diff --git a/2017/CVE-2017-13316.json b/2017/CVE-2017-13316.json index a4ed8f497ba..65d6ba90c5d 100644 --- a/2017/CVE-2017-13316.json +++ b/2017/CVE-2017-13316.json @@ -2,8 +2,8 @@ "id": "CVE-2017-13316", "sourceIdentifier": "security@android.com", "published": "2024-11-27T20:15:22.363", - "lastModified": "2024-11-29T22:15:04.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T19:49:51.540", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-05-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2017/CVE-2017-13319.json b/2017/CVE-2017-13319.json index 026d0b3a415..cd5d33e4aa7 100644 --- a/2017/CVE-2017-13319.json +++ b/2017/CVE-2017-13319.json @@ -2,8 +2,8 @@ "id": "CVE-2017-13319", "sourceIdentifier": "security@android.com", "published": "2024-11-27T20:15:22.493", - "lastModified": "2024-11-29T22:15:04.860", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:30:33.813", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-05-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2017/CVE-2017-13320.json b/2017/CVE-2017-13320.json index 58505a0eb56..7c8e65f3104 100644 --- a/2017/CVE-2017-13320.json +++ b/2017/CVE-2017-13320.json @@ -2,8 +2,8 @@ "id": "CVE-2017-13320", "sourceIdentifier": "security@android.com", "published": "2024-11-27T22:15:04.800", - "lastModified": "2024-11-29T22:15:05.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:30:58.303", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-05-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2017/CVE-2017-13321.json b/2017/CVE-2017-13321.json index f52cdfd02b8..2f97a4db764 100644 --- a/2017/CVE-2017-13321.json +++ b/2017/CVE-2017-13321.json @@ -2,8 +2,8 @@ "id": "CVE-2017-13321", "sourceIdentifier": "security@android.com", "published": "2024-11-27T22:15:04.900", - "lastModified": "2024-11-29T22:15:05.143", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:32:50.593", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-05-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2017/CVE-2017-13323.json b/2017/CVE-2017-13323.json index 64c87845198..8ac2077d9ed 100644 --- a/2017/CVE-2017-13323.json +++ b/2017/CVE-2017-13323.json @@ -2,8 +2,8 @@ "id": "CVE-2017-13323", "sourceIdentifier": "security@android.com", "published": "2024-11-27T22:15:04.983", - "lastModified": "2024-11-29T22:15:05.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:33:03.693", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-05-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9349.json b/2018/CVE-2018-9349.json index afee4de12b7..f927d31ae17 100644 --- a/2018/CVE-2018-9349.json +++ b/2018/CVE-2018-9349.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9349", "sourceIdentifier": "security@android.com", "published": "2024-11-27T22:15:05.090", - "lastModified": "2024-11-29T22:15:05.460", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:33:18.977", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9350.json b/2018/CVE-2018-9350.json index 581074cc1e6..1ca6304cb02 100644 --- a/2018/CVE-2018-9350.json +++ b/2018/CVE-2018-9350.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9350", "sourceIdentifier": "security@android.com", "published": "2024-11-27T22:15:05.197", - "lastModified": "2024-11-29T22:15:05.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:34:21.640", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9351.json b/2018/CVE-2018-9351.json index 3290a55cf8c..4397135aee1 100644 --- a/2018/CVE-2018-9351.json +++ b/2018/CVE-2018-9351.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9351", "sourceIdentifier": "security@android.com", "published": "2024-11-27T23:15:04.343", - "lastModified": "2024-11-29T22:15:05.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T19:45:45.183", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9352.json b/2018/CVE-2018-9352.json index 71e3e8d88db..3f0af3412c2 100644 --- a/2018/CVE-2018-9352.json +++ b/2018/CVE-2018-9352.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9352", "sourceIdentifier": "security@android.com", "published": "2024-11-27T23:15:04.467", - "lastModified": "2024-11-29T22:15:05.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:24:44.493", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "DBCA7605-6348-400D-9844-97E0144C2BF5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9353.json b/2018/CVE-2018-9353.json index 030aa227601..445a0d94961 100644 --- a/2018/CVE-2018-9353.json +++ b/2018/CVE-2018-9353.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9353", "sourceIdentifier": "security@android.com", "published": "2024-11-27T23:15:04.560", - "lastModified": "2024-11-29T22:15:06.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:25:06.230", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9374.json b/2018/CVE-2018-9374.json index 5ca8e0ba67f..cd8d51af67f 100644 --- a/2018/CVE-2018-9374.json +++ b/2018/CVE-2018-9374.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9374", "sourceIdentifier": "security@android.com", "published": "2024-11-28T00:15:03.827", - "lastModified": "2024-11-29T22:15:06.327", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:25:33.723", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9376.json b/2018/CVE-2018-9376.json index d0a10de5eaa..81328bfa491 100644 --- a/2018/CVE-2018-9376.json +++ b/2018/CVE-2018-9376.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9376", "sourceIdentifier": "security@android.com", "published": "2024-12-02T21:15:09.107", - "lastModified": "2024-12-03T19:15:05.937", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T19:37:08.323", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9377.json b/2018/CVE-2018-9377.json index 70ec4592849..b878040e207 100644 --- a/2018/CVE-2018-9377.json +++ b/2018/CVE-2018-9377.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9377", "sourceIdentifier": "security@android.com", "published": "2024-11-28T01:15:04.320", - "lastModified": "2024-11-29T22:15:06.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:25:52.687", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9380.json b/2018/CVE-2018-9380.json index d4afaed935d..ea5e9a41c1d 100644 --- a/2018/CVE-2018-9380.json +++ b/2018/CVE-2018-9380.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9380", "sourceIdentifier": "security@android.com", "published": "2024-12-02T20:15:04.443", - "lastModified": "2024-12-02T22:15:08.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T19:42:11.093", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9381.json b/2018/CVE-2018-9381.json index 7156f6002e3..ba26d1157c4 100644 --- a/2018/CVE-2018-9381.json +++ b/2018/CVE-2018-9381.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9381", "sourceIdentifier": "security@android.com", "published": "2024-12-02T20:15:05.440", - "lastModified": "2024-12-02T22:15:08.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T19:39:05.097", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9393.json b/2018/CVE-2018-9393.json index 7f3f6ae02dd..b1cc11a941b 100644 --- a/2018/CVE-2018-9393.json +++ b/2018/CVE-2018-9393.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9393", "sourceIdentifier": "security@android.com", "published": "2024-12-04T18:15:09.850", - "lastModified": "2024-12-05T19:15:06.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:27:59.163", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9394.json b/2018/CVE-2018-9394.json index d81dc3407ec..d93bb9eff91 100644 --- a/2018/CVE-2018-9394.json +++ b/2018/CVE-2018-9394.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9394", "sourceIdentifier": "security@android.com", "published": "2024-12-04T18:15:10.003", - "lastModified": "2024-12-05T18:15:19.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:24:41.127", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9395.json b/2018/CVE-2018-9395.json index 4505f8e68d6..bf58eb2d906 100644 --- a/2018/CVE-2018-9395.json +++ b/2018/CVE-2018-9395.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9395", "sourceIdentifier": "security@android.com", "published": "2024-12-04T18:15:10.163", - "lastModified": "2024-12-05T18:15:19.590", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:46:08.327", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9396.json b/2018/CVE-2018-9396.json index e6ab4065d37..cd44a1cdbe0 100644 --- a/2018/CVE-2018-9396.json +++ b/2018/CVE-2018-9396.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9396", "sourceIdentifier": "security@android.com", "published": "2024-12-04T22:15:18.457", - "lastModified": "2024-12-05T18:15:19.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:34:32.157", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9416.json b/2018/CVE-2018-9416.json index 2440d3e14de..9e7e22d66de 100644 --- a/2018/CVE-2018-9416.json +++ b/2018/CVE-2018-9416.