458A9156F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FA8F9DA-1386-4961-B9B2-484E4347852A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca8337:-:*:*:*:*:*:*:*", + "matchCriteriaId": "117289C8-7484-4EAE-8F35-A25768F00EED" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "65303C2D-C6BF-47CB-8146-E240CB8BBE42" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcn9074:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A6B03022-497A-4F42-BB4D-5624EA7DF1B9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC43BB27-0516-4750-A4C2-C45298441398" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*", + "matchCriteriaId": "969585DE-93D6-4406-A632-D838ECD4D5AD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E634F59C-6817-4898-A141-082044E66836" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "29762819-EC90-499C-A8C6-1423DE3FE6B9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C194363-7FDE-43C9-B6FE-2BD6B474816F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qsm8250:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8CC9433-6B33-4B9C-8EC3-BBBB43897E5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:video_collaboration_vc1_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C3607443-848D-4334-B5E4-0DC27F28509B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:video_collaboration_vc1_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E8F00DD-C894-4236-8932-7F7FCD15D2A5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD4946C6-778F-4542-AB77-C9B86AF25C05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6F1D604A-4530-42B3-80A0-58A82D658DDD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C66671C1-AE1A-44BE-9DB2-0B09FF4417DB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "74AA3929-3F80-4D54-B13A-9B070D5C03BB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "054F77D6-FC66-4151-9005-DC7ECDB5C722" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8ED3F589-16D9-46A7-A539-C9862473EE0D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A71D74B0-0963-49FD-8E97-148C8993B263" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "910CBFA4-50F7-4C7A-B9B9-B88C8A919827" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "69C1B02F-8D2D-42E7-B70D-41F4D9844FD1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3FEACAA9-C061-4713-9A54-37D8BFC0B00B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51BC0A66-493B-43BE-B51F-640BDF2FF32E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8DA4D12-7ABF-4A04-B44E-E1D68C8E58AB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A19659B-A0C3-44B7-8D54-BA21729873A4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F978041A-CE28-4BDF-A7DB-F0360F1A5F14" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8530p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6107034C-E0B0-43BD-963B-2B558B913537" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8530p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FC1839A1-4B68-468E-8155-F0A53A3C9B94" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8FE8B62D-83B4-4326-8A53-FED5947D5FFE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2D6F8899-136A-4A57-9F02-BD428E1663DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A024AB04-B213-4018-A4C1-FA467C7BA775" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2A8AB7C-5D34-4794-8C06-2193075B323F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "72433485-B229-46A6-BCA4-394AA4EEA683" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "04D40EC4-BF31-4BFD-8D0A-8193F541AF02" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E93FB34B-3674-404D-9687-E092E9A246AB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3FF5A9A-A34A-499C-B6E0-D67B496C5454" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_865_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9F4285-1F09-40CD-B1AA-84B406FD6A71" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_865_5g_mobile_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8623DD44-DFDD-442D-9789-11A527A450A4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_865\\+_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "22303AD4-779C-45A3-8F33-3864C45E4328" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_865\\+_5g_mobile_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EC440D-D420-4477-8F14-427245B80631" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_870_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41446A77-6EF3-4570-BAD2-4C761A2C4E7F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_870_5g_mobile_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "448C401B-EF07-4385-A7B4-123D7808F64F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_w5\\+_gen_1_wearable_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C455E7D-D256-4240-BE72-2A93273D685A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_w5\\+_gen_1_wearable_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "423E21A1-8F52-46DA-9AC2-77159FEB6001" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_x55_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AAFF2095-4257-40C9-8C48-B38C143159ED" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_x55_5g_modem-rf_system:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FEA2F1D-7D07-4684-BDC1-24224A53A8BC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A129620-8241-4A47-AAC8-CC7E10A09C9C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_xr2_5g_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4CEDD78E-124C-4216-9B57-3B7B53463659" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA1BF9BB-AF11-46A7-A71C-F7D289E76E3F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7B8455D6-287D-4934-8E4D-F4127A9C0449" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB599A9F-0305-4FE4-8623-0F86630FEDCB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EEB883BF-68B2-4C25-84DC-5DA953BFAA2F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9FA3B1-E4E4-4D9B-A99C-7BF958D4B993" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*", + "matchCriteriaId": "95762B01-2762-45BD-8388-5DB77EA6139C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE852339-1CAE-4983-9757-8F00EDEF1141" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D9E96B3-F1BB-46F8-B715-7DF90180F1E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1295D869-F4DD-4766-B4AA-3513752F43B4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B98784DC-3143-4D38-AD28-DBBDCCAB4272" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "70292B01-617F-44AD-AF77-1AFC1450523D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA94C6D6-85DB-4031-AAF4-C399019AE16D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FB37B5DB-2493-4082-B2BF-60385B7E027C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6BCD2FE2-11F2-4B2A-9BD7-EB26718139DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0755F669-6D7E-454A-95DA-D60FA0696FD9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE861CE7-B530-4698-A9BC-43A159647BF2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3FEF2DB6-00F5-4B07-953B-EF58B31267F1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*", + "matchCriteriaId": "120E8F0F-EBEB-4565-9927-2D473F783EF7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9C6E9038-9B18-4958-BE1E-215901C9B4B2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B36D3274-F8D0-49C5-A6D5-95F5DC6D1950" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4BFB25F-013B-48E3-99FF-3E8687F94423" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BF676C5B-838B-446C-A689-6A25AB8A87E2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15307882-7039-43E9-9BA3-035045988B99" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA85B322-E593-4499-829A-CC6D70BAE884" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E839A0B9-64C3-4C7A-82B7-D2AAF65928F8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E870D82-DE3B-4199-A730-C8FB545BAA98" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "11B69595-E488-4590-A150-CE5BE08B5E13" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F80BC68E-7476-4A40-9F48-53722FE9A5BF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html", - "source": "product-security@qualcomm.com" + "source": "product-security@qualcomm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-330xx/CVE-2024-33039.json b/CVE-2024/CVE-2024-330xx/CVE-2024-33039.json index 8c7b79c424e..f83496c49ac 100644 --- a/CVE-2024/CVE-2024-330xx/CVE-2024-33039.json +++ b/CVE-2024/CVE-2024-330xx/CVE-2024-33039.json @@ -2,8 +2,8 @@ "id": "CVE-2024-33039", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-12-02T11:15:07.920", - "lastModified": "2024-12-02T11:15:07.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:15:37.000", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,610 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3723C7B1-A7E2-401F-8D6D-189350F6BCA5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qam8255p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B12B89EF-7B12-481E-BCBC-F12B9D16321A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qam8650p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "295E75BD-2A6C-4A76-A376-A9977DDB17FF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qam8650p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD37AA1A-B911-45BF-9BCC-C772FA83E657" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qam8775p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49B2DF91-BE6B-4E9E-B63C-98DADD29AD6B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qam8775p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "58170126-928F-4AE5-B5AF-5ED4710F9BA2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8673334-5E11-4E95-B33D-3029499F71DF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qamsrv1h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EC0B32F6-5EF0-4591-99D7-D0E9B09DEC5A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qamsrv1m_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE03AB2A-3ED9-4489-8E5B-4FCF8BAA8559" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qamsrv1m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9E646738-6A87-4470-9640-6A5A1DF3AF78" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa7255p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B651F0A-34DA-400F-A376-B499BFDF8E86" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa7255p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4CFF093D-98C8-470F-8330-E5126E06343A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa7775p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C32CA38-5D48-4108-9858-FD66E20CAF2F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa7775p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E1997F8B-17B8-4DE3-BCF7-726928720592" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EC6E268D-C4AF-4950-9223-39EA36D538A8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8255p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "073C1A81-D02B-4F2F-9378-CD1B2DCE0E5B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8620p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6ACE6D64-A498-482F-8270-718F4884CFFD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8620p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B6E016D6-1B83-4261-A27E-1F9873F81E14" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8650p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E807AA-5646-48AD-9A5C-B0B13E222AA9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8650p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "45FBB72B-B850-4E3F-ACBB-9392157FF131" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8770p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "781CCC31-C08F-499B-BE73-6C7DB70437AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8770p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "75AFAA21-0589-4C6A-9418-34EE8A61BBAD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8775p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1C79595B-1259-4431-96F9-C5A24E624305" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8775p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0F2F3431-9CD7-4D4F-833D-DD4D3ACF94C7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A024AB04-B213-4018-A4C1-FA467C7BA775" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2A8AB7C-5D34-4794-8C06-2193075B323F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_w5\\+_gen_1_wearable_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C455E7D-D256-4240-BE72-2A93273D685A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_w5\\+_gen_1_wearable_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "423E21A1-8F52-46DA-9AC2-77159FEB6001" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0CD199F5-DA68-4BEB-AA99-11572DA26B4F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:srv1h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8ACA2D4D-FC77-4C1A-8278-1C27B3EA3303" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:srv1m_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4B29E7F-8BFE-466A-B357-63F8A2160C4E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:srv1m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6D55CC7D-2E65-4CA9-9892-B6FBCC087E6F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA1BF9BB-AF11-46A7-A71C-F7D289E76E3F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7B8455D6-287D-4934-8E4D-F4127A9C0449" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB599A9F-0305-4FE4-8623-0F86630FEDCB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EEB883BF-68B2-4C25-84DC-5DA953BFAA2F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9C6E9038-9B18-4958-BE1E-215901C9B4B2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B36D3274-F8D0-49C5-A6D5-95F5DC6D1950" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4BFB25F-013B-48E3-99FF-3E8687F94423" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BF676C5B-838B-446C-A689-6A25AB8A87E2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "11B69595-E488-4590-A150-CE5BE08B5E13" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F80BC68E-7476-4A40-9F48-53722FE9A5BF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html", - "source": "product-security@qualcomm.com" + "source": "product-security@qualcomm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-375xx/CVE-2024-37575.json b/CVE-2024/CVE-2024-375xx/CVE-2024-37575.json index 3f959ee9fbd..095897f8bfa 100644 --- a/CVE-2024/CVE-2024-375xx/CVE-2024-37575.json +++ b/CVE-2024/CVE-2024-375xx/CVE-2024-37575.json @@ -2,7 +2,7 @@ "id": "CVE-2024-37575", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-04T16:15:24.983", - "lastModified": "2024-12-04T16:15:24.983", + "lastModified": "2024-12-11T16:15:10.327", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "La aplicaci\u00f3n Mister org.mistergroup.shouldianswer 1.4.264 para Android permite que cualquier aplicaci\u00f3n instalada (sin permisos) realice llamadas telef\u00f3nicas sin interacci\u00f3n del usuario enviando una intenci\u00f3n manipulada a trav\u00e9s del componente org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] + } + ], "references": [ { "url": "https://github.com/actuator/org.mistergroup.shouldianswer", diff --git a/CVE-2024/CVE-2024-391xx/CVE-2024-39163.json b/CVE-2024/CVE-2024-391xx/CVE-2024-39163.json index f36612d740c..4d5b3fdeac0 100644 --- a/CVE-2024/CVE-2024-391xx/CVE-2024-39163.json +++ b/CVE-2024/CVE-2024-391xx/CVE-2024-39163.json @@ -2,7 +2,7 @@ "id": "CVE-2024-39163", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-04T17:15:13.807", - "lastModified": "2024-12-04T17:15:13.807", + "lastModified": "2024-12-11T16:15:10.557", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que binux pyspider hasta v0.3.10 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s de los endpoints de Flask." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "references": [ { "url": "https://github.com/binux/pyspider/blob/master/pyspider/webui/debug.py#L39", diff --git a/CVE-2024/CVE-2024-405xx/CVE-2024-40582.json b/CVE-2024/CVE-2024-405xx/CVE-2024-40582.json index 1b47c3eeec6..5ca10e9aef9 100644 --- a/CVE-2024/CVE-2024-405xx/CVE-2024-40582.json +++ b/CVE-2024/CVE-2024-405xx/CVE-2024-40582.json @@ -2,16 +2,55 @@ "id": "CVE-2024-40582", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T16:15:22.067", - "lastModified": "2024-12-09T16:15:22.067", - "vulnStatus": "Received", + "lastModified": "2024-12-11T16:15:10.873", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Pentaminds CuroVMS v2.0.1 conten\u00eda informaci\u00f3n confidencial expuesta." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] } ], - "metrics": {}, "references": [ { "url": "http://curovms.com", diff --git a/CVE-2024/CVE-2024-405xx/CVE-2024-40583.json b/CVE-2024/CVE-2024-405xx/CVE-2024-40583.json index 3e6504775d1..4c460cb637e 100644 --- a/CVE-2024/CVE-2024-405xx/CVE-2024-40583.json +++ b/CVE-2024/CVE-2024-405xx/CVE-2024-40583.json @@ -2,16 +2,55 @@ "id": "CVE-2024-40583", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T16:15:22.200", - "lastModified": "2024-12-09T16:15:22.200", - "vulnStatus": "Received", + "lastModified": "2024-12-11T16:15:11.080", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Pentaminds CuroVMS v2.0.1 conten\u00eda credenciales expuestas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] } ], - "metrics": {}, "references": [ { "url": "http://curovms.com", diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42138.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42138.json index b751ca9d4dc..72ea7bbc02b 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42138.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42138.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42138", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-30T08:15:05.680", - "lastModified": "2024-11-21T09:33:40.960", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-11T15:11:42.070", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,161 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mlxsw: core_linecards: corrige la doble desasignaci\u00f3n de memoria en caso de un archivo INI no v\u00e1lido En caso de un archivo INI no v\u00e1lido, mlxsw_linecard_types_init() desasigna la memoria pero no restablece el puntero a NULL y devuelve 0. En caso de que se produzca alg\u00fan error despu\u00e9s de la llamada a mlxsw_linecard_types_init(), mlxsw_linecards_init() llama a mlxsw_linecard_types_fini(), que realiza la desasignaci\u00f3n de memoria nuevamente. Agregue el reinicio del puntero a NULL. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.19", + "versionEndExcluding": "6.1.98", + "matchCriteriaId": "A439844C-E73A-469F-A3DB-92B1ED5A7FF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.39", + "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.9", + "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", + "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", + "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", + "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*", + "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*", + "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/8ce34dccbe8fa7d2ef86f2d8e7db2a9b67cabfc3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9af7437669b72f804fc4269f487528dbbed142a2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ab557f5cd993a3201b09593633d04b891263d5c0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f8b55a465b0e8a500179808166fe9420f5c091a1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8ce34dccbe8fa7d2ef86f2d8e7db2a9b67cabfc3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9af7437669b72f804fc4269f487528dbbed142a2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ab557f5cd993a3201b09593633d04b891263d5c0", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f8b55a465b0e8a500179808166fe9420f5c091a1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42139.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42139.json index 9c9f6cd5f41..f0b262ce4fb 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42139.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42139.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42139", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-30T08:15:05.757", - "lastModified": "2024-11-21T09:33:41.077", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-11T15:13:24.877", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,119 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: corrige el manejo incorrecto de extts. Los eventos extts est\u00e1n deshabilitados y habilitados por la aplicaci\u00f3n ts2phc. Sin embargo, en caso de que se elimine el controlador cuando la aplicaci\u00f3n se est\u00e1 ejecutando, un evento extts espec\u00edfico permanece habilitado y puede provocar un fallo del kernel. Como efecto secundario, cuando se recarga el controlador y se inicia nuevamente la aplicaci\u00f3n, el evento de extts restante para el canal de una ejecuci\u00f3n anterior seguir\u00e1 activando y es posible que se imprima al usuario el mensaje \"extts en un canal inesperado\". Para evitar eso, los eventos extts se desactivar\u00e1n cuando se libere PTP." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.14", + "versionEndExcluding": "6.9.9", + "matchCriteriaId": "3CAC77E6-2424-4ED8-97EC-A0FC7881A134" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", + "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", + "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", + "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*", + "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*", + "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42141.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42141.json index cc0e9629665..a1eb1c8e048 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42141.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42141.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42141", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-30T08:15:05.917", - "lastModified": "2024-11-21T09:33:41.317", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-11T15:17:03.930", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,147 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: ISO: Verifique el indicador de socket en lugar de hcon. Esto corrige la siguiente advertencia del verificador est\u00e1tico de Smatch: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: previamente asumimos 'pi ->conn->hcon' podr\u00eda ser nulo (l\u00ednea 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = calcet\u00edn->sk; 1351 estructura iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG(\"sk%p\",sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1356 lock_sock(sk); 1357 interruptor (sk->sk_state) { 1358 caso BT_CONNECT2: 1359 si (pi->conn->hcon && ^^^^^^^^^^^^^^ Si ->hcon es NULL 1360 test_bit(HCI_CONN_PA_SYNC, &pi ->conn->hcon->flags)) { 1361 iso_conn_big_sync(sk); 1362 sk->sk_state = BT_LISTEN; 1363 } else { --> 1364 iso_conn_defer_accept(pi->conn->hcon); ^^^^^^^^^^^^^^ entonces estamos 1365 sk->sk_state = BT_CONFIG; 1366 } 1367 liberaci\u00f3n_sock(sk); 1368 devuelve 0; 1369 caso BT_CONNECTED: 1370 si (test_bit(BT_SK_PA_SYNC," } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5.12", + "versionEndExcluding": "6.6", + "matchCriteriaId": "AFD63F94-BD00-4EF2-9873-45E8DED18B9A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6", + "versionEndExcluding": "6.6.39", + "matchCriteriaId": "00F6F32E-C522-4E2D-BA6B-B110CFD4B83F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.9", + "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", + "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", + "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", + "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*", + "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*", + "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42142.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42142.json index e98a5abef98..794d4076c34 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42142.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42142.