admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-22T02:00:17.239476+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-22 02:03:17 +00:00
parent e747a483a2
commit 0671431b55
226 changed files with 907 additions and 385 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2022/CVE-2022-24xx/CVE-2022-2446.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
},
{
"lang": "es",
"value": "El complemento WP Editor para WordPress es vulnerable a la deserializaci\u00f3n de entradas no confiables a trav\u00e9s del par\u00e1metro 'current_theme_root' en versiones hasta la 1.2.9 incluida. Esto hace posible que atacantes autenticados con privilegios administrativos llamen a archivos usando un contenedor PHAR que deserializar\u00e1 y llamar\u00e1 a objetos PHP arbitrarios que se pueden usar para realizar una variedad de acciones maliciosas siempre que tambi\u00e9n est\u00e9 presente una cadena POP. Tambi\u00e9n requiere que el atacante pueda cargar un archivo con el payload serializado."
}
],
"metrics": {

2
CVE-2022/CVE-2022-300xx/CVE-2022-30050.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2022-05-16T17:15:09.537",
"lastModified": "2022-05-24T22:23:08.480",
"vulnStatus": "Analyzed",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2022/CVE-2022-34xx/CVE-2022-3459.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add non-gift items to their cart as a gift."
},
{
"lang": "es",
"value": "El complemento WooCommerce Multiple Free Gift para WordPress es vulnerable a la manipulaci\u00f3n de obsequios en todas las versiones hasta la 1.2.3 incluida. Esto se debe a que el complemento no aplica controles del lado del servidor en los productos que se pueden agregar como obsequio. Esto hace posible que atacantes no autenticados agreguen art\u00edculos que no sean obsequios a su carrito como obsequio."
}
],
"metrics": {

4
CVE-2023/CVE-2023-223xx/CVE-2023-22351.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Out-of-bounds write in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en el firmware UEFI para algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-239xx/CVE-2023-23904.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "NULL pointer dereference in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La desreferencia de puntero NULL en el firmware UEFI de algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-255xx/CVE-2023-25546.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en el firmware UEFI para algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-34xx/CVE-2023-3410.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder (admin-only by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This becomes more of an issue when Bricks Builder access is granted to lower-privileged users."
},
{
"lang": "es",
"value": "El tema Bricks para WordPress es vulnerable a Cross-site Scripting Almacenado a trav\u00e9s del atributo 'customTag' en versiones hasta la 1.10.1 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso a Bricks Builder (solo para administradores por defecto), inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto se convierte en un problema mayor cuando se concede acceso a Bricks Builder a usuarios con menos privilegios."
}
],
"metrics": {

2
CVE-2023/CVE-2023-361xx/CVE-2023-36103.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-10T16:15:18.380",
"lastModified": "2024-09-10T20:35:00.660",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-395xx/CVE-2023-39517.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-21T20:15:12.307",
"lastModified": "2024-06-24T12:57:36.513",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-418xx/CVE-2023-41833.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Una condici\u00f3n de ejecuci\u00f3n en el firmware UEFI para algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-427xx/CVE-2023-42772.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La desreferencia de puntero no confiable en el firmware UEFI para algunos procesadores de referencia Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-436xx/CVE-2023-43626.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en el firmware UEFI para algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-437xx/CVE-2023-43753.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper conditions check in some Intel(R) Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "La verificaci\u00f3n de condiciones inadecuadas en algunos procesadores Intel(R) con Intel(R) SGX puede permitir que un usuario privilegiado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"metrics": {

2
CVE-2023/CVE-2023-68xx/CVE-2023-6841.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-09-10T17:15:15.170",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-01xx/CVE-2024-0160.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-06-12T07:15:50.530",
"lastModified": "2024-06-13T18:36:09.013",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-18xx/CVE-2024-1879.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:12.827",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-217xx/CVE-2024-21754.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-11T15:16:03.433",
"lastModified": "2024-06-13T18:36:45.417",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-217xx/CVE-2024-21781.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en el firmware UEFI para algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite la divulgaci\u00f3n de informaci\u00f3n o la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-218xx/CVE-2024-21829.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en el controlador de errores de firmware UEFI para algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-218xx/CVE-2024-21871.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en el firmware UEFI para algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-235xx/CVE-2024-23599.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "La condici\u00f3n de ejecuci\u00f3n en las actualizaciones de firmware sin interrupciones para algunas plataformas de referencia Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-239xx/CVE-2024-23984.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "Una discrepancia observable en la interfaz RAPL de algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"metrics": {