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9416", "sourceIdentifier": "security@android.com", "published": "2024-12-05T00:15:18.153", - "lastModified": "2024-12-05T00:15:18.153", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:49:22.610", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,12 +59,66 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2018-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9423.json b/2018/CVE-2018-9423.json index f87ef9f3fed..b3682cca9a9 100644 --- a/2018/CVE-2018-9423.json +++ b/2018/CVE-2018-9423.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9423", "sourceIdentifier": "security@android.com", "published": "2024-12-02T22:15:08.827", - "lastModified": "2024-12-03T15:15:05.530", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:21:20.377", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9426.json b/2018/CVE-2018-9426.json index 7a982d98974..9e8a45ee5c0 100644 --- a/2018/CVE-2018-9426.json +++ b/2018/CVE-2018-9426.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9426", "sourceIdentifier": "security@android.com", "published": "2024-12-02T22:15:08.917", - "lastModified": "2024-12-03T15:15:05.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:21:52.560", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-331" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9429.json b/2018/CVE-2018-9429.json index 2c3fdb44085..eeeacb3a285 100644 --- a/2018/CVE-2018-9429.json +++ b/2018/CVE-2018-9429.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9429", "sourceIdentifier": "security@android.com", "published": "2024-12-02T22:15:09.013", - "lastModified": "2024-12-03T15:15:05.927", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:15:28.697", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,20 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-908" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +85,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9430.json b/2018/CVE-2018-9430.json index 64fa7b99583..23842044d18 100644 --- a/2018/CVE-2018-9430.json +++ b/2018/CVE-2018-9430.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9430", "sourceIdentifier": "security@android.com", "published": "2024-12-02T22:15:09.113", - "lastModified": "2024-12-03T15:15:06.087", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:15:57.170", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9431.json b/2018/CVE-2018-9431.json index 9fe9194e542..cd468abf0c6 100644 --- a/2018/CVE-2018-9431.json +++ b/2018/CVE-2018-9431.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9431", "sourceIdentifier": "security@android.com", "published": "2024-12-02T22:15:09.210", - "lastModified": "2024-12-03T15:15:06.270", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:17:59.063", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9435.json b/2018/CVE-2018-9435.json index 668f6d5288f..3f7032641ce 100644 --- a/2018/CVE-2018-9435.json +++ b/2018/CVE-2018-9435.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9435", "sourceIdentifier": "security@android.com", "published": "2024-12-02T22:15:09.310", - "lastModified": "2024-12-03T15:15:06.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:00:03.747", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-08-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9441.json b/2018/CVE-2018-9441.json index 27c888246a0..83d531ebb18 100644 --- a/2018/CVE-2018-9441.json +++ b/2018/CVE-2018-9441.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9441", "sourceIdentifier": "security@android.com", "published": "2024-12-03T01:15:04.697", - "lastModified": "2024-12-03T15:15:06.620", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:00:17.290", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-08-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2018/CVE-2018-9449.json b/2018/CVE-2018-9449.json index 2c02595b9ec..0237c199f91 100644 --- a/2018/CVE-2018-9449.json +++ b/2018/CVE-2018-9449.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9449", "sourceIdentifier": "security@android.com", "published": "2024-12-03T01:15:04.803", - "lastModified": "2024-12-03T15:15:06.793", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:10:01.940", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel/2018-08-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2019/CVE-2019-11001.json b/2019/CVE-2019-11001.json index 69408ec55c6..db2a734a7d5 100644 --- a/2019/CVE-2019-11001.json +++ b/2019/CVE-2019-11001.json @@ -2,7 +2,7 @@ "id": "CVE-2019-11001", "sourceIdentifier": "cve@mitre.org", "published": "2019-04-08T17:29:00.590", - "lastModified": "2024-11-21T04:20:19.820", + "lastModified": "2024-12-18T21:15:06.880", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "nvd@nist.gov", @@ -74,6 +96,16 @@ "value": "CWE-78" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/2022/CVE-2022-23227.json b/2022/CVE-2022-23227.json index 3d283fa2c3c..376f8b30545 100644 --- a/2022/CVE-2022-23227.json +++ b/2022/CVE-2022-23227.json @@ -2,7 +2,7 @@ "id": "CVE-2022-23227", "sourceIdentifier": "cve@mitre.org", "published": "2022-01-14T18:15:10.303", - "lastModified": "2024-11-21T06:48:13.770", + "lastModified": "2024-12-18T21:15:07.780", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -74,6 +94,16 @@ "value": "CWE-306" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-41877.json b/2023/CVE-2023-41877.json index f2a8d76974b..39ff030c9c4 100644 --- a/2023/CVE-2023-41877.json +++ b/2023/CVE-2023-41877.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41877", "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-20T15:15:07.500", - "lastModified": "2024-11-21T08:21:50.090", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T22:01:15.063", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,24 +69,66 @@ "value": "CWE-22" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.23.4", + "matchCriteriaId": "E92EC9EE-8E0B-40BA-A1FD-06AEB7F59EC1" + } + ] + } + ] } ], "references": [ { "url": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] }, { "url": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-51444.json b/2023/CVE-2023-51444.json index 6755d1de518..9cf5e1caba7 100644 --- a/2023/CVE-2023-51444.json +++ b/2023/CVE-2023-51444.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51444", "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-20T15:15:07.700", - "lastModified": "2024-11-21T08:38:07.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T21:58:24.790", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -53,48 +73,113 @@ "value": "CWE-434" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.23.4", + "matchCriteriaId": "73E1A204-C95D-4B7B-8C8A-E5639834BB97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:geoserver:geoserver:2.24.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DE2AC1E3-918D-4078-9306-52512A7BE8A7" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/geoserver/geoserver/pull/7222", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://osgeo-org.atlassian.net/browse/GEOS-11176", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/geoserver/geoserver/pull/7222", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://osgeo-org.atlassian.net/browse/GEOS-11176", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-51445.json b/2023/CVE-2023-51445.json index 2b092d2a5e1..2ac8924f1a4 100644 --- a/2023/CVE-2023-51445.json +++ b/2023/CVE-2023-51445.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51445", "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-20T16:15:07.640", - "lastModified": "2024-11-21T08:38:07.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T21:56:24.053", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ] }, @@ -49,40 +69,94 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.23.3", + "matchCriteriaId": "76D6CFB3-1A7B-4436-B927-6455629A0062" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/geoserver/geoserver/pull/7161", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://osgeo-org.atlassian.net/browse/GEOS-11148", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/geoserver/geoserver/pull/7161", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://osgeo-org.atlassian.net/browse/GEOS-11148", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-12371.json b/2024/CVE-2024-12371.json index 84bad84ddca..996a5ff54d9 100644 --- a/2024/CVE-2024-12371.json +++ b/2024/CVE-2024-12371.json @@ -2,7 +2,7 @@ "id": "CVE-2024-12371", "sourceIdentifier": "PSIRT@rockwellautomation.com", "published": "2024-12-18T16:15:10.907", - "lastModified": "2024-12-18T16:15:10.907", + "lastModified": "2024-12-18T20:15:21.193", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -57,6 +57,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], "references": [ { "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html", diff --git a/2024/CVE-2024-12372.json b/2024/CVE-2024-12372.json index 9757f9592c7..00305a9b342 100644 --- a/2024/CVE-2024-12372.json +++ b/2024/CVE-2024-12372.json @@ -2,7 +2,7 @@ "id": "CVE-2024-12372", "sourceIdentifier": "PSIRT@rockwellautomation.com", "published": "2024-12-18T16:15:11.050", - "lastModified": "2024-12-18T16:15:11.050", + "lastModified": "2024-12-18T20:15:22.167", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -57,6 +57,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], "references": [ { "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html", diff --git a/2024/CVE-2024-12373.json b/2024/CVE-2024-12373.json index 601217ab656..7fb73eccc7b 100644 --- a/2024/CVE-2024-12373.json +++ b/2024/CVE-2024-12373.json @@ -2,7 +2,7 @@ "id": "CVE-2024-12373", "sourceIdentifier": "PSIRT@rockwellautomation.com", "published": "2024-12-18T16:15:11.163", - "lastModified": "2024-12-18T16:15:11.163", + "lastModified": "2024-12-18T20:15:22.280", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -57,6 +57,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], "references": [ { "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html", diff --git a/2024/CVE-2024-12686.json b/2024/CVE-2024-12686.json new file mode 100644 index 00000000000..731c9d470c7 --- /dev/null +++ b/2024/CVE-2024-12686.