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42142", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-30T08:15:05.993", - "lastModified": "2024-11-21T09:33:41.440", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-11T15:18:21.613", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,161 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: E-switch, crea ACL de entrada cuando sea necesario Actualmente, la acl de entrada se utiliza para tres funciones. Se crea solo cuando la coincidencia de metadatos de vport y la etiqueta prio est\u00e1n habilitadas. Pero el modo de retraso de respaldo activo tambi\u00e9n lo usa. Es independiente de la coincidencia de metadatos de vport y de la etiqueta prio. Y la coincidencia de metadatos de vport se puede desactivar usando el siguiente comando devlink: # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \\ value false cmode runtime Si no se crea la acl de entrada, entrar\u00e1 en p\u00e1nico al crear una regla de eliminaci\u00f3n para la copia de seguridad activa modo de retraso. Si lo crea siempre, habr\u00e1 una degradaci\u00f3n del rendimiento de aproximadamente un 5 %. Solucionarlo creando una acl de entrada cuando sea necesario. Si esw_port_metadata es verdadero, la acl de entrada existe, luego cree una regla de eliminaci\u00f3n utilizando la acl de entrada existente. Si esw_port_metadata es falso, cree una acl de entrada y luego cree una regla de eliminaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.18", + "versionEndExcluding": "6.1.98", + "matchCriteriaId": "B3456516-7A6B-40C7-891C-0802FF927B9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.39", + "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.9", + "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", + "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", + "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", + "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*", + "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*", + "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3e3551f8702978cd2221d2614ca6d6727e785324", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/83bc1a129f7fd0d7d05036ceb7ee69102624e320", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b20c2fb45470d0c7a603613c9cfa5d45720e17f2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bc3ff8d3c05044de57865ebbb78cca8f7da3e595", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3e3551f8702978cd2221d2614ca6d6727e785324", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/83bc1a129f7fd0d7d05036ceb7ee69102624e320", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b20c2fb45470d0c7a603613c9cfa5d45720e17f2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bc3ff8d3c05044de57865ebbb78cca8f7da3e595", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42145.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42145.json index 075de168dd3..e4cb44232ba 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42145.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42145.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42145", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-30T08:15:06.227", - "lastModified": "2024-11-21T09:33:41.700", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-11T15:23:13.553", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,71 +15,214 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: IB/core: implementar un l\u00edmite en la lista de recepci\u00f3n de UMAD El comportamiento existente de ib_umad, que mantiene los paquetes MAD recibidos en una lista ilimitada, plantea un riesgo de crecimiento incontrolado. A medida que las aplicaciones del espacio de usuario extraen paquetes de esta lista, es posible que la tasa de extracci\u00f3n no coincida con la tasa de paquetes entrantes, lo que puede provocar un posible desbordamiento de la lista. Para solucionar esto, introducimos un l\u00edmite al tama\u00f1o de la lista. Despu\u00e9s de considerar escenarios t\u00edpicos, como el procesamiento OpenSM, que puede manejar aproximadamente 100 000 paquetes por segundo, y el tiempo de espera de reintento de 1 segundo para la mayor\u00eda de los paquetes, establecemos el l\u00edmite de tama\u00f1o de la lista en 200 000. Los paquetes recibidos m\u00e1s all\u00e1 de este l\u00edmite se descartan, suponiendo que probablemente se agote el tiempo de espera cuando sean manejados por el espacio de usuario. En particular, los paquetes en cola en la lista de recepci\u00f3n debido a motivos como el tiempo de espera de env\u00edo se conservan incluso cuando la lista est\u00e1 llena." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.19.318", + "matchCriteriaId": "43E390F8-BDB4-4990-B94D-095DD8369C31" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.280", + "matchCriteriaId": "625DBFAB-C3D0-4309-A27F-12D6428FB38F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.222", + "matchCriteriaId": "00696AC5-EE29-437F-97F9-C4D66608B327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.163", + "matchCriteriaId": "A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.98", + "matchCriteriaId": "E09E92A5-27EF-40E4-926A-B1CDC8270551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.39", + "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.9", + "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42146.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42146.json index a652acc4cfc..a63f2f2aa1b 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42146.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42146.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42146", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-30T08:15:06.313", - "lastModified": "2024-11-21T09:33:41.830", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-11T15:25:10.997", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,89 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: agregue protecci\u00f3n runtime_pm externa a xe_live_ktest@xe_dma_buf. Cualquier kunit que acceda a la memoria debe obtener sus propias referencias externas runtime_pm ya que no usan las entradas API del controlador est\u00e1ndar. En especial este dma_buf del mismo controlador. Encontrado por CI previo a la fusi\u00f3n al agregar llamadas WARN para llamadores internos desprotegidos: <6> [318.639739] # xe_dma_buf_kunit: ejecutando xe_test_dmabuf_import_same_driver <4> [318.639957] ------------[ cortar aqu\u00ed ]-- ---------- <4> [318.639967] xe 0000:4d:00.0: Falta protecci\u00f3n PM de tiempo de ejecuci\u00f3n externo <4> [318.640049] ADVERTENCIA: CPU: 117 PID: 3832 en drivers/gpu/drm/xe /xe_pm.c:533 xe_pm_runtime_get_noresume+0x48/0x60 [xe]" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.9.9", + "matchCriteriaId": "5726EB4D-ED18-4DEC-B0C0-A525D33487E1" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0888d15ea45ba8ef4508edd1123ea5ad95b58994", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f9116f658a6217b101e3b4e89f845775b6fb05d9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0888d15ea45ba8ef4508edd1123ea5ad95b58994", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f9116f658a6217b101e3b4e89f845775b6fb05d9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42147.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42147.json index d0efcf1fb17..93098957464 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42147.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42147.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42147", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-30T08:15:06.383", - "lastModified": "2024-11-21T09:33:41.933", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-11T15:29:37.590", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,130 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: hisilicon/debugfs: soluciona el problema del proceso uninit de debugfs. Durante el proceso de sonda zip, la falla de debugfs no detiene la sonda. Cuando falla la inicializaci\u00f3n de debugfs, saltar a la rama de error tambi\u00e9n liberar\u00e1 los registros, adem\u00e1s de su propia operaci\u00f3n de reversi\u00f3n. Como resultado, es posible que se libere repetidamente durante el proceso de uninidad de registros. Por lo tanto, es necesario agregar la verificaci\u00f3n nula al proceso regs uninit." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.98", + "matchCriteriaId": "59AC0B46-8C0D-4C0B-9705-C8CFF0DCAD00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.39", + "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.9", + "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8be0913389718e8d27c4f1d4537b5e1b99ed7739", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8be0913389718e8d27c4f1d4537b5e1b99ed7739", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45493.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45493.json index 5469a8d66b9..cf7ef1e2cd9 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45493.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45493.json @@ -2,7 +2,7 @@ "id": "CVE-2024-45493", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T17:15:10.100", - "lastModified": "2024-12-10T17:15:10.100", + "lastModified": "2024-12-11T16:15:11.400", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build revisions before 7.0.0. The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate with an internal user account from the network (if they know their password)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "references": [ { "url": "https://us.msasafety.com/fieldserver", diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45494.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45494.json index 16d7479f328..783e322e4dd 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45494.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45494.json @@ -2,7 +2,7 @@ "id": "CVE-2024-45494", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T17:15:10.197", - "lastModified": "2024-12-10T17:15:10.197", + "lastModified": "2024-12-11T15:15:09.750", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build revisions before 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], "references": [ { "url": "https://us.msasafety.com/fieldserver", diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46340.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46340.json index f4207b8e3dd..b6ba94f631f 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46340.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46340.json @@ -2,7 +2,7 @@ "id": "CVE-2024-46340", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T20:15:15.003", - "lastModified": "2024-12-10T20:15:15.003", + "lastModified": "2024-12-11T15:15:09.920", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,11 +11,50 @@ "value": "TP-Link TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], "references": [ { "url": "https://security.iiita.ac.in/iot/factory-reset.docx", "source": "cve@mitre.org" + }, + { + "url": "https://security.iiita.ac.in/iot/factory-reset.docx", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46341.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46341.json index 28b5800e3d2..c2627936b1b 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46341.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46341.json @@ -2,7 +2,7 @@ "id": "CVE-2024-46341", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T20:15:15.110", - "lastModified": "2024-12-10T20:15:15.110", + "lastModified": "2024-12-11T15:15:10.090", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,11 +11,50 @@ "value": "TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], "references": [ { "url": "https://security.iiita.ac.in/iot/base64-authorization.docx", "source": "cve@mitre.org" + }, + { + "url": "https://security.iiita.ac.in/iot/base64-authorization.docx", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-464xx/CVE-2024-46442.json b/CVE-2024/CVE-2024-464xx/CVE-2024-46442.json index fbc3f501fda..d68305484f6 100644 --- a/CVE-2024/CVE-2024-464xx/CVE-2024-46442.json +++ b/CVE-2024/CVE-2024-464xx/CVE-2024-46442.json @@ -2,7 +2,7 @@ "id": "CVE-2024-46442", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T19:15:27.030", - "lastModified": "2024-12-10T19:15:27.030", + "lastModified": "2024-12-11T15:15:10.250", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], "references": [ { "url": "http://byd.com", diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46547.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46547.json index 67e1ea4c214..b3bedb738d2 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46547.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46547.json @@ -2,16 +2,55 @@ "id": "CVE-2024-46547", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T19:15:13.483", - "lastModified": "2024-12-09T19:15:13.483", + "lastModified": "2024-12-11T16:15:11.573", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6) where unauthorized users could access sensitive information due to improper access control validation via PHP Info Page. This issue can lead to data leaks." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en todas las versiones de Romain Bourdon Wampserver (descubierta en v3.2.3 y v3.2.6) donde usuarios no autorizados pod\u00edan acceder a informaci\u00f3n confidencial debido a una validaci\u00f3n incorrecta del control de acceso a trav\u00e9s de la p\u00e1gina de informaci\u00f3n de PHP. Este problema puede provocar fugas de datos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/omkar170/232236c38b6e795fb73921e555e1a609", diff --git a/CVE-2024/CVE-2024-466xx/CVE-2024-46625.json b/CVE-2024/CVE-2024-466xx/CVE-2024-46625.json index 37ee732160c..647fd7793f3 100644 --- a/CVE-2024/CVE-2024-466xx/CVE-2024-46625.json +++ b/CVE-2024/CVE-2024-466xx/CVE-2024-46625.json @@ -2,7 +2,7 @@ "id": "CVE-2024-46625", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-03T22:15:04.860", - "lastModified": "2024-12-03T22:15:04.860", + "lastModified": "2024-12-11T15:15:10.417", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": " Una vulnerabilidad de carga de archivos arbitrarios autenticados en el endpoint /documentCache/upload de InfoDom Performa 365 v4.0.1 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la carga de un archivo SVG creado espec\u00edficamente para ello." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], "references": [ { "url": "https://github.com/EchoSl0w/Research/blob/main/2024/CVE-2024-46625.md", diff --git a/CVE-2024/CVE-2024-466xx/CVE-2024-46657.json b/CVE-2024/CVE-2024-466xx/CVE-2024-46657.json index 152dc5c730c..88307e8b6e2 100644 --- a/CVE-2024/CVE-2024-466xx/CVE-2024-46657.json +++ b/CVE-2024/CVE-2024-466xx/CVE-2024-46657.json @@ -2,7 +2,7 @@ "id": "CVE-2024-46657", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T17:15:10.287", - "lastModified": "2024-12-10T17:15:10.287", + "lastModified": "2024-12-11T16:15:11.770", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], "references": [ { "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/diff/?id=b5c898a30f068b5342e8263a2cd5b9f0be291aac", diff --git a/CVE-2024/CVE-2024-477xx/CVE-2024-47758.json b/CVE-2024/CVE-2024-477xx/CVE-2024-47758.json new file mode 100644 index 00000000000..16970a1fb22 --- /dev/null +++ b/CVE-2024/CVE-2024-477xx/CVE-2024-47758.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-47758", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-11T16:15:11.947", + "lastModified": "2024-12-11T16:15:11.947", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.17", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-3r4x-6pmx-phwr", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48956.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48956.json index 354ea4d00ab..8e16e4171d1 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48956.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48956.json @@ -2,16 +2,55 @@ "id": "CVE-2024-48956", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T19:15:13.590", - "lastModified": "2024-12-09T19:15:13.590", + "lastModified": "2024-12-11T16:15:12.107", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Serviceware Processes 6.0 through 7.3 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution." + }, + { + "lang": "es", + "value": "Serviceware Processes 6.0 a 7.3 permiten a atacantes sin autenticaci\u00f3n v\u00e1lida enviar una solicitud HTTP especialmente manipulada a un endpoint de servicio, lo que resulta en la ejecuci\u00f3n remota de c\u00f3digo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://security.serviceware-se.com/CVE-2024-48956/", diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50067.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50067.json index cfc45bdfd8d..450db064c97 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50067.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50067.json @@ -2,7 +2,7 @@ "id": "CVE-2024-50067", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-28T01:15:02.930", - "lastModified": "2024-11-17T15:15:19.113", + "lastModified": "2024-12-11T15:15:10.943", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50073.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50073.json index fc3b4d43234..f32dd3e54fe 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50073.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50073.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50073", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-29T01:15:04.463", - "lastModified": "2024-11-01T15:44:48.527", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:11.137", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50084.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50084.json index 2b84201f440..b3fb0e3869c 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50084.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50084.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50084", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-29T01:15:05.327", - "lastModified": "2024-10-30T14:56:07.497", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:11.340", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-401" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50085.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50085.json index ca894428b1b..e025c7da48e 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50085.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50085.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50085", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-29T01:15:05.400", - "lastModified": "2024-10-30T14:49:42.953", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:11.520", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50106.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50106.json index 9b77cd57e64..e98c4ba9288 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50106.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50106.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50106", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.120", - "lastModified": "2024-11-12T15:07:39.707", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:11.693", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.0, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50114.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50114.json index 4168871304b..64928d6c092 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50114.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50114.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50114", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.630", - "lastModified": "2024-11-08T19:11:43.650", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:11.923", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50121.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50121.json index 8afb513cdb6..4d9bb206600 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50121.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50121.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50121", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.080", - "lastModified": "2024-11-08T18:05:13.947", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:12.220", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50124.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50124.json index 0c3b9aa21f6..77df4779e3f 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50124.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50124.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50124", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.487", - "lastModified": "2024-11-08T20:04:05.847", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:12.437", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50125.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50125.json index 85b99f112bb..8dac77aeeda 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50125.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50125.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50125", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.550", - "lastModified": "2024-11-08T20:04:33.913", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:12.633", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50126.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50126.json index 1d8950767bc..2103db55b37 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50126.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50126.json @@ -2,7 +2,7 @@ "id": "CVE-2024-50126", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.607", - "lastModified": "2024-11-14T16:15:19.990", + "lastModified": "2024-12-11T15:15:12.797", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50127.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50127.json index db0f090caa0..83bfe8588e1 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50127.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50127.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50127", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.670", - "lastModified": "2024-11-08T19:42:39.257", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:12.983", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50149.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50149.json index ec1e9bdff6a..04fc2b90b84 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50149.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50149.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50149", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.640", - "lastModified": "2024-11-20T15:45:13.163", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:13.170", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50154.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50154.json index 924345c3e87..d4b427efc21 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50154.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50154.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50154", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.987", - "lastModified": "2024-11-13T16:17:12.473", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:13.367", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.0, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50190.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50190.json index 0193ef10016..f84ba87788e 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50190.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50190.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50190", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.957", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-11T15:35:15.513", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,85 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: se corrige la p\u00e9rdida de memoria en ice_init_tx_topology() Se corrige la p\u00e9rdida del blob de FW (paquete DDP). Se hace que ice_cfg_tx_topo() sea constante y correcto, de modo que ice_init_tx_topology() pueda evitar copiar todo el blob de FW. Se copia solo la secci\u00f3n de topolog\u00eda y solo cuando es necesario. Se reutiliza el b\u00fafer asignado para la lectura de la topolog\u00eda actual. Esto fue encontrado por kmemleak, con el siguiente rastro para cada PF: [] kmemdup_noprof+0x1d/0x50 [] ice_init_ddp_config+0x100/0x220 [ice] [] ice_init_dev+0x6f/0x200 [ice] [] ice_init+0x29/0x560 [ice] [] ice_probe+0x21d/0x310 [ice] Par\u00e1metros de conversi\u00f3n de ice_cfg_tx_topo() @buf. Esto se aplica en cascada a algunas funciones m\u00e1s." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.10", + "versionEndExcluding": "6.11.4", + "matchCriteriaId": "2ADD5DBE-B520-479C-9FCD-6C8FA848E789" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/43544b4e30732c3d88f423252281915d5bc739b6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c188afdc36113760873ec78cbc036f6b05f77621", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50191.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50191.json index 9d143d4bb6b..7503f24639a 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50191.