2
CVE-2024/CVE-2024-23xx/CVE-2024-2300.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-06-12T15:15:51.097",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-249xx/CVE-2024-24968.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to potentially enable a denial of service via local access."
},
{
"lang": "es",
"value": "Las m\u00e1quinas de estados finitos (FSM) inadecuadas en la l\u00f3gica de hardware de algunos procesadores Intel(R) pueden permitir que un usuario privilegiado habilite potencialmente una denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {

2
CVE-2024/CVE-2024-261xx/CVE-2024-26186.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:16.010",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-261xx/CVE-2024-26191.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:16.223",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-26xx/CVE-2024-2698.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-06-12T08:15:50.250",
"lastModified": "2024-09-16T20:15:45.940",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-273xx/CVE-2024-27320.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-09-12T13:15:11.987",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-281xx/CVE-2024-28170.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en todas las versiones de Intel(R) RAID Web Console puede permitir que un usuario autenticado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"metrics": {

2
CVE-2024/CVE-2024-291xx/CVE-2024-29181.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-12T15:15:50.873",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-29xx/CVE-2024-2914.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:13.227",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-300xx/CVE-2024-30073.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:16.590",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-303xx/CVE-2024-30368.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:13.443",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-303xx/CVE-2024-30369.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:13.720",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-303xx/CVE-2024-30374.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:13.953",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-303xx/CVE-2024-30375.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:14.153",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-304xx/CVE-2024-30472.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-06-13T12:15:10.410",
"lastModified": "2024-06-13T18:35:19.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-312xx/CVE-2024-31217.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-12T15:15:51.170",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-315xx/CVE-2024-31570.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-19T17:15:12.623",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-319xx/CVE-2024-31960.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-10T16:15:19.580",
"lastModified": "2024-09-10T20:35:07.120",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-31xx/CVE-2024-3100.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code."
},
{
"lang": "es",
"value": "Se inform\u00f3 de una posible vulnerabilidad de desbordamiento de b\u00fafer en algunos productos port\u00e1tiles Lenovo que podr\u00eda permitir que un atacante local con privilegios elevados ejecute c\u00f3digo arbitrario."
}
],
"metrics": {

2
CVE-2024/CVE-2024-31xx/CVE-2024-3149.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.130",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-31xx/CVE-2024-3150.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.350",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-31xx/CVE-2024-3166.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.817",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-31xx/CVE-2024-3183.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-06-12T09:15:18.683",
"lastModified": "2024-09-16T20:15:46.490",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-326xx/CVE-2024-32666.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "NULL pointer dereference in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "La desreferencia de puntero NULL en el software Intel(R) RAID Web Console para todas las versiones puede permitir que un usuario autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {

2
CVE-2024/CVE-2024-328xx/CVE-2024-32856.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-06-13T12:15:10.647",
"lastModified": "2024-06-13T18:35:19.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-328xx/CVE-2024-32858.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-06-13T13:15:48.833",
"lastModified": "2024-06-13T18:35:19.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-329xx/CVE-2024-32940.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via adjacent access."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en el software Intel(R) RAID Web Console para todas las versiones puede permitir que un usuario autenticado potencialmente habilite la denegaci\u00f3n de servicio a trav\u00e9s del acceso adyacente."
}
],
"metrics": {

2
CVE-2024/CVE-2024-32xx/CVE-2024-3234.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.040",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-338xx/CVE-2024-33848.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Uncaught exception in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "Una excepci\u00f3n no detectada en todas las versiones del software Intel(R) RAID Web Console puede permitir que un usuario autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {