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12686", + "sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891", + "published": "2024-12-18T21:15:08.020", + "lastModified": "2024-12-18T21:15:08.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "13061848-ea10-403d-bd75-c83a022c2891", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "13061848-ea10-403d-bd75-c83a022c2891", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12686", + "source": "13061848-ea10-403d-bd75-c83a022c2891" + }, + { + "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-11", + "source": "13061848-ea10-403d-bd75-c83a022c2891" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-12692.json b/2024/CVE-2024-12692.json new file mode 100644 index 00000000000..c55e340a859 --- /dev/null +++ b/2024/CVE-2024-12692.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-12692", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2024-12-18T22:15:05.730", + "lastModified": "2024-12-18T22:15:05.730", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "chrome-cve-admin@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "references": [ + { + "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/382291459", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-12693.json b/2024/CVE-2024-12693.json new file mode 100644 index 00000000000..581d6190a21 --- /dev/null +++ b/2024/CVE-2024-12693.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-12693", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2024-12-18T22:15:06.293", + "lastModified": "2024-12-18T22:15:06.293", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/382190919", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-12694.json b/2024/CVE-2024-12694.json new file mode 100644 index 00000000000..280dd51671f --- /dev/null +++ b/2024/CVE-2024-12694.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-12694", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2024-12-18T22:15:06.397", + "lastModified": "2024-12-18T22:15:06.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "chrome-cve-admin@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/368222741", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-12695.json b/2024/CVE-2024-12695.json new file mode 100644 index 00000000000..3cdf9556478 --- /dev/null +++ b/2024/CVE-2024-12695.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-12695", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2024-12-18T22:15:06.523", + "lastModified": "2024-12-18T22:15:06.523", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "chrome-cve-admin@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/383647255", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-12741.json b/2024/CVE-2024-12741.json new file mode 100644 index 00000000000..52e7199ca00 --- /dev/null +++ b/2024/CVE-2024-12741.json @@ -0,0 +1,107 @@ +{ + "id": "CVE-2024-12741", + "sourceIdentifier": "security@ni.com", + "published": "2024-12-18T20:15:22.390", + "lastModified": "2024-12-18T20:15:22.390", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "security@ni.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions. \u00a0Please note that DAQExpress is an EOL product and will not receive any updates." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@ni.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "security@ni.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@ni.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://knowledge.ni.com/KnowledgeArticleDetails?id=kA00Z000000kFD7SAM&l=en-US", + "source": "security@ni.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-24749.json b/2024/CVE-2024-24749.json index 448c61d4707..c063a5e39a5 100644 --- a/2024/CVE-2024-24749.json +++ b/2024/CVE-2024-24749.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24749", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-01T14:15:05.350", - "lastModified": "2024-11-21T08:59:37.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T22:08:46.760", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,32 +69,99 @@ "value": "CWE-22" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.23.5", + "matchCriteriaId": "F61A1B3A-DDBD-43E0-8475-BA567DD3528E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.24.0", + "versionEndExcluding": "2.24.3", + "matchCriteriaId": "439481B7-67BD-4B52-AF19-FC54302116AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/GeoWebCache/geowebcache/pull/1211", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/GeoWebCache/geowebcache/pull/1211", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-25618.json b/2024/CVE-2024-25618.json index da5d8c649be..6fe0dc0e640 100644 --- a/2024/CVE-2024-25618.json +++ b/2024/CVE-2024-25618.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25618", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-14T21:15:08.410", - "lastModified": "2024-11-21T09:01:05.663", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T22:27:39.050", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.2 } ] }, @@ -49,24 +69,87 @@ "value": "CWE-287" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.18", + "matchCriteriaId": "DE8476E0-8645-43D4-9003-53CC67A2A8C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.0.14", + "matchCriteriaId": "9ADD4C15-271F-4A6F-93D2-18CC1DF95CB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.1.0", + "versionEndExcluding": "4.1.14", + "matchCriteriaId": "7803D303-8650-422E-B97C-909672BD39F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndExcluding": "4.2.6", + "matchCriteriaId": "CF9BDF83-C1FF-4F9E-9B3B-796198DEDDC3" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/mastodon/mastodon/commit/b31af34c9716338e4a32a62cc812d1ca59e88d15", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-vm39-j3vx-pch3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/mastodon/mastodon/commit/b31af34c9716338e4a32a62cc812d1ca59e88d15", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-vm39-j3vx-pch3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-25619.json b/2024/CVE-2024-25619.json index 0585f79090d..ced5697b1a6 100644 --- a/2024/CVE-2024-25619.json +++ b/2024/CVE-2024-25619.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25619", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-14T21:15:08.620", - "lastModified": "2024-11-21T09:01:05.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T22:22:01.737", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, @@ -53,24 +73,89 @@ "value": "CWE-672" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + }, + { + "lang": "en", + "value": "CWE-672" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.18", + "matchCriteriaId": "DE8476E0-8645-43D4-9003-53CC67A2A8C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.0.14", + "matchCriteriaId": "9ADD4C15-271F-4A6F-93D2-18CC1DF95CB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.1.0", + "versionEndExcluding": "4.1.14", + "matchCriteriaId": "7803D303-8650-422E-B97C-909672BD39F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndExcluding": "4.2.6", + "matchCriteriaId": "CF9BDF83-C1FF-4F9E-9B3B-796198DEDDC3" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/mastodon/mastodon/commit/68eaa804c9bafdc5f798e114e9ba00161425dd71", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-7w3c-p9j8-mq3x", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/mastodon/mastodon/commit/68eaa804c9bafdc5f798e114e9ba00161425dd71", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-7w3c-p9j8-mq3x", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-25623.json b/2024/CVE-2024-25623.json index 7170cee73f4..607af4925dc 100644 --- a/2024/CVE-2024-25623.json +++ b/2024/CVE-2024-25623.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25623", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-19T16:15:51.847", - "lastModified": "2024-11-21T09:01:06.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T22:39:17.437", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.1, "impactScore": 4.