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50191.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50191", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.027", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-11T15:36:27.330", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,116 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: no establecer SB_RDONLY despu\u00e9s de errores del sistema de archivos Cuando el sistema de archivos se monta con errors=remount-ro, est\u00e1bamos estableciendo el indicador SB_RDONLY para detener todas las modificaciones del sistema de archivos. Sab\u00edamos que esto omite el bloqueo adecuado (sb->s_umount) y no pasa por el procedimiento de remontaje del sistema de archivos adecuado, pero ha sido la forma en que funcion\u00f3 desde los primeros d\u00edas de ext2 y fue lo suficientemente bueno para la mitigaci\u00f3n de da\u00f1os en situaciones catastr\u00f3ficas. Recientemente, syzbot encontr\u00f3 una forma (ver enlace) de activar advertencias en el congelamiento del sistema de archivos porque el c\u00f3digo se confundi\u00f3 con SB_RDONLY cambiando bajo sus manos. Desde estos d\u00edas establecemos EXT4_FLAGS_SHUTDOWN en el superbloque, lo cual es suficiente para detener todas las modificaciones del sistema de archivos, no deber\u00eda ser necesario modificar SB_RDONLY. As\u00ed que deje de hacer eso." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.15.168", + "matchCriteriaId": "F032D82B-5582-4DF5-B921-BFE0BD301364" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.57", + "matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.4", + "matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/4061e07f040a091f694f461b86a26cf95ae66439", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/58c0648e4c773f5b54f0cb63bc8c7c6bf52719a9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d3476f3dad4ad68ae5f6b008ea6591d1520da5d8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ee77c388469116565e009eaa704a60bc78489e09", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fbb177bc1d6487cd3e9b50ae0be2781b7297980d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50217.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50217.json index 088614f89c7..0e1ef0a24c0 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50217.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50217.json @@ -2,7 +2,7 @@ "id": "CVE-2024-50217", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:07.103", - "lastModified": "2024-11-19T02:16:23.163", + "lastModified": "2024-12-11T15:15:13.550", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50221.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50221.json index 7e66e7c18eb..be59a676065 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50221.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50221.json @@ -2,7 +2,7 @@ "id": "CVE-2024-50221", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:07.600", - "lastModified": "2024-12-02T08:15:07.300", + "lastModified": "2024-12-11T16:15:12.310", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50226.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50226.json index 72f04dd36e9..c4abe76d633 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50226.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50226.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50226", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:08.117", - "lastModified": "2024-11-13T19:04:07.347", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:13.723", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50257.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50257.json index 7271fac31ef..487f75c1c5f 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50257.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50257.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50257", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.340", - "lastModified": "2024-11-14T18:11:39.990", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:13.913", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50261.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50261.json index 348b6251960..380d611129c 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50261.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50261.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50261", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.610", - "lastModified": "2024-11-14T18:24:41.597", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:14.133", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50262.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50262.json index 51aa88196d3..f0c2f286b9a 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50262.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50262.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50262", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.687", - "lastModified": "2024-11-13T21:10:44.267", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T16:15:12.513", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50264.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50264.json index 477117298f3..3c75011ad7d 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50264.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50264.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50264", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:28.210", - "lastModified": "2024-11-21T19:28:21.187", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:14.343", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50267.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50267.json index b0094f17119..827c234868e 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50267.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50267.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50267", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:28.647", - "lastModified": "2024-11-21T19:27:46.517", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:14.533", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50280.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50280.json index 3c05349b2cb..b46a5c56a6d 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50280.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50280.json @@ -2,7 +2,7 @@ "id": "CVE-2024-50280", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:30.303", - "lastModified": "2024-11-19T21:57:32.967", + "lastModified": "2024-12-11T15:15:14.733", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm cache: fix flushing uninitialized delayed_work on cache_ctr error Se puede producir un WARN_ON inesperado de flush_work() cuando falla la creaci\u00f3n de cach\u00e9, causado por la destrucci\u00f3n del activador delayed_work no inicializado en la ruta de error de cache_create(). Por ejemplo, la advertencia aparece en el error de suma de comprobaci\u00f3n del superbloque. Reproducir los pasos: dmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\" dmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\" dmsetup create corig --table \"0 524288 linear /dev/sdc 262144\" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\" Registros del kernel: (fragmento) ADVERTENCIA: CPU: 0 PID: 84 en kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Se soluciona extrayendo cancel_delayed_work_sync() de la ruta de error del constructor. Este parche no afecta la correcci\u00f3n de use-after-free para dm_resume y dm_destroy simult\u00e1neos (commit 6a459d8edbdb (\"dm cache: Fix UAF in destroy()\")) ya que cache_dtr no se modifica." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/135496c208ba26fd68cdef10b64ed7a91ac9a7ff", diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50585.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50585.json new file mode 100644 index 00000000000..63ba848014a --- /dev/null +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50585.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-50585", + "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", + "published": "2024-12-11T15:15:14.920", + "lastModified": "2024-12-11T15:15:14.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the \"Numerix License Server Administration System Login\" (nlslogin.jsp) page.\u00a0The vulnerability can be triggered by sending a specially crafted HTTP POST request.\u00a0\n\n\n\nThe vendor was unresponsive during multiple attempts to contact them via various channels, hence there is no solution available. In case you are using this software, be sure to restrict access and monitor logs. Try to reach out to your contact person for this vendor and request a patch." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://r.sec-consult.com/numerix", + "source": "551230f0-3615-47bd-b7cc-93e92e730bbf" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50699.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50699.json index 85d3c6f1ad6..6b7069dac2d 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50699.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50699.json @@ -2,7 +2,7 @@ "id": "CVE-2024-50699", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T19:15:30.193", - "lastModified": "2024-12-10T19:15:30.193", + "lastModified": "2024-12-11T16:15:12.720", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,11 +11,50 @@ "value": "TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], "references": [ { "url": "https://security.iiita.ac.in/iot/password-reset-missing-tplink.pdf", "source": "cve@mitre.org" + }, + { + "url": "https://security.iiita.ac.in/iot/base64-authorization.docx", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50920.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50920.json index 2f0e8e9772d..e71c8a8534c 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50920.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50920.json @@ -2,7 +2,7 @@ "id": "CVE-2024-50920", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T19:15:30.290", - "lastModified": "2024-12-10T19:15:30.290", + "lastModified": "2024-12-11T16:15:12.907", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] + } + ], "references": [ { "url": "https://github.com/CNK2100/2024-CVE/blob/main/README.md", diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50929.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50929.json index 09601275673..bbef677f193 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50929.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50929.json @@ -2,7 +2,7 @@ "id": "CVE-2024-50929", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T19:15:30.643", - "lastModified": "2024-12-10T19:15:30.643", + "lastModified": "2024-12-11T16:15:13.113", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] + } + ], "references": [ { "url": "https://github.com/CNK2100/2024-CVE/blob/main/README.md", diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50931.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50931.json index e52d8cafa6b..19f234929e7 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50931.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50931.json @@ -2,7 +2,7 @@ "id": "CVE-2024-50931", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T19:15:30.813", - "lastModified": "2024-12-10T19:15:30.813", + "lastModified": "2024-12-11T16:15:13.317", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] + } + ], "references": [ { "url": "https://github.com/CNK2100/2024-CVE/blob/main/README.md", diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51165.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51165.json index 5da18e4b15c..2bb16f0de61 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51165.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51165.json @@ -2,7 +2,7 @@ "id": "CVE-2024-51165", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T20:15:20.523", - "lastModified": "2024-12-10T20:15:20.523", + "lastModified": "2024-12-11T15:15:15.067", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], "references": [ { "url": "https://abcc111.github.io/posts/CVE-2024-51165/", diff --git a/CVE-2024/CVE-2024-513xx/CVE-2024-51363.json b/CVE-2024/CVE-2024-513xx/CVE-2024-51363.json index 9f758f84654..19d9bddfd3f 100644 --- a/CVE-2024/CVE-2024-513xx/CVE-2024-51363.json +++ b/CVE-2024/CVE-2024-513xx/CVE-2024-51363.json @@ -2,7 +2,7 @@ "id": "CVE-2024-51363", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-03T22:15:05.013", - "lastModified": "2024-12-03T22:15:05.013", + "lastModified": "2024-12-11T15:15:15.280", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": " La deserializaci\u00f3n insegura en Hodoku v2.3.0 a v2.3.2 permite a los atacantes ejecutar c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], "references": [ { "url": "https://github.com/Gelcon/PoC-of-Hodoku-V2.3.0-RCE", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52943.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52943.json index ae494e0793d..750e7d136bf 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52943.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52943.json @@ -2,7 +2,7 @@ "id": "CVE-2024-52943", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T06:15:05.793", - "lastModified": "2024-12-05T21:15:08.420", + "lastModified": "2024-12-11T15:15:16.507", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -36,41 +36,9 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "baseScore": 5.4, - "baseSeverity": "MEDIUM", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "REQUIRED", - "scope": "CHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "NONE" - }, - "exploitabilityScore": 2.3, - "impactScore": 2.7 } ] }, - "weaknesses": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-79" - } - ] - } - ], "references": [ { "url": "https://www.veritas.com/support/en_US/security/VTS24-013", diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53057.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53057.json index 5a428c52aec..d3f85a43511 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53057.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53057.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53057", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T18:15:25.700", - "lastModified": "2024-11-22T17:55:23.840", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-11T15:15:17.757", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53095.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53095.json index 873d44fe982..826ae311bdf 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53095.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53095.json @@ -2,7 +2,7 @@ "id": "CVE-2024-53095", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-21T19:15:12.867", - "lastModified": "2024-11-21T19:15:12.867", + "lastModified": "2024-12-11T15:15:17.940", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: client: Fix use-after-free of network namespace. Recientemente, recibimos un informe de un cliente que indica que CIFS desencadena errores al reconectarse a un servidor. [0] La carga de trabajo se ejecuta en Kubernetes y algunos pods montan servidores CIFS en espacios de nombres de red que no son ra\u00edz. El problema rara vez suced\u00eda, pero siempre suced\u00eda mientras el pod se estaba muriendo. La causa ra\u00edz es un recuento de referencias incorrecto para el espacio de nombres de red. CIFS usa sockets de kernel, que no contienen refcnt de las netn a las que pertenece el socket. Eso significa que CIFS debe asegurarse de que el socket siempre se libere antes que sus netn; de lo contrario, se produce el use after free. Los pasos de reproducci\u00f3n son, a grandes rasgos: 1. montar CIFS en una red no ra\u00edz 2. descartar paquetes de la red 3. destruir la red 4. desmontar CIFS Podemos reproducir el problema r\u00e1pidamente con el script [1] a continuaci\u00f3n y ver el splat [2] si CONFIG_NET_NS_REFCNT_TRACKER est\u00e1 habilitado. Cuando el socket es TCP, es dif\u00edcil garantizar la duraci\u00f3n de la red sin mantener refcnt debido a los temporizadores as\u00edncronos. Mantengamos netns refcnt para cada socket como se hizo para SMC en el commit 9744d2bf1976 (\"smc: Fix use-after-free in tcp_write_timer_handler().\"). Tenga en cuenta que debemos mover put_net() de cifs_put_tcp_session() a clean_demultiplex_info(); de lo contrario, __sock_create() a\u00fan podr\u00eda tocar un netns liberado mientras cifsd intenta reconectarse desde cifs_demultiplex_thread(). Adem\u00e1s, maybe_get_net() no se puede colocar justo antes de __sock_create() porque el c\u00f3digo no est\u00e1 bajo RCU y existe una peque\u00f1a posibilidad de que la misma direcci\u00f3n se haya reasignado a otro netns. [0]: CIFS: VFS: \\\\XXXXXXXXXXX no ha respondido en 15 segundos. Reconectando... CIFS: Serverclose fall\u00f3 4 veces, abandonando No se puede manejar la solicitud de paginaci\u00f3n del n\u00facleo en la direcci\u00f3n virtual 14de99e461f84a07 Informaci\u00f3n de aborto de memoria: ESR = 0x0000000096000004 EC = 0x25: DABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: error de traducci\u00f3n de nivel 0 Informaci\u00f3n de aborto de datos: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 [14de99e461f84a07] direcci\u00f3n entre rangos de direcciones de usuario y n\u00facleo Error interno: Oops: 0000000096000004 [#1] M\u00f3dulos SMP vinculados en: cls_bpf sch_ingress nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver tcp_diag inet_diag veth xt_estado xt_connmark nf_conntrack_netlink xt_nat xt_estad\u00edstica xt_MASQUERADE xt_marca xt_tipo_direcci\u00f3n ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment nft_compat nf_tables superposici\u00f3n nfnetlink nls_ascii nls_cp437 sunrpc vfat fat aes_ce_blk aes_ce_cipher ghash_ce sm4_ce_cipher sm4 sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 sha1_ce ena bot\u00f3n sch_fq_codel bucle fusible configfs dmi_sysfs sha2_ce sha256_arm64 dm_mirror dm_region_hash dm_log dm_mod dax efivarfs CPU: 5 PID: 2690970 Comm: cifsd No contaminado 6.1.103-109.184.amzn2023.aarch64 #1 Nombre del hardware: Amazon EC2 r7g.4xlarge/, BIOS 1.0 1/11/2018 pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : fib_rules_lookup+0x44/0x238 lr : __fib_lookup+0x64/0xbc sp : ffff8000265db790 x29: ffff8000265db790 x28: 0000000000000000 x27: 0000000000000bd01 x26: 0000000000000000 x25: ffff000b4baf8000 x24: ffff00047b5e4580 x23: ffff8000265db7e0 x22: 0000000000000000 x21: ffff00047b5e4500 x20: ffff0010e3f694f8 x19: 14de99e461f849f7 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 3f92800abd010002 x11: 0000000000000001 x10: ffff0010e3f69420 x9 : ffff800008a6f294 x8 : 0000000000000000 x7 : 00000000000000006 x6 : 0000000000000000 x5 : 00000000000000001 x4 : ffff001924354280 x3 : ffff8000265db7e0 x2 : 0000000000000000 x1 : ffff0010e3f694f8 x0 : ffff00047b5e4500 ---truncada---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/c7f9282fc27fc36dbaffc8527c723de264a132f8", diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53104.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53104.json index 514c3d320a7..d5125a0ab76 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53104.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53104.json @@ -2,7 +2,7 @@ "id": "CVE-2024-53104", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-02T08:15:08.687", - "lastModified": "2024-12-02T08:15:08.687", + "lastModified": "2024-12-11T15:15:18.110", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: uvcvideo: Omitir el an\u00e1lisis de fotogramas de tipo UVC_VS_UNDEFINED en uvc_parse_format Esto puede provocar escrituras fuera de los l\u00edmites, ya que los fotogramas de este tipo no se tuvieron en cuenta al calcular el tama\u00f1o del b\u00fafer de fotogramas en uvc_parse_streaming." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b87cb4f", diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53130.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53130.json index d99ac48321a..eca1e3a92ae 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53130.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53130.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53130", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-04T15:15:12.927", - "lastModified": "2024-12-05T12:15:19.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T15:01:08.660", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,110 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: correcci\u00f3n de null-ptr-deref en el punto de seguimiento block_dirty_buffer Al utilizar el punto de seguimiento \"block:block_dirty_buffer\", mark_buffer_dirty() puede provocar una desreferencia de puntero NULL o un fallo de protecci\u00f3n general cuando KASAN est\u00e1 habilitado. Esto sucede porque, dado que el punto de seguimiento se agreg\u00f3 en mark_buffer_dirty(), hace referencia al miembro dev_t bh->b_bdev->bd_dev independientemente de si el cabezal del b\u00fafer tiene un puntero a una estructura block_device. En la implementaci\u00f3n actual, nilfs_grab_buffer(), que toma un b\u00fafer para leer (o crear) un bloque de metadatos, incluidos los bloques de nodos de \u00e1rbol b, no establece el dispositivo de bloque, sino que lo hace solo si el b\u00fafer no est\u00e1 en el estado \"uptodate\" para cada una de sus funciones de lectura de bloque de llamada. Sin embargo, si el indicador uptodate est\u00e1 configurado en un folio/p\u00e1gina, y los cabezales de b\u00fafer se separan de \u00e9l mediante try_to_free_buffers(), y luego se adjuntan nuevos cabezales de b\u00fafer mediante create_empty_buffers(), el indicador uptodate puede restaurarse en cada b\u00fafer sin que el dispositivo de bloque se configure en bh->b_bdev, y mark_buffer_dirty() puede llamarse m\u00e1s tarde en ese estado, lo que da como resultado el error mencionado anteriormente. Solucione este problema haciendo que nilfs_grab_buffer() siempre configure el dispositivo de bloque de la estructura de superbloque en el cabezal de b\u00fafer, independientemente del estado del indicador uptodate del b\u00fafer." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.9", + "versionEndExcluding": "6.1.119", + "matchCriteriaId": "B9F07E74-2989-4705-AED1-FEACA2FEF716" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6.0", + "versionEndExcluding": "6.6.63", + "matchCriteriaId": "DC8AE946-6593-4D8D-863A-0BC137CF667F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11.0", + "versionEndExcluding": "6.11.10", + "matchCriteriaId": "5D7D3F96-FD78-48BB-9935-3CD41775FEAA" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2026559a6c4ce34db117d2db8f710fe2a9420d5a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7af3309c7a2ef26831a67125b11c34a7e01c1b2a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/86b19031dbc79abc378dfae357f6ea33ebeb0c95", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b0e4765740040c44039282057ecacd7435d1d2ba", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ffc440a76a0f476a7e6ea838ec0dc8e9979944d1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53139.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53139.json index f554b780de7..6f03895d897 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53139.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53139.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53139", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-04T15:15:15.643", - "lastModified": "2024-12-04T15:15:15.