2
CVE-2024/CVE-2024-33xx/CVE-2024-3322.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.247",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-340xx/CVE-2024-34065.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-12T15:15:51.460",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-341xx/CVE-2024-34112.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-06-13T12:15:10.870",
"lastModified": "2024-06-13T18:35:19.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-341xx/CVE-2024-34153.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "El elemento de ruta de b\u00fasqueda no controlada en el software Intel(R) RAID Web Console para todas las versiones puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-345xx/CVE-2024-34543.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en el software Intel(R) RAID Web Console para todas las versiones puede permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-345xx/CVE-2024-34545.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en algunas versiones del software Intel(R) RAID Web Console puede permitir que un usuario autenticado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso adyacente."
}
],
"metrics": {

2
CVE-2024/CVE-2024-34xx/CVE-2024-3402.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.450",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-34xx/CVE-2024-3404.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.673",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-34xx/CVE-2024-3408.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.890",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-34xx/CVE-2024-3429.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:02.103",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-34xx/CVE-2024-3467.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-06-12T21:15:50.617",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-34xx/CVE-2024-3468.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-06-12T21:15:50.747",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-362xx/CVE-2024-36247.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable denial of service via adjacent access."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en todas las versiones de Intel(R) RAID Web Console puede permitir que un usuario autenticado potencialmente habilite la denegaci\u00f3n de servicio a trav\u00e9s del acceso adyacente."
}
],
"metrics": {

4
CVE-2024/CVE-2024-362xx/CVE-2024-36261.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en todas las versiones del software Intel(R) RAID Web Console puede permitir que un usuario autenticado potencialmente habilite la denegaci\u00f3n de servicio a trav\u00e9s del acceso adyacente."
}
],
"metrics": {

2
CVE-2024/CVE-2024-362xx/CVE-2024-36264.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@apache.org",
"published": "2024-06-12T14:15:11.983",
"lastModified": "2024-08-02T04:16:59.800",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [
{
"sourceIdentifier": "security@apache.org",

2
CVE-2024/CVE-2024-362xx/CVE-2024-36265.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@apache.org",
"published": "2024-06-12T15:15:52.247",
"lastModified": "2024-08-02T04:16:59.920",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [
{
"sourceIdentifier": "security@apache.org",

2
CVE-2024/CVE-2024-363xx/CVE-2024-36399.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-06T16:15:12.573",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-371xx/CVE-2024-37150.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-06T16:15:12.890",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-373xx/CVE-2024-37300.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-12T16:15:12.097",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-373xx/CVE-2024-37304.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-12T15:15:52.910",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-373xx/CVE-2024-37335.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:17.603",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-373xx/CVE-2024-37337.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:17.820",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-373xx/CVE-2024-37338.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:18.017",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-373xx/CVE-2024-37339.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:18.207",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-373xx/CVE-2024-37340.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:18.417",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-373xx/CVE-2024-37341.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:18.617",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-373xx/CVE-2024-37342.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:18.817",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-382xx/CVE-2024-38271.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve-coordination@google.com",
"published": "2024-06-26T16:15:11.560",
"lastModified": "2024-07-29T22:15:04.757",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-382xx/CVE-2024-38272.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve-coordination@google.com",
"published": "2024-06-26T16:15:11.733",
"lastModified": "2024-07-29T22:15:04.883",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-395xx/CVE-2024-39519.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:02.717",
"lastModified": "2024-07-11T18:09:58.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-395xx/CVE-2024-39520.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:02.963",
"lastModified": "2024-07-11T18:09:58.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-395xx/CVE-2024-39521.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:03.210",
"lastModified": "2024-07-11T18:09:58.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-395xx/CVE-2024-39522.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:03.443",
"lastModified": "2024-07-11T18:09:58.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-395xx/CVE-2024-39523.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:03.667",
"lastModified": "2024-07-11T18:09:58.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-395xx/CVE-2024-39524.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:03.890",
"lastModified": "2024-07-11T18:09:58.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-395xx/CVE-2024-39528.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:04.113",
"lastModified": "2024-07-11T18:09:58.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-395xx/CVE-2024-39529.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:04.343",
"lastModified": "2024-07-11T18:09:58.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-395xx/CVE-2024-39530.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-11T16:15:04.613",
"lastModified": "2024-07-11T18:09:58.777",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-397xx/CVE-2024-39772.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-09-16T15:15:16.350",
"lastModified": "2024-09-17T12:08:01.830",
"vulnStatus": "Analyzed",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-399xx/CVE-2024-39924.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Vaultwarden (anteriormente Bitwarden_RS) 1.30.3. Se identific\u00f3 una vulnerabilidad en el proceso de autenticaci\u00f3n y autorizaci\u00f3n del endpoint responsable de alterar los metadatos de un acceso de emergencia. Permite que un atacante con acceso de emergencia concedido escale sus privilegios cambiando el nivel de acceso y modificando el tiempo de espera. En consecuencia, el atacante puede obtener control total sobre la b\u00f3veda (cuando solo se pretende que tenga acceso de lectura) mientras se salta el per\u00edodo de espera necesario."
}
],
"metrics": {