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 } ] }, @@ -49,24 +69,85 @@ "value": "CWE-434" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19", + "matchCriteriaId": "E8812D4F-2BE3-47EF-8184-1A59A8BD0345" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.0.15", + "matchCriteriaId": "0AEC8DE8-51AD-4C44-AF70-A2ABE8FD49AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.1.0", + "versionEndExcluding": "4.1.15", + "matchCriteriaId": "0CBB8738-9E7D-4DAE-8E6F-5D8F51363B94" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndExcluding": "4.2.7", + "matchCriteriaId": "00EE36CA-1391-4052-9CCB-7A087F06A51E" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/mastodon/mastodon/commit/9fee5e852669e26f970e278021302e1a203fc022", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/mastodon/mastodon/commit/9fee5e852669e26f970e278021302e1a203fc022", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-25628.json b/2024/CVE-2024-25628.json index f19c64d2d99..e5904affb6d 100644 --- a/2024/CVE-2024-25628.json +++ b/2024/CVE-2024-25628.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25628", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-16T21:15:08.657", - "lastModified": "2024-11-21T09:01:06.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T19:43:00.970", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 4.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 } ] }, @@ -49,16 +69,50 @@ "value": "CWE-613" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:alf:alf:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0-m4-2402", + "matchCriteriaId": "27711CF1-B829-403D-891B-060FF9AB1F40" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/alfio-event/alf.io/security/advisories/GHSA-8p6m-mm22-q893", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/alfio-event/alf.io/security/advisories/GHSA-8p6m-mm22-q893", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-25641.json b/2024/CVE-2024-25641.json index d2fd7d41f88..4914e1537e7 100644 --- a/2024/CVE-2024-25641.json +++ b/2024/CVE-2024-25641.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25641", "sourceIdentifier": "security-advisories@github.com", "published": "2024-05-14T15:05:50.423", - "lastModified": "2024-11-21T09:01:08.333", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:54:30.227", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,40 +69,111 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.27", + "matchCriteriaId": "47529989-64EF-4CBB-AF1D-28A7C1CF36B3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/May/6", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/May/6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-27082.json b/2024/CVE-2024-27082.json index 49374bfdb68..ae4389e0fdb 100644 --- a/2024/CVE-2024-27082.json +++ b/2024/CVE-2024-27082.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27082", "sourceIdentifier": "security-advisories@github.com", "published": "2024-05-14T15:11:27.020", - "lastModified": "2024-11-21T09:03:49.447", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T21:01:17.677", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.1, "impactScore": 5.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,16 +69,52 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.27", + "matchCriteriaId": "47529989-64EF-4CBB-AF1D-28A7C1CF36B3" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-29894.json b/2024/CVE-2024-29894.json index 30bf3a3d1bf..d0381272509 100644 --- a/2024/CVE-2024-29894.json +++ b/2024/CVE-2024-29894.json @@ -2,8 +2,8 @@ "id": "CVE-2024-29894", "sourceIdentifier": "security-advisories@github.com", "published": "2024-05-14T15:17:14.577", - "lastModified": "2024-11-21T09:08:33.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T21:10:38.887", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, @@ -53,32 +73,97 @@ "value": "CWE-116" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.27", + "matchCriteriaId": "47529989-64EF-4CBB-AF1D-28A7C1CF36B3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-31458.json b/2024/CVE-2024-31458.json index f0e26ca0ae6..2bc47d90898 100644 --- a/2024/CVE-2024-31458.json +++ b/2024/CVE-2024-31458.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31458", "sourceIdentifier": "security-advisories@github.com", "published": "2024-05-14T15:25:25.307", - "lastModified": "2024-11-21T09:13:33.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:47:06.343", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.1, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 } ] }, @@ -49,24 +69,81 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.27", + "matchCriteriaId": "47529989-64EF-4CBB-AF1D-28A7C1CF36B3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-31459.json b/2024/CVE-2024-31459.json index c6936237049..38347320506 100644 --- a/2024/CVE-2024-31459.json +++ b/2024/CVE-2024-31459.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31459", "sourceIdentifier": "security-advisories@github.com", "published": "2024-05-14T15:25:26.110", - "lastModified": "2024-11-21T09:13:33.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:49:57.357", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.3, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,40 +69,113 @@ "value": "CWE-98" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.27", + "matchCriteriaId": "47529989-64EF-4CBB-AF1D-28A7C1CF36B3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-31460.json b/2024/CVE-2024-31460.json index 76efbf8691e..93a9db6ba18 100644 --- a/2024/CVE-2024-31460.json +++ b/2024/CVE-2024-31460.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31460", "sourceIdentifier": "security-advisories@github.com", "published": "2024-05-14T15:25:26.897", - "lastModified": "2024-11-21T09:13:34.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:38:39.747", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,32 +69,97 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.27", + "matchCriteriaId": "47529989-64EF-4CBB-AF1D-28A7C1CF36B3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-34340.json b/2024/CVE-2024-34340.json index 8c857dc4908..22350ea70b4 100644 --- a/2024/CVE-2024-34340.json +++ b/2024/CVE-2024-34340.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34340", "sourceIdentifier": "security-advisories@github.com", "published": "2024-05-14T15:38:39.517", - "lastModified": "2024-11-21T09:18:27.760", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:44:22.890", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.2 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 } ] }, @@ -53,24 +73,81 @@ "value": "CWE-697" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-697" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.27", + "matchCriteriaId": "47529989-64EF-4CBB-AF1D-28A7C1CF36B3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-36694.json b/2024/CVE-2024-36694.json new file mode 100644 index 00000000000..6537eb9903e --- /dev/null +++ b/2024/CVE-2024-36694.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-36694", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-18T20:15:22.637", + "lastModified": "2024-12-18T20:15:22.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/A3h1nt/CVEs/blob/main/OpenCart/Readme.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/opencart/opencart/issues/13863", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/opencart/opencart/releases/tag/4.0.2.3", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/@pawarit.sanguanpang/opencart-v4-0-2-3-server-side-template-injection-0b173a3bdcf9", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-40420.json b/2024/CVE-2024-40420.json index 4d74c491fae..7552c732525 100644 --- a/2024/CVE-2024-40420.json +++ b/2024/CVE-2024-40420.json @@ -2,63 +2,15 @@ "id": "CVE-2024-40420", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-17T19:15:11.363", - "lastModified": "2024-11-21T09:31:04.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T20:15:22.773", + "vulnStatus": "Rejected", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A Server-Side Template Injection (SSTI) vulnerability in the edit theme function of openCart project v4.0.2.3 allows attackers to execute arbitrary code via injecting a crafted payload." - }, - { - "lang": "es", - "value": "Una vulnerabilidad de Server-Side Template Injection (SSTI) en la funci\u00f3n de edici\u00f3n de tema del proyecto openCart v4.0.2.3 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la inyecci\u00f3n de un payload manipulado." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 8.0, - "baseSeverity": "HIGH", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "HIGH", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH" - }, - "exploitabilityScore": 1.3, - "impactScore": 6.0 - } - ] - }, - "weaknesses": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-94" - } - ] + "value": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-36694. Reason: This record is a duplicate of CVE-2024-36694. Notes: All CVE users should reference CVE-2024-36694 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage." } ], - "references": [ - { - "url": "https://github.com/A3h1nt/CVEs/blob/main/OpenCart/Readme.md", - "source": "cve@mitre.org" - }, - { - "url": "https://github.com/A3h1nt/CVEs/blob/main/OpenCart/Readme.