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:47:34.503", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,154 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sctp: corregir posible UAF en sctp_v6_available() Un informe de lockdep [1] con CONFIG_PROVE_RCU_LIST=y sugiere que sctp_v6_available() est\u00e1 llamando a dev_get_by_index_rcu() e ipv6_chk_addr() sin retener rcu. [1] ============================= ADVERTENCIA: uso sospechoso de RCU 6.12.0-rc5-virtme #1216 Tainted: GW ----------------------------- net/core/dev.c:876 \u00a1Lista de RCU recorrida en una secci\u00f3n que no es de lectura! Otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: rcu_scheduler_active = 2, debug_locks = 1 1 bloqueo mantenido por sctp_hello/31495: #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, en: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) seguimiento de pila sctp: CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Contaminado: GW 6.12.0-rc5-virtme #1216 Contaminado: [W]=WARN Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 01/04/2014 Seguimiento de llamadas: dump_stack_lvl (lib/dump_stack.c:123) lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822) dev_get_by_index_rcu (net/core/dev.c:876 (discriminador 7)) sctp_v6_available (net/sctp/ipv6.c:701) sctp sctp_do_bind (net/sctp/socket.c:400 (discriminador 1)) sctp sctp_bind (net/sctp/socket.c:320) sctp inet6_bind_sk (net/ipv6/af_inet6.c:465) ? security_socket_bind (seguridad/seguridad.c:4581 (discriminador 1)) __sys_bind (red/socket.c:1848 red/socket.c:1869) ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminador 13) ./include/linux/rcupdate.h:98 (discriminador 13) ./include/linux/rcupdate.h:882 (discriminador 13) ./include/linux/mm.h:729 (discriminador 13) arch/x86/mm/fault.c:1340 (discriminador 13)) __x64_sys_bind (net/socket.c:1877 (discriminador 1) net/socket.c:1875 (discriminador 1) net/socket.c:1875 (discriminador 1)) do_syscall_64 (arch/x86/entry/common.c:52 (discriminador 1) arch/x86/entry/common.c:83 (discriminador 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) RIP: 0033:0x7f59b934a1e7 C\u00f3digo: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48 Todo el c\u00f3digo ======== 0: 44 00 00 agregar %r8b,(%rax) 3: 48 8b 15 39 8c 0c 00 mov 0xc8c39(%rip),%rdx # 0xc8c43 a: f7 d8 neg %eax c: 64 89 02 mov %eax,%fs:(%rdx) f: b8 ff ff ff ff mov $0xffffffff,%eax 14: eb bd jmp 0xffffffffffffffd3 16: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 1d: 00 00 00 20: 0f 1f 00 nopl (%rax) 23: b8 31 00 00 00 mov $0x31,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xffffffffffffff001,%rax <-- instrucci\u00f3n de captura 30: 73 01 jae 0x33 32: c3 ret 33: 48 8b 0d 09 8c 0c 00 mov 0xc8c09(%rip),%rcx # 0xc8c43 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W C\u00f3digo que comienza con la instrucci\u00f3n que falla =============================================== 0: 48 3d 01 f0 ff ff cmp $0xffffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 ret 9: 48 8b 0d 09 8c 0c 00 mov 0xc8c09(%rip),%rcx # 0xc8c19 10: f7 d8 neg %eax 12: 64 89 01 mov %eax,%fs:(%rcx) 15: 48 rex.W RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7 RDX: 0000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005 RBP: 00000000000000005 R08: 1999999999999999 R09: 0000000000000000 R10: 00007f59b9253298 R11: 000000000000 ---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.63", + "matchCriteriaId": "8800BB45-48BC-4B52-BDA5-B1E4633F42E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.10", + "matchCriteriaId": "C256F46A-AFDD-4B99-AA4F-67D9D9D2C55A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", + "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", + "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*", + "matchCriteriaId": "1EF8CD82-1EAE-4254-9545-F85AB94CF90F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/05656a66592759242c74063616291b7274d11b2f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ad975697211f4f2c4ce61c3ba524fd14d88ceab8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/eb72e7fcc83987d5d5595b43222f23b295d5de7f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53140.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53140.json index 43f00214949..971f5399891 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53140.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53140.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53140", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-04T15:15:16.803", - "lastModified": "2024-12-05T12:15:19.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:45:38.077", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,124 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netlink: termina el volcado pendiente al cerrar el socket Netlink admite el volcado iterativo de datos. Proporciona a las familias las siguientes operaciones: - start - (opcional) inicia el proceso de volcado - dump - asistente de volcado real, se sigue llamando hasta que devuelve 0 - done - (opcional) se empareja con .start, se puede usar para limpieza Todo el proceso es asincr\u00f3nico y las llamadas repetidas a .dump en realidad no ocurren en un bucle cerrado, sino que se activan en respuesta a recvmsg() en el socket. Esto le da al usuario control total sobre el volcado, pero tambi\u00e9n significa que el usuario puede cerrar el socket sin llegar al final del volcado. Para asegurarnos de que .start siempre est\u00e9 emparejado con .done, verificamos si hay un volcado en curso antes de liberar el socket y, si es as\u00ed, llamamos a .done. La complicaci\u00f3n es que los sockets pueden liberarse de BH y se permite que .done duerma. Entonces, usamos una cola de trabajo para diferir la llamada, cuando sea necesario. Lamentablemente, esto no funciona correctamente. Lo que postergamos no es la limpieza, sino la liberaci\u00f3n de una referencia en el socket. No tenemos garant\u00eda de que seamos due\u00f1os de la \u00faltima referencia; si alguien m\u00e1s tiene el socket, puede liberarlo en BH y volvemos al punto de partida. Sin embargo, todo el baile parece ser innecesario. Solo el usuario puede interactuar con los volcados, por lo que podemos limpiar cuando se cierra el socket. Y el cierre siempre ocurre en el contexto del proceso. Es posible que alg\u00fan c\u00f3digo asincr\u00f3nico a\u00fan acceda al socket despu\u00e9s del cierre, ponga en cola skbs de notificaci\u00f3n, etc., pero ning\u00fan volcado puede comenzar, finalizar o avanzar de otro modo. Elimine la cola de trabajo y vac\u00ede el estado del volcado directamente desde el controlador de liberaci\u00f3n. Tenga en cuenta que es posible realizar una desinfecci\u00f3n adicional en -next, por ejemplo, ahora siempre llamamos a .done antes de liberar la referencia del m\u00f3dulo principal, por lo que el volcado no tiene que tomar una referencia propia." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.4.38", + "versionEndExcluding": "4.5", + "matchCriteriaId": "5248A519-0AF6-4AC1-8ECE-37F8CD8EBC14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.8.14", + "versionEndExcluding": "4.9", + "matchCriteriaId": "F21838E0-EAFD-46C4-BBE5-5A923017C905" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.9", + "versionEndExcluding": "6.1.119", + "matchCriteriaId": "E7CBFDD0-07CC-4753-80B2-E08589BDD9EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.63", + "matchCriteriaId": "8800BB45-48BC-4B52-BDA5-B1E4633F42E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.10", + "matchCriteriaId": "C256F46A-AFDD-4B99-AA4F-67D9D9D2C55A" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/114a61d8d94ae3a43b82446cf737fd757021b834", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/176c41b3ca9281a9736b67c6121b03dbf0c8c08f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1904fb9ebf911441f90a68e96b22aa73e4410505", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4e87a52133284afbd40fb522dbf96e258af52a98", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bbc769d2fa1b8b368c5fbe013b5b096afa3c05ca", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-534xx/CVE-2024-53450.json b/CVE-2024/CVE-2024-534xx/CVE-2024-53450.json index 731d36bc7ff..be0f07e7134 100644 --- a/CVE-2024/CVE-2024-534xx/CVE-2024-53450.json +++ b/CVE-2024/CVE-2024-534xx/CVE-2024-53450.json @@ -2,16 +2,55 @@ "id": "CVE-2024-53450", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T17:15:09.350", - "lastModified": "2024-12-09T17:15:09.350", - "vulnStatus": "Received", + "lastModified": "2024-12-11T16:15:13.910", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents." + }, + { + "lang": "es", + "value": "RAGFlow 0.13.0 sufre un control de acceso inadecuado en document-hooks.ts, lo que permite el acceso no autorizado a los documentos del usuario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/infiniflow/ragflow/blob/cec208051f6f5996fefc8f36b6b71231b1807533/web/src/hooks/document-hooks.ts#L23", diff --git a/CVE-2024/CVE-2024-534xx/CVE-2024-53477.json b/CVE-2024/CVE-2024-534xx/CVE-2024-53477.json index aff2eee8da1..2f94f2d0eaf 100644 --- a/CVE-2024/CVE-2024-534xx/CVE-2024-53477.json +++ b/CVE-2024/CVE-2024-534xx/CVE-2024-53477.json @@ -2,7 +2,7 @@ "id": "CVE-2024-53477", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-02T21:15:11.217", - "lastModified": "2024-12-02T21:15:11.217", + "lastModified": "2024-12-11T16:15:14.150", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": " JFinal CMS 5.1.0 es vulnerable a la ejecuci\u00f3n de comandos a trav\u00e9s de la ejecuci\u00f3n no autorizada de la deserializaci\u00f3n en el archivo ApiForm.java" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/kaoniniang2/c2deceea281fcd0aec5a8165183be3c1", diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53552.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53552.json index 40d6e81efb2..afa4eae84c8 100644 --- a/CVE-2024/CVE-2024-535xx/CVE-2024-53552.json +++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53552.json @@ -2,16 +2,55 @@ "id": "CVE-2024-53552", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T02:15:17.177", - "lastModified": "2024-12-10T02:15:17.177", + "lastModified": "2024-12-11T16:15:14.373", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover." + }, + { + "lang": "es", + "value": "CrushFTP 10 anterior a 10.8.3 y 11 anterior a 11.2.3 manejan incorrectamente el restablecimiento de contrase\u00f1a, lo que lleva al robo de cuentas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-640" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update", diff --git a/CVE-2024/CVE-2024-536xx/CVE-2024-53676.json b/CVE-2024/CVE-2024-536xx/CVE-2024-53676.json index fe623e55d15..24f20992ece 100644 --- a/CVE-2024/CVE-2024-536xx/CVE-2024-53676.json +++ b/CVE-2024/CVE-2024-536xx/CVE-2024-53676.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53676", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-11-27T01:15:05.250", - "lastModified": "2024-11-27T01:15:05.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-11T16:49:45.783", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,12 +69,43 @@ "value": "CWE-552" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hpe:insight_remote_support:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.14.0.629", + "matchCriteriaId": "D4E9BD73-DBE0-4625-95B9-AADC28A9BC6D" + } + ] + } + ] } ], "references": [ { "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-536xx/CVE-2024-53677.json b/CVE-2024/CVE-2024-536xx/CVE-2024-53677.json new file mode 100644 index 00000000000..82024ee1ee4 --- /dev/null +++ b/CVE-2024/CVE-2024-536xx/CVE-2024-53677.json @@ -0,0 +1,66 @@ +{ + "id": "CVE-2024-53677", + "sourceIdentifier": "security@apache.org", + "published": "2024-12-11T16:15:14.593", + "lastModified": "2024-12-11T16:15:14.593", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "File upload logic is flawed vulnerability in Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 6.4.0.\n\nUsers are recommended to upgrade to version 6.4.0, which fixes the issue.\n\nYou can find more details in\u00a0 https://cwiki.apache.org/confluence/display/WW/S2-067" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@apache.org", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:C/RE:L/U:Red", + "baseScore": 9.5, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NEGLIGIBLE", + "automatable": "YES", + "recovery": "AUTOMATIC", + "valueDensity": "CONCENTRATED", + "vulnerabilityResponseEffort": "LOW", + "providerUrgency": "RED" + } + } + ] + }, + "references": [ + { + "url": "https://cwiki.apache.org/confluence/display/WW/S2-067", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-547xx/CVE-2024-54751.json b/CVE-2024/CVE-2024-547xx/CVE-2024-54751.json index 81353708bf1..31b6b00f720 100644 --- a/CVE-2024/CVE-2024-547xx/CVE-2024-54751.json +++ b/CVE-2024/CVE-2024-547xx/CVE-2024-54751.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54751", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T15:15:08.020", - "lastModified": "2024-12-10T15:15:08.020", + "lastModified": "2024-12-11T16:15:14.910", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que COMFAST CF-WR630AX v2.7.0.2 contiene una vulnerabilidad de contrase\u00f1a codificada en /etc/shadow, que permite a los atacantes iniciar sesi\u00f3n como superusuario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://colorful-meadow-5b9.notion.site/CF-WR630AX_HardCode_vuln-14bc216a1c3080968161ce15e35fa652?pvs=4", diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54921.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54921.json index 4747727f4aa..4b4e68ee1a5 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54921.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54921.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54921", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T19:15:15.940", - "lastModified": "2024-12-09T19:15:15.940", + "lastModified": "2024-12-11T16:15:15.127", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una inyecci\u00f3n SQL en /student_signup.php en Kashipara E-Learning Management System v1.0, que permite a atacantes remotos ejecutar comandos SQL arbitrarios para obtener acceso no autorizado a la base de datos a trav\u00e9s de los par\u00e1metros nombre de usuario, nombre, apellido y class_id." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20Signup%20Student.pdf", diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54923.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54923.json index 7e16a94864c..36f219e7861 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54923.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54923.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54923", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T19:15:16.137", - "lastModified": "2024-12-09T19:15:16.137", + "lastModified": "2024-12-11T16:15:15.347", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en /admin/edit_teacher.php en Kashipara E-learning Management System v1.0, que permite a atacantes remotos ejecutar comandos SQL arbitrarios para obtener acceso no autorizado a la base de datos a trav\u00e9s del par\u00e1metro de departamento." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20edit_teacher.pdf", diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54924.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54924.json index 6a998fc98e2..34c7bedfcde 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54924.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54924.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54924", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T19:15:16.243", - "lastModified": "2024-12-09T19:15:16.243", + "lastModified": "2024-12-11T16:15:15.547", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una inyecci\u00f3n SQL en /admin/edit_content.php en kashipara E-learning Management System v1.0, que permite a atacantes remotos ejecutar comandos SQL arbitrarios para obtener acceso no autorizado a la base de datos a trav\u00e9s de los par\u00e1metros de t\u00edtulo y contenido." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20edit%20content.pdf", diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54926.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54926.json index 423915ff4d1..f76786bb59c 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54926.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54926.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54926", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T17:15:09.810", - "lastModified": "2024-12-09T17:15:09.810", - "vulnStatus": "Received", + "lastModified": "2024-12-11T16:15:15.763", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en /search_class.php de kashipara E-learning Management System v1.0, que permite a atacantes remotos ejecutar comandos SQL arbitrarios para obtener acceso no autorizado a la base de datos a trav\u00e9s del par\u00e1metro school_year." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20search_class.pdf", diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54927.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54927.json index f122db2b52a..74163d28263 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54927.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54927.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54927", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T19:15:16.463", - "lastModified": "2024-12-09T19:15:16.463", + "lastModified": "2024-12-11T16:15:16.360", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php." + }, + { + "lang": "es", + "value": "Kashipara E-Learning Management System v1.0 es vulnerable a la inyecci\u00f3n SQL en /admin/delete_users.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20delete%20user.pdf", diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54928.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54928.json index fac8ee20a97..960d9f0b28b 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54928.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54928.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54928", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T19:15:16.567", - "lastModified": "2024-12-09T19:15:16.567", + "lastModified": "2024-12-11T16:15:16.590", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php," + }, + { + "lang": "es", + "value": "Kashipara E-Learning Management System v1.0 es vulnerable a la inyecci\u00f3n SQL en /admin/delete_teacher.php," + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20delete%20teacher.pdf", diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54931.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54931.json index 2562925a243..4db3676ce87 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54931.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54931.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54931", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T19:15:16.677", - "lastModified": "2024-12-09T19:15:16.677", + "lastModified": "2024-12-11T16:15:16.820", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una inyecci\u00f3n SQL en /admin/delete_event.php en kashipara E-learning Management System v1.0, que permite a atacantes remotos ejecutar comandos SQL arbitrarios para obtener acceso no autorizado a la base de datos a trav\u00e9s del par\u00e1metro id." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20delete%20event.pdf", diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54935.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54935.json index bdfcd174990..a8524200e59 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54935.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54935.json @@ -2,17 +2,41 @@ "id": "CVE-2024-54935", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T18:15:24.493", - "lastModified": "2024-12-10T18:15:42.997", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-11T16:51:17.447", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de Cross Site Scripting (XSS) Almacenado en /send_message_teacher_to_student.php de Kashipara E-learning Management System v1.0. Esta vulnerabilidad permite a atacantes remotos ejecutar secuencias de comandos arbitrarias a trav\u00e9s del par\u00e1metro my_message." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -36,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -47,14 +81,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20student%20message.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20student%20message.pdf", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54938.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54938.json index 0a0e13fc170..6c4537bd6ec 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54938.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54938.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54938", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T19:15:17.137", - "lastModified": "2024-12-09T19:15:17.137", + "lastModified": "2024-12-11T16:15:17.033", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 un problema de listado de directorios en Kashipara E-Learning Management System v1.0, que permite a atacantes remotos acceder a archivos y directorios confidenciales a trav\u00e9s de /admin/uploads." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Directory%20listing%20-%20admin-uploads.pdf", diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55500.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55500.json index 95178dbec19..770c7ccea72 100644 --- a/CVE-2024/CVE-2024-555xx/CVE-2024-55500.json +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55500.json @@ -2,7 +2,7 @@ "id": "CVE-2024-55500", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T19:15:31.020", - "lastModified": "2024-12-10T19:15:31.020", + "lastModified": "2024-12-11T16:15:17.253", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "references": [ { "url": "https://github.com/avwo/whistle/commit/d1b8ca275dc4e453bd2efed392c0fd4b92f73cdf", diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55550.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55550.json index 2952161ea00..7e3592561b2 100644 --- a/CVE-2024/CVE-2024-555xx/CVE-2024-55550.json +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55550.json @@ -2,7 +2,7 @@ "id": "CVE-2024-55550", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T19:15:31.110", - "lastModified": "2024-12-10T19:15:31.110", + "lastModified": "2024-12-11T15:15:19.653", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], "references": [ { "url": "https://www.mitel.com/support/security-advisories", diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55586.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55586.json index 2ec0d65e0c1..6c529120fb1 100644 --- a/CVE-2024/CVE-2024-555xx/CVE-2024-55586.json +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55586.json @@ -2,16 +2,55 @@ "id": "CVE-2024-55586", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T14:30:47.813", - "lastModified": "2024-12-10T14:30:47.813", + "lastModified": "2024-12-11T16:15:17.473", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method." + }, + { + "lang": "es", + "value": "Nette Database hasta la versi\u00f3n 3.2.4 permite la inyecci\u00f3n SQL en ciertas situaciones que involucran un filtro no confiable que se pasa directamente al m\u00e9todo where." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/CSIRTTrizna/CVE-2024-55586", diff --git a/README.md b/README.md index 8bb6320d818..f75145c6a55 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-11T15:00:46.621510+00:00 +2024-12-11T17:00:38.499974+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-11T14:59:33.097000+00:00 +2024-12-11T16:51:17.447000+00:00 ``` ### Last Data Feed Release @@ -33,37 +33,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -273175 +273181 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `6` -- [CVE-2023-23472](CVE-2023/CVE-2023-234xx/CVE-2023-23472.json) (`2024-12-11T13:15:05.150`) -- [CVE-2024-11351](CVE-2024/CVE-2024-113xx/CVE-2024-11351.json) (`2024-12-11T13:15:06.350`) -- [CVE-2024-51460](CVE-2024/CVE-2024-514xx/CVE-2024-51460.json) (`2024-12-11T13:15:06.510`) +- [CVE-2024-28139](CVE-2024/CVE-2024-281xx/CVE-2024-28139.json) (`2024-12-11T16:15:09.930`) +- [CVE-2024-28140](CVE-2024/CVE-2024-281xx/CVE-2024-28140.json) (`2024-12-11T16:15:10.050`) +- [CVE-2024-28141](CVE-2024/CVE-2024-281xx/CVE-2024-28141.json) (`2024-12-11T16:15:10.160`) +- [CVE-2024-47758](CVE-2024/CVE-2024-477xx/CVE-2024-47758.json) (`2024-12-11T16:15:11.947`) +- [CVE-2024-50585](CVE-2024/CVE-2024-505xx/CVE-2024-50585.json) (`2024-12-11T15:15:14.920`) +- [CVE-2024-53677](CVE-2024/CVE-2024-536xx/CVE-2024-53677.json) (`2024-12-11T16:15:14.593`) ### CVEs modified in the last Commit -Recently modified CVEs: `15` - -- [CVE-2021-46958](CVE-2021/CVE-2021-469xx/CVE-2021-46958.json) (`2024-12-11T14:43:21.320`) -- [CVE-2021-46960](CVE-2021/CVE-2021-469xx/CVE-2021-46960.json) (`2024-12-11T14:47:28.957`) -- [CVE-2021-46961](CVE-2021/CVE-2021-469xx/CVE-2021-46961.json) (`2024-12-11T14:49:59.620`) -- [CVE-2021-46962](CVE-2021/CVE-2021-469xx/CVE-2021-46962.json) (`2024-12-11T14:56:40.457`) -- [CVE-2024-23349](CVE-2024/CVE-2024-233xx/CVE-2024-23349.json) (`2024-12-11T14:22:19.183`) -- [CVE-2024-25606](CVE-2024/CVE-2024-256xx/CVE-2024-25606.json) (`2024-12-11T14:27:37.600`) -- [CVE-2024-26578](CVE-2024/CVE-2024-265xx/CVE-2024-26578.json) (`2024-12-11T14:25:58.393`) -- [CVE-2024-42135](CVE-2024/CVE-2024-421xx/CVE-2024-42135.json) (`2024-12-11T14:59:33.097`) -- [CVE-2024-53131](CVE-2024/CVE-2024-531xx/CVE-2024-53131.json) (`2024-12-11T14:55:01.573`) -- [CVE-2024-54008](CVE-2024/CVE-2024-540xx/CVE-2024-54008.json) (`2024-12-11T14:15:19.713`) -- [CVE-2024-7232](CVE-2024/CVE-2024-72xx/CVE-2024-7232.json) (`2024-12-11T14:44:38.737`) -- [CVE-2024-7238](CVE-2024/CVE-2024-72xx/CVE-2024-7238.json) (`2024-12-11T14:34:42.833`) -- [CVE-2024-7239](CVE-2024/CVE-2024-72xx/CVE-2024-7239.json) (`2024-12-11T14:25:45.607`) -- [CVE-2024-7240](CVE-2024/CVE-2024-72xx/CVE-2024-7240.json) (`2024-12-11T14:22:23.280`) -- [CVE-2024-8025](CVE-2024/CVE-2024-80xx/CVE-2024-8025.json) (`2024-12-11T14:02:07.930`) +Recently modified CVEs: `123` + +- [CVE-2024-51363](CVE-2024/CVE-2024-513xx/CVE-2024-51363.json) (`2024-12-11T15:15:15.280`) +- [CVE-2024-52943](CVE-2024/CVE-2024-529xx/CVE-2024-52943.json) (`2024-12-11T15:15:16.507`) +- [CVE-2024-53057](CVE-2024/CVE-2024-530xx/CVE-2024-53057.json) (`2024-12-11T15:15:17.757`) +- [CVE-2024-53095](CVE-2024/CVE-2024-530xx/CVE-2024-53095.json) (`2024-12-11T15:15:17.940`) +- [CVE-2024-53104](CVE-2024/CVE-2024-531xx/CVE-2024-53104.json) (`2024-12-11T15:15:18.110`) +- [CVE-2024-53130](CVE-2024/CVE-2024-531xx/CVE-2024-53130.json) (`2024-12-11T15:01:08.660`) +- [CVE-2024-53139](CVE-2024/CVE-2024-531xx/CVE-2024-53139.json) (`2024-12-11T16:47:34.503`) +- [CVE-2024-53140](CVE-2024/CVE-2024-531xx/CVE-2024-53140.json) (`2024-12-11T16:45:38.077`) +- [CVE-2024-53450](CVE-2024/CVE-2024-534xx/CVE-2024-53450.json) (`2024-12-11T16:15:13.910`) +- [CVE-2024-53477](CVE-2024/CVE-2024-534xx/CVE-2024-53477.json) (`2024-12-11T16:15:14.150`) +- [CVE-2024-53552](CVE-2024/CVE-2024-535xx/CVE-2024-53552.json) (`2024-12-11T16:15:14.373`) +- [CVE-2024-53676](CVE-2024/CVE-2024-536xx/CVE-2024-53676.json) (`2024-12-11T16:49:45.783`) +- [CVE-2024-54751](CVE-2024/CVE-2024-547xx/CVE-2024-54751.json) (`2024-12-11T16:15:14.910`) +- [CVE-2024-54921](CVE-2024/CVE-2024-549xx/CVE-2024-54921.json) (`2024-12-11T16:15:15.127`) +- [CVE-2024-54923](CVE-2024/CVE-2024-549xx/CVE-2024-54923.json) (`2024-12-11T16:15:15.347`) +- [CVE-2024-54924](CVE-2024/CVE-2024-549xx/CVE-2024-54924.json) (`2024-12-11T16:15:15.547`) +- [CVE-2024-54926](CVE-2024/CVE-2024-549xx/CVE-2024-54926.json) (`2024-12-11T16:15:15.763`) +- [CVE-2024-54927](CVE-2024/CVE-2024-549xx/CVE-2024-54927.json) (`2024-12-11T16:15:16.360`) +- [CVE-2024-54928](CVE-2024/CVE-2024-549xx/CVE-2024-54928.json) (`2024-12-11T16:15:16.590`) +- [CVE-2024-54931](CVE-2024/CVE-2024-549xx/CVE-2024-54931.json) (`2024-12-11T16:15:16.820`) +- [CVE-2024-54935](CVE-2024/CVE-2024-549xx/CVE-2024-54935.json) (`2024-12-11T16:51:17.447`) +- [CVE-2024-54938](CVE-2024/CVE-2024-549xx/CVE-2024-54938.json) (`2024-12-11T16:15:17.033`) +- [CVE-2024-55500](CVE-2024/CVE-2024-555xx/CVE-2024-55500.json) (`2024-12-11T16:15:17.253`) +- [CVE-2024-55550](CVE-2024/CVE-2024-555xx/CVE-2024-55550.json) (`2024-12-11T15:15:19.653`) +- [CVE-2024-55586](CVE-2024/CVE-2024-555xx/CVE-2024-55586.json) (`2024-12-11T16:15:17.473`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 9203c0246ef..b36b8c71794 100644 --- a/_state.csv +++ b/_state.csv @@ -126963,7 +126963,7 @@ CVE-2018-9408,0,0,5c42660fc0373e3794b978085bc6f141b8964d1061bb0f50eefa0272a9e13f CVE-2018-9409,0,0,235ab4240b8f6a16f10dabebfc2a425e04d6055e3ccbd4af869fd3cdbdaa4a6d,2024-11-20T20:35:04.480000 CVE-2018-9410,0,0,df3ce3e6de4ffedbc96ebc88b1ffcfb3a929df188608608b94d23d5330115d42,2024-11-22T22:28:51.533000 CVE-2018-9411,0,0,18c6fd45cb373e5ef137d027fafac63305394d9c07fa2389a65d99934cccf131,2024-11-22T22:30:25.617000 -CVE-2018-9412,0,0,10d38b173d55eca5b05216994307fc04e70cea7770610d73cdc37fe177407f32,2024-12-05T21:15:06.513000 +CVE-2018-9412,0,1,939b75a24f1778508204c1e1a86cbe621da83e84f516dee81857152a07407fd6,2024-12-11T15:15:06.777000 CVE-2018-9413,0,0,732e84f703ca4b835049d6b892d3b578be5fbb201f1f9076a0f75f3e86071fd1,2024-12-03T19:15:06.147000 CVE-2018-9414,0,0,79a34e8b88dc9160c253b046f879020e896e2af4d4b1ba4abe1404e0222f9067,2024-12-03T18:15:11.267000 CVE-2018-9415,0,0,7bbac4461eea15ff5d707d056a8513003ba0bf9a8f89123a2d316e590dd4f098,2024-11-21T04:15:26.040000 @@ -152852,7 +152852,7 @@ CVE-2020-2071,0,0,52503cf5be8c814fdbd15c9c7c05152acda201336c3679b5e0371e974c9052 CVE-2020-20718,0,0,bfa43fcda3d3e9afc0e65549bf55ad8a55d489d1cb4123f8549a94680ef59605,2024-12-10T18:15:22.673000 CVE-2020-2072,0,0,154bc74bb11e59c2af149ddc832bd8c915bd314c6e7568132bcfaa568de92143,2023-11-07T03:21:38.860000 CVE-2020-20725,0,0,293c2e2d102e61e2e16cfbd41966017dbd71b6c3b3759dca9e45f77f23447a38,2024-11-21T05:12:15.117000 -CVE-2020-20726,0,0,50e4c303f04d4c9fb4a4007e1d32fbeadc0e20db96378f4d8cdb034e851770f4,2024-11-21T05:12:15.260000 +CVE-2020-20726,0,1,edcec45d7f37b943efe44c6b4ff2e11f8066b1ce08b1324592ed70d43054324b,2024-12-11T15:15:06.953000 CVE-2020-2073,0,0,a28a9d77f0aba17d584da12e3595e8b99e7a49642b378ce3cf4fa02f4836976b,2023-11-07T03:21:39.100000 CVE-2020-20735,0,0,08a621bab1bd76991868d51da53b4faa6c5fb4285908e26091134f1c6e40e0a7,2024-12-10T18:15:22.867000 CVE-2020-20739,0,0,6c2e78a96aaf2cd3ccbeec6e165d16f1a523fb3e3fbe2b1779a4017c5258de01,2024-11-21T05:12:15.553000 @@ -159498,8 +159498,8 @@ CVE-2020-36783,0,0,e286124c61448f7fd51b57f763b347528856a4a1ca56c75478cf046c0bba5 CVE-2020-36784,0,0,14269507ec793103ba5d47be84ea6c5627160c5f1dd2329a2c107e8028183ee0,2024-12-06T17:37:59.973000 CVE-2020-36785,0,0,8abd1aefac894fa31fb9663b853815059d0d596e701ab17d0204178beba874a6,2024-12-06T15:59:06.807000 CVE-2020-36786,0,0,0ea15290adb4074d2af998942543822278a7d5c85d7cd142f1bf61d58786e330,2024-12-06T15:59:30.400000 -CVE-2020-36787,0,0,3405a733a5d49fca443452e4a8770096fd8b2dd44d1dbaaf0fc5b9adab1da0b5,2024-11-21T05:30:18.467000 -CVE-2020-36788,0,0,1d50c3cedfeaedcf5d9dec391a9bdfef15332318cac7f708060eb4be3da98205,2024-11-21T05:30:18.583000 +CVE-2020-36787,0,1,502855373c28ca46357de690f5dc8f8e29c1233e9557b09f461af25c733b38c7,2024-12-11T16:42:29.080000 +CVE-2020-36788,0,1,538e84f4cb96c9d3452e4c0d6032a1a5bac616bb875a71e1847cbdf2d7f05dab,2024-12-11T16:37:00.320000 CVE-2020-3679,0,0,e50c3284f3a657c667bb2bcead40e1009be12a2605501d7af9afc6e97b996914,2024-11-21T05:31:33.770000 CVE-2020-3680,0,0,95ff3ef12f3f63dba119087397217342424c1009d17f182b57cd7668b1d53c18,2024-11-21T05:31:33.890000 CVE-2020-3681,0,0,85c136b131152da20e227debcb5e39b4df76d1ad0d976c7af998638337c03a1e,2024-11-21T05:31:34.023000 @@ -187099,12 +187099,12 @@ CVE-2021-46954,0,0,e1fa2a573497ac3cca2eee300a8202a85d71444ad1ae9d67a48ccba1351fd CVE-2021-46955,0,0,fba2bdea5b92fd2bb608ef13865c7c716d690c748a48c0107fec8f1770dcc976,2024-12-06T17:53:52.043000 CVE-2021-46956,0,0,76c2d7d149a52a4365576d3df8b3754fee5701e4ff7f9a4a2a36c2118984f44d,2024-12-06T17:54:34.117000 CVE-2021-46957,0,0,bbe461b34c6df98a2e7d85c7c55d1deb4507d01fe0a54998222ee20412cbfadb,2024-11-21T06:35:01.700000 -CVE-2021-46958,0,1,5b50b682b8116efcca529fbd28c5eefb378e5effcdc8ded445bdcaaf6f6266bf,2024-12-11T14:43:21.320000 +CVE-2021-46958,0,0,5b50b682b8116efcca529fbd28c5eefb378e5effcdc8ded445bdcaaf6f6266bf,2024-12-11T14:43:21.320000 CVE-2021-46959,0,0,bb00e0a22da9b704f505ef16ef46738f1a4c1788be5f1b4157870da30260bb29,2024-12-10T17:55:18.607000 -CVE-2021-46960,0,1,93adc63857297399bb3e172923626740b3a2251d6d6684f265fbff125aa509a0,2024-12-11T14:47:28.957000 -CVE-2021-46961,0,1,5cd831cd809d2fe0046a1637f020f49a679577e4a0a98dad8858b62bb6faf1ce,2024-12-11T14:49:59.620000 -CVE-2021-46962,0,1,c2add0fa35a2b624472b36db248d8d830acc6f42ffa2bcf78c3542a48bf06b43,2024-12-11T14:56:40.457000 -CVE-2021-46963,0,0,ed803386ec84b6f1d2a8d52134d898d34d9dfaeaf4f90f7e8c8a4abcc6f6979e,2024-11-21T06:35:02.580000 +CVE-2021-46960,0,0,93adc63857297399bb3e172923626740b3a2251d6d6684f265fbff125aa509a0,2024-12-11T14:47:28.957000 +CVE-2021-46961,0,0,5cd831cd809d2fe0046a1637f020f49a679577e4a0a98dad8858b62bb6faf1ce,2024-12-11T14:49:59.620000 +CVE-2021-46962,0,0,c2add0fa35a2b624472b36db248d8d830acc6f42ffa2bcf78c3542a48bf06b43,2024-12-11T14:56:40.457000 +CVE-2021-46963,0,1,ec8fabbc70acf64eba9170005213b4522a9618d5878bd9963ccd2795e26c8570,2024-12-11T16:12:08.920000 CVE-2021-46964,0,0,add212b1b30e4a27a2fddf94d21547296337853832d6be635522371cdb728833,2024-11-21T06:35:02.703000 CVE-2021-46965,0,0,b46915ce2a81dd117323c8c6bb7b33e42c3c3992924bab30d16a37675e4afe55,2024-11-21T06:35:02.837000 CVE-2021-46966,0,0,97fed527abc8c179af4ef0cded9357d2e989b82f53f8292e5a23e469eb8ca4e1,2024-12-06T17:55:15.673000 @@ -205508,8 +205508,8 @@ CVE-2022-38934,0,0,40d670d084123a35b6cf8e015d52100eba55e2e591a681d9be36901d5638d CVE-2022-38935,0,0,83a6e0251fe0abfddd0911937efa9f1b90021aae2007abd42b72b5f692f374ae,2024-11-21T07:17:16.500000 CVE-2022-38936,0,0,b3e505552a6410e493866b78c37513e198bc95afcfc929838b193c22c9abfd36,2024-11-21T07:17:16.647000 CVE-2022-3894,0,0,33b9420d4c777d74fc9afc14daf43f3a8e5811186e765049c2b0991fd11bd532,2024-11-21T07:20:28.913000 -CVE-2022-38946,0,0,41211fbc12112d753f3af7d315f8c1b1a5c1c595080aff6a35608a4aee12f7fb,2024-12-09T17:15:05.280000 -CVE-2022-38947,0,0,bfa40092e2557b05cf82c4239ec44a007554ea293ad1ec1dc07ef6806472823b,2024-12-09T16:15:18.667000 +CVE-2022-38946,0,1,2a0a1fab6e1d2d5740acbe58559acfed91cc83f62958692e58c8b2f9649a1818,2024-12-11T16:15:05.783000 +CVE-2022-38947,0,1,deb38b2cacfb2bd8ad467be8d85bdea6de9ddf89ffc5b2c0a5e0261250c404d8,2024-12-11T16:15:08.293000 CVE-2022-3895,0,0,a9fc841d0237473e1e94e430db8d1fa94b66fa1951ff679c2163fbfb09a98fbf,2024-11-21T07:20:29.067000 CVE-2022-38955,0,0,c67dc1036670bcfb324220053bea90a87f57af5b5b721977df093f2412b93825,2024-11-21T07:17:16.800000 CVE-2022-38956,0,0,aebbd9d93c58bae1388e61045fe497d1212a7d7f7f21427a6c71bed0dad0105b,2024-11-21T07:17:16.953000 @@ -217829,7 +217829,7 @@ CVE-2023-23468,0,0,dcf3783a6e46e2a0eeb9074ee47ed2d5c0a9c74ff1896870c21e1e0585b30 CVE-2023-23469,0,0,69288f0f15e2c2829cc139ea58aa96679edf14002fe3924391288bf0361cb528,2024-11-21T07:46:15.757000 CVE-2023-2347,0,0,537d1f3c8d04870af60e6afd6bd0bbb550617328ab9535d9b20c15152403871d,2024-11-21T07:58:25.880000 CVE-2023-23470,0,0,805f33b64cf2149db6b5e5d1695195d5fb15d1d1e7fd0dc5ce1bcf2fd6089263,2024-11-21T07:46:15.897000 -CVE-2023-23472,1,1,d1adab87d9c998e6269bb24ccf75fba4c0d07d5114972fb5981530f6c90d0406,2024-12-11T13:15:05.150000 +CVE-2023-23472,0,0,d1adab87d9c998e6269bb24ccf75fba4c0d07d5114972fb5981530f6c90d0406,2024-12-11T13:15:05.150000 CVE-2023-23473,0,0,6e568225fe37b401d88506d3abb6e7be1d1fd3f5dd589c1df7bd297f7599cab4,2024-11-21T07:46:16.040000 CVE-2023-23474,0,0,b8acb675618c02fb8615d33e861383e47b93572a37e4fdcdcd749f7ca7a5a118,2024-11-21T07:46:16.183000 CVE-2023-23475,0,0,3a68aebf09e3ed863e58894bdc66525870538242756e587e97f59ebf17bf6357,2024-11-21T07:46:16.307000 @@ -219746,7 +219746,7 @@ CVE-2023-25743,0,0,7558e45b87eeaa1ba4d99c425444e815ba925b5bd93e9c29fa81472ea06c4 CVE-2023-25744,0,0,4eae3a90dcdc5d2766e52ae3ae4ee1b6ccfcbae9216b5cd9ae89ac1806098c57,2024-11-21T07:50:03.790000 CVE-2023-25745,0,0,6102d9fc572324be6644eee9d6fb12de0c6076ae05286509941a0d87d72b34f0,2024-11-21T07:50:03.910000 CVE-2023-25746,0,0,b2502edecd51f079acd18d979cb6dbb9bb06b6370db89923ba0bbe001131fb22,2024-11-21T07:50:04.013000 -CVE-2023-25747,0,0,d05a183f02543cbce6db3845e80eb8cb6c0cb416779492a85f891d8db0dc7408,2024-11-21T07:50:04.140000 +CVE-2023-25747,0,1,d1b74a66095cdc586ebd8ff527eff24f26609d611db061c93a7c6b23284c7a49,2024-12-11T16:15:08.497000 CVE-2023-25748,0,0,a5f231f6ce1287a57ac3ab5d6b5420c308f9eef1aedbcb2aaa3281b360bb3df2,2024-11-21T07:50:04.250000 CVE-2023-25749,0,0,7ae7181a544487d53266a67325373d3191b84ef4de82642ad7b49ec70257ad66,2024-11-21T07:50:04.370000 CVE-2023-2575,0,0,a59971076db19b36a664ea7bce8bdc3b7a1e7cae8e3ea4d3850f7ffa0cfb8a97,2024-11-21T07:58:51.757000 @@ -222966,10 +222966,10 @@ CVE-2023-29528,0,0,adde986114eb16209a6b90f72e5a185f921909623e6f369d5c727fb80ac75 CVE-2023-29529,0,0,77c6d181c06aac77213d17b61e5ae1d48acecd17837f89a96149887f038d92b6,2024-11-21T07:57:14.377000 CVE-2023-2953,0,0,207452d35f31822e6b2f253721ce4dfc76fc8a9b73d02bf3415f0ac18782ad99,2024-11-21T07:59:38.290000 CVE-2023-29530,0,0,a334ac4f3abe0a71e6ae41315b6ad7182859ceef3a7ef93c75fed3c3a25cde27,2024-11-21T07:57:14.487000 -CVE-2023-29531,0,0,007a9536a1a87099ca365e26250e375c2c68c16d936b5cdf40a7c3da1a4c3c18,2024-11-21T07:57:14.610000 -CVE-2023-29532,0,0,9e5d2a80448a0a738240cd8ac220e5ca7442f0e431e62791b122b72049215a6e,2024-11-21T07:57:14.750000 +CVE-2023-29531,0,1,2a6f9684e65cef92493d55be02f23d2ab52faa2518f1f3dfa957704ce0326b5f,2024-12-11T16:15:08.690000 +CVE-2023-29532,0,1,ade044458d3f96d94c55c07794dfbd0e16af531548a3a83039341e58cd652212,2024-12-11T16:15:08.880000 CVE-2023-29533,0,0,c96cea4ad337a4dbfa70d307cc52e9b1fcd9c9a05733e14ba6a06c852ce3af58,2024-11-21T07:57:14.870000 -CVE-2023-29534,0,0,09650046b06348b9d8d80a0a616e8adee57daed5ef7b97fd86be7bed173b6e4e,2024-11-21T07:57:15 +CVE-2023-29534,0,1,c8ab00c60325976ba8a2d0de95f8bbb9392dc5c75770a8a1ca5d9b6de42f8915,2024-12-11T16:15:09.060000 CVE-2023-29535,0,0,a61f63e9517ff04ee1ae0969ef54dea0e6f57606221c0bc72199d618cf85297a,2024-11-21T07:57:15.117000 CVE-2023-29536,0,0,d5d3321b7c9a6bc7ec5d773d54a70405282f3a6210aa0bcba3655774e649ad8c,2024-11-21T07:57:15.227000 CVE-2023-29537,0,0,95c44780cbb9f75753385a20f6e3485b43335289811a2958819096206e8803c3,2024-11-21T07:57:15.340000 @@ -222978,10 +222978,10 @@ CVE-2023-29539,0,0,7b855f1da28c2e82a336e3e6002456776e7b9a2b5444e23b1f64dffdd9c75 CVE-2023-2954,0,0,170ee79a71250a5460ede383a19cf8d0be561842606ea27f7c0d85ce19277b2f,2024-11-21T07:59:38.440000 CVE-2023-29540,0,0,9b3d64f7945e1ac9eaf009ad6c90de756f3a4cc4cbc411a5ee85eb215196df44,2024-11-21T07:57:15.687000 CVE-2023-29541,0,0,764032c774f1aea47662569f2e331b6ad674461e97108e7519248436a4c73346,2024-11-21T07:57:15.800000 -CVE-2023-29542,0,0,6b5409e1532545bf2b3a95b9b3be32ed6955a26161ed3987352a58c7d92f3620,2024-11-21T07:57:15.927000 +CVE-2023-29542,0,1,46b8932e18265980690a3bcaa6fb35d98fb3d5a02f300b2e5626bd6c59fbe71f,2024-12-11T16:15:09.237000 CVE-2023-29543,0,0,f316bf6ac4bd9f13fdef4eedac5dd7397ba341296875b6769be678c979946300,2024-11-21T07:57:16.047000 CVE-2023-29544,0,0,4f51f44fd5cabc3b79b2a7a7978204c4c24836c255ad25bf71f89fa796f8c720,2024-11-21T07:57:16.150000 -CVE-2023-29545,0,0,fcbda261114230c57aeee9565a937eb9edfb1b010a8525158c2c176525122707,2024-11-21T07:57:16.260000 +CVE-2023-29545,0,1,46705769a17275c16028682008fb3b90c787fd80d73cb633eacf73710e5b4383,2024-12-11T16:15:09.403000 CVE-2023-29546,0,0,2e8e12bcd85a1a78c6cb9f773a230f8fdd5e5f20aca1676ff7c16ff615f0ad34,2024-11-21T07:57:16.380000 CVE-2023-29547,0,0,8fc777296f97d4ea9bc87b22b8f33be24f41690dee114e2f7f2c228e53b57fba,2024-11-21T07:57:16.487000 CVE-2023-29548,0,0,00e902680bbcecab5106b6846ed6e510d2721dffb60f34398345ef8db93261a7,2024-11-21T07:57:16.590000 @@ -239700,37 +239700,37 @@ CVE-2023-52500,0,0,fbb9efaa221bcebca4695082e7346353f1edaceda435306e7320013f86e44 CVE-2023-52501,0,0,dce8fea28787eccd5fdf1c2279867b1856cfdadbf948affe1018e6b016ffe136,2024-11-21T08:39:54.730000 CVE-2023-52502,0,0,53b5c7371b4f4373fe848296392853f59d8735375e39195cf54701f13f36c71d,2024-11-21T08:39:54.847000 CVE-2023-52503,0,0,b25829a16f78c14d9235d80b7c332263af083b055661f6466ab49e61a0d35aa6,2024-12-10T21:26:43.377000 -CVE-2023-52504,0,0,20d543413cbfdce3982f0e69879d8085fe9ae071f6db241d63eea26ff6923237,2024-11-21T08:39:55.150000 +CVE-2023-52504,0,1,7b00d7367755902413f54a344d1c934ccd6c5f85e27cba6919cdc853f813017e,2024-12-11T15:05:44.313000 CVE-2023-52505,0,0,457ceb32eaa0dbf4f3fb83c3def49ce35850e4a94f5e4c24c521950a01b60bc6,2024-11-21T08:39:55.273000 CVE-2023-52506,0,0,2473aef6ecee2b11075221629d29edc4b86db27ed7be427c580f9b517750fde5,2024-11-21T08:39:55.397000 CVE-2023-52507,0,0,7ed8e633502cc2f91ac4507141a1f109bc31163f481bf3d02006d107ebe2cbf9,2024-11-21T08:39:55.513000 CVE-2023-52508,0,0,f8139e600d46dca8f67ecb0a95236952f26c02714cd95adfe0dbbeed166d1ee0,2024-11-21T08:39:55.633000 -CVE-2023-52509,0,0,940097888a15b5e68755b3e945f0c1d3b96af2771b2263291a14042d11005db3,2024-11-21T08:39:55.827000 +CVE-2023-52509,0,1,4c32e1e52d82db6d2e5e667f80062d77bc1fa6b92446d15ee14c1f6c6f544cf4,2024-12-11T15:07:32.760000 CVE-2023-5251,0,0,8e5d86dd8015f5ba5db53e53cb223d5ce43b5c6420566475d898b38e0a2f8a7f,2024-11-21T08:41:22.610000 -CVE-2023-52510,0,0,d61727d74ba0076111920fdab4cf480c78a22079195fc0be294a6064ec9e85c5,2024-11-21T08:39:55.950000 +CVE-2023-52510,0,1,1d4c660454b6d15905273fe738ffaa57f9a8f63fda4125270abeff81f8781f37,2024-12-11T15:11:16.133000 CVE-2023-52511,0,0,e98c89ec00685492078c5b92b97356f71778a20ea8da6788f8187c9b62435c3b,2024-11-21T08:39:56.080000 CVE-2023-52512,0,0,278b0665314e1a2b30e776d56be69d2531d8899712bf81004dafba87216a7362,2024-11-21T08:39:56.303000 -CVE-2023-52513,0,0,aa76e35e2a5a4a64a311a3c72ecb20cb6599cf431040b0f007f8e6dd12f53caa,2024-11-21T08:39:56.530000 +CVE-2023-52513,0,1,97d7c95c4e6616756fc77008da3a9e34784f63a990f4286e2a5968551625134d,2024-12-11T15:12:45.753000 CVE-2023-52514,0,0,96b3bc37b65a7f0f11caed4828897554155b5e08fde97001434005eb59164e32,2024-03-11T16:15:07.720000 -CVE-2023-52515,0,0,c9cce97274a1ec8223604dd43f027e5c9c2beff5647f4b2ec5ad5e5d6fda8a26,2024-11-21T08:39:56.663000 -CVE-2023-52516,0,0,f68fd76a40107c71dd8f08e017df051ac0f495dbaef65847d6340ed3eef2aa0b,2024-11-21T08:39:56.780000 +CVE-2023-52515,0,1,783d33279e8711f2f53faff3aa4d2bf5a8bc423e48cee26bb25bf599790fc992,2024-12-11T16:41:11.770000 +CVE-2023-52516,0,1,c9433424f464a3aefd00d0bda0d407932aea710f1ccd0eb4aed297e697fdac49,2024-12-11T16:34:41.590000 CVE-2023-52517,0,0,d82939494abb052a15f83b4ca358f793f9c9e2d71a5d9b9e4a8553b5c270c05b,2024-11-21T08:39:56.913000 CVE-2023-52518,0,0,6033333179ee7065b3ad5a7a294863593028e3c2a534a4a4a5dc1a8ac412775f,2024-11-21T08:39:57.030000 CVE-2023-52519,0,0,8ece08980f7474945f483678246212b0be34fd4256183388e8be0b22bb44e150,2024-11-21T08:39:57.220000 CVE-2023-5252,0,0,6e866dd390859261cd7659e88d39d09ee87f05ef749374a16d7e16e4e49555fa,2024-11-21T08:41:22.723000 -CVE-2023-52520,0,0,df6391e693c0758143ff466327917223f90797872c674e3c162f09211cbbb89e,2024-11-21T08:39:57.340000 +CVE-2023-52520,0,1,d31cd448073f5b764992496529f1ce58fbaec56d048ef04f1b1f5151bc9d73f5,2024-12-11T15:16:55.293000 CVE-2023-52521,0,0,26ba094f0a43e00b237fc666ea879d557b221b56ad6aeee17c07d7717bd0e4ca,2024-03-05T23:15:07.310000 CVE-2023-52522,0,0,c13b0a3176143b06d3ccc87f08706f9245c7cdd589d25b2c0e11f3ccc3613bfc,2024-11-21T08:39:57.493000 CVE-2023-52523,0,0,4960efaf39e9fd892e453735132ae203eea6ba386550aa6a7946783297160c29,2024-11-21T08:39:57.693000 CVE-2023-52524,0,0,7c9782eefab52c2fbb27a17a70d133dab00dc93acf8473bcfc7d444ee733148d,2024-11-21T08:39:57.813000 CVE-2023-52525,0,0,bc5937519d442f86b63a53c40100811a9bc3a8971c75a0285bf2356b42a88f8b,2024-11-21T08:39:57.940000 -CVE-2023-52526,0,0,0cb73fff958fff6f20248f7743482826bae80c07262d2b8f2757407c8eeee0bf,2024-11-21T08:39:58.057000 +CVE-2023-52526,0,1,1438e98d7ebd761d3e4a2b5db47e2999a34f9aed48e4e48ea616537355cbf9b2,2024-12-11T15:19:11.407000 CVE-2023-52527,0,0,7caa2f7af5e7f96218899c315042a1cdfdb7e3e34c31f6678b7cdc5e41da897a,2024-11-21T08:39:58.170000 -CVE-2023-52528,0,0,ee1e988366e119dea127ed0ccf008478436e05bb3e12a90336e4cc828a1097b1,2024-11-21T08:39:58.307000 +CVE-2023-52528,0,1,f8dc1059cdecae7671bbeebfd74b733cc48cc6554467ed082aa97679e394d701,2024-12-11T16:27:49.277000 CVE-2023-52529,0,0,841566603cc3e72b05afcb01b587c6dcd4414a7fe1bc2081929dad3add9a68bb,2024-11-21T08:39:58.437000 CVE-2023-5253,0,0,7ead7effcc406218ae6035d8fe47bb748de44284fb99412a6bbf2042e8def61a,2024-11-21T08:41:22.837000 -CVE-2023-52530,0,0,0550f1cd583939b88f07f87e6b5324340be68995cef77f5a79ebd381f9af5e9f,2024-11-21T08:39:58.613000 -CVE-2023-52531,0,0,43f4b1b93b585b47b55b403d2c9702d5a43bd5dbb35bcd83d1e030b360cc0ed7,2024-11-21T08:39:58.730000 +CVE-2023-52530,0,1,4f593611b75e30e5eae6b577cc331379a84a2f608d52430e3e67592abfaa923b,2024-12-11T16:26:57.617000 +CVE-2023-52531,0,1,a61dc0f947d453c51b46a28fa43b6378dffa1008ab84f4db783ded8d39575ec4,2024-12-11T15:28:47.893000 CVE-2023-52532,0,0,b26e8077130f31791dc84df48ac30adc861aa8b56f96bb902c194d9fbae75b9a,2024-11-21T08:39:58.847000 CVE-2023-52533,0,0,630004815d3f4ebf3c444b7ff3f11f212940db8cc3775558974c6702465635eb,2024-11-21T08:39:58.960000 CVE-2023-52534,0,0,f37e50d7149e08730fd9fe7b8b8fc06c4115123a747760e53b659858db2ba27d,2024-11-21T08:39:59.137000 @@ -239762,25 +239762,25 @@ CVE-2023-52557,0,0,0a22b9021f7275058bdd115e9063ef7fec559d0df8bd741165304086449b7 CVE-2023-52558,0,0,79680456f3117e5c28c62f76fc61c399e91cab56f37a1e79dfeac8000c81d7c4,2024-11-21T08:40:03.463000 CVE-2023-52559,0,0,a5eeead7ced19a305d3796a1194808a6ad5b63bc7f19fe14240baa29dd3ec656,2024-11-21T08:40:03.650000 CVE-2023-5256,0,0,f25b36e2d6816d15ae13d24827e811b1ce1bdb4f814d5704d120858d960e9cb7,2024-11-21T08:41:23.240000 -CVE-2023-52560,0,0,be036dc8e08539644ec5ab97264d9cd017c81de5fd85951062bd6589332b629c,2024-11-21T08:40:03.773000 +CVE-2023-52560,0,1,8101dc5e12b61978499f3c1f952560bbf0c85a42b7e572f0d17179ed35ab4ed2,2024-12-11T15:24:15.463000 CVE-2023-52561,0,0,bbc18871877cad65375af08e325f56ae47245e643f99add72f816b7bee748d2b,2024-11-21T08:40:03.893000 CVE-2023-52562,0,0,5a80f3b5bbde94e2506e1411a1c685dcbcc12f061a4accd03162004cc58c21c7,2024-11-21T08:40:04.087000 -CVE-2023-52563,0,0,7b7d968aa770ffddc17941516239c6e5d13f24c8a5de9b86d5752a9891d46450,2024-11-21T08:40:04.200000 +CVE-2023-52563,0,1,01157a06c1bdeb4c4102bca50ef9a48709c1400e6898d82272f45549e1856933,2024-12-11T15:23:23.317000 CVE-2023-52564,0,0,eddbf6db4434077a0f39e72330efbad33de2c2f70ebc52d76813f79f09cdf576,2024-11-21T08:40:04.327000 -CVE-2023-52565,0,0,e3d0fb369d57ca7c5dd192d4adbebdb2a08749e1bdee49186e48a0d09c4d0ca7,2024-11-21T08:40:04.447000 +CVE-2023-52565,0,1,573eae026add44222db4dcfafdb299400ef2ab79702c7319794326b052947218,2024-12-11T15:22:29.917000 CVE-2023-52566,0,0,0561ca08823b0139170f0520b6f130894bad2ca52e446eddfcab5d955446225a,2024-11-21T08:40:04.560000 -CVE-2023-52567,0,0,3300e818c52c6336f619502836cda7deae067212c0e9ac45e1fbb705c73e1af0,2024-11-21T08:40:04.773000 -CVE-2023-52568,0,0,4123de68a293524cf074deec847391b96cec948e0500920cd3a5526687e383f6,2024-11-21T08:40:05.380000 +CVE-2023-52567,0,1,18cd831f228d03b1e3290afd2f881bf52bd296c7921d05278f526558565ace57,2024-12-11T16:26:16.023000 +CVE-2023-52568,0,1,8d17d4f43096b1e8e2ac821253ed4d8309c3179fdcc64f1f4e718167b321b031,2024-12-11T16:23:49.080000 CVE-2023-52569,0,0,b178fb4a13ab6171073f91bab5945f820821c690ff14cf04ce18c757e1ad551d,2024-11-21T08:40:05.503000 CVE-2023-5257,0,0,07922529d4874d769cc8bd5ed5c77669ae274ef856c84e68c1a5c33f4f7743cf,2024-11-21T08:41:23.437000 -CVE-2023-52570,0,0,c9bef56b0433dc3dda3c89fd66dfa142663eafdda5dd2b1c2742abc149270757,2024-11-21T08:40:05.627000 +CVE-2023-52570,0,1,c7a973afb4874bbc0a4a26ff210f16ddeefd555596f88f99c2b297604732223f,2024-12-11T15:21:44.063000 CVE-2023-52571,0,0,3d763ea049692222c9f2aaac9caf87c4a36407d587a5bdcdc18e08fbadbf44e6,2024-11-21T08:40:05.753000 -CVE-2023-52572,0,0,c59789db70db0c33eecc99fbe1f891dfd0ba41daef3f5d387fa7b2bcc48419b9,2024-11-21T08:40:05.943000 -CVE-2023-52573,0,0,9739305cd90ca003c7baa8dc1bb0f383a707464359b308d7fcd4242e4a99bae5,2024-11-21T08:40:06.067000 -CVE-2023-52574,0,0,714a3397181310d685c57950edbf145947327ab0a1e37f33d6471c6d74b99c87,2024-11-21T08:40:06.193000 +CVE-2023-52572,0,1,f702508896ee515ee89db0a1e822fe9026cc584aabcbb6db64d0c9f0272f6b5c,2024-12-11T16:22:46.453000 +CVE-2023-52573,0,1,ff8d78f642527d7a857c65b835a6abb27dea3bb756def1084064834d8863ee74,2024-12-11T15:20:48.023000 +CVE-2023-52574,0,1,8323bac1d9b1547c4da987d85886bb3baf8f9d838d025c7c0a11cea296a4919d,2024-12-11T15:30:26.120000 CVE-2023-52575,0,0,a5b1456e1f4f3168b96ec99b70713689f039d7b9a7af7c035fa313f136ce995a,2024-04-25T06:15:52.767000 CVE-2023-52576,0,0,9dd43aec57900dbc078e5d91979cedca10e73f2f39b1fcf866726ede9c267476,2024-11-21T08:40:06.350000 -CVE-2023-52577,0,0,0a4b014544ce6673a791d63d0a9306e38202724055e34184eb21c28f28d88655,2024-11-21T08:40:06.603000 +CVE-2023-52577,0,1,5bd6982550137aea20a2ecd267614d20749b25811f7f7f8a84e7c7b156c3f5b0,2024-12-11T16:21:49.573000 CVE-2023-52578,0,0,2e26fc6a7d6e0faed2b6015873c2275752ab452742907d5c98ee02de2973f40d,2024-11-21T08:40:06.747000 CVE-2023-52579,0,0,46d3719ad784e436d8f68041c52fb234bc85c10006dd0f7ac61db478c13665bf,2024-03-04T16:15:49.340000 CVE-2023-5258,0,0,0eac0cf4832fe4baeba17b515861a9fac722da219a538bafac0ab2693112b166,2024-11-21T08:41:23.570000 @@ -240157,8 +240157,8 @@ CVE-2023-52918,0,0,b756056ec028a3f8dbe95359b4e6a9ee9c3aee022710af984fbcd888a01bb CVE-2023-52919,0,0,428ae0b617ce1503b5cd1e233daf56322f531cad4cdc2d0ff04fec45c15d021d,2024-10-24T03:53:16.377000 CVE-2023-5292,0,0,053cd6bdc838ec8e58310af23c6d4e5e608dfbec5f41437eefe04e4d3a1ca985,2024-11-21T08:41:27.907000 CVE-2023-52920,0,0,5ccb706522b2bb61a4ff93701c4ce4aef0cd273aa2a0286f242c66a94d5b4a5d,2024-12-09T11:15:05.403000 -CVE-2023-52921,0,0,2ab56b205ca4683a8dfe1c1d2041b0495ba5496b1ce1fbb0ad171c5facf70d10,2024-11-21T20:49:54.030000 -CVE-2023-52922,0,0,e7092611f6d9115a9713c0e3e80e6e2edf8ee94e7dbc30ddd1c7f11e718cb99d,2024-11-28T15:15:17.260000 +CVE-2023-52921,0,1,db860eb263bc8c980e12e17429a087c45572e4c4d54038923230b290b9052477,2024-12-11T15:15:07.307000 +CVE-2023-52922,0,1,0257647582c181cfc3c3426a0282aca59fe8801f0370a44aec6ca0f680b7f26b,2024-12-11T15:15:07.500000 CVE-2023-5293,0,0,2ab12f953bcab8d32935fa01b57edeb209bb6e98a2ae0077b834e165d686a9d4,2024-11-21T08:41:28.027000 CVE-2023-5294,0,0,7e84d056ed43dce14104662505194c8e94fa18aaa1fa000f7d4caff68ba24092,2024-11-21T08:41:28.180000 CVE-2023-52943,0,0,f6ed6bafa02a627fd8483d5444c81747a611e4e8a768a1c76804639f41008cc5,2024-12-04T07:15:04.033000 @@ -243696,7 +243696,7 @@ CVE-2024-11048,0,0,ee0614f8b92ffed3e1b3dc74317f3bf75a0ccca022aff193893f1abe1be52 CVE-2024-11049,0,0,f15d3cde98533895db175c6daeef740cd643f4fe5ea44a8fb9695d76fbd71539,2024-11-23T01:41:19.207000 CVE-2024-11050,0,0,97b09a9297d22ccf4873559fbbb697493b98dfb210b831947a035d7cd550348b,2024-11-23T01:38:15.047000 CVE-2024-11051,0,0,0c5db2f4a5372b3789ea13ae4e153849a79584f39670640750e498cda1bc9950,2024-12-02T15:14:56.087000 -CVE-2024-11053,0,0,bc78603271bb633e85e4d1f56d4ae4eb8b7e4725f8dc4f33de4f337018994a76,2024-12-11T10:15:05.397000 +CVE-2024-11053,0,1,5c1437b487064cf3b57e6fe98ed96d4e49984a040cf217abb45d7e45b8da32e7,2024-12-11T15:15:07.783000 CVE-2024-11054,0,0,62fc21be220f83b3b99662a715e1e46c9921295e254139d37846c3d822e7f7f0,2024-11-14T02:43:36.197000 CVE-2024-11055,0,0,361b4525d8d554dca9b7af21fbdc2732ba2b4cb91ff03c9d581c539d68f515b7,2024-11-14T15:18:45.933000 CVE-2024-11056,0,0,9d9d3c33a7dea9c205bece3d4c8bdb949d23390d0100cf526cee841daf2a71cc,2024-11-14T15:21:09.907000 @@ -243912,7 +243912,7 @@ CVE-2024-1134,0,0,3b9e316f9f09adef1cfd4f6b3383505dbc9180172570e63197eb1d9f1f72ee CVE-2024-11341,0,0,fc1530097b0e35ed459b254b1ecb0cad070bf3ed96eaf9858f6cdb401383b357,2024-12-05T10:31:39.520000 CVE-2024-11342,0,0,e5c7c30c6a212e83bae351facc5b11e3c8030751d949156ac2c5ae223532d502,2024-11-26T04:15:04.030000 CVE-2024-1135,0,0,68c50f9eb4591d8bb506721809b1f0298841fc2528944ed9529aba74567efa11,2024-11-21T08:49:52.457000 -CVE-2024-11351,1,1,826b9861e058dc7cd171d254424cebec62cad9d99bf32049629edf3acf54bc21,2024-12-11T13:15:06.350000 +CVE-2024-11351,0,0,826b9861e058dc7cd171d254424cebec62cad9d99bf32049629edf3acf54bc21,2024-12-11T13:15:06.350000 CVE-2024-11352,0,0,3e29015c6ddb727a2fde19c192da7eef0aa6d301384cc964189003e83042cffc,2024-12-06T09:15:06.650000 CVE-2024-11353,0,0,ef44a4979882bdb8ebc7e65b79558cac81921a597185e183e034648fbf6765f4,2024-12-07T02:15:17.850000 CVE-2024-11354,0,0,87986c107f2d598ec9b5e54e0419b4149d63b452699e5d17cc10ffbc61f46d56,2024-11-26T17:34:55.767000 @@ -247806,7 +247806,7 @@ CVE-2024-23345,0,0,93238d3b825f485d8eb374a435c101f669289e1d89c688d77924b26c7cc59 CVE-2024-23346,0,0,15a6ec1f47e9a6cfc97c2a72502eaa07279591547945e2ab80bf144c2636f3b3,2024-11-21T08:57:33.443000 CVE-2024-23347,0,0,25471626506419779168ea545004b9fe96b382d2dd9a27aa905a7945d77256d0,2024-11-21T08:57:33.577000 CVE-2024-23348,0,0,a129e6b3747159f86ada3699e7ce730a1fff4c4aa879c6338bc74b8e570fdbe1,2024-11-21T08:57:33.707000 -CVE-2024-23349,0,1,4f771bcc93ebb4ca49452299c3a1c8f24e42a293d9a873d9c6b26612990ea1f9,2024-12-11T14:22:19.183000 +CVE-2024-23349,0,0,4f771bcc93ebb4ca49452299c3a1c8f24e42a293d9a873d9c6b26612990ea1f9,2024-12-11T14:22:19.183000 CVE-2024-2335,0,0,ed64babb31900629e88691a28bf293e48139716a308e0dcea2c4d5bc974613c1,2024-11-21T09:09:31.907000 CVE-2024-23350,0,0,339ca97a071d45a6e59ad694d2760add389eaeb02c1699dfd49abf0f96fae5ce,2024-11-26T15:48:05.817000 CVE-2024-23351,0,0,8649c4833ba8351b45556d140a13f7a21d02c862e3d1f89c33bba0b7ac42ae62,2024-11-21T08:57:34.173000 @@ -249046,7 +249046,7 @@ CVE-2024-25139,0,0,fdeb3d927e69c956014f96de124a68cf6bb51b7f07318e0d74877516eaff6 CVE-2024-2514,0,0,4c27e0d4452ac0d637d41d41e4ef52caa523b948cee0cd9145e6298a13fa1187,2024-11-21T09:09:55.013000 CVE-2024-25140,0,0,4ce38a5e52087d3f6ac88d58a99d775b8a3a482d26af7aec3ecdd9c1eb0cc9f2,2024-11-21T09:00:19.800000 CVE-2024-25141,0,0,569d4c84f026c7313d1be9b590a56d17544ba69d3b1c743c7f697b7d4b70ae6e,2024-11-21T09:00:20.073000 -CVE-2024-25142,0,0,7db02c5ffef12a846a340c0959b2fad572975534ea35e86303cc910f4248fb3c,2024-11-21T09:00:20.257000 +CVE-2024-25142,0,1,db42fdc65111e68e257774ac0212736096b6a80463cfaa3d305c8c982827e10b,2024-12-11T15:37:21.737000 CVE-2024-25143,0,0,135ee95864ec141ebde7278cc8981689253a34523b9fcac1e5d724866576b291,2024-11-21T09:00:20.390000 CVE-2024-25144,0,0,3dc63c0585af532961c0fe1fa86b66af7267847e46b9d7544e9152bc733b0db0,2024-11-21T09:00:20.550000 CVE-2024-25145,0,0,dbee4a8aa2955d24baa6ce590f567fd8a044639487641fff575b69d6b04e2e77,2024-11-21T09:00:20.713000 @@ -249329,7 +249329,7 @@ CVE-2024-25602,0,0,43c5fd7be09141d81d52c491e8514b96cba0daa24c348da2dd7a06a5b7ef9 CVE-2024-25603,0,0,6efc2ab54ea3be651c1cc1d95ba47da582406dbdf361cbfd55e80b7611a41412,2024-11-21T09:01:03.690000 CVE-2024-25604,0,0,adb2744e99dce2faa265e66e541e673623a62dc0725d7f7a02f3571eed752f2b,2024-12-10T22:59:32.727000 CVE-2024-25605,0,0,cd3f213631c053f1b608e3b480951743b40dfcd47cd39c4fbb6227f798899db1,2024-12-10T22:20:47.737000 -CVE-2024-25606,0,1,cac38eab3443645d7904eb9442ba71c62f7d0310cd49ec6e2c6f23596207af9e,2024-12-11T14:27:37.600000 +CVE-2024-25606,0,0,cac38eab3443645d7904eb9442ba71c62f7d0310cd49ec6e2c6f23596207af9e,2024-12-11T14:27:37.600000 CVE-2024-25607,0,0,92a9fb01b0a8ceee06add8818a4f6f32834dea0c68b94bc58e295449a80a9e8b,2024-11-21T09:01:04.213000 CVE-2024-25608,0,0,7279c61e8730c275fdc995418fe07aa60ec60482b57bc6e0726dab12a2b3647c,2024-11-21T09:01:04.343000 CVE-2024-25609,0,0,55a8a632e5823ec358a36f05933df0c5d27523588b88b0d4903abb387c61beef,2024-11-21T09:01:04.470000 @@ -250030,7 +250030,7 @@ CVE-2024-26566,0,0,17fcdac1abfd469cf3ffd2a7711c92e40eda453c6c83e0105c8a9c787273b CVE-2024-2657,0,0,0a4026599cc8f564da68adf5d96fb16ac5a93f2d83477b37500b3fcf5ca350a2,2024-11-21T09:10:13.690000 CVE-2024-26574,0,0,c9911895eba0376ea8a04813b72831a135e34cb8219fef4dc4368d52d0492aa2,2024-11-21T09:02:34.080000 CVE-2024-26577,0,0,b31cfe48a896bbe0069a91709f0e0fcdcc1053cc2c31cf21b6fc4d7e6e447649,2024-11-21T09:02:34.307000 -CVE-2024-26578,0,1,2e58008b2e2354ced3f03ecb873037b7722363d10f6079fa1efe7f01fe5f0136,2024-12-11T14:25:58.393000 +CVE-2024-26578,0,0,2e58008b2e2354ced3f03ecb873037b7722363d10f6079fa1efe7f01fe5f0136,2024-12-11T14:25:58.393000 CVE-2024-26579,0,0,9c84da18e023cd09fe2fb7cf03db0b8a51d68ccf0b7a927b5e53949a549ffecd,2024-11-21T09:02:34.660000 CVE-2024-26580,0,0,2da523ae9bab4583fae6c14513aa51a5182ca599877e28f208436ca984866b9b,2024-11-21T09:02:34.773000 CVE-2024-26581,0,0,80b86b5dff9ca5be14908e5f3367dd0289faaf1f938aad6d98d56fc7348c93e6,2024-11-21T09:02:34.970000 @@ -251451,7 +251451,10 @@ CVE-2024-28135,0,0,6d8627a9b034ba8daa88a5653a4fa0fcc3873b400b81ab25bdd0e76c225d5 CVE-2024-28136,0,0,398b3e60c35d63350ccdd7436d0410a7095050774975b3a534ff55e78c95c043,2024-11-21T09:05:53.517000 CVE-2024-28137,0,0,d00b9036b2b7e693ab669d43cf51d8844983db366103d517587e7601c3ae558f,2024-11-21T09:05:53.637000 CVE-2024-28138,0,0,8e8430e07e5eb86f0af8594168d8711d765f536091815ae62bd7e28ccd38d0d5,2024-12-10T08:15:18.943000 +CVE-2024-28139,1,1,871d40bc8a7366798572b17910afce0da36a7dc3bc42652a155d0d45e3265634,2024-12-11T16:15:09.930000 CVE-2024-2814,0,0,266291004cb50fc9fa499704214f3d6d747ab61c03d4ecf60b55016bd9e70c6a,2024-11-21T09:10:35.307000 +CVE-2024-28140,1,1,dadde50b75eefe01f0efda1b4e1316f0bfd01f34e1b0c90c96285d838caa2661,2024-12-11T16:15:10.050000 +CVE-2024-28141,1,1,773ce7218ab6399565537f27891e0d778a38dc3dc5cbb9bb26f5b44019b581e4,2024-12-11T16:15:10.160000 CVE-2024-28147,0,0,385f022ef3b9e74c16d2ca430dbfe84754b0905ec234f9f62a2995438a07dfd7,2024-11-21T09:05:53.770000 CVE-2024-28148,0,0,3ac8f61b51b12f3a297806b3219d55d9a6d8e022b2f823c428c505a4ab5ae12c,2024-11-21T09:05:53.983000 CVE-2024-28149,0,0,57ed6574f074778f026c6cc859bdab33a0e7bd4d9407db0a106e88c4247206d2,2024-12-06T19:15:11.663000 @@ -251765,7 +251768,7 @@ CVE-2024-28740,0,0,59845f313cbdf7224a1102cca1548a45ffb7fb3b8466fe620d06a97690098 CVE-2024-28741,0,0,335d1d75b1ec6bbbe9be7839da86be48fa75d600721df7343911718962694585,2024-11-21T09:06:51.950000 CVE-2024-28744,0,0,d80a636691f100f09a75e0a042c51fb3034a953b6a967d3f70a481b8b5994955,2024-11-21T09:06:52.213000 CVE-2024-28745,0,0,91ef1325c98edf70fcbf24b65ae735057caef5c58bbed9642397279a120b86d5,2024-11-21T09:06:52.440000 -CVE-2024-28746,0,0,1c231e3846805e6a9046d73092da466d6ef1c979a17aa5111078cff6549253a2,2024-11-21T09:06:52.637000 +CVE-2024-28746,0,1,f7c0a76b19302af5e3ecd4ce032b605afb9edfc47472643fd23f78aceb043c5f,2024-12-11T15:42:56.887000 CVE-2024-28747,0,0,444e0665e0fa4bc7a9eed21e96c1f26d12d34db5f4f03af83617f9af0cdac9dc,2024-11-21T09:06:52.760000 CVE-2024-28748,0,0,986bd0b3a8d13558908b2e1a62f8fe2184ce6b09035b5249a0a0f5b6201e3950,2024-11-21T09:06:52.890000 CVE-2024-28749,0,0,d82cd3742eadfa7bf824ee31dfa37098b1ae1737e1fa93022ca9f93753fa6a44,2024-11-21T09:06:53.027000 @@ -254262,7 +254265,7 @@ CVE-2024-32064,0,0,4b818efa068630e74cca01d58198ec2129dcdcd54d1ab0ba6e38071bfd7c4 CVE-2024-32065,0,0,2055f3e642de798aa22e9fe63118818417c3c9e583e1ed33e3d5f139c63cfa76,2024-11-21T09:14:25.143000 CVE-2024-32066,0,0,73025f2f2401dd4eb0d797b839a173b62754a2de6ae5c872cc6048927b6ec93e,2024-11-21T09:14:25.267000 CVE-2024-3207,0,0,a44f07a61b866cfd9c1defb1f2cc6163677fc58ce9121127937bb40a8755f761,2024-11-21T09:29:08.997000 -CVE-2024-32077,0,0,ecb1612d098cd110aa5c7eaf387ab42eb7ad6a5901086531ba5ce811b22e7208,2024-11-21T09:14:25.403000 +CVE-2024-32077,0,1,956e70e4583eb0890fc95ae427b7f39579b8dc7cd7703c3e29e93475bbd02c06,2024-12-11T15:34:18.077000 CVE-2024-32078,0,0,82ba60cc46e9aa4228ce6f631a63a9303f5be477f0d9a2dc16c6651d36d28708,2024-11-21T09:14:25.543000 CVE-2024-32079,0,0,1bc3c03f2b5772f3aa8b52ceeb2e0251532ab71b12d3b25db239c0f26b173c66,2024-11-21T09:14:25.670000 CVE-2024-3208,0,0,20fe9b17d3fc58898238d23205924a5a526fd1ced372894fe476c8f8fe6861ce,2024-11-21T09:29:09.140000 @@ -255020,13 +255023,13 @@ CVE-2024-32985,0,0,78ea6114b7325a8c04ac9aa0e4625b834eaa6a7a379dc022b6fb2292819ed CVE-2024-32986,0,0,d1b7ce819901645ac612c7c62ffde7349d734d3f2f959b20546ee3beec568daf,2024-11-21T09:16:10.420000 CVE-2024-32987,0,0,db812be9437305aba39899365a128436ff503b4f39289d3b887c66850b2a6826,2024-11-21T09:16:10.570000 CVE-2024-32988,0,0,a1e6da3a9916483bfeefbe59e29c2b613eae0cc76582b29de46e4ed5c65c717a,2024-11-21T09:16:10.737000 -CVE-2024-32989,0,0,d7d0635279e70a3e0222270d3409f561300f0b5432548b660bfd65aecded4c8a,2024-11-21T09:16:10.950000 +CVE-2024-32989,0,1,04ea0bbaf9d111c442bdb505cebe5f3bdae107a664616f7f9a8a507986074099,2024-12-11T16:08:50.860000 CVE-2024-3299,0,0,5f54988f3961ed4a8903b30892f2987731660bebb7e998180c35eba7371aa2c5,2024-11-21T09:29:20.893000 -CVE-2024-32990,0,0,2c5d766f37437d6b906b9d6b8e6876fb78306782b77100369ca10b04a1b4f231,2024-11-21T09:16:11.090000 -CVE-2024-32991,0,0,2c7277e28c9eb509d66d97becceef965a9e46fd34c0fb24a39e358bb29dacd05,2024-11-21T09:16:11.220000 -CVE-2024-32992,0,0,947675130a6687abb743584fccafbdf8771854399c05b5de97b7d2a596785221,2024-11-21T09:16:11.353000 -CVE-2024-32993,0,0,9445a6e22189ae927753acf9ddbc712f526d1d91f7da507a5f277906f9a38c00,2024-11-21T09:16:11.490000 -CVE-2024-32995,0,0,aeffb768cdf28ffc69a211cdef3f7d51324f033a181f8a3d657abc7b4a568109,2024-11-21T09:16:11.617000 +CVE-2024-32990,0,1,5e0054548afd2aaad308ba916750ef8e5e12a32eca1ae59a4f9ab39d2929eee3,2024-12-11T16:06:37.710000 +CVE-2024-32991,0,1,73025012bd847e563d13aa30c9f586bf0b756ce5945a8ffa17fae4145c899976,2024-12-11T16:04:09.287000 +CVE-2024-32992,0,1,41b0cd42e0faca8b6ff2b9755f4e0721d206f7ec8d99ddf6e855ca2342d17f06,2024-12-11T16:01:09.173000 +CVE-2024-32993,0,1,3f1d9a21c2de41d4daa64120cf4e3ed11606abac340603478cd030b67b0ed85f,2024-12-11T15:47:44.163000 +CVE-2024-32995,0,1,3524752b5829daf1d2c9ee4ec1fbdf05cd2fd82d86cc64b28492ab1e52db3d53,2024-12-11T15:45:20.090000 CVE-2024-32996,0,0,aee47e292323f0b1ac0f535b43c3a37fca8ac7bf60eafb7a1882f9a9e3e5b511,2024-12-09T18:58:59.707000 CVE-2024-32997,0,0,16b204fc96dade669fd3a53adf13a4e076119183aafbf915ca2694b992d4b857,2024-12-09T18:58:20.347000 CVE-2024-32998,0,0,be0b14cb882bb1b519c7a3712edc7c02bfaf6d8f90b0de09526688017467ae9e,2024-12-09T19:01:36.903000 @@ -255069,10 +255072,10 @@ CVE-2024-33032,0,0,cd45c6e9b4663da19a70c87fe3f8a0d813e016caaad69933ae5ba086c8c1f CVE-2024-33033,0,0,569b71a7d586761f48b0e078790c716f37597cd3cc8e7fabafd88b65fe383f5c,2024-11-07T19:39:24.863000 CVE-2024-33034,0,0,ce8c0d16fea7a11c48c3c444401a7625f55e8e66fb3d1df0a9f468bb1f009420,2024-11-20T13:54:40.360000 CVE-2024-33035,0,0,99879cd12bd43ce732c659d609defc4d15925f52346eabdb57c24385fcea6f58,2024-09-03T12:59:02.453000 -CVE-2024-33036,0,0,4d0a04c006160d41decebafa745aece42b2261f768a3565b8a9bf41eaca646b6,2024-12-02T11:15:06.840000 -CVE-2024-33037,0,0,e79192ffec3ac631387207fac93e044584871ce37167267f8f709bddd3d659bc,2024-12-02T11:15:07.753000 +CVE-2024-33036,0,1,df27e2eb30829593e1986cb0c5ac9f17c7cccf10aff54e1e5a3c977f6e854c1c,2024-12-11T16:14:45.250000 +CVE-2024-33037,0,1,2320bc1ea59b0018ec6bb38c34febdae7aa9256ce53b3ffc4c70bd5dc8ae377f,2024-12-11T16:15:14.327000 CVE-2024-33038,0,0,3fa95bcb86da6690578028a8fd1c5bf34e8f52fe062a9d486732742636ea2fe2,2024-09-04T17:21:28.943000 -CVE-2024-33039,0,0,fe9f5b09dda7a1e3b7bd028ac33938468af36d88e6ee0c068179ed47e0b51eac,2024-12-02T11:15:07.920000 +CVE-2024-33039,0,1,753ee498ca04a901050a68ef5cd52980d3b8cacf87af70605e33797b216ab17f,2024-12-11T16:15:37 CVE-2024-33040,0,0,865c10a126e2cb22dc3502d1079ec63e75d9cd1a1e8f34772a9b4e207a91c56d,2024-12-02T11:15:08.070000 CVE-2024-33042,0,0,cb5fc696225b31902209ef8ef520020bd65113c14578e54cac28b7b4036e44fd,2024-09-04T17:08:07.433000 CVE-2024-33043,0,0,4be96d6d99d6a93851fa74ccd551b57467d39bbfc3170393e1e3b45957b1ed24,2024-09-03T12:59:02.453000 @@ -258461,7 +258464,7 @@ CVE-2024-37570,0,0,c4fbc4bc6652715bca1e79de02d7270384ff34a42fccaf687444a1714d338 CVE-2024-37571,0,0,52e74e356b12dcf017ae7d0b704cf1fb285fbda3feee1b616a685a1d89eb4c10,2024-11-21T09:24:06.157000 CVE-2024-37573,0,0,f353399c191e8c518ed5f310bd3c1cf066d7a5cf32048e642438abac23137274,2024-11-01T12:57:03.417000 CVE-2024-37574,0,0,6ff307d9d39c6668f210ffd29c1bb2d77f6cacf10f0058367ed4648beb3c5af5,2024-12-04T16:15:24.877000 -CVE-2024-37575,0,0,969cc86194c9fd2868f88ef4bd8d97b51df723b33b5c8aee8d48c12e4774fd9b,2024-12-04T16:15:24.983000 +CVE-2024-37575,0,1,fb41a93cda92e423debc2a813128d4d353bf25b2fe44666c8d6cd43b5e9b3674,2024-12-11T16:15:10.327000 CVE-2024-3758,0,0,ebf5799491c4d50327d301387a24bc8824b9b66932f3c9df6e38a156e61e4f83,2024-11-21T09:30:20.143000 CVE-2024-3759,0,0,3d6dc0f4725aed5b6af7da3389ad5200afc9d6c0e264cf08ee0e0679922e0506,2024-11-21T09:30:20.260000 CVE-2024-3760,0,0,d5fad616600a26c7d481b88b6373231e6fab3e41f1827fc857ae2084dfbc3566,2024-11-18T22:02:15.053000 @@ -259649,7 +259652,7 @@ CVE-2024-39157,0,0,8336a1fba517b79cfe6b2ee5fd623c9bae33ca4752e3434164b1473bb5339 CVE-2024-39158,0,0,b71b83d664b1ec68248e386f30cbace92c1b77190bb8cc0f1cf30b15a4323f24,2024-11-21T09:27:15.960000 CVE-2024-3916,0,0,391b2a0801e2dc8ce84d11254070b41e6683010998eeed388cf4fa2a5cbd556a,2024-11-21T09:30:41.610000 CVE-2024-39162,0,0,d89402b30ddce5f1d9bae9a5e9d5f1c6914a5fb854eec868c1c810e9722b3d34,2024-11-29T15:15:17.140000 -CVE-2024-39163,0,0,3e8c388ff3026a5f7e5d08f36117ea2827229a3fa22c29a58224274da0976fe3,2024-12-04T17:15:13.807000 +CVE-2024-39163,0,1,a74c52d4439fc973fabe450123b677c3c4f512c8b58d7677c23769522c0c4968,2024-12-11T16:15:10.557000 CVE-2024-39165,0,0,301bacb9ee4b80bd8b1672f3716e4ccfa691474967bfc0399bcf2a55b330c770,2024-12-04T16:15:25.093000 CVE-2024-3917,0,0,698998acec435d79065ecb64af53b3bdfe99305245ebecd5653e4e42413b854f,2024-11-21T09:30:41.720000 CVE-2024-39171,0,0,e487ca51b57de27bab9c91c5e2e674078d69d78bdd6189118036255c96252b16,2024-11-21T09:27:16.373000 @@ -260466,8 +260469,8 @@ CVE-2024-40575,0,0,a8f75e8e17d1ca3c5cff90298c3440e183032e028e89b6cd5ddda7707efd7 CVE-2024-40576,0,0,8cfb8bd5f4a4277303f3ae5754ca38f6c2227922febe0cad08d341d6250d63a0,2024-11-21T09:31:19.970000 CVE-2024-40579,0,0,da11a1c0f7825d9658796f4408f8973703e2e8887ee02d7fb06e9fa156da18dd,2024-11-15T19:35:07.323000 CVE-2024-4058,0,0,41bd13730a967fba6dfa98e0a473274805b3a9521fbf9427b1f8ca715400dc8e,2024-11-21T09:42:06.270000 -CVE-2024-40582,0,0,eb75009379b194e79ac4aa75b00c01d9e55cd6319595c2dcefb67ee28724febf,2024-12-09T16:15:22.067000 -CVE-2024-40583,0,0,ee8725121b81f830a03de013897fd6d0eaaed656c9cb3b662df7e1f312144d24,2024-12-09T16:15:22.200000 +CVE-2024-40582,0,1,dd0f2a6d540adec2bb9dbc707f94fc9dff9972da1e4d33c84f17f86b02c0ca18,2024-12-11T16:15:10.873000 +CVE-2024-40583,0,1,060f59166f99bc729cca84acecd51bc3d35affc7058999b403ee573e24158633,2024-12-11T16:15:11.080000 CVE-2024-4059,0,0,2f671c74797f14e6bdcf4372cbe6dfb45567ca4b71a7df62ffe5d87b0fb0b9e0,2024-11-21T09:42:06.517000 CVE-2024-40592,0,0,030f95dd11b97be7786719745764581faaea764968d869fdeeabb2cbceedf44a,2024-11-14T20:37:06.040000 CVE-2024-40594,0,0,bf65899143a2f4c0e93f528c3b9a7873123db8d586300b13b7dc1af3be463ad0,2024-11-21T09:31:20.467000 @@ -261611,20 +261614,20 @@ CVE-2024-42131,0,0,db085189da3b1018c39f394e11d97ed680f76fa1907c88c45ed38fab0f2eb CVE-2024-42132,0,0,62638dac35ecadbd01a50f2d7971ef730320c69562f8244ae5965c2dd83a62aa,2024-11-21T09:33:40.220000 CVE-2024-42133,0,0,c0e81121fdc58f27a3e76b08e8d6881c1a767f5a54a91918926c95174eed2109,2024-11-21T09:33:40.330000 CVE-2024-42134,0,0,822056960c6524aacc2ff35fee40fa8b035616373ee26f3432ea53ebec5d459e,2024-11-21T09:33:40.443000 -CVE-2024-42135,0,1,0d77200cd1db63536fe02bbc697ee9cac3377a841f3e6d1c18cc172ac5451f93,2024-12-11T14:59:33.097000 +CVE-2024-42135,0,0,0d77200cd1db63536fe02bbc697ee9cac3377a841f3e6d1c18cc172ac5451f93,2024-12-11T14:59:33.097000 CVE-2024-42136,0,0,46cf0449c1576cec046c7cfd30f571d29aa4a3763cd2bcc721d00c8e3b8292c0,2024-11-21T09:33:40.673000 CVE-2024-42137,0,0,af91881db6e05d40d39068871045965102a2d4547246ad7308857f29c1a14506,2024-11-21T09:33:40.817000 -CVE-2024-42138,0,0,5578d34a042bc0a91eb3eb443168291ecf7a51e5c04224989ea9b7f5c2d40694,2024-11-21T09:33:40.960000 -CVE-2024-42139,0,0,96f6c91de64e6b66fb40af811218137129e240eb03ce97745abe96e0201833d5,2024-11-21T09:33:41.077000 +CVE-2024-42138,0,1,2ce8e51b0fde318db7d0428ff2cdf9d0116586e8a438a1d53eeab5a8f7b16c1b,2024-12-11T15:11:42.070000 +CVE-2024-42139,0,1,6c0e103e5f75b2ac76d99e771683ca672a477c164bbe1ef7a1a28a3dbe12935e,2024-12-11T15:13:24.877000 CVE-2024-4214,0,0,da510569054e53f967a28428f76a9d1857d9748c5bd35dd36612f529acb12681,2024-11-21T09:42:24.130000 CVE-2024-42140,0,0,3a06aba3dcf310b0a233abacf71f34e3c9c3c71340538e3d01628aefcec5645b,2024-11-21T09:33:41.187000 -CVE-2024-42141,0,0,def5d02b55ae8bccaa99122ce7263a3d57f5c5c210825920d231271d15c37961,2024-11-21T09:33:41.317000 -CVE-2024-42142,0,0,cdc7dcb9c032f5e888946a4f3c3ae535840784b900e56671e13849531ce3f40b,2024-11-21T09:33:41.440000 +CVE-2024-42141,0,1,2fc4e010a9bf409aaa46bc661763e3c8d6570aefcb0456590c8b5eca3746cbea,2024-12-11T15:17:03.930000 +CVE-2024-42142,0,1,1f0b8ad5d47ec04cb07ede0247d762619ca8787cc7cf02335b6ed523dbe16dc6,2024-12-11T15:18:21.613000 CVE-2024-42143,0,0,b791ee8584aad3fab0f6133b2c42055a932f86f21da9efd809060c7844d97c38,2024-08-22T00:15:06.020000 CVE-2024-42144,0,0,a6739396d51606c7f480c7db232e1c0ba45ad2cf3c1dac27c382ccb723b5b95a,2024-11-21T09:33:41.573000 -CVE-2024-42145,0,0,7c301031ff9f28c38040dd4f6eefe843ef609a8e53ab17bb3ead97a80bab8574,2024-11-21T09:33:41.700000 -CVE-2024-42146,0,0,3685ed121109d29e8bb753022268a871e7e9baf280feb14dcb8d843ca17ff266,2024-11-21T09:33:41.830000 -CVE-2024-42147,0,0,65518c79dfa66ec9a145cff6ea5ee177e99eeced01b388e0d372caee6dccc2f5,2024-11-21T09:33:41.933000 +CVE-2024-42145,0,1,0d42efc0878afc4101b1c9712e065631561390e271fff0aa1e2a9a5b72b59245,2024-12-11T15:23:13.553000 +CVE-2024-42146,0,1,38f7e7eddafe08d3cc3b7ab8265493d7636dbdf17ee67e13b26c2e1f9fb352ea,2024-12-11T15:25:10.997000 +CVE-2024-42147,0,1,37700232e5824ddcc7750637072cad1ebf34a177a67b177a078f29ee2229769e,2024-12-11T15:29:37.590000 CVE-2024-42148,0,0,c51635af30babd8fb23a82f8760555530f123f4637c0661f22afdd082b6b5881,2024-11-21T09:33:42.043000 CVE-2024-42149,0,0,422ac61a9f9a61cbe33c28a82ed4481b6c7ebddddbecc52d63071c19df160348,2024-12-09T23:05:27.663000 CVE-2024-4215,0,0,5f689644b4f0e64b63b07589d472a2f3eded4fab5044816dcce4f1053fddbd8d,2024-11-21T09:42:24.253000 @@ -264030,8 +264033,8 @@ CVE-2024-4549,0,0,10210ffa203f06a447be89b0e11f5455eb3850ea3be08c403083cd49fe6d0e CVE-2024-45490,0,0,0e755f38b521ee327b8863e60086f4d8ddffd72625f642b321897e21adb9b02f,2024-11-21T09:37:50.857000 CVE-2024-45491,0,0,9f7b545be02dd6f10ba35d31f187e8a8152c958d609c25511a3c7a9fe1512d1f,2024-11-21T09:37:51.080000 CVE-2024-45492,0,0,6ab18bae2a19d3274e46d846526a2c9caf05018be54190e57425083d757a6c90,2024-11-21T09:37:51.307000 -CVE-2024-45493,0,0,5ef0cbb7f2a6c3bb44cfcef94301afcbe42066fc73362aef6bc8ce5c61ba0060,2024-12-10T17:15:10.100000 -CVE-2024-45494,0,0,56ed31c199da12f37073ecafcb368e3e93c20e8837f62cc5f4cc6f5ee87acef3,2024-12-10T17:15:10.197000 +CVE-2024-45493,0,1,21cb8fc996e7147489abf5518f5e53988f2be4a11d8c120877fc3c43bac69573,2024-12-11T16:15:11.400000 +CVE-2024-45494,0,1,e7380abce6b9c6013af539a7c294da5914f91fb3b1f4d8d4c35566df6d110fb8,2024-12-11T15:15:09.750000 CVE-2024-45495,0,0,052cbd46ff58a2733b006c164c39180c42ff3c9c0f05edf173b6ee70b661cd18,2024-12-04T17:15:14.537000 CVE-2024-45496,0,0,74a9be979356ea8fde89b58b314228239f4439d9817ea72cbce4c295c1c57f3b,2024-09-20T12:31:20.110000 CVE-2024-45498,0,0,ca7ab14623fe44aa59d843f355963b5b1f5525ef3bebc4a2486921426a009155,2024-11-21T09:37:51.613000 @@ -264408,8 +264411,8 @@ CVE-2024-46330,0,0,fb0912248c72cdb890e148fb8d15fc4a24d9dfffc5c218fc836550de7cd4e CVE-2024-46331,0,0,6291a6cdf65b126a104c517cdbb8a547242f83239cadbf67a03f4d15648664f1,2024-09-30T12:45:57.823000 CVE-2024-46333,0,0,c870313be8293ae808f6f74cc79ece6e4d82dedcd46cf642a068e85f3720b28d,2024-09-30T12:45:57.823000 CVE-2024-4634,0,0,5b054bd144b9176362ee5c6f20d9184237b3f1751e5cc99bd16dbf550697f8a4,2024-11-21T09:43:15.343000 -CVE-2024-46340,0,0,37078bf5f7f3b7a1ef33e5e4adee87eecc0074045c3312ec06566ade68ff9a5e,2024-12-10T20:15:15.003000 -CVE-2024-46341,0,0,b001c98e3a96186be77e567c8b4593c21fb91e3a1b9d0c6b1574a97322024b0f,2024-12-10T20:15:15.110000 +CVE-2024-46340,0,1,3a6d2620901e78124f986ca9365cc101e02d5d24137c2f1e537ebde1858a2b64,2024-12-11T15:15:09.920000 +CVE-2024-46341,0,1,76411c294df22115ae6d6f97858ccf7088e9b319b55ff1b5aa45949d6055071a,2024-12-11T15:15:10.090000 CVE-2024-4635,0,0,87f43db3808bf2002a7413b8e77f45922cac81f6b6e7149135bfc36fd2d70fdd,2024-11-21T09:43:15.457000 CVE-2024-4636,0,0,8496ac08c742f16db29c83aed5f523dca16873775dbf14d9aa4b48fa10b23c93,2024-11-21T09:43:15.583000 CVE-2024-46362,0,0,fb5d79f4b45f1bbb3eb6ebc0aef2b631b253923607b2e455ece7fd1f0a5d6943,2024-09-20T12:30:51.220000 @@ -264437,7 +264440,7 @@ CVE-2024-46424,0,0,2273b0f58286ad09b52a454674cc24b223f9c5afb4eee6fc1ffbbf08a1bb4 CVE-2024-4643,0,0,c72eb0e24aa15a0242ddb46f10dd387e245484987d8feff675043a9a2f0b31ff,2024-08-02T12:59:43.990000 CVE-2024-4644,0,0,789900a44e8049f565d0a084645f78e0226f44174b1ef54d3027776d0eb82aaf,2024-11-21T09:43:16.477000 CVE-2024-46441,0,0,228695ddcca85ab6755bc8a154549c980bf013ca49086460cfb0ab87ca194c52,2024-09-30T12:45:57.823000 -CVE-2024-46442,0,0,6c8b8bef1dab21f40adbcd51dfcf62b9d321d44a0adb5ec18375679fd239b811,2024-12-10T19:15:27.030000 +CVE-2024-46442,0,1,64a4ec7011d1bbfd9d4277368faf63efcc18f0a591536ff8ceb42844ce318aa5,2024-12-11T15:15:10.250000 CVE-2024-46446,0,0,32498f8ed9e97dfaea9d9d29b52aff01ff427c37b0ae17db53d50ecbc649b2b9,2024-10-11T13:04:46.337000 CVE-2024-4645,0,0,ae6fcbc17927f6fb7b15dd7e2cd4ad23d3bc0045e51ea10de74a0f641554c9cd,2024-11-21T09:43:16.590000 CVE-2024-46451,0,0,5691c8cee8fae2502da71b898418de27414898c09a161c995aa0a792f136951b,2024-09-17T14:35:31.353000 @@ -264481,7 +264484,7 @@ CVE-2024-46539,0,0,ae91e2d70102a1f16abd97afb097daba74795893f1a3d024416684e8f573e CVE-2024-4654,0,0,3ba1a7fb0c9b6d7f54909c48e7df48bad4f328f4a19665a74071d60aed80ba01,2024-11-21T09:43:18.787000 CVE-2024-46540,0,0,5c4d8363d4bde694b44e99e56f90b2898aba08a12423dcef920dec1f4e57f71e,2024-10-04T13:51:25.567000 CVE-2024-46544,0,0,18fdd73b046b2ee0cd6f9e6a9d70043cfeda335681c354a0d0e609ab48ccce27,2024-11-21T09:38:43.193000 -CVE-2024-46547,0,0,3df63765b4ab07e6a9000287a27055c4ac894777f8a45b549706fea239fce3d4,2024-12-09T19:15:13.483000 +CVE-2024-46547,0,1,7b5729bc6d7cd2479d78c1356fd3b0269c06474f83104ab9c21af786822a1c95,2024-12-11T16:15:11.573000 CVE-2024-46548,0,0,ecfe181e9afdc259eed5f8be096dc10a92316fd358c5fa43e082d2e50cbd68ce,2024-10-04T13:51:25.567000 CVE-2024-46549,0,0,edbf216bf879ba7c923eff6c52eb6ed795f85072ffbfcbf3b9300da192237ee6,2024-10-04T13:51:25.567000 CVE-2024-4655,0,0,b564acac714555762a0ba415fc30688b7f3d2d29406dc5c7d88a108801940d9d,2024-11-21T09:43:18.907000 @@ -264536,7 +264539,7 @@ CVE-2024-46612,0,0,e8870a8bb445c23c7ae5bf4aade92a65f12442d4b320c6776d50cdc0fbee7 CVE-2024-46613,0,0,8c2d66370d93094092ee82785e548b32b2278867ca9c8a29f2da471a13fd64e6,2024-11-19T21:35:06.937000 