4
CVE-2024/CVE-2024-399xx/CVE-2024-39925.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Vaultwarden (anteriormente Bitwarden_RS) 1.30.3. Carece de un proceso de desvinculaci\u00f3n para los miembros que abandonan una organizaci\u00f3n. Como resultado, la clave de organizaci\u00f3n compartida no se rota cuando un miembro se va. En consecuencia, el miembro que se va, cuyo acceso debe revocarse, conserva una copia de la clave de la organizaci\u00f3n. Adem\u00e1s, la aplicaci\u00f3n no protege adecuadamente algunos datos cifrados almacenados en el servidor. En consecuencia, un usuario autenticado podr\u00eda obtener acceso no autorizado a los datos cifrados de cualquier organizaci\u00f3n, incluso si el usuario no es miembro de la organizaci\u00f3n en cuesti\u00f3n. Sin embargo, el usuario necesitar\u00eda saber el ID de organizaci\u00f3n correspondiente. Por lo tanto, si un usuario (cuyo acceso a una organizaci\u00f3n ha sido revocado) ya posee la clave de la organizaci\u00f3n, ese usuario podr\u00eda usar la clave para descifrar los datos filtrados."
}
],
"metrics": {

4
CVE-2024/CVE-2024-399xx/CVE-2024-39926.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Vaultwarden (anteriormente Bitwarden_RS) 1.30.3. Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n de HTML o de Cross-site Scripting (XSS) almacenado, debido a la CSP predeterminada, en el panel de control del administrador. Esto potencialmente permite que un atacante autenticado inyecte c\u00f3digo malicioso en el panel de control, que luego se ejecuta o se muestra en el contexto del navegador de un administrador al visualizar el contenido inyectado. Sin embargo, es importante tener en cuenta que la Pol\u00edtica de seguridad de contenido (CSP) predeterminada de la aplicaci\u00f3n bloquea la mayor\u00eda de las rutas de explotaci\u00f3n, lo que mitiga significativamente el impacto potencial."
}
],
"metrics": {

2
CVE-2024/CVE-2024-424xx/CVE-2024-42483.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-12T15:18:22.093",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-430xx/CVE-2024-43099.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack."
},
{
"lang": "es",
"value": "El ataque de secuestro de sesi\u00f3n tiene como objetivo el mecanismo de control de la capa de aplicaci\u00f3n, que gestiona las sesiones autenticadas entre un PC host y un PLC. Durante dichas sesiones, se utiliza una clave de sesi\u00f3n para mantener la seguridad. Sin embargo, si un atacante captura esta clave de sesi\u00f3n, puede inyectar tr\u00e1fico en una sesi\u00f3n autenticada en curso. Para lograrlo con \u00e9xito, el atacante tambi\u00e9n necesita falsificar tanto la direcci\u00f3n IP como la direcci\u00f3n MAC del host de origen, lo que es t\u00edpico de un ataque basado en sesiones."
}
],
"metrics": {

2
CVE-2024/CVE-2024-438xx/CVE-2024-43820.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:08.207",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-440xx/CVE-2024-44054.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T09:15:02.290",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-440xx/CVE-2024-44056.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T09:15:02.800",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-440xx/CVE-2024-44057.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T09:15:03.270",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-440xx/CVE-2024-44058.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T09:15:03.883",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

Some files were not shown because too many files have changed in this diff Show More