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/2024/CVE-2024-45155.json b/2024/CVE-2024-45155.json index 8e679699f92..4bdd15a4a14 100644 --- a/2024/CVE-2024-45155.json +++ b/2024/CVE-2024-45155.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45155", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T21:15:15.983", - "lastModified": "2024-12-10T21:15:15.983", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T19:57:05.723", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:animate:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.0.9", + "matchCriteriaId": "4C8E4398-C023-4ADC-B2C4-31D81661139F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:animate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.0.6", + "matchCriteriaId": "87D1756D-7FE9-40A2-8C5D-2FC979CB0B13" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/animate/apsb24-96.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-45156.json b/2024/CVE-2024-45156.json index b2d0b4b54ca..3a58da3a4b2 100644 --- a/2024/CVE-2024-45156.json +++ b/2024/CVE-2024-45156.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45156", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T21:15:16.137", - "lastModified": "2024-12-10T21:15:16.137", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T19:57:54.143", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:animate:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.0.9", + "matchCriteriaId": "4C8E4398-C023-4ADC-B2C4-31D81661139F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:animate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.0.5", + "matchCriteriaId": "0E0AFAFE-6669-4321-95EF-F67D428469BA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/animate/apsb24-96.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-45338.json b/2024/CVE-2024-45338.json new file mode 100644 index 00000000000..a67445aa08b --- /dev/null +++ b/2024/CVE-2024-45338.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-45338", + "sourceIdentifier": "security@golang.org", + "published": "2024-12-18T21:15:08.173", + "lastModified": "2024-12-18T21:15:08.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://go.dev/cl/637536", + "source": "security@golang.org" + }, + { + "url": "https://go.dev/issue/70906", + "source": "security@golang.org" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ", + "source": "security@golang.org" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2024-3333", + "source": "security@golang.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-47538.json b/2024/CVE-2024-47538.json index d767d5d020f..cb612c7398c 100644 --- a/2024/CVE-2024-47538.json +++ b/2024/CVE-2024-47538.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47538", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:28.070", - "lastModified": "2024-12-12T02:03:28.070", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:51:56.203", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,32 +59,91 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } ] }, "weaknesses": [ { "source": "security-advisories@github.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-121" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] } ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0022.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47539.json b/2024/CVE-2024-47539.json index 3f827d8a707..969b5735f4c 100644 --- a/2024/CVE-2024-47539.json +++ b/2024/CVE-2024-47539.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47539", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:28.203", - "lastModified": "2024-12-12T02:03:28.203", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:52:56.307", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47540.json b/2024/CVE-2024-47540.json index 3996a2af436..235e099f777 100644 --- a/2024/CVE-2024-47540.json +++ b/2024/CVE-2024-47540.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47540", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:28.343", - "lastModified": "2024-12-12T02:03:28.343", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:53:53.963", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,32 +59,91 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } ] }, "weaknesses": [ { "source": "security-advisories@github.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-457" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] } ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47543.json b/2024/CVE-2024-47543.json index e68073f2dbe..a976a52d15d 100644 --- a/2024/CVE-2024-47543.json +++ b/2024/CVE-2024-47543.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47543", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:28.807", - "lastModified": "2024-12-12T02:03:28.807", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:47:18.337", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0009.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-236_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47544.json b/2024/CVE-2024-47544.json index 369680d4da6..ae75501e8fb 100644 --- a/2024/CVE-2024-47544.json +++ b/2024/CVE-2024-47544.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47544", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:28.950", - "lastModified": "2024-12-12T02:03:28.950", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:48:32.893", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0011.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-238_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47545.json b/2024/CVE-2024-47545.json index ea7e371b5bf..ed5cbd85bb0 100644 --- a/2024/CVE-2024-47545.json +++ b/2024/CVE-2024-47545.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47545", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:29.083", - "lastModified": "2024-12-12T02:03:29.083", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:49:28.210", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0010.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-242_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47546.json b/2024/CVE-2024-47546.json index 93ad0ef6451..c4ae4ef3fd8 100644 --- a/2024/CVE-2024-47546.json +++ b/2024/CVE-2024-47546.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47546", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:29.210", - "lastModified": "2024-12-12T02:03:29.210", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:50:08.920", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0013.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-243_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47596.json b/2024/CVE-2024-47596.json index eb9c9a26bd4..538aaac00eb 100644 --- a/2024/CVE-2024-47596.json +++ b/2024/CVE-2024-47596.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47596", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:31.010", - "lastModified": "2024-12-12T02:03:31.010", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:51:08.200", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0015.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47597.json b/2024/CVE-2024-47597.json index aceba932863..c520e39ddb9 100644 --- a/2024/CVE-2024-47597.json +++ b/2024/CVE-2024-47597.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47597", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:31.137", - "lastModified": "2024-12-12T02:03:31.137", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:39:17.820", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0012.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-245_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47598.json b/2024/CVE-2024-47598.json index cb06199e7dc..0082be1db94 100644 --- a/2024/CVE-2024-47598.json +++ b/2024/CVE-2024-47598.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47598", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:31.283", - "lastModified": "2024-12-12T02:03:31.283", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:40:26.240", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0006.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-246_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47599.json b/2024/CVE-2024-47599.json index 4d9ce155d11..01ddb4bf6e1 100644 --- a/2024/CVE-2024-47599.json +++ b/2024/CVE-2024-47599.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47599", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:31.440", - "lastModified": "2024-12-12T02:03:31.440", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:41:17.307", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0016.