CVE-2024-4662,0,0,a5946fd4e271464e0c94e8fadff0689ed378ccaf6470b84420e776c96e0baead,2024-11-21T09:43:19.670000 CVE-2024-46624,0,0,1d781dac5c3c03f9553a33e0c8f61a0000ac641e3c43c8e2d01875530634c569,2024-12-04T15:15:11.727000 -CVE-2024-46625,0,0,7870723827de5d723252c3bc60deaa90bd86da4a85a89035974723904400e187,2024-12-03T22:15:04.860000 +CVE-2024-46625,0,1,a71dae4f94fa8c690b0d8806dc95d669dc35df1e9bd6eee6ac14f04f1fa13c47,2024-12-11T15:15:10.417000 CVE-2024-46626,0,0,5f2da2d194da31d583545399c8aa7d58649fa22471fe456c45183b18d5dd3c81,2024-10-04T13:50:43.727000 CVE-2024-46627,0,0,0c5414c3108a60fbd8dd5be57009bc21ccc602b3d930b11bc9ca489fa6665e0f,2024-09-30T12:46:20.237000 CVE-2024-46628,0,0,1a604611b1fe26f55d4e91d4fe1e0795a8a32227ef72d5e584b34a1af2b189f3,2024-10-04T17:18:31.663000 @@ -264555,7 +264558,7 @@ CVE-2024-46649,0,0,e8b2cd300844f1c59beee3ac2f05f3f00e936271390dc0616870dbd7a2707 CVE-2024-46652,0,0,bb4315f4676870a2958627d6a10346591627716380bc9417bf1af7b8f8172137,2024-09-26T13:32:55.343000 CVE-2024-46654,0,0,cf5866a14faf18f30b0ea2b34d406414f89a6e2e1ad943bf64619bd6e04b1142,2024-09-26T13:32:55.343000 CVE-2024-46655,0,0,619756e28facd4dcca44a3c94ed931cf61b4408f1c51eeb5eca49c9e1ace2a15,2024-10-02T15:40:36.090000 -CVE-2024-46657,0,0,294536a39265a7f0d22e33c954bf8e2730d7004ceb0999414bcf492226ab038e,2024-12-10T17:15:10.287000 +CVE-2024-46657,0,1,ae6da1db16a03bfd7d10564071d783b76959e08d1f988e5440abb1a0cc4e99b6,2024-12-11T16:15:11.770000 CVE-2024-46658,0,0,8759efef114d9b796a08c43f5fa85fe56a819964b257a73be81a7a6eec47c6d5,2024-10-07T19:37:30.467000 CVE-2024-4666,0,0,b7505f51131c566a65a04c854bf3da56137a32df8f67317652113aca5c7be8be,2024-11-21T09:43:20.073000 CVE-2024-4667,0,0,0ba4feb9061227f326b9f44983ec481dee587f64e4899bf77e538f69f9f74063,2024-11-21T09:43:20.190000 @@ -265474,6 +265477,7 @@ CVE-2024-47754,0,0,15efe46b5acd24e6a048863fe4e659f9670882dda2e519b1e7e7ce2228e3b CVE-2024-47755,0,0,8cf25d07e196e075734f98083f38dbef19fd8e91fd1c66d640e943585b9e2f41,2024-10-23T06:15:09.873000 CVE-2024-47756,0,0,1de05fda503d02fa87bd65fed649de9909414f3433775c910b61f18ec7e108ff,2024-11-08T16:15:28.193000 CVE-2024-47757,0,0,4e322af9265d57e4063793da36297e2e8e33c72df9516cf2e3471642eb8d6f80,2024-11-08T16:15:28.343000 +CVE-2024-47758,1,1,be92b3dcff8f70a518a1f5cc02a81e753c1712bd1bec988bb937659d5a64280f,2024-12-11T16:15:11.947000 CVE-2024-47759,0,0,1fd116c727aabbd54984baaa595563834133a65845c6f288b440b9da6678ff32,2024-11-21T15:15:31.887000 CVE-2024-4776,0,0,2a2b40e79143dfc9f450d4468b54f62c55f3f15452736cde9c1621738d0e995d,2024-11-21T09:43:35.370000 CVE-2024-47762,0,0,ed6d8e4baa5d7147af1ba2857c162b2f60951a58b12f0b0044596a4ae5e7cc4b,2024-10-04T13:50:43.727000 @@ -266045,7 +266049,7 @@ CVE-2024-48952,0,0,63abb6d7c6cbe19516ecef34081aac5ecb1d40c537dba83cb235852186459 CVE-2024-48953,0,0,ac3302a48298a2fa902983e4973a1540afc2a7d3db14674d5f84dd13d808f0eb,2024-11-08T19:01:03.880000 CVE-2024-48954,0,0,ff9a31bf4829bfeb29bee0e4bfc2eb280078b0d07e27c4d23a3f5a4e5e4b0bcb,2024-11-08T19:01:03.880000 CVE-2024-48955,0,0,c71d9316ab4da42302cd757b5402e5c5359560ccca727e8b578e5a7a2f7946aa,2024-11-01T12:57:35.843000 -CVE-2024-48956,0,0,2b2ccbc1ca56a7c7018017080fdbb2fcb2802d1e422bcaae4bc424f8bdbadb46,2024-12-09T19:15:13.590000 +CVE-2024-48956,0,1,58c44d6977150b43c64360241979c200f435cff4bb4e4582363cdf588f28ca5a,2024-12-11T16:15:12.107000 CVE-2024-48957,0,0,5fcdfcbeaa463107575a01d5356d8785a9ae755870410379189773fce30e9e71,2024-12-02T14:58:55.063000 CVE-2024-48958,0,0,4bd7d702f5c7b44ad567fb715dd16e3f71bc515beb7581dcafc207e9d8028dfc,2024-12-02T14:58:37.067000 CVE-2024-4896,0,0,ef189d5f622141b552a69a284f27bdc35b6eea4796886217c4efdc58b55e36a0,2024-11-21T09:43:48.887000 @@ -266800,13 +266804,13 @@ CVE-2024-50063,0,0,3b5ab46f8320ec86decbfb8639e1b1e04d84924116cd0ee6210d300fde89b CVE-2024-50064,0,0,2a0293833921e1332bfd350afcf732a34eb77b0abeb7f463e77d57b5bdb3f081,2024-10-23T21:49:29.423000 CVE-2024-50065,0,0,84caec01af79e694589460b1fd2d22181973d74a594b1014f17ab14d35b8559b,2024-11-20T20:07:01.320000 CVE-2024-50066,0,0,5152114954b2ad4e8ec7b5c3a842d9a276a29bd9316bf6303fcd414599f10b2d,2024-11-25T15:15:07.570000 -CVE-2024-50067,0,0,4756955b3c33a0c27175f583ca5702d7dba0322eb7a197b36deb314c07febfa5,2024-11-17T15:15:19.113000 +CVE-2024-50067,0,1,9104176565a799c30e4b5ab08e38eb10316f89060bebb875ebb360b27e4a0cc0,2024-12-11T15:15:10.943000 CVE-2024-50068,0,0,165746773322f9f91c4968723b044a9f5e9e5ffc592c2389d486be015509505a,2024-10-30T16:57:35.427000 CVE-2024-50069,0,0,1a3ff5e2e3c7d29ac1d15dff8ac05d381a9c14cbc1952960fbfe43f9fea6d99e,2024-10-30T16:58:19.983000 CVE-2024-50070,0,0,59d989e5f1a3a0e881a89138493f714d298b5f74485aecf2eee32c1499028932,2024-10-30T16:59:39.013000 CVE-2024-50071,0,0,deabe94edb158198bba63869a8d8e774ebb104393fb4f4a59f15e645b616d1f8,2024-10-30T17:02:34.740000 CVE-2024-50072,0,0,9ec3b3a7984ed91cf0149394253e55d50242b323c25ff4b0065ebb757c18e457,2024-11-08T16:15:45.547000 -CVE-2024-50073,0,0,d406f2f44e660dd7d0bb0a86330edcefff436ffbbac0f54e40e1091eccc7c556,2024-11-01T15:44:48.527000 +CVE-2024-50073,0,1,8acd1067a72c354a4c91351e479e2534e8922d45e605cbea33839d457707b149,2024-12-11T15:15:11.137000 CVE-2024-50074,0,0,61eebf3e2149f7c90eea0d39f5c4f7a1446437181ddc9e4650959013733cd106,2024-11-08T16:15:45.653000 CVE-2024-50075,0,0,68616b67c754e19c6ccc6ea6877f70c2f5d613dbcfe5bf56068fcf340012c086,2024-11-01T15:51:59.300000 CVE-2024-50076,0,0,5daae7f27ca44caffb770f6311cb1c6af6661f92d1943e65674223c9b18c02dc,2024-11-08T16:15:45.873000 @@ -266818,8 +266822,8 @@ CVE-2024-50080,0,0,14ca41006cf8d3856360ce36d4dec73ad47e1d21cae14bede5b834df78aca CVE-2024-50081,0,0,c7cef506a65963c7c06b5d9acc3b64f2a52d09794e2dd8d97f0c4cb0b608b7e1,2024-10-30T15:45:39.047000 CVE-2024-50082,0,0,8e85b94985a472359e7ad0617254fd31b64c77f2f36289cb4bbc5af5d6a75492,2024-11-08T16:15:46.080000 CVE-2024-50083,0,0,de1d51f865c94ab365e97cd039ee3870a1a30b178e746690742c8e78aca3de82,2024-10-30T15:07:02.577000 -CVE-2024-50084,0,0,75c604219e00a09e9d9402be8fd9afbe2ff017195fbab560fd75303143dd7917,2024-10-30T14:56:07.497000 -CVE-2024-50085,0,0,d8b35d78d1d6dd25898af85d77710646afcca907f8d27744c6c2b8d8f07b8809,2024-10-30T14:49:42.953000 +CVE-2024-50084,0,1,b5257c57e10aeb1b0e84c4712b2b356a0ca0c40710c5a3dd9a3145007b3bef22,2024-12-11T15:15:11.340000 +CVE-2024-50085,0,1,b3ef415259af94dfaf8bcfe0bcff2c51beb7119bdbd5c2e18d18d67b492b8793,2024-12-11T15:15:11.520000 CVE-2024-50086,0,0,c6f33f3609f366d17ec962500a85ec8a163f627e45c9fc88fa1d938f52063985,2024-11-08T16:15:46.247000 CVE-2024-50087,0,0,95d447f6a3e5e9775f53a0aac1fc1d8bc3fd599edf42d3ca061af2094ebd2cf0,2024-10-30T14:40:16.377000 CVE-2024-50088,0,0,83a7a5adff7f3483f34508e6fe25dee9016d86cd5e803da2007d8e3925e20cd7,2024-11-01T16:05:44.403000 @@ -266842,7 +266846,7 @@ CVE-2024-50102,0,0,72cb5d0cb3222b2a863b6e46989681b3bd99200a88de332959a19fded3f65 CVE-2024-50103,0,0,c5874ed5ee009e99c7635eb84793346ff3fd9078ea7f0b5f00393faa1263138f,2024-11-08T16:15:46.900000 CVE-2024-50104,0,0,6319d5ccdd75f8442046ec2a989cb19c8661b7cc114974949123291e5d40f219,2024-11-12T15:05:45.587000 CVE-2024-50105,0,0,f12756e98f302ae55d88ee378aab0bef1d452776bda7152c23e93259310938f0,2024-11-12T15:06:14.500000 -CVE-2024-50106,0,0,5a6337210a716cae5c4b27b2bfef1e9fc48c6299d59630f258324646e120c973,2024-11-12T15:07:39.707000 +CVE-2024-50106,0,1,9f44eb3a331b638ca6d97571283a24f1a5c6b44a1c6b5472559cf1ed8f0d6892,2024-12-11T15:15:11.693000 CVE-2024-50107,0,0,f8434ad44a4bbbf0d3fda021140be027e627d16a402e3330a35ef82f92975555,2024-11-08T21:27:32.240000 CVE-2024-50108,0,0,038732832d6e900cf1bd6809186c01e3e804599a09ce4d23557020a3799af86f,2024-11-08T21:28:02.227000 CVE-2024-50109,0,0,6123f23bd89382f9f5dec597e9ad7a17cab5f2f900576fc7d2d4d8d8a9aad27c,2024-11-08T21:30:11.820000 @@ -266851,7 +266855,7 @@ CVE-2024-50110,0,0,358278e218f971a698305df60d13fb80bee2e79463f58d54593ba45c07cd5 CVE-2024-50111,0,0,45ac4fba6155f03cdf3b1df8901c4074b2cd895443f066c9712d098070dfa6a7,2024-11-08T20:32:08.217000 CVE-2024-50112,0,0,483aa3b5060eb7d8c218cbe218c15d5c0ea1ce3640422d8272e053e7bbc7eaf7,2024-11-08T20:36:03.797000 CVE-2024-50113,0,0,567ff423884897f0704afc2155407d318a92ac19dd73e695c1eba123f7619c2d,2024-11-08T20:37:04.953000 -CVE-2024-50114,0,0,452adfcbb9f28dd1ce22fa3c5ad641daf81db13ba08c2d313786b2e02b09e2fd,2024-11-08T19:11:43.650000 +CVE-2024-50114,0,1,0b517ceae1aa1a331cbff68ad3f3d8423c88e33a9a4da4b05bbae4a97a9d3c0f,2024-12-11T15:15:11.923000 CVE-2024-50115,0,0,7a53ffec63ec538b9018841bc1546eac75e530c8af76b64b09895f00c6907f80,2024-11-08T19:14:49.233000 CVE-2024-50116,0,0,042b03a456843d5c9794ed93bbcf1f61c9ceebf2c8a06a89263272dd1e595480,2024-11-08T19:17:01.350000 CVE-2024-50117,0,0,3a1b12e6fd37e955a55966c5a999b7809cd7f5a24e2f93175d145ae95bdd9e90,2024-11-08T17:53:01.860000 @@ -266859,13 +266863,13 @@ CVE-2024-50118,0,0,90c06df65888bc4320b61b70dd8c403e4ebb4507f5baf8ec007a28456491a CVE-2024-50119,0,0,36e112b3e81c6f6f664c93cced8bbdc6bf05e605675df1b39ca83fc21a537aeb,2024-11-08T18:03:02.373000 CVE-2024-5012,0,0,b4c3893f8cffde4b811b88a9f5393c374b70816266debdc0796dd984b92ac84a,2024-11-21T09:46:46.790000 CVE-2024-50120,0,0,22d8f0eff1cf6670a21ee4ef3fdd5fcfc1508a1de4e1cb70be2d5dbd83413e1d,2024-11-08T18:04:08.080000 -CVE-2024-50121,0,0,0ed75a800e8d96200a965c67c1eb87fd04fbfdf8b08a2496f7bf18e1d51467da,2024-11-08T18:05:13.947000 +CVE-2024-50121,0,1,97f0d2399d6d99207115cb51bd2b4ec5b5eb3fc648a69308b3eda5f72f840e87,2024-12-11T15:15:12.220000 CVE-2024-50122,0,0,d20f7d56dcb90ef30135ad7b5672bb2fcc11bf21d931498054f170b462b6969c,2024-11-13T01:06:36.360000 CVE-2024-50123,0,0,d85b80df46d8dda5ed2c804443f7128f609aba0f1d127d9d4a8faeb76a12b423,2024-11-08T20:03:49.163000 -CVE-2024-50124,0,0,c9e55e39d7498dee3eac37217c38d304ff2599683c25748e7aae2723f842af70,2024-11-08T20:04:05.847000 -CVE-2024-50125,0,0,eb11a134cef0f474e89cddf0261b3d36e6c9c8996bede7e8301cb03df71ab646,2024-11-08T20:04:33.913000 -CVE-2024-50126,0,0,90f444e9e6f693b36ad25aa0ca4567d1e49def884b2659dae1acb74f8aa744d7,2024-11-14T16:15:19.990000 -CVE-2024-50127,0,0,c26ffce944dbc5c8a3efd562d11f5035af77d1b8eb0bbf1d396f1cbf1859b4b4,2024-11-08T19:42:39.257000 +CVE-2024-50124,0,1,e7a92ba697c5b5b7b448249ce1d4a60b0d2e51a468a0dca8482a7413da6391ce,2024-12-11T15:15:12.437000 +CVE-2024-50125,0,1,0751dc8bcadf48fb132610d5cdd60a8dfcecc409ac6f1176f87e0312d994ec0a,2024-12-11T15:15:12.633000 +CVE-2024-50126,0,1,862c3d8699fd263dcc734f14c17567381ff2f9d3975d93d517b5cf6f05c4f43c,2024-12-11T15:15:12.797000 +CVE-2024-50127,0,1,14e691dcff3be7b44a2e862c8be6dd3b7fb8e12b2bfeba5e6287ff367c90382f,2024-12-11T15:15:12.983000 CVE-2024-50128,0,0,5a6e47cd9b5d69a2eea013f8788e8d5c29dc7ba908f82d447bdc15b8e487da34,2024-11-08T19:39:38.027000 CVE-2024-50129,0,0,4afc9b05928cde60da6fd42289df21085616ed6772331b233c0f07a2117e1699,2024-11-07T21:49:14.723000 CVE-2024-5013,0,0,e1e7f2f15abd8b5ddce78bb3bfd5b29ef2a6e608e2ff5c6e5a25699ed1c42a03,2024-11-21T09:46:46.933000 @@ -266889,13 +266893,13 @@ CVE-2024-50145,0,0,98f53d30fdb8b23e9497c3781c9f52abd6382f34216b5d55340deb2886842 CVE-2024-50146,0,0,576d99b8e5e2a970e9d1585263ebf8379f3c88f3516f00e95f9363c014e5a3d0,2024-11-18T21:17:20.177000 CVE-2024-50147,0,0,b3b71bdc694c103dbc53ae8dd319728eabf98a5d7ef19dbedccdab8d20522d05,2024-11-18T21:19:21.917000 CVE-2024-50148,0,0,29eee073fa03f15b890aa5c0bce0077794c99acb699f53407212567151a1a25f,2024-11-18T21:24:05.020000 -CVE-2024-50149,0,0,76da63230f6f2b22d17b20891ef4bbba8ea7ee767a4da13866da85f217c40ff3,2024-11-20T15:45:13.163000 +CVE-2024-50149,0,1,c787490f93b85be8fc6ccda6ac0403d02734503c1dbcd49a6038dc27a90e3da9,2024-12-11T15:15:13.170000 CVE-2024-5015,0,0,9218c0d4680ce7feac4e690eef9de38e90fbacbd010584a684598c56ec66e8b1,2024-11-21T09:46:47.193000 CVE-2024-50150,0,0,6fc0633d9b5e0ad5c9c0b065153f7c86cc55af52abb1a12e91f4325ef83db286,2024-11-22T17:29:00.880000 CVE-2024-50151,0,0,62ad275354c7f8426638d9d3cf6ac2c18d4f6587fc81c2e836120fca0d5f264a,2024-11-22T17:30:55.633000 CVE-2024-50152,0,0,ce260ef40b16562745980e81801229188ab0549d552df6e6dfd81c947dab4664,2024-11-19T02:16:17.787000 CVE-2024-50153,0,0,4390df0987d50d0c03cb92674634c76add54a8ab8f3c4746ec3bb9e53e9c8704,2024-11-13T15:23:49.717000 -CVE-2024-50154,0,0,68e99ff646e0b846722e36c0c42555ebd763fba56a3e7b0c1217dc93237906b5,2024-11-13T16:17:12.473000 +CVE-2024-50154,0,1,78af2291539657148df46a6203eda519efa91f200673e114d87ed0ad5b8b93a4,2024-12-11T15:15:13.367000 CVE-2024-50155,0,0,c5063d98839af9d5fcd24d0982a07b756abdae2b5ac49f5ad75a4155214f0033,2024-11-22T14:51:14.477000 CVE-2024-50156,0,0,313f4a30bb97fe613d7a7653220845e53b6fc903127436dfa2e83cba2adae249,2024-11-20T13:58:04.447000 CVE-2024-50157,0,0,b30fd5caf3999a2bd0a30e199ef62faa1bdedc8fae41c7f6097b9609910de37f,2024-12-04T17:24:49.570000 @@ -266935,8 +266939,8 @@ CVE-2024-50187,0,0,607048623b7e0497d5b4d09af6eed758877b192144932ed6b00d55e35de54 CVE-2024-50188,0,0,a0f9600f02706c4c4c201ae8fa928c2340849d4ff2323579e41ceb41b53346b3,2024-11-27T16:14:31.370000 CVE-2024-50189,0,0,5d4f496901033a53673f3eb245c0783e3367982581bb1f34ad55281445cbc8bd,2024-11-27T16:16:12.133000 CVE-2024-5019,0,0,13a964a31ae92f6c701250c17ee23952d616ded8d06447cc355da3c71370577b,2024-11-21T09:46:47.743000 -CVE-2024-50190,0,0,63ca689cb898e8402e49674b58879891f7896eea624742bc88889a0c9da07f1e,2024-11-08T19:01:03.880000 -CVE-2024-50191,0,0,6b7b6dd67d73bf9cabccf743528d8afb4a2f7225f73a246601db1e931b565445,2024-11-08T19:01:03.880000 +CVE-2024-50190,0,1,7ac9cd1e12c8f2bf5046127fff7c72bd6eebe5692867475854909841c54a3cf3,2024-12-11T15:35:15.513000 +CVE-2024-50191,0,1,6a9631f8c5a19b8e1ee2344daa1d0c5853c2469cdf1877ad20c7f06e4d8cdc3a,2024-12-11T15:36:27.330000 CVE-2024-50192,0,0,c63addfc8ced2b086c990b79a9316ef60d0c871b32679a650a4651f7c1584eac,2024-11-29T19:00:45.733000 CVE-2024-50193,0,0,cdcb73db336e1b3804f6930b8d0d72f531d36affe38055af409d00e3eb0e592c,2024-11-29T19:29:23.710000 CVE-2024-50194,0,0,426419d359b9a48931872d3b17b8f19b6404793a867bd8299ab6d640e9ba5434,2024-11-29T19:33:26.060000 @@ -266964,17 +266968,17 @@ CVE-2024-50213,0,0,6b6c5c99bae9d38c8603765d7bfca68f1c9730494c23cd3b133d5de8b00cc CVE-2024-50214,0,0,451a6a2d925e211067a1a30aadf8ed18a9288df06e410b26af6e395ca2f1f057,2024-11-13T17:25:55.197000 CVE-2024-50215,0,0,6d1923bef2f218b2d9180eac1357fefee47bd02f42e6ad5dfa71a00513236d25,2024-11-13T17:35:17.697000 CVE-2024-50216,0,0,173c858fca904c6b8ae3808e39fe7eb2abffc64106c67c7401645a47033740f6,2024-11-12T13:56:24.513000 -CVE-2024-50217,0,0,9d01d05f665417005581fcc04327969265e81e034608896709feb1974ea90828,2024-11-19T02:16:23.163000 +CVE-2024-50217,0,1,b147ad2d6076701e61433d5b83df01df4acbb73e8afe3b2afa817dd4b2f55698,2024-12-11T15:15:13.550000 CVE-2024-50218,0,0,0fb6d6d645b3a2c6757f1c38779b956e24c411c7561ebff1cb364f4755c7ba07,2024-11-12T13:56:24.513000 CVE-2024-50219,0,0,57ca6b6c0667d0c6ff47560f6866cfa36318c7798583ecd36bd30e6bd0856676,2024-11-11T14:15:15.210000 CVE-2024-5022,0,0,5b6a3efdd4d60867c5f92a74dc03d6d315003ef2b7bcccb3d88540b8e628ef85,2024-11-21T09:46:47.990000 CVE-2024-50220,0,0,2f5b08a8a976fb59cd4153656c002fe303de6f26af5c2fe468160ef65aaab472,2024-12-09T22:15:22.400000 -CVE-2024-50221,0,0,7f9b234b6927e00a5257de2ee4a1c13c8a86b50f09cde179825782d51b4d1926,2024-12-02T08:15:07.300000 +CVE-2024-50221,0,1,774a827bf061d12bcb20367dd091f01ce7a3e3dbe5b9d33442f46fae674c45af,2024-12-11T16:15:12.310000 CVE-2024-50222,0,0,e48bbe4f4c32f317caa534e65c9c030211f66bfc035d024a84693bf51e94c68b,2024-11-13T19:23:10.880000 CVE-2024-50223,0,0,8622549e53d75d79301e2ef4a0319304a34a854b1e943edda58de732c2c66ebf,2024-11-13T19:22:54.647000 CVE-2024-50224,0,0,a4a890a83b4d105cadfb8079deb89a5cac614a3c4a6ce55de4665f10eae7c82b,2024-11-13T19:22:15.023000 CVE-2024-50225,0,0,5ceb4739b4c857ef2d8f7ab573c61841f2f033837a27aa3b49adf839b9d07433,2024-11-13T19:21:44.323000 -CVE-2024-50226,0,0,ab2f67ba128f247837f5b4a5c9b389cd8303f68ad54c44bdf046f98c0ffe2e14,2024-11-13T19:04:07.347000 +CVE-2024-50226,0,1,99646c8ad0922f36630ce9a8eb5fd3ad877465605dd8fbe63c8098a599f5ae8c,2024-12-11T15:15:13.723000 CVE-2024-50227,0,0,ef06e5b18de516ea2d427c6c6f5f64cf4e0ba7915e0317f96630d2b60bf51b9e,2024-11-13T18:39:07.120000 CVE-2024-50228,0,0,37c3913d336b47ac0b86b84cf7c1b8166149b9dadc2c36f6d41c5310e7c6c60f,2024-11-28T17:15:19.577000 CVE-2024-50229,0,0,6705ef1c18f1273ed8f7ec93798720dbea872900ca37ff7a642073e6f1c20d74,2024-11-13T18:35:06.723000 @@ -267008,17 +267012,17 @@ CVE-2024-50253,0,0,1276ad9b936e016302f29bb502eb76caa660eaa5508e986e26acaeab94fa8 CVE-2024-50254,0,0,19299e57da235bfd89d0875751637e2cc9ad9e3058723a2392ca5be689114dcf,2024-11-14T18:09:48.530000 CVE-2024-50255,0,0,432ffd9a8a4d8285d34e746d506fbc8f34cf6ad2107ac5b7462676e188542097,2024-11-14T18:10:12.383000 CVE-2024-50256,0,0,da7409ea6f37017b9509db8e1d03cd79451c987d7cba2b77a28f3790c180141a,2024-11-14T18:11:08.250000 -CVE-2024-50257,0,0,6c66da56fcc4448b85a0cad1b9fd2cfe1471ff7fe20ceb1bc18f9f73a3257e3c,2024-11-14T18:11:39.990000 +CVE-2024-50257,0,1,709c952c23f6f2c85756fa281ef4d4539da93958904cb8b8a9d399dd5e519f97,2024-12-11T15:15:13.913000 CVE-2024-50258,0,0,85de666a54483df74438e7b8b8912bfa54c0d69597a74464a374f93459e1a1f5,2024-11-14T18:12:39.487000 CVE-2024-50259,0,0,677e0e1bbe84ed4ab3644382c3f2533d28ae11f50a1fc23ec0092a6601ed2d49,2024-11-14T18:24:11.470000 CVE-2024-50260,0,0,eebfa27953e35b054c12e5e328e8666a82e16db3076b6aad7980b056c6faa68b,2024-11-13T18:47:43.830000 -CVE-2024-50261,0,0,333d730eeb85056cb9c410e360cf647bdcf4ce7f7fa5d6a2d639c1f49ebe83f2,2024-11-14T18:24:41.597000 -CVE-2024-50262,0,0,7e74b1108e27c94c76ebea433e7ef2497f449aaad32802cff90a56652a2fe218,2024-11-13T21:10:44.267000 +CVE-2024-50261,0,1,859333bc625e392047b9a3e1685efd1bbebb6888814fd4e4b6c9cb690add0bd4,2024-12-11T15:15:14.133000 +CVE-2024-50262,0,1,98db827853cb172853751d52de2f37b7074faf6606a02ce0073bf6eea45e8797,2024-12-11T16:15:12.513000 CVE-2024-50263,0,0,f06e6134ccb0adc7c68fb34b0fd051b960793d90c07ba119f21944583aa782d0,2024-12-09T22:15:22.497000 -CVE-2024-50264,0,0,d2cf1884d56c358a35ff53de7c599c1b0d31d4478d580c8fa443ab81c0b929c7,2024-11-21T19:28:21.187000 +CVE-2024-50264,0,1,14c7090f0a5e1a516c9eda359f824b3dfc64f3c47406e6400bee0da6e412bf13,2024-12-11T15:15:14.343000 CVE-2024-50265,0,0,fa9bfd6ad0f0101c353b18b299487d9442ef977f4f0e0bc3cabf877a27fb3bd1,2024-11-21T19:28:00.687000 CVE-2024-50266,0,0,6b4f879c302c2e5cacca5ca86892f0d52b9fc7b04713dcc37be7633a77f8af17,2024-11-22T19:24:43.233000 -CVE-2024-50267,0,0,f4d40c9af9e0fc539808bc91d5651ce05fd1fdd56c8883bbaff3d2d7ba8dc2c5,2024-11-21T19:27:46.517000 +CVE-2024-50267,0,1,7c5059505736b98bc51e6027391f2a740f1beb26680e387f107333a7dc0d5193,2024-12-11T15:15:14.533000 CVE-2024-50268,0,0,7c138d89dbb7a0e69edfe8399f7e81ba38594e4c9709b35bd0ac419f71196348,2024-11-22T22:13:47.450000 CVE-2024-50269,0,0,08dd3f234bbe0775aed81c63daa40d32c7fc72d3655c4eeaed98c1d9c9e8608e,2024-11-26T22:30:27.420000 CVE-2024-50270,0,0,e2cebf6c38789da2746318179b61d916a4b8eb21545b04b6001b05e81a6abdea,2024-11-26T22:38:18.377000 @@ -267032,7 +267036,7 @@ CVE-2024-50277,0,0,c1061fa4d8ff42c39e669074ab42e7cb90df575f03a05404df2b2893e3e5b CVE-2024-50278,0,0,ed452b3654b9ea3f92fcde24a9a8547cc9d042e768f733fa2d6a6c26f5655850,2024-11-27T16:00:23.223000 CVE-2024-50279,0,0,57b9eb4bee2e4b8c746696d2f77e4b7a23b660ba2233137329bda9edd3e5a25a,2024-11-27T16:01:09.817000 CVE-2024-5028,0,0,dd1dfc08c8c4ad0249eff6068a8953d40d7e70c3ce4697c65d3cb70a1f48c49d,2024-11-21T09:46:48.530000 -CVE-2024-50280,0,0,11a1a8b1b58475d3237a437167dd9ab60a2fb42d1a5d80b74f255c9d05f0dd67,2024-11-19T21:57:32.967000 +CVE-2024-50280,0,1,b6a13b4a1bf730cfee2fa214d3a5f3f7f9268a884bdb652dd0a2e1369ec157e6,2024-12-11T15:15:14.733000 CVE-2024-50281,0,0,9089d0de95391a0377f6af8be3fbc8b5c88017f220930e10bade7b480247946e,2024-11-21T19:27:19.097000 CVE-2024-50282,0,0,48044e9927ec28eff75399be71bb53423a5f79de17c68ddd264fd54e5c0b89a9,2024-11-21T21:14:20.060000 CVE-2024-50283,0,0,f684182ff5f086c8fcb516c2d0b9decd164ff49e56400e6faaf4c6565112230f,2024-11-21T21:13:25.310000 @@ -267330,6 +267334,7 @@ CVE-2024-50580,0,0,3398f584a5664889c1e4deaaab3b304a2b81a8e4a61ec448e96876890935c CVE-2024-50581,0,0,46efa2852e259a5f8d275b5dae3ea2a01d70670e7b9ab092dcb227fcb28b2ae1,2024-10-29T17:17:20.747000 CVE-2024-50582,0,0,bc56234b3ab653a760273693a6e0012ab15651a705a524c4f1f1233ab3806295,2024-10-29T17:16:46.007000 CVE-2024-50583,0,0,7274c5e22b718796ad1b4962554320fbc5e753e3e5b53c77142694b9ec8dd2dd,2024-10-25T21:35:08.253000 +CVE-2024-50585,1,1,05bcfb58391cefc8f14532acb51d1b4f80ad2fbcc996285de3b36a5c41ba30a0,2024-12-11T15:15:14.920000 CVE-2024-50588,0,0,bfaa579943a78c86d813d9dedefba8b226ac11f00c84d1c00da87c599a1cb193,2024-11-08T19:01:03.880000 CVE-2024-50589,0,0,64643b83ced7e561121c5a71099032b9b033224c4f3853ee59622fb2bbd5e998,2024-11-08T19:01:03.880000 CVE-2024-5059,0,0,54938619cfdd6fbe1950b0926ce86597803c8de43a913f5077eec999d27cec3f,2024-11-21T09:46:52.720000 @@ -267379,7 +267384,7 @@ CVE-2024-50671,0,0,99782c17088a8d91d172d01f5a082085329526fd6f7189288ae0f91a8aaa1 CVE-2024-50672,0,0,a506f4d2b4e62571040ff3dd4b935bbaea397a7aabe2668687c8152c3cc151d7,2024-11-27T17:15:12.563000 CVE-2024-50677,0,0,54ff67392f620dccd9eeb53d31061bc888e708182d6ec73491b20cd570e10405,2024-12-06T17:15:10.180000 CVE-2024-5069,0,0,ad719aec2191fa4733004e376bcb495f235c4247fa2915a6912d571066c414e6,2024-11-21T09:46:53.973000 -CVE-2024-50699,0,0,42f483b91d404a323ae121397e8661f088733655bb29ba40851fe0711766e716,2024-12-10T19:15:30.193000 +CVE-2024-50699,0,1,0d5320dc641a6886c18070d2ec2dfa7202a0c84aa6f9db1dff36c8a12d666cd7,2024-12-11T16:15:12.720000 CVE-2024-5071,0,0,6dfa056d4abe7e6b37a7311009a7ee0087dcbc392285cd9b9ee51e94d1bed9a4,2024-11-21T09:46:54.120000 CVE-2024-5072,0,0,38bd8ba0572ad544e5273dfb8f5f6bfba13772caa98624367620d218345874da,2024-11-21T09:46:54.310000 CVE-2024-50724,0,0,6e4d1b405e7d4d8af96a4ce9056390bb6e194678013e22ab1b6431ba706461bd,2024-12-03T17:15:11.820000 @@ -267439,14 +267444,14 @@ CVE-2024-5090,0,0,7b6c0d5d4fe6cd2b9ee39cf4e630635d858bd47c5d22afc5ac55f4a356dc9e CVE-2024-5091,0,0,942cd7816598a9a38306116813c44d46c4017ec3ca91059e04ec4c54cf0eda30,2024-11-21T09:46:56.817000 CVE-2024-50919,0,0,0e0de43028cbc2e3a7be2da6c3327cae947119486f4b0445705a5caa5d92a911,2024-11-19T21:57:56.293000 CVE-2024-5092,0,0,b1e4be6fd5ffc39750cf5fee980ce18eada6838842fb0652be3753b9b4a8934e,2024-11-21T09:46:56.943000 -CVE-2024-50920,0,0,0410eb84a8cbc49a0e6a6329e4b5a5b8307e7bc178841ac5a4571bb4675f516e,2024-12-10T19:15:30.290000 +CVE-2024-50920,0,1,54dfeb08ffcdcf28508c5d36f7210703a893d5920e6e61d8ef674773d405de7f,2024-12-11T16:15:12.907000 CVE-2024-50921,0,0,2b8e93f961af13cb8d2fe0b68f0ae0d21fc348db3041f530d3b90a34a028fac5,2024-12-10T19:15:30.380000 CVE-2024-50924,0,0,587064682cfea38b6e6f1d4573f519684e441e040305f2713e4142f256f9b47e,2024-12-10T19:15:30.463000 CVE-2024-50928,0,0,e62304ef2c754bf7721c6b4565f0b5b8591463e4aea1b7d5519fe6ba4bdd49b4,2024-12-10T19:15:30.550000 -CVE-2024-50929,0,0,8bb8660ff9d5047c8314206e3a40ca600a18e5eaa855751b9aefb8cd99e5a4a6,2024-12-10T19:15:30.643000 +CVE-2024-50929,0,1,c77f654eb3c75e0f6332a234eca373313f7a71a484db912d85e39f0a23979b72,2024-12-11T16:15:13.113000 CVE-2024-5093,0,0,980fcdd185426a9fa9ea34c399d0eba666c68a5c3f4d7d9361932fc8f79b7500,2024-11-21T09:46:57.060000 CVE-2024-50930,0,0,3b1b5c2d6223c13d4b1a79d7b55ee8b8035b571a4ac69dd2b9ab01250f6d6e2c,2024-12-10T19:15:30.727000 -CVE-2024-50931,0,0,9a50534e6471d81455afdbb11ef4e33c7d946ef08de7c3fcb62356fa9f17cb42,2024-12-10T19:15:30.813000 +CVE-2024-50931,0,1,02943804abc1002f0dd15d43a7dfd2141cfe2d49d87bd4254fdcb95f3c552bc7,2024-12-11T16:15:13.317000 CVE-2024-5094,0,0,f572ab7eafee07c8d987d5a3c905aa40f60dd2446639e00e7652e97e7c95fb47,2024-11-21T09:46:57.203000 CVE-2024-50942,0,0,74bb27dcec6f641721fef2704da713b75046095ccb8aeb2b392b8ef1abb8cd71,2024-12-04T17:15:15.020000 CVE-2024-50947,0,0,b5c008650b1de4762f100f17a965e455e14b58a340b5da1077acb62ce0721971,2024-12-05T20:15:22.180000 @@ -267558,7 +267563,7 @@ CVE-2024-5116,0,0,c5d4b1414f08ab8180681382cdebd9ce0ef5c88379a43ca5ef4e39d2558da1 CVE-2024-51162,0,0,aa98991254878ca92d6b685fabb0999d9cd2433fd346cf67581df76b7299d30e,2024-11-22T17:15:09.353000 CVE-2024-51163,0,0,909afcfaa554939e2c78d7e7af80c5c6961aa7c27e1f5cf118fbed2c52564f74,2024-11-27T18:15:17.760000 CVE-2024-51164,0,0,d940764ceb362d708d88f9f5a08c2c1f5532b8b37b034d71dff6267e64a0a937,2024-12-09T17:15:09.107000 -CVE-2024-51165,0,0,6582d0bbddfb4e21c8384523d835543f988f1d56ab762bf635aad620835836b3,2024-12-10T20:15:20.523000 +CVE-2024-51165,0,1,903ab88caa77306909d86eb43c0c5c600c3e01c1b5b1a1bd769e3c0a14b80cfb,2024-12-11T15:15:15.067000 CVE-2024-5117,0,0,5e271946d97109af9825c50a9b323ef04401bb4942989f9cb9a1e16ac2b2951d,2024-11-21T09:47:00.397000 CVE-2024-51179,0,0,857fcabc550df085f68e65184c598436a379cf4f02ab73f3edfe252d5c778dbf,2024-11-13T20:35:10.303000 CVE-2024-5118,0,0,d1846e4a7219ebf75ef8c1b0d7fa03dde76ecbba746e36b5705002065c1088bf,2024-11-21T09:47:00.520000 @@ -267625,7 +267630,7 @@ CVE-2024-5135,0,0,ae5ec71253802e053455dbf25c3a7f132caa5c31998988b7916da8d9ad6739 