NVD Sync 2024-08-01 10:02

espressif · Aug 1, 2024 · fde9fb6 · fde9fb6
1 parent b599d4e
commit fde9fb6
Show file tree

Hide file tree

Showing 17 changed files with 17 additions and 12 deletions.
diff --git a/cve/2022/CVE-2022-24975.json b/cve/2022/CVE-2022-24975.json
@@ -1 +1 @@
-{"cve": {"id": "CVE-2022-24975", "sourceIdentifier": "[email protected]", "published": "2022-02-11T20:15:07.507", "lastModified": "2024-07-02T14:15:12.013", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the \"GitBleed\" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk."}, {"lang": "es", "value": "La documentaci\u00f3n --mirror para Git versiones hasta 2.35.1, no menciona la disponibilidad del contenido eliminado, tambi\u00e9n se conoce como el problema \"GitBleed\". Esto podr\u00eda presentar un riesgo de seguridad si los procesos de auditor\u00eda de divulgaci\u00f3n de informaci\u00f3n dependen de una operaci\u00f3n de clonaci\u00f3n sin la opci\u00f3n --mirror"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-668"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.35.1", "matchCriteriaId": "0342C612-A603-40D9-B6EF-B8D8D3DAA3A5"}]}]}], "references": [{"url": "https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/", "source": "[email protected]"}, {"url": "https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}
+{"cve": {"id": "CVE-2022-24975", "sourceIdentifier": "[email protected]", "published": "2022-02-11T20:15:07.507", "lastModified": "2024-08-01T09:15:02.447", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the \"GitBleed\" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk."}, {"lang": "es", "value": "La documentaci\u00f3n --mirror para Git versiones hasta 2.35.1, no menciona la disponibilidad del contenido eliminado, tambi\u00e9n se conoce como el problema \"GitBleed\". Esto podr\u00eda presentar un riesgo de seguridad si los procesos de auditor\u00eda de divulgaci\u00f3n de informaci\u00f3n dependen de una operaci\u00f3n de clonaci\u00f3n sin la opci\u00f3n --mirror"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-668"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.35.1", "matchCriteriaId": "0342C612-A603-40D9-B6EF-B8D8D3DAA3A5"}]}]}], "references": [{"url": "https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://lore.kernel.org/git/xmqq4k14qe9g.fsf%40gitster.g/", "source": "[email protected]"}, {"url": "https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/", "source": "[email protected]"}, {"url": "https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}
diff --git a/cve/2024/CVE-2024-25948.json b/cve/2024/CVE-2024-25948.json
@@ -0,0 +1 @@
+{"cve": {"id": "CVE-2024-25948", "sourceIdentifier": "[email protected]", "published": "2024-08-01T08:15:02.203", "lastModified": "2024-08-01T08:15:02.203", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."}, {"lang": "es", "value": "El m\u00f3dulo de servicio Dell iDRAC versi\u00f3n 5.3.0.0 y anteriores contiene una vulnerabilidad de escritura fuera de los l\u00edmites. Un atacante local privilegiado podr\u00eda ejecutar c\u00f3digo arbitrario, lo que podr\u00eda provocar un evento de denegaci\u00f3n de servicio."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 4.8, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.6, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities", "source": "[email protected]"}]}}
diff --git a/cve/2024/CVE-2024-28972.json b/cve/2024/CVE-2024-28972.json
@@ -0,0 +1 @@
+{"cve": {"id": "CVE-2024-28972", "sourceIdentifier": "[email protected]", "published": "2024-08-01T08:15:02.520", "lastModified": "2024-08-01T08:15:02.520", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure."}, {"lang": "es", "value": "Dell InsightIQ, versi\u00f3n 5.0.0, contiene una vulnerabilidad relacionada con el uso de un algoritmo criptogr\u00e1fico da\u00f1ado o riesgoso. Un atacante remoto no autenticado podr\u00eda aprovechar esta vulnerabilidad y provocar la divulgaci\u00f3n de informaci\u00f3n."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-327"}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000226567/dsa-2024-211-security-update-for-a-dell-insightiq-broken-or-risky-cryptographic-algorithm-vulnerability", "source": "[email protected]"}]}}
diff --git a/cve/2024/CVE-2024-38481.json b/cve/2024/CVE-2024-38481.json
@@ -0,0 +1 @@
+{"cve": {"id": "CVE-2024-38481", "sourceIdentifier": "[email protected]", "published": "2024-08-01T08:15:02.767", "lastModified": "2024-08-01T08:15:02.767", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."}, {"lang": "es", "value": "El m\u00f3dulo de servicio Dell iDRAC versi\u00f3n 5.3.0.0 y anteriores contiene una vulnerabilidad de lectura fuera de los l\u00edmites. Un atacante local privilegiado podr\u00eda ejecutar c\u00f3digo arbitrario, lo que podr\u00eda provocar un evento de denegaci\u00f3n de servicio."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 4.8, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.6, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities", "source": "[email protected]"}]}}
diff --git a/cve/2024/CVE-2024-38489.json b/cve/2024/CVE-2024-38489.json
@@ -0,0 +1 @@
+{"cve": {"id": "CVE-2024-38489", "sourceIdentifier": "[email protected]", "published": "2024-08-01T08:15:02.980", "lastModified": "2024-08-01T08:15:02.980", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event."}, {"lang": "es", "value": "El m\u00f3dulo de servicio Dell iDRAC versi\u00f3n 5.3.0.0 y anteriores contiene una vulnerabilidad de escritura fuera de los l\u00edmites. Un atacante local privilegiado podr\u00eda ejecutar c\u00f3digo arbitrario, lo que podr\u00eda provocar un evento de denegaci\u00f3n de servicio (parcial)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW"}, "exploitabilityScore": 0.6, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities", "source": "[email protected]"}]}}
diff --git a/cve/2024/CVE-2024-38490.json b/cve/2024/CVE-2024-38490.json
@@ -0,0 +1 @@
+{"cve": {"id": "CVE-2024-38490", "sourceIdentifier": "[email protected]", "published": "2024-08-01T08:15:03.187", "lastModified": "2024-08-01T08:15:03.187", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."}, {"lang": "es", "value": "El m\u00f3dulo de servicio Dell iDRAC versi\u00f3n 5.3.0.0 y anteriores contiene una vulnerabilidad de escritura fuera de los l\u00edmites. Un atacante local privilegiado podr\u00eda ejecutar c\u00f3digo arbitrario, lo que podr\u00eda provocar un evento de denegaci\u00f3n de servicio."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.6, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities", "source": "[email protected]"}]}}