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-247_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47600.json b/2024/CVE-2024-47600.json index deefb1692bc..3c7de20a5d1 100644 --- a/2024/CVE-2024-47600.json +++ b/2024/CVE-2024-47600.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47600", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:31.577", - "lastModified": "2024-12-12T02:03:31.577", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:43:04.660", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47601.json b/2024/CVE-2024-47601.json index 97034fa4dfb..dc54e29ca69 100644 --- a/2024/CVE-2024-47601.json +++ b/2024/CVE-2024-47601.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47601", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:31.727", - "lastModified": "2024-12-12T02:03:31.727", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:43:42.903", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0020.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-249_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47602.json b/2024/CVE-2024-47602.json index 21cb3d68cae..b5a8e92522f 100644 --- a/2024/CVE-2024-47602.json +++ b/2024/CVE-2024-47602.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47602", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:31.893", - "lastModified": "2024-12-12T02:03:31.893", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:27:41.137", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,12 +59,34 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } ] }, "weaknesses": [ { "source": "security-advisories@github.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -75,20 +97,57 @@ "value": "CWE-476" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] } ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0019.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47603.json b/2024/CVE-2024-47603.json index c26330d332a..bcec9f59370 100644 --- a/2024/CVE-2024-47603.json +++ b/2024/CVE-2024-47603.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47603", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:32.033", - "lastModified": "2024-12-12T02:03:32.033", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:28:13.987", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0021.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-251_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47606.json b/2024/CVE-2024-47606.json index 3d811b6e3f4..a9ab64019e7 100644 --- a/2024/CVE-2024-47606.json +++ b/2024/CVE-2024-47606.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47606", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:32.220", - "lastModified": "2024-12-15T23:15:05.063", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:35:45.223", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } ] }, "weaknesses": [ @@ -71,24 +93,79 @@ "value": "CWE-190" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + } + ] + } + ] } ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00016.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47607.json b/2024/CVE-2024-47607.json index 9f8fb340957..c4fc4793b39 100644 --- a/2024/CVE-2024-47607.json +++ b/2024/CVE-2024-47607.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47607", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:32.363", - "lastModified": "2024-12-12T02:03:32.363", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T19:53:21.123", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,32 +59,91 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } ] }, "weaknesses": [ { "source": "security-advisories@github.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-121" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] } ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0024.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47613.json b/2024/CVE-2024-47613.json index ec4c9da76fc..b39a7c86303 100644 --- a/2024/CVE-2024-47613.json +++ b/2024/CVE-2024-47613.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47613", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:32.740", - "lastModified": "2024-12-12T02:03:32.740", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T19:55:43.117", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,32 +59,91 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } ] }, "weaknesses": [ { "source": "security-advisories@github.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-476" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] } ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47615.json b/2024/CVE-2024-47615.json index 3f3538c5f7c..027c988aacb 100644 --- a/2024/CVE-2024-47615.json +++ b/2024/CVE-2024-47615.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47615", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:32.940", - "lastModified": "2024-12-12T02:03:32.940", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T19:57:16.537", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47774.json b/2024/CVE-2024-47774.json index 2673cbb2a59..4d81e4f7821 100644 --- a/2024/CVE-2024-47774.json +++ b/2024/CVE-2024-47774.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47774", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:40.297", - "lastModified": "2024-12-12T02:03:40.297", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:36:58.827", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/github/securitylab-vulnerabilities/issues/1826", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-262_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47775.json b/2024/CVE-2024-47775.json index 2df3b06d14e..94b99402087 100644 --- a/2024/CVE-2024-47775.json +++ b/2024/CVE-2024-47775.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47775", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:40.430", - "lastModified": "2024-12-12T02:03:40.430", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T21:37:59.663", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-261_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47777.json b/2024/CVE-2024-47777.json index 74fafbce415..8203e08b410 100644 --- a/2024/CVE-2024-47777.json +++ b/2024/CVE-2024-47777.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47777", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:40.700", - "lastModified": "2024-12-12T02:03:40.700", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T19:40:54.580", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-259_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47834.json b/2024/CVE-2024-47834.json index 6776fe879f8..e2bdcb1eaec 100644 --- a/2024/CVE-2024-47834.json +++ b/2024/CVE-2024-47834.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47834", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:43.017", - "lastModified": "2024-12-12T02:03:43.017", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T19:43:02.923", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0030.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-280_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47835.json b/2024/CVE-2024-47835.json index 1c8379b7750..f543885d211 100644 --- a/2024/CVE-2024-47835.json +++ b/2024/CVE-2024-47835.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47835", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-12T02:03:43.163", - "lastModified": "2024-12-12T02:03:43.163", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-18T19:45:03.047", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.24.10", + "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://gstreamer.freedesktop.org/security/sa-2024-0029.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-49363.json b/2024/CVE-2024-49363.json new file mode 100644 index 00000000000..585cb8e75f3 --- /dev/null +++ b/2024/CVE-2024-49363.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-49363", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-18T20:15:23.073", + "lastModified": "2024-12-18T20:15:23.073", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed denial-of-service via a maliciously crafted note. FileServerService.prototype.proxyHandler did not check incoming requests are not coming from another proxy server. An attacker can execute an amplified denial-of-service by sending a nested proxy request to the server and end the request with a malicious redirect back to another nested proxy request.\nLeading to unbounded recursion until the original request is timed out. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. Users unable to upgrade may configure the reverse proxy to block requests to the proxy with an empty User-Agent header or one containing Misskey/. An attacker can not effectively modify the User-Agent header without making another request to the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-405" + }, + { + "lang": "en", + "value": "CWE-674" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-gq5q-c77c-v236", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-49543.json b/2024/CVE-2024-49543.json index 715983bfe37..45ef2322464 100644 --- a/2024/CVE-2024-49543.json +++ b/2024/CVE-2024-49543.