CVE-2024-51358,0,0,5d7d40a469586122c444b2e0291a5b7572bde80ecd24bd548b1fba13ae7ec8af,2024-11-07T20:35:14.957000 CVE-2024-5136,0,0,b51818d5c9a876d781c4b7c11a7289b19139fda2a58c6816e78e8cfe7903aa12,2024-11-21T09:47:02.940000 CVE-2024-51362,0,0,1534463b2359a7eeae511a83065d3eb57919c51130c9c80cea42e23d4ba68009,2024-11-06T20:35:35.750000 -CVE-2024-51363,0,0,ca3d1e63694ddccebbaea6a815dc9c38ba8fe853d7b27a317d17803dfd717397,2024-12-03T22:15:05.013000 +CVE-2024-51363,0,1,1eaa90756b02a0f47068a6b7a8a4670a59c7b0467f8def2cff01a651f5368b58,2024-12-11T15:15:15.280000 CVE-2024-51364,0,0,14b2dee82d01d7389bab3881eda1c802d61b28380989b485af4049ffc6cb6a67,2024-11-27T21:15:07.797000 CVE-2024-51365,0,0,d837cc1586c1d4910b5dfde0140d794651911e802de0b0b7889dd342124292bb,2024-12-04T16:15:25.717000 CVE-2024-51366,0,0,8cb37b642efd94f1ef2cb009c97c3b6b6785b34318fa56f7821210d8849df437,2024-12-04T16:15:25.903000 @@ -267659,7 +267664,7 @@ CVE-2024-51432,0,0,90d6088b4b691a13d46bf67decae9a8dc78d3184ac661e87666bdc2bf7a41 CVE-2024-51434,0,0,fd0f2e493c6557b3a7b75698795afa3b125b8838b7989d6283ab0195617010c3,2024-11-08T19:01:03.880000 CVE-2024-5144,0,0,6bbfaf13c1764c4fefc00893d80de8b864d8af9b05653210d129c904ab48e8ed,2024-05-31T18:15:13.217000 CVE-2024-5145,0,0,1ce6a725d120216d833ed23f25099d9f4810ecb9d4c63ffcf11012cbf68534d1,2024-11-21T09:47:03.920000 -CVE-2024-51460,1,1,54ac0204b63f74164b897a6b6b8f06af4e57f79919a62eae732f4c393e26f20a,2024-12-11T13:15:06.510000 +CVE-2024-51460,0,0,54ac0204b63f74164b897a6b6b8f06af4e57f79919a62eae732f4c393e26f20a,2024-12-11T13:15:06.510000 CVE-2024-51465,0,0,b984a1f47331a027471db6ecd22c9db67a7b4679236a111706732d4e42cb3082,2024-12-04T14:15:20.223000 CVE-2024-5147,0,0,b4fda03873bf91b8aee1014c1d03851aae8f0afeab0edb3aed7529ff221065c3,2024-11-21T09:47:04.057000 CVE-2024-51478,0,0,f0595ed35f1f283d907e9d623fdb50e27981165a57dcab6e98c75f63ec12b3b4,2024-11-01T12:57:03.417000 @@ -268650,7 +268655,7 @@ CVE-2024-5294,0,0,5f7ae00e9a959f94251bcb983ddc17250c36ab864c5296be765aa222fa5fa2 CVE-2024-52940,0,0,dada389fd604fabcf8cad162ee7439c1b0f0631b96a74ff2b430a8633c0d2fd5,2024-11-18T17:11:17.393000 CVE-2024-52941,0,0,54a69191187ab640d350b9c58a59b08396ee95fad6d8092cf6c6613e7f3eba21,2024-11-18T17:11:17.393000 CVE-2024-52942,0,0,6cf0c15b5ef83e2051f563ad012c7c2537d693f3e904a0a40513e3040d82563e,2024-11-18T17:11:17.393000 -CVE-2024-52943,0,0,d5c6bc47533ab9a97b195406cb86e7bb8f9eda768e925a1c87ce5dedad6dec58,2024-12-05T21:15:08.420000 +CVE-2024-52943,0,1,c2ae483fc4ce3e1c290619e18b20c69f995bae6fd27b9673c6715432a67c3f36,2024-12-11T15:15:16.507000 CVE-2024-52944,0,0,13f4728598a9169659ecc5ab8bdcbf29b2aee05592382aeebb2b7ebc79d90c2e,2024-11-19T16:35:19.310000 CVE-2024-52945,0,0,2be5483c630004e32670c1bf2df159c2fc165530e70f2dd74d5a6bc11ca631e4,2024-11-19T16:35:20.020000 CVE-2024-52946,0,0,4f1dfe8b6d1ba4959015bfa97e83493e2bb850117484cc15efcaa811c3e03c50,2024-11-21T18:15:13.120000 @@ -268710,7 +268715,7 @@ CVE-2024-53053,0,0,8df42326d26038cc637648740f856a1650c6e80e4e422314078ed2b335523 CVE-2024-53054,0,0,cf02ae7016d759ad466bd88de5cb08bce1aa8d7fd0df4ecdba05b4b1db2f1123,2024-11-28T17:15:48.820000 CVE-2024-53055,0,0,bdd2e409b84d1a5d2e2b4cf3650bbb080f228be966d252bdce6ddbd4360cd02c,2024-11-22T17:18:33.563000 CVE-2024-53056,0,0,ae5d112fd3aea822f75e2eb7364bd3e220e1ab500a2b5942a4ede94a922319d9,2024-11-22T17:55:51.830000 -CVE-2024-53057,0,0,e3994d160ece564494e1d8da9f0bd32237e96717d266851ed7c5e6c4bc076b1f,2024-11-22T17:55:23.840000 +CVE-2024-53057,0,1,ef640255c1ee1e683b9592a99a9275932ef45b62ebe4a9cdca925456c4638f56,2024-12-11T15:15:17.757000 CVE-2024-53058,0,0,a8028d3d287474ecf90a26d70790957c2683a9b9f2fe3dc113a472bf0e206836,2024-11-22T17:53:32.500000 CVE-2024-53059,0,0,8de9209182f62b1c8cde1232ceb4dd684e6406c51ee4bf910cb88c16872e7f77,2024-12-03T20:57:20.747000 CVE-2024-5306,0,0,6337c3272526323f63fae57a5b84d48fae4f8a9830fd7394fefa4365a042d105,2024-11-21T09:47:23.970000 @@ -268751,7 +268756,7 @@ CVE-2024-53091,0,0,207739659b905a7d6e2b2c767b4bed17c45fac898716e533ad21a2979a6f5 CVE-2024-53092,0,0,1b7a69d89392e5b49d8736777b2af67b1430fac605a315cca6acfdb1f67afbe6,2024-11-21T19:15:12.380000 CVE-2024-53093,0,0,11040c61e80d13107e642a110c172a2fccb47a3e18196475ea84c41a0caa31d2,2024-11-21T19:15:12.530000 CVE-2024-53094,0,0,94b7bce8f4092b2c1ac5eb7f43f0aabe3800b50ad24f77df780f1135bce6162f,2024-11-21T19:15:12.680000 -CVE-2024-53095,0,0,3acf306b07f69f6aa1b2f0ebcab7a63e961a72f48a031c3ba545407429f75d51,2024-11-21T19:15:12.867000 +CVE-2024-53095,0,1,4e724c82098942c519f58d8d0672f065c3504379b32765b65ae8d7e7c202ab88,2024-12-11T15:15:17.940000 CVE-2024-53096,0,0,3d722b376e53ac271e3fde68dbbf34202eb4e677ad562322d8fbd1512368e50a,2024-12-02T08:15:08.417000 CVE-2024-53097,0,0,a3b4cb7c0ef645e198640ae92cf388159252f1639290500f5a75562184b52f0c,2024-11-25T22:15:15.763000 CVE-2024-53098,0,0,5580b97bce6f5b4830072d4f8a1a0d979c2074edd87e99c728a3432c787bfe8e,2024-11-25T22:15:16.147000 @@ -268761,7 +268766,7 @@ CVE-2024-53100,0,0,d49b25334b205121a6433cd6ac9e5a316b0b4e79773dd5ed08c4e97fe398e CVE-2024-53101,0,0,18942ab9b29f25bd752c3ab9f00057a2471d8b391133a8837d29de1938d54987,2024-11-25T22:15:17.163000 CVE-2024-53102,0,0,0940f0629e9bdde2e2f94630b28cafb0a1e41bd4c17407998519b3614b9fd6e3,2024-11-25T22:15:17.553000 CVE-2024-53103,0,0,fea1df1ec4e010b077b8ce29997cc11c0435ec37a8a561a5de86032afeb9dcfc,2024-12-02T08:15:08.537000 -CVE-2024-53104,0,0,2812107acde16326bf07530094a07afeaba4d055bec01e1a2cfc7d80501e42df,2024-12-02T08:15:08.687000 +CVE-2024-53104,0,1,063549a8c93277f1603e55e543da35e55c8ff1c1baaef95c67cc0358a7fba5da,2024-12-11T15:15:18.110000 CVE-2024-53105,0,0,49789fd38eb8c2e3aaed32c560b477653876ad3a281d38d4728b170cce015fbb,2024-12-02T14:15:11.313000 CVE-2024-53106,0,0,30e3702644fc7a35784d9f94136dad383572937546c2f59633334350f5453e80,2024-12-02T14:15:11.420000 CVE-2024-53107,0,0,8f70c788a7b6178a3903b9f5f9459c260918d71bed6669c5c2bf534cedaffb24,2024-12-02T14:15:11.523000 @@ -268790,8 +268795,8 @@ CVE-2024-53127,0,0,971c35d0bdb6fd8da06241f0574b3229fb32ede8607781c6979f41f37e1fb CVE-2024-53128,0,0,f9eec68ede1e406488191c46f9d50f73ad3aa1613bc770edcaf522cca67dd4a8,2024-12-04T15:15:12.737000 CVE-2024-53129,0,0,d1fc77f1dab17eeff37788fbf62ea42867a917fecd21166d87ba8aca6ef2ff20,2024-12-04T15:15:12.837000 CVE-2024-5313,0,0,be791a23ecd40bbfd3a356fb20dc239f3a0459ddf5fc8645766d7d90d3fc6d71,2024-11-21T09:47:24.663000 -CVE-2024-53130,0,0,1ac44920956419aad8b1ca6bf8ac4668a9398d444f79b6ca27325351b5992189,2024-12-05T12:15:19.417000 -CVE-2024-53131,0,1,19eba6d8151a3ccf75118bd0f587f03ce57bf19a786a52e87aafc302369fecff,2024-12-11T14:55:01.573000 +CVE-2024-53130,0,1,23ee5f4159f8dab2108c8598b8abfbca1237bd7aabbe8e7a77092d09590b0823,2024-12-11T15:01:08.660000 +CVE-2024-53131,0,0,19eba6d8151a3ccf75118bd0f587f03ce57bf19a786a52e87aafc302369fecff,2024-12-11T14:55:01.573000 CVE-2024-53132,0,0,784764b8393c16a2472dcd9ceb193598a6266f6f7101743057b3398e5016616d,2024-12-04T15:15:13.193000 CVE-2024-53133,0,0,7dc3bd97ae2fd964c9544e8c99d455f2dfa36bb52ebc957fde2a8701f7a2df3e,2024-12-04T15:15:13.310000 CVE-2024-53134,0,0,2ca33ba2789e0ed81e4159165518bbe19d131a1732e729bb807ce7f34c35506a,2024-12-04T15:15:13.503000 @@ -268799,9 +268804,9 @@ CVE-2024-53135,0,0,0b08993b08190466a7281f1b802cbae7c64d77f0feaa0d8a9db2fa01f6e69 CVE-2024-53136,0,0,ea233065be9eccbfc129ad3fe155c591a7d0530307b982801ac110bfb0022c92,2024-12-05T12:15:19.617000 CVE-2024-53137,0,0,cc8db81c9f17d136b13327650ff5cf652f74bb6d9d10bd0a2ffa3e90d8a88481,2024-12-04T15:15:13.843000 CVE-2024-53138,0,0,ba78ca1c93add90c82edf24c335a0a199acf6c3df53cd342e3d62dd82c6af9dd,2024-12-04T15:15:13.983000 -CVE-2024-53139,0,0,cfe4b7c940db8146ca281d7f10e309400b247c6b403bd5c2e345cfc63527bcd2,2024-12-04T15:15:15.643000 +CVE-2024-53139,0,1,38e0ae2d6b2c4e8a68fa87c84522af1b5dddfecf72b546f9f1556d45a497a8c8,2024-12-11T16:47:34.503000 CVE-2024-5314,0,0,3f9bafe97657efc7f668c5d897662a9659297ed1c2230826ab18be8ba9a6342b,2024-11-21T09:47:24.810000 -CVE-2024-53140,0,0,97a42857cf07e6c73d5157878eaab6055c0a598352b9e5348ceaa16cdcbd0dc1,2024-12-05T12:15:19.703000 +CVE-2024-53140,0,1,b503ff41f27d09c97e1340bff7967ee87bb32e39dafc91d99f5fdd4a3e40d538,2024-12-11T16:45:38.077000 CVE-2024-53141,0,0,bac15675c09f6811a6d88b2bd40199a11ae7509b12b3a955c8b4511890882333,2024-12-10T19:25:08.247000 CVE-2024-53142,0,0,6c3c82afaa65b94acded7ae517ab5c9ebd592257e0bf92056ae5de7a8ded9a3a,2024-12-10T19:17:56.657000 CVE-2024-53143,0,0,58aea596a92f51ecb8e396a2e6f1085ce03cd820c5355e9f3433d5e31dfbde48,2024-12-07T07:15:03.780000 @@ -268873,7 +268878,7 @@ CVE-2024-5344,0,0,8f458be972a177773c42d8be4d4a2a3285a02690bc775c46c880075a709e9d CVE-2024-53441,0,0,6fa821e2c267d095456f77ca67b20d4bddb8527931416944a8acea3783a3793c,2024-12-09T20:15:20.800000 CVE-2024-53442,0,0,49e8e8bcc8b7bcaa280093d521e6aff7558296bfd4e322e6b9c1f1a52f419341,2024-12-05T20:15:22.693000 CVE-2024-5345,0,0,c0e9154b8cf6eccc0abbcabbb8ee4621432a41cc6dca94348a2468e667caa563,2024-11-21T09:47:27.883000 -CVE-2024-53450,0,0,882d5e53fca75c095dd18590cb2e966eca2014443a8e7595dd9ff670d94205e4,2024-12-09T17:15:09.350000 +CVE-2024-53450,0,1,35c5f2872561bc157223093101834ca44cd8e03e4dad5a58a6584da3319abc23,2024-12-11T16:15:13.910000 CVE-2024-53457,0,0,2a9d6ff9530514e1b1118f6cfb8ea3e80f964c7759c5b6fc65af26bdd6a25cf5,2024-12-10T18:15:41.873000 CVE-2024-53459,0,0,5f9e5f3a8b33fbe02bdd059bb8fe15cb2eeacdc4f602dd12944ee928044f080b,2024-12-02T18:15:11.123000 CVE-2024-5346,0,0,835e1b7230e6e33db8d8cf7bc9b64a0aa9f43b5b6335773933376ca9c2372d0c,2024-11-21T09:47:28 @@ -268882,7 +268887,7 @@ CVE-2024-53470,0,0,7e717d458d3e971476fce58f4e759acfb3653594788d9bb4f7ef6a8cad1db CVE-2024-53471,0,0,dea70dfafbf7c115f6b9fc5aab8fa383b86b6c8d65d06c11e3049e5b3d3b885e,2024-12-10T22:15:25.277000 CVE-2024-53472,0,0,72dbc0cce14855ba1d3569457dbee3a8b2bcc3ee364096a0891b3e57adbf038f,2024-12-05T16:15:25.977000 CVE-2024-53473,0,0,358e2b05fdc54a6e3691e8ba3f77fedff57be14fcbc952f41ed19a97501744e2,2024-12-07T23:15:34.137000 -CVE-2024-53477,0,0,0bf7b09ba287b24f18c03a66d52e9150f8f87653e9cc33aac9bf4a8d9356bba9,2024-12-02T21:15:11.217000 +CVE-2024-53477,0,1,3dfbb52637bb052a793d1b67a024cd50b899929ad7fee8a9366a9aa6e069e388,2024-12-11T16:15:14.150000 CVE-2024-5348,0,0,0c3454114961657672c2409af3f9f2f3bb9995c6579ea15f7d29552347b906f3,2024-11-21T09:47:28.240000 CVE-2024-53480,0,0,4889d0ff1fe4dddc3829b2478649a6155b88e7256aa2574b5a87fc73b9645c93,2024-12-10T20:15:20.920000 CVE-2024-53481,0,0,8c2a844186665814baa9349f5f9eb75c05702deacf50797c7fa1db6e74c909d8,2024-12-10T21:15:20.003000 @@ -268901,7 +268906,7 @@ CVE-2024-53523,0,0,f6c4b1b131340f304393c7e2660d3f777adfa845ef58c906f19150ea50850 CVE-2024-5353,0,0,797e03a5615e2bede928ac816012d8783c471de5bd74a0480881887afd7a657a,2024-11-21T09:47:28.863000 CVE-2024-5354,0,0,e179ff0fdd33289a32ca4c68c73a51c0aa8ddee9c94944cd1d4fd7185f36a76c,2024-11-21T09:47:28.997000 CVE-2024-5355,0,0,5ae56d862872a5268a44df2d0e26a54aa307acbf5ff2835727472c989e377b6d,2024-11-21T09:47:29.130000 -CVE-2024-53552,0,0,41ac72dbe5c5585c65e69b7f2466cd08184456c3154d29b8e54edba0fc0cdf66,2024-12-10T02:15:17.177000 +CVE-2024-53552,0,1,79c82ce18356120dc8577cc43ac300b5a2ddb6d8f1b44f55ab140b1616da3291,2024-12-11T16:15:14.373000 CVE-2024-53554,0,0,21a54d7bc341c058102c672add5c6a39faba0998e6b5d3050bab27868ab5983b,2024-11-26T16:15:18.520000 CVE-2024-53555,0,0,98c9cd71300d5c5a0ee8cfe56c2efb641372e5ee4508b44193ca67680ed7c7bd,2024-11-26T21:15:08.560000 CVE-2024-53556,0,0,197a1e9e5d0cdfa43597989d9978403511315370ea045225b596c7a587a5fd41,2024-11-27T17:15:14.917000 @@ -268935,7 +268940,8 @@ CVE-2024-53672,0,0,c034dac4c4637a95856788fb40ca70c5483331e0a98b00ebbe100e048ed73 CVE-2024-53673,0,0,910e1349eafaf1661162c8bb58d88e665b4b7b8681e3bf751d64c4a9defd18a7,2024-11-27T16:15:14.783000 CVE-2024-53674,0,0,4d9647ea928f82a0b2cdb73c6bcbe7fbabe3f62556a48a0f4af172b4a80ea7f2,2024-11-26T22:15:18.713000 CVE-2024-53675,0,0,4607a5442ff012a223336ef78d5bf87006901d497022fdf99229c5a1a3c914b2,2024-11-26T22:15:18.990000 -CVE-2024-53676,0,0,b7de911c8feed029b8a0b3b16f752c2584e3d8547b3cb6fe3345abbbe8bb3345,2024-11-27T01:15:05.250000 +CVE-2024-53676,0,1,9e5335d7636e62fb7cc2e79040736f3f5e3856b52ef7bfb0006141b3e5724acd,2024-12-11T16:49:45.783000 +CVE-2024-53677,1,1,4b27c5cc49c524e51d879cb7da7f4793eb211d428eb53bf7974c4ce2e772306d,2024-12-11T16:15:14.593000 CVE-2024-5368,0,0,0267b73ce86fd5c42a4c0cf503f4bdead8427924f402a3554f435c1bc916f416,2024-11-21T09:47:30.877000 CVE-2024-5369,0,0,14abdfed4d5003ff16a96b2708e00658833baa1f8166ee56f5ba2dba896b20f5,2024-11-21T09:47:31.020000 CVE-2024-53691,0,0,443f2a6b2822b32ccee80c82560e628eb708d2d305a942f2d8f823369b20417c,2024-12-06T17:15:10.520000 @@ -269167,7 +269173,7 @@ CVE-2024-54002,0,0,7c5a00df1d470c32b9eac42d93309bb19614d9762fa0f049a771979bb9894 CVE-2024-54003,0,0,b632b439005206974a2b4ec6ab08a78e134e0c09d892996aec7289d7221f0377,2024-11-27T20:15:26.133000 CVE-2024-54004,0,0,5d94a9bc2fe383b10883d5f21fb711b04368ee28bef8377081c80a039d1c1dee,2024-11-27T19:15:33.723000 CVE-2024-54005,0,0,78bbd546deba4e2b14f99ce80711c725e32521468135821d5bfe1062b9007f78,2024-12-10T14:30:47.037000 -CVE-2024-54008,0,1,9593f48912b6399476026a38f0139749c7711d31f8d7f240872e5de4e305e3a9,2024-12-11T14:15:19.713000 +CVE-2024-54008,0,0,9593f48912b6399476026a38f0139749c7711d31f8d7f240872e5de4e305e3a9,2024-12-11T14:15:19.713000 CVE-2024-54014,0,0,9895136be901bda6024d3c86fc774e344b5ffa93f0cfe6e13e8990c6229717ed,2024-12-05T03:15:14.530000 CVE-2024-5402,0,0,ff0d9bb22ac0a71984c61b65bae28749f481f4dd7d54b4eb8642f168357fe194,2024-11-21T09:47:34.947000 CVE-2024-5403,0,0,f4e58d907f2a672c85e38960e3074ec1cb3261646ec2ccae3d1a32d0c95159be,2024-11-21T09:47:35.097000 @@ -269332,7 +269338,7 @@ CVE-2024-54747,0,0,9f0fca61fa6eccf9336f8eaa6d72537b4bbb8d5e3fd08e6c628143c0e6117 CVE-2024-54749,0,0,9843b013f360d8fb3ff95bfdcdfc0bf5c3f632d1d8b1b0bbd6fc777fe9950e5c,2024-12-07T23:15:34.810000 CVE-2024-5475,0,0,3f93fbbe9009c236ea2c6da72827f7bd871ace2e1ffd3b439453d8900914ef7f,2024-11-21T09:47:45.480000 CVE-2024-54750,0,0,a2b9bd793ac60105835f796550f4eca54ad7139b40ad2fdf283a28d5ab7647fe,2024-12-09T23:15:34.020000 -CVE-2024-54751,0,0,eafdc7b1014ea51ab8254f6cbe6e3e8f9681b4f56cd2e42b92a9bec5906eac49,2024-12-10T15:15:08.020000 +CVE-2024-54751,0,1,78f3a2bd185940189152bb69b6376cf1d8ba8c4408c6ec0691296862b6b595c3,2024-12-11T16:15:14.910000 CVE-2024-5478,0,0,ceb048e006a964dbf511019dec939d920d262ad6c1300b540d6e08688f53b8be,2024-11-21T09:47:45.637000 CVE-2024-5479,0,0,f92bceb83a5a9014c15956c2e58b8be8249c2eaaa0c8984e346563da1cce7cef,2024-11-21T09:47:45.750000 CVE-2024-5480,0,0,dcddee05a122e48deec7dd054d03a98cfc3767234733af70ab63ade31364815f,2024-10-02T16:15:10.913000 @@ -269351,25 +269357,25 @@ CVE-2024-54918,0,0,6207e50428ffb71f4db4d780c6696f68398c7201661e4c4452376ecb0497a CVE-2024-54919,0,0,d240fd7b13ed8b141b8975d3eb4f4e201c9093f582cb0ecbb49a96c5b085f2d9,2024-12-10T18:15:42.770000 CVE-2024-5492,0,0,bef41c141414e91a737f6b5c4fcaf83f2ee31e6e95a9e2405d6f4dc30a93092c,2024-11-21T09:47:47.140000 CVE-2024-54920,0,0,e0ff812c1f95bed20dae279ccbe6840a2a70586b27f9b541b7f43952ea8bc2db,2024-12-10T15:41:01.480000 -CVE-2024-54921,0,0,26331f94739652b96ec20d146cc4d21509a1a86a45117ca552a815bd9689e070,2024-12-09T19:15:15.940000 +CVE-2024-54921,0,1,cca6e9946a10d822b3789a307ddfbc30063b7ccd63b68a5ee517e97237385303,2024-12-11T16:15:15.127000 CVE-2024-54922,0,0,bf82f604b88736e7757768beab336f3a65d40416cac34cdcff67ae87398fb7dd,2024-12-09T19:15:16.050000 -CVE-2024-54923,0,0,4f6445821868a967d7dd24ed0996dcc6370125b4f205ed519b93edd7522ce4a2,2024-12-09T19:15:16.137000 -CVE-2024-54924,0,0,a8180cc3ffe32f00dc06eee954d3e8389339ad51c21ffbf327b2d215d20dcafa,2024-12-09T19:15:16.243000 +CVE-2024-54923,0,1,ac868ab770236405018c881372b6d93db70eba6cf51aa07cb1f8611df0b9555f,2024-12-11T16:15:15.347000 +CVE-2024-54924,0,1,5516064a5c14b486a3c57b9b85448212cdef809ec6376b9e1e9b15d03f0a400c,2024-12-11T16:15:15.547000 CVE-2024-54925,0,0,e8fc0e673f76afd453f937fee588d6565e8390b5f63d2742f455c4e6fda77f47,2024-12-09T19:15:16.350000 -CVE-2024-54926,0,0,d207e0e4e1ea549cf8f234d7654c3876100ab3b038442c8d0dc74fd13d373f87,2024-12-09T17:15:09.810000 -CVE-2024-54927,0,0,759b60e9f8f8dd1ecc31bf06a78046977a686288eb51ad9f6f01868104142d13,2024-12-09T19:15:16.463000 -CVE-2024-54928,0,0,11c4f25e5ee144bd5092526b4d9c7d37e3576fc4b110a0276593844b83410ee6,2024-12-09T19:15:16.567000 +CVE-2024-54926,0,1,d0eb79d4c8b6087b5f9f7caae5183d52a8669c049df80816b10f9225e430b164,2024-12-11T16:15:15.763000 +CVE-2024-54927,0,1,2a84cef7ce78de15805fc567c03cc87b494945c36668a4978419cbb3e112af6a,2024-12-11T16:15:16.360000 +CVE-2024-54928,0,1,decaafc5537a789ca582262d234e6ec3e1eef513f3e8475e578984355258576e,2024-12-11T16:15:16.590000 CVE-2024-54929,0,0,028424391bfd0e6e1a80decba8ca8422fb184a112971073f186a5d0b3e71e96b,2024-12-10T15:47:10.800000 CVE-2024-5493,0,0,934df9c05abfa1e1b0f50d724dbce11e7e01bba7d9ae25f41fb3a41d6fcaa53b,2024-11-21T09:47:47.260000 CVE-2024-54930,0,0,a6448590db82b15ece8ba1f5055d06c864c57d09b90a65b1cf9f6eac192d6ab5,2024-12-09T18:15:24.267000 -CVE-2024-54931,0,0,4bc2a80950e59cba6a1a96040fad30b45e8551ae5f4871e5bb58c4552553ce11,2024-12-09T19:15:16.677000 +CVE-2024-54931,0,1,01f2c9e9859a4685fdae8fc97970e11d560ed3c224bef019f85557d4b43a3ccc,2024-12-11T16:15:16.820000 CVE-2024-54932,0,0,3c73c5f584e1dd4a385e064a7bcd5eb3bdeabf421d3e900fc314c73bf0c97b7e,2024-12-09T19:15:16.777000 CVE-2024-54933,0,0,57c3f0caa0953bbad2cf65c9df51ab0a561a4ad7be49df764627846d55138e29,2024-12-09T18:15:24.387000 CVE-2024-54934,0,0,b305f5717c64529f287ec02c132f7990f3db15a40feac89298c6f232af77a9e1,2024-12-09T19:15:16.887000 -CVE-2024-54935,0,0,891d6feaad3e8de1f7a44e9c6e27d0b601fa4e17d682fbbb2e6a93a1e492a959,2024-12-10T18:15:42.997000 +CVE-2024-54935,0,1,61185b20f382be4d3639bac7ef1593b440e8859a1d371e482182cb5ef4251a0a,2024-12-11T16:51:17.447000 CVE-2024-54936,0,0,f21b1da20346f5f757f77e403c54bbd170034aa987896c1a2a9c5ceb1fff38da,2024-12-10T18:15:43.233000 CVE-2024-54937,0,0,c012c89188aeac66e520338a1b1dc00110f731715e45aee0d68c2e27bf5f871e,2024-12-10T15:50:13.957000 -CVE-2024-54938,0,0,be878c2e9f1d408774f7225e6a40d037072cbddefb232c5ebf67c61bd6d37336,2024-12-09T19:15:17.137000 +CVE-2024-54938,0,1,7b80582288c8eefa4ba94a300feee6c2fe5b23f6ec6a1a9ade37311383b889c3,2024-12-11T16:15:17.033000 CVE-2024-5494,0,0,8cf1519a61ea4a6a4f006eea5f9156b6b849d9688fc3df3baf2171897301c8ac,2024-11-21T09:47:47.450000 CVE-2024-5495,0,0,e8211ab29f4239a9e0c9017a1df13982e259112697e44dda84f6d2c28e9245ea,2024-11-21T09:47:48.493000 CVE-2024-5496,0,0,f986035b64f7dc76a56e3fca405856ceb7f8c6befcec053ce74d6fb508f6d2f9,2024-11-21T09:47:48.673000 @@ -269424,7 +269430,7 @@ CVE-2024-5547,0,0,c70f2b15fdfae1a20148a4f5dddd13a94d9e6eb1c9039906b5e94118b8ba53 CVE-2024-5548,0,0,960acca9fdb4c73166f01cb6cab77802df52faee348d661f3dcdec3a5e889741,2024-11-21T09:47:54.380000 CVE-2024-5549,0,0,523dae47b6780776874c36c71ab66f8ac6e8e99599490648ee341f214b628e63,2024-11-21T09:47:54.507000 CVE-2024-5550,0,0,4077662850b9d5945d5c85ce45904d9c2783b7c7a72633a9665404cf6f9e870c,2024-11-21T09:47:54.640000 -CVE-2024-55500,0,0,7ea2d43275119b98a843fc25bdcf8207347a7af4afba9beb1849161133b44676,2024-12-10T19:15:31.020000 +CVE-2024-55500,0,1,4f1d355b8c4b6c4c520d2fe6c39aa009d7d641ecbd6be08a481777d78b19f476,2024-12-11T16:15:17.253000 CVE-2024-5551,0,0,7ca1b2f3592d8c197217d4f6bb2a217c73a396396bc14275921b16391f97198d,2024-11-21T09:47:54.770000 CVE-2024-5552,0,0,948d6d5339e40bf52a297a53b027f97cabc4938d9f426267efe19c3ca8d00dfb,2024-11-21T09:47:54.927000 CVE-2024-5553,0,0,c6aeec952a2778be27c1792a1d1c97b8ff8c01ca6ed08226c6b506a6f771b767,2024-11-21T09:47:55.040000 @@ -269435,7 +269441,7 @@ CVE-2024-55546,0,0,ac6e7123908ba34a2d1fbd6dcd4ada7d4a8f82ea6c349ca2e14f1ad5dca06 CVE-2024-55547,0,0,8d6605a07deb55b1aa31e983960c2573ad4c93bb4cc482bcf2b5b04318fae565,2024-12-10T20:15:21.527000 CVE-2024-55548,0,0,e32521c397892b3eea8d7e69cd8c965639f45411ec7c8a641b80756588f848b7,2024-12-10T20:15:21.643000 CVE-2024-5555,0,0,742073dac4de00aad4cb6df58c8d366b01298901468c1f8f2b3d987b01395142,2024-11-21T09:47:55.300000 -CVE-2024-55550,0,0,330f19b306d63b36d00ff3e867cd4f40d76330f49a19cb2527205238b7456e92,2024-12-10T19:15:31.110000 +CVE-2024-55550,0,1,cd9eb3a1fe12bbe50b34ea4fe76853ab69c71fd8eec0357cea68f4a5a515d1ca,2024-12-11T15:15:19.653000 CVE-2024-5556,0,0,f573f07f74091c9ef49ab63e55c790d8f661c071a22a95c82ecfdf6c6886287c,2024-08-27T14:36:53.273000 CVE-2024-55560,0,0,8ded767c4c0f73c31717fdba1e26cc9c22e0d2990356bc72ffccdc44c7980958,2024-12-09T16:15:22.750000 CVE-2024-55563,0,0,c66280007d4cae3698737b72d02776bf87f7156bc0d443fcb1212b7ae0d79246,2024-12-09T01:15:06.313000 @@ -269448,7 +269454,7 @@ CVE-2024-55579,0,0,eb7b97c3360bce570eb740843f88f428eb8ed07ac934bdc24aaa75a35aac6 CVE-2024-5558,0,0,b9640ac59698561d1e2153bd708b9d8ca2d328fcb61a159842590b547b4c1a0f,2024-11-21T09:47:55.700000 CVE-2024-55580,0,0,d0db8db8caa9064b5ccfd1ebfcb70a56a05a77720b165abb2a708efdd1b5b12c,2024-12-10T15:15:08.300000 CVE-2024-55582,0,0,3c23376685adf2edae29527c3668429e6b653ce512d692f8394663104b24d5b7,2024-12-09T03:15:05.550000 -CVE-2024-55586,0,0,860678fa3c0144fa42a7d6126c9d280c8ece9bce59d81dfc5db5a9d68f6ae04f,2024-12-10T14:30:47.813000 +CVE-2024-55586,0,1,783bbc0952a9c9a1d0e90c4c1133d59847ae90b7821de6a7e7ad86d9d5d5c9cf,2024-12-11T16:15:17.473000 CVE-2024-5559,0,0,da875044adc3709281edfed6e696b593f02a48923f7270d2350dbdeb9c3f0186,2024-11-21T09:47:55.840000 CVE-2024-5560,0,0,5aa7f1759c9eb53992bc8fa45515cc25adc477b89cd6554f8c0736d42239dd24,2024-11-21T09:47:55.983000 CVE-2024-55601,0,0,89175adefd85ee52b8d0660bf5cffaad0818c3ee1a9c4ccd9c1b1dad82da5932,2024-12-09T22:15:23.100000 @@ -270928,15 +270934,15 @@ CVE-2024-7228,0,0,a661e4304e23b944f3e8caf0591bdbb960fdef6359f8da5b3192c6c46e2a36 CVE-2024-7229,0,0,8efaf3b22bc612c6ca8d639c951b60915658eeaa33a73cd7f332a9e9f2f85e82,2024-12-09T20:04:08.797000 CVE-2024-7230,0,0,d3377bb66796c49c17d64d458ce5ec67560c57e6041313bf69cd2192d63dd3e2,2024-12-09T20:02:58.670000 CVE-2024-7231,0,0,822a99d1572fc0918e8ef2849d04bc7abba7466bb16a280b5875c6569fb3fa14,2024-12-09T20:01:00.623000 -CVE-2024-7232,0,1,145bec6ad818752e8e1aa21e21512188df08b9d67e720d8ed692b55ccf0053c5,2024-12-11T14:44:38.737000 +CVE-2024-7232,0,0,145bec6ad818752e8e1aa21e21512188df08b9d67e720d8ed692b55ccf0053c5,2024-12-11T14:44:38.737000 CVE-2024-7233,0,0,245c9c7282702c0ad7d2d9fdcc98fa270b960e17480a03d5bfdac380727b2f08,2024-11-22T22:15:16.060000 CVE-2024-7234,0,0,c841032797f89ed33f5e5c6be97d90177bf36eff8435e446fc59dbaf44344590,2024-11-22T22:15:16.190000 CVE-2024-7235,0,0,19563b43b3a2c50df5995e73338cd7539ec685bdbbf6153d07006a345ecea5dc,2024-11-22T22:15:16.307000 CVE-2024-7236,0,0,bfe8ac9abbe8d96981ff80186e1a3adf2d31e739768635eb532383cfe3d6b902,2024-11-22T22:15:16.427000 CVE-2024-7237,0,0,662e39cca4be9b647909bd94510ead901bfe81a53d4b07cc53fbab12da70f718,2024-11-22T22:15:16.547000 -CVE-2024-7238,0,1,4b440d963378f1f4b9e96264a799f3697812528bd67e5c582e2981fc5ec5258f,2024-12-11T14:34:42.833000 -CVE-2024-7239,0,1,53968c59a1174219ae44eef241610b22dfa99619aca14fbe12febb5f8fe62200,2024-12-11T14:25:45.607000 -CVE-2024-7240,0,1,4119106a820cfa30ee1f58dc1a66e01faf0d8e616ec3f0cd9a46b5ee461420d8,2024-12-11T14:22:23.280000 +CVE-2024-7238,0,0,4b440d963378f1f4b9e96264a799f3697812528bd67e5c582e2981fc5ec5258f,2024-12-11T14:34:42.833000 +CVE-2024-7239,0,0,53968c59a1174219ae44eef241610b22dfa99619aca14fbe12febb5f8fe62200,2024-12-11T14:25:45.607000 +CVE-2024-7240,0,0,4119106a820cfa30ee1f58dc1a66e01faf0d8e616ec3f0cd9a46b5ee461420d8,2024-12-11T14:22:23.280000 CVE-2024-7241,0,0,2d262dc5b536521ef90a26c60e93d56427c74446a97caffd69699909d3022758,2024-11-26T15:08:51.357000 CVE-2024-7242,0,0,936971159de650d2954dd29c139b2685e1eb7d8690bb7709b88a437f9c6120d7,2024-11-26T14:59:29.483000 CVE-2024-7243,0,0,c6b88fa7532074a1fe50f63bbb0afc38fd44b72846ee13736713968c199e6910,2024-11-26T15:04:44.320000 @@ -271621,7 +271627,7 @@ CVE-2024-8015,0,0,dd5555b85e994899c4893ace6d3afbd967c37c55c50d205d5b3c8bf6cb87a3 CVE-2024-8016,0,0,238c4df3f0de00a81fde1b1c7b561464841085dd6f47f09817353c1bbacbfe77,2024-09-03T14:51:16.470000 CVE-2024-8022,0,0,2c2738dbc526c308d2f52af114ef294873c5e8e6729dec83af9008e9c3b5cc37,2024-08-21T12:30:33.697000 CVE-2024-8023,0,0,a1b6d905a0240efa1881c72db04eeea68a6752bd4f402a8f1846f80b6c974719,2024-08-21T12:30:33.697000 -CVE-2024-8025,0,1,70061881b166a3a1a51ca6087abec369478d3afe4c5d3b16bf1339b5559f41f2,2024-12-11T14:02:07.930000 +CVE-2024-8025,0,0,70061881b166a3a1a51ca6087abec369478d3afe4c5d3b16bf1339b5559f41f2,2024-12-11T14:02:07.930000 CVE-2024-8030,0,0,0222c140f338b9929800e6ff1f38275ac87b01268708f4fe3253d79e319814e4,2024-08-28T12:57:27.610000 CVE-2024-8033,0,0,2e06813e88b6cfa39b77eeda56acb40b59d06578c1b6d8003a2b6bea9d735890,2024-08-27T19:39:04.953000 CVE-2024-8034,0,0,8737be6f93f1495d1046c9a435fb5c4639722e22541174f90d62414e220dc49f,2024-08-22T17:35:30.003000