NVD Sync 2024-11-25 02:31

cve/2024/CVE-2024-10041.json

@@ -1 +1 @@
-{"cve": {"id": "CVE-2024-10041", "sourceIdentifier": "[email protected]", "published": "2024-10-23T14:15:03.970", "lastModified": "2024-11-12T21:15:10.467", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en PAM. La informaci\u00f3n secreta se almacena en la memoria, donde el atacante puede hacer que el programa v\u00edctima se ejecute enviando caracteres a su entrada est\u00e1ndar (stdin). Mientras esto ocurre, el atacante puede entrenar al predictor de bifurcaciones para que ejecute una cadena ROP de manera especulativa. Esta falla podr\u00eda provocar la filtraci\u00f3n de contrase\u00f1as, como las que se encuentran en /etc/shadow mientras se realizan autenticaciones."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.0, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-922"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Primary", "description": [{"lang": "en", "value": "CWE-922"}]}, {"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:linux-pam:linux-pam:-:*:*:*:*:*:*:*", "matchCriteriaId": "20ED7FC4-9FBB-4886-9FF0-BBBCBBE852D6"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"vulnerable": false, "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"vulnerable": false, "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-10041", "source": "[email protected]", "tags": ["Mitigation", "Third Party Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319212", "source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"]}]}}
+{"cve": {"id": "CVE-2024-10041", "sourceIdentifier": "[email protected]", "published": "2024-10-23T14:15:03.970", "lastModified": "2024-11-25T00:15:03.593", "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en PAM. La informaci\u00f3n secreta se almacena en la memoria, donde el atacante puede hacer que el programa v\u00edctima se ejecute enviando caracteres a su entrada est\u00e1ndar (stdin). Mientras esto ocurre, el atacante puede entrenar al predictor de bifurcaciones para que ejecute una cadena ROP de manera especulativa. Esta falla podr\u00eda provocar la filtraci\u00f3n de contrase\u00f1as, como las que se encuentran en /etc/shadow mientras se realizan autenticaciones."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.0, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-922"}]}, {"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-922"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:linux-pam:linux-pam:-:*:*:*:*:*:*:*", "matchCriteriaId": "20ED7FC4-9FBB-4886-9FF0-BBBCBBE852D6"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"vulnerable": false, "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"vulnerable": false, "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:9941", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-10041", "source": "[email protected]", "tags": ["Mitigation", "Third Party Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319212", "source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"]}]}}

cve/2024/CVE-2024-11646.json

@@ -0,0 +1 @@
+{"cve": {"id": "CVE-2024-11646", "sourceIdentifier": "[email protected]", "published": "2024-11-25T00:15:03.743", "lastModified": "2024-11-25T00:15:03.743", "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "subsequentSystemAvailability": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "safety": "NOT_DEFINED", "automatable": "NOT_DEFINED", "recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://1000projects.org/", "source": "[email protected]"}, {"url": "https://github.com/ppp-src/CVE/issues/33", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.285967", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.285967", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.446575", "source": "[email protected]"}]}}

cve/2024/CVE-2024-11665.json

@@ -1 +1 @@
-{"cve": {"id": "CVE-2024-11665", "sourceIdentifier": "[email protected]", "published": "2024-11-24T23:15:03.903", "lastModified": "2024-11-24T23:15:03.903", "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.This issue affects cph2_echarge_firmware: through 2.0.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-77"}]}], "references": [{"url": "https://www.onekey.com/resource/not-all-ev-chargers-are-created-equal", "source": "[email protected]"}]}}
+{"cve": {"id": "CVE-2024-11665", "sourceIdentifier": "[email protected]", "published": "2024-11-24T23:15:03.903", "lastModified": "2024-11-25T00:15:03.957", "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.This issue affects cph2_echarge_firmware: through 2.0.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-77"}]}], "references": [{"url": "https://www.onekey.com/resource/critical-vulnerabilities-in-ev-charging-stations-analysis-of-echarge-controllers", "source": "[email protected]"}]}}

cve/2024/CVE-2024-11666.json

@@ -1 +1 @@
-{"cve": {"id": "CVE-2024-11666", "sourceIdentifier": "[email protected]", "published": "2024-11-24T23:15:04.030", "lastModified": "2024-11-24T23:15:04.030", "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users\u00a0 suitably positioned on the network between an EV charger controller and eCharge infrastructure can execute arbitrary commands with elevated privileges on affected devices.\n\nThis issue affects cph2_echarge_firmware: through 2.0.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-345"}]}], "references": [{"url": "https://www.onekey.com/resource/not-all-ev-chargers-are-created-equal", "source": "[email protected]"}]}}
+{"cve": {"id": "CVE-2024-11666", "sourceIdentifier": "[email protected]", "published": "2024-11-24T23:15:04.030", "lastModified": "2024-11-25T00:15:04.040", "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users\u00a0 suitably positioned on the network between an EV charger controller and eCharge infrastructure can execute arbitrary commands with elevated privileges on affected devices.\n\nThis issue affects cph2_echarge_firmware: through 2.0.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-345"}]}], "references": [{"url": "https://www.onekey.com/resource/critical-vulnerabilities-in-ev-charging-stations-analysis-of-echarge-controllers", "source": "[email protected]"}]}}

cve/2024/CVE-2024-53916.json

@@ -0,0 +1 @@
+{"cve": {"id": "CVE-2024-53916", "sourceIdentifier": "[email protected]", "published": "2024-11-25T00:15:04.423", "lastModified": "2024-11-25T00:15:04.423", "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the \"Work in Progress\" status as of 2024-11-24."}], "metrics": {}, "references": [{"url": "https://github.com/openstack/neutron/blob/363ffa6e9e1ab5968f87d45bc2f1cb6394f48b9f/neutron/extensions/tagging.py#L138-L232", "source": "[email protected]"}, {"url": "https://review.opendev.org/c/openstack/neutron/+/935883", "source": "[email protected]"}, {"url": "https://review.opendev.org/q/project:openstack/neutron", "source": "[email protected]"}]}}

syncdate.json

@@ -1 +1 @@
-{"lastModStartDate": "2024-11-24T22:02:24.569080+00:00", "lastModEndDate": "2024-11-25T00:04:48.224503+00:00"}
+{"lastModStartDate": "2024-11-25T00:04:48.224503+00:00", "lastModEndDate": "2024-11-25T02:28:38.964351+00:00"}