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49543", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T21:15:16.937", - "lastModified": "2024-12-10T21:15:16.937", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T21:22:33.593", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -42,19 +42,74 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-121" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionEndIncluding": "18.5.4", + "matchCriteriaId": "BC3215E2-E1F4-4418-B110-E4582684AF10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionStartIncluding": "19.0", + "versionEndExcluding": "19.5.1", + "matchCriteriaId": "D1891774-54B6-4F4F-9E5A-D4EF1711E859" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], "references": [ { "url": "https://helpx.adobe.com/security/products/indesign/apsb24-97.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-49544.json b/2024/CVE-2024-49544.json index 7641e877523..2db4c348e2b 100644 --- a/2024/CVE-2024-49544.json +++ b/2024/CVE-2024-49544.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49544", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T21:15:17.073", - "lastModified": "2024-12-10T21:15:17.073", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T21:22:11.823", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionEndIncluding": "18.5.4", + "matchCriteriaId": "BC3215E2-E1F4-4418-B110-E4582684AF10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionStartIncluding": "19.0", + "versionEndExcluding": "19.5.1", + "matchCriteriaId": "D1891774-54B6-4F4F-9E5A-D4EF1711E859" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/indesign/apsb24-97.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-49545.json b/2024/CVE-2024-49545.json index 0a467b62f36..f9184ea8de8 100644 --- a/2024/CVE-2024-49545.json +++ b/2024/CVE-2024-49545.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49545", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T21:15:17.220", - "lastModified": "2024-12-10T21:15:17.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T21:21:56.527", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -42,19 +42,74 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-122" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionEndIncluding": "18.5.4", + "matchCriteriaId": "BC3215E2-E1F4-4418-B110-E4582684AF10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionStartIncluding": "19.0", + "versionEndExcluding": "19.5.1", + "matchCriteriaId": "D1891774-54B6-4F4F-9E5A-D4EF1711E859" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], "references": [ { "url": "https://helpx.adobe.com/security/products/indesign/apsb24-97.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-49546.json b/2024/CVE-2024-49546.json index f0dc7328824..52b821fbf4c 100644 --- a/2024/CVE-2024-49546.json +++ b/2024/CVE-2024-49546.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49546", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T21:15:17.350", - "lastModified": "2024-12-10T21:15:17.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T21:21:39.133", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionEndIncluding": "18.5.4", + "matchCriteriaId": "BC3215E2-E1F4-4418-B110-E4582684AF10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionStartIncluding": "19.0", + "versionEndExcluding": "19.5.1", + "matchCriteriaId": "D1891774-54B6-4F4F-9E5A-D4EF1711E859" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/indesign/apsb24-97.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-49547.json b/2024/CVE-2024-49547.json index 74251f8f871..f35c23def29 100644 --- a/2024/CVE-2024-49547.json +++ b/2024/CVE-2024-49547.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49547", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T21:15:17.483", - "lastModified": "2024-12-10T21:15:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T21:20:40.313", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionEndIncluding": "18.5.4", + "matchCriteriaId": "BC3215E2-E1F4-4418-B110-E4582684AF10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionStartIncluding": "19.0", + "versionEndExcluding": "19.5.1", + "matchCriteriaId": "D1891774-54B6-4F4F-9E5A-D4EF1711E859" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/indesign/apsb24-97.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-49548.json b/2024/CVE-2024-49548.json index 9c67f8cd1bd..46ebb67ac5d 100644 --- a/2024/CVE-2024-49548.json +++ b/2024/CVE-2024-49548.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49548", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T21:15:17.617", - "lastModified": "2024-12-10T21:15:17.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T21:20:23.697", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionEndIncluding": "18.5.4", + "matchCriteriaId": "BC3215E2-E1F4-4418-B110-E4582684AF10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionStartIncluding": "19.0", + "versionEndExcluding": "19.5.1", + "matchCriteriaId": "D1891774-54B6-4F4F-9E5A-D4EF1711E859" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/indesign/apsb24-97.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-49549.json b/2024/CVE-2024-49549.json index 389dc06bc0e..a13e849a32d 100644 --- a/2024/CVE-2024-49549.json +++ b/2024/CVE-2024-49549.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49549", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T21:15:17.753", - "lastModified": "2024-12-10T21:15:17.753", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T21:19:54.533", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionEndIncluding": "18.5.4", + "matchCriteriaId": "BC3215E2-E1F4-4418-B110-E4582684AF10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionStartIncluding": "19.0", + "versionEndExcluding": "19.5.1", + "matchCriteriaId": "D1891774-54B6-4F4F-9E5A-D4EF1711E859" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/indesign/apsb24-97.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-51470.json b/2024/CVE-2024-51470.json new file mode 100644 index 00000000000..283cb824ff8 --- /dev/null +++ b/2024/CVE-2024-51470.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-51470", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-12-18T20:15:23.233", + "lastModified": "2024-12-18T20:15:23.233", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7177593", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7178085", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7179137", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-52579.json b/2024/CVE-2024-52579.json new file mode 100644 index 00000000000..53fc21ffbe1 --- /dev/null +++ b/2024/CVE-2024-52579.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-52579", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-18T20:15:23.383", + "lastModified": "2024-12-18T20:15:23.383", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Misskey is an open source, federated social media platform. Some APIs using `HttpRequestService` do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or GET requests (with some controllable URL parameters) to private IPs, enabling further attacks on internal servers. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + }, + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-5q3h-wpfw-hjjw", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-52590.json b/2024/CVE-2024-52590.json new file mode 100644 index 00000000000..0ff27f004f4 --- /dev/null +++ b/2024/CVE-2024-52590.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-52590", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-18T20:15:23.527", + "lastModified": "2024-12-18T20:15:23.527", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to impersonate existing users from the target instance. Vulnerable Misskey instances will accept spoofed users as valid, allowing an attacker to impersonate users on another instance. Attackers have full control of the spoofed user and can post, renote, or otherwise interact like a real account. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-7vgr-p3vc-p4h2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-52591.json b/2024/CVE-2024-52591.json new file mode 100644 index 00000000000..e245bca4ebb --- /dev/null +++ b/2024/CVE-2024-52591.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-52591", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-18T20:15:23.697", + "lastModified": "2024-12-18T20:15:23.697", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` and `HttpRequestService.getActivityJson` allows an attacker to create fake user profiles and forged notes. The spoofed users will appear to be from a different instance than the one where they actually exist, and the forged notes will appear to be posted by a different user. Vulnerable Misskey instances will accept the spoofed objects as valid, allowing an attacker to impersonate other users and instances. The attacker retains full control of the spoofed user / note and can interact like a real account. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-m2gq-69fp-6hv4", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-52592.json b/2024/CVE-2024-52592.json new file mode 100644 index 00000000000..ec91f3fb77d --- /dev/null +++ b/2024/CVE-2024-52592.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-52592", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-18T20:15:23.840", + "lastModified": "2024-12-18T20:15:23.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Misskey is an open source, federated social media platform. In affected versions missing validation in `ApInboxService.update` allows an attacker to modify the result of polls belonging to another user. No authentication is required, except for a valid signature from any actor on any remote instance. Vulnerable Misskey instances will accept spoofed updates for remote polls. Local polls are unaffected. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-5h8r-gq97-xv69", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-52593.json b/2024/CVE-2024-52593.json new file mode 100644 index 00000000000..27b454a5757 --- /dev/null +++ b/2024/CVE-2024-52593.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-52593", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-18T20:15:23.983", + "lastModified": "2024-12-18T20:15:23.983", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Misskey is an open source, federated social media platform.In affected versions missing validation in `NoteCreateService.insertNote`, `ApPersonService.createPerson`, and `ApPersonService.updatePerson` allows an attacker to control the target of any \"origin\" links (such as the \"view on remote instance\" banner). Any HTTPS URL can be set, even if it belongs to a different domain than the note / user. Vulnerable Misskey instances will use the unverified URL for several clickable links, allowing an attacker to conduct phishing or other attacks against remote users. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-675w-hf2m-qwmj", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-53269.json b/2024/CVE-2024-53269.json new file mode 100644 index 00000000000..ab82c8c6bac --- /dev/null +++ b/2024/CVE-2024-53269.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-53269", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-18T20:15:24.127", + "lastModified": "2024-12-18T22:15:06.763", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-670" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-53270.json b/2024/CVE-2024-53270.json new file mode 100644 index 00000000000..c6f8eb9be94 --- /dev/null +++ b/2024/CVE-2024-53270.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-53270", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-18T20:15:24.290", + "lastModified": "2024-12-18T22:15:06.883", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-670" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/envoyproxy/envoy/pull/37743/commits/6cf8afda956ba67c9afad185b962325a5242ef02", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-q9qv-8j52-77p3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-q9qv-8j52-77p3", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-53271.json b/2024/CVE-2024-53271.json new file mode 100644 index 00000000000..004065304fc --- /dev/null +++ b/2024/CVE-2024-53271.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-53271", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-18T20:15:24.433", + "lastModified": "2024-12-18T22:15:07.010", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-670" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/envoyproxy/envoy/commit/da56f6da63079baecef9183436ee5f4141a59af8", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4f", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4f", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-53953.json b/2024/CVE-2024-53953.json index 9ae8ae14908..c0584de90a4 100644 --- a/2024/CVE-2024-53953.json +++ b/2024/CVE-2024-53953.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53953", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T21:15:20.437", - "lastModified": "2024-12-10T21:15:20.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T19:58:21.397", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:animate:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.0.9", + "matchCriteriaId": "4C8E4398-C023-4ADC-B2C4-31D81661139F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:animate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.0.6", + "matchCriteriaId": "87D1756D-7FE9-40A2-8C5D-2FC979CB0B13" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/animate/apsb24-96.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-53954.json b/2024/CVE-2024-53954.json index 78dd8563096..be5f622556a 100644 --- a/2024/CVE-2024-53954.json +++ b/2024/CVE-2024-53954.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53954", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T21:15:20.560", - "lastModified": "2024-12-10T21:15:20.560", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-18T21:16:26.943", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,56 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:animate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.0.9", + "matchCriteriaId": "BCBA83B6-D1B9-489C-9554-F484538ADBD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:animate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.0.6", + "matchCriteriaId": "87D1756D-7FE9-40A2-8C5D-2FC979CB0B13" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/animate/apsb24-96.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-55231.json b/2024/CVE-2024-55231.json new file mode 100644 index 00000000000..38aeaf6de79 --- /dev/null +++ b/2024/CVE-2024-55231.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-55231", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-18T22:15:07.127", + "lastModified": "2024-12-18T22:15:07.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/CV1523/CVEs/blob/main/CVE-2024-55231.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-55232.json b/2024/CVE-2024-55232.json new file mode 100644 index 00000000000..4f72fb44cab --- /dev/null +++ b/2024/CVE-2024-55232.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-55232", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-18T22:15:07.297", + "lastModified": "2024-12-18T22:15:07.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/CV1523/CVEs/blob/main/CVE-2024-55232.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-55505.json b/2024/CVE-2024-55505.json new file mode 100644 index 00000000000..14e851a7967 --- /dev/null +++ b/2024/CVE-2024-55505.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-55505", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-18T22:15:07.477", + "lastModified": "2024-12-18T22:15:07.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/CV1523/CVEs/blob/main/CVE-2024-55505.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-56140.json b/2024/CVE-2024-56140.json new file mode 100644 index 00000000000..dfe2ad4a51f --- /dev/null +++ b/2024/CVE-2024-56140.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-56140", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-18T21:15:08.353", + "lastModified": "2024-12-18T21:15:08.353", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Astro is a web framework for content-driven websites. In affected versions a bug in Astro\u2019s CSRF-protection middleware allows requests to bypass CSRF checks. When the `security.checkOrigin` configuration option is set to `true`, Astro middleware will perform a CSRF check. However, a vulnerability exists that can bypass this security. A semicolon-delimited parameter is allowed after the type in `Content-Type`. Web browsers will treat a `Content-Type` such as `application/x-www-form-urlencoded; abc` as a `simple request` and will not perform preflight validation. In this case, CSRF is not blocked as expected. Additionally, the `Content-Type` header is not required for a request. This issue has been addressed in version 4.16.17 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/withastro/astro/blob/6031962ab5f56457de986eb82bd24807e926ba1b/packages/astro/src/core/app/middlewares.ts", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/withastro/astro/commit/e7d14c374b9d45e27089994a4eb72186d05514de", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/withastro/astro/security/advisories/GHSA-c4pw-33h3-35xw", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-56145.json b/2024/CVE-2024-56145.json new file mode 100644 index 00000000000..ac9f6187a56 --- /dev/null +++ b/2024/CVE-2024-56145.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-56145", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-18T21:15:08.530", + "lastModified": "2024-12-18T21:15:08.